Cease & Desist: Can using Android’s Notification Listener violate another apps T&C’s?
So I recently received a cease & desist letter from a rather large company (think Google large), I won’t say who, requesting I remove one of my apps from the Play Store, an app which allowed the user to auto-reply to incoming messages from any app, for violating their terms of service.
Specifically relating to terms which state using the accusatory app in way that:
- Violate, misappropriate, or infringe the rights of ████████ or its users, including privacy, publicity, intellectual property, or other proprietary rights;
- Involve sending illegal or impermissible communications such as bulk messaging, auto-messaging [emphasis is mine], auto-dialing, and the like; or
- Involve any non-personal use of the ████████ Services unless otherwise authorized by ████████.
(At this point I should probably state upfront this post isn’t an admission nor a rejection of the claims made, I don’t have the legal knowledge to make either. It’s more a musing on the principality of such claims based on how the functionality in question was implemented & the overarching implications for indie developers if this is one more layer we have to muddle through in order for us to responsibly release our art)
On reading the perceived violations outlined above I was kind’ve pissed — how dare they limit my creativity & try to, in my perception at least, restrict what up until this point has been a very free flowing & open Android ecosystem. The more I thought about it though, the less emotional I got & the more intrigued I became with the implications this could have if they do indeed have legal standing to make this request of me.
My main qualm was due to the way in which I implemented the functionality of the app. It makes use of the Android NotificationListener to listen to all notifications. If that notification is from a package a user has pre selected as an app they wanted to reply to, and that notification implements a quick reply Android Intent, the app would use this intent to attempt to trigger a reply. Hell, I even wrote an entire post on how I implemented this using the official Android API’s & Objects.
The solution I implemented is entirely generic, it doesn’t target the app in question specifically, it works with any app that has made use of the quick reply (or Android Wear reply) Android API’s. It doesn’t interact with any app directly, it instead populates an Intent they provided in their notification to the Android system & fires it. What happens when it’s fired is beyond my app’s control.
Not to mention the user has to explicitly turn the Notification Listener on & is given a sufficient warning popup of it’s capabilities, so I wouldn’t find it likely it could be construed that the user is in any way unaware, ignorant potentially, but not unaware.
Before I continue I should note this wasn’t the exciting tale of legal cat & mouse, ending with a victory for the indie dev, that you may have hoped it would become.
The app in question has since been removed from the Play Store while I try to get my head around the implications. If I’m being completely honest it’s been hit & miss for a lot of users, it wasn’t widely in use & it never really worked in the reliable, useful way I had envisioned. It’s not so much the pulling of the app that bothered me as much as the principle.
The problem with something like this for an indie dev like myself is just that, I am an indie dev. I don’t have a lawyer on retainer. I don’t have the legal knowledge to know if this is a meritorious claim. I don’t have the money to hire legal counsel to dispute a claim I may believe to be wrong on principal, when the app in question makes zero ROI. I mean, I don’t even have an office, I’m writing this from a coffee shop. All I do have is a laptop, Android Studio, a little know how & a $25 Android developer account.
So I guess, trying to sound the least rant-y as possible (too late?), I have 2 questions:
1 — Is it possible that one app, using public Android API’s to interact with another app’s use of public Android API’s , can violate the terms of service of said app — on a platform they don’t own or control?
2 — Is it possible that an Android Notification, with it’s accompanying intent, sent from an application is therefore owned by that application & furthermore any interaction with that intent, whether it be parsing, inspecting, extracting nested objects and/or data etc, is in violation of that applications terms of service & may in fact constitute IP infringement?
And if that should be the case wouldn’t using the Notification Listener, or listening for certain broadcasted intents, in any capacity be potentially violating any app’s terms of service?
In fact, wouldn’t it be possible to write an app that inadvertently violates another app’s terms of service, due to the generic writing of code to interact with any Android Intent not sent by the Android System itself, regardless of its origin?
I guess what I’m really getting at is this..
Does any dev, working in this area of Android development, now need to start hard coding checks to make sure their app isn’t in any way interacting with an object, created by another app, for fear of violating terms of services & opening themselves to possible legal action?
I’d love to hear people’s thoughts, my thinking being if the answer to that question is in any way yes - I might just give up now.
More where this came from
This story is published in Noteworthy, where thousands come every day to learn about the people & ideas shaping the products we love.
Follow our publication to see more product & design stories featured by the Journal team.