Regardless of the reason, the fact that you can have your livelihood taken away without an explanation or human contact is pretty worrying.

Having a system that tells malware authors precisely what behavior triggered an alarm is also not great. There is no solution.

That doesn't seem to be a problem in any other field of security in the world. If you steal a shirt from a shop you'll get told whether they hace security footage of you stealing, an alarm went off or a security guard saw you.

It might be more convenient for google to not say, but it's pretty disrespectful towards clients that choose their platform to make a living and might get caught as a false positive.

"Your app has been removed because it was found to be malware. Please reply to this message if you believe this to be a mistake." Doesn't help malware authors at all.

Isn't that basically what has already happened in this case?

They apparently don't offer an easy way to contact someone if there is a mistake or get a human to check the algorithm has correctly identified malware of it if has flagged a legitimate app.

There is a very simple solution. Have a competetent reviewer look at the code and decide whether the intent is malicious or not.

If the intent is clearly not malicious and no rules were broken, the reviewer should file a bug report to fix the virus scanner and reinstate the developer account. No further explanation required.

If rules were breached but it may have been done in good faith, issue a warning to the developer and explain in general terms how to fix the problem. Charge a review fee high enough to deter any abuse of the review system.

"Have a competent reviewer" - requires humans, humans don't scale, proposed solution is not Googley.

(this is sarcasm, but from talking to Googler friends over the years, I doubt it's far from the truth)

It scales just fine if they charge enough to discourage abuse. Also, the law should frankly require them to offer proper conflict resolution if they run one of two commercially viable app stores.

Apparently he had zero trouble with antivirus apps fixing his situation. But I guess Google is so special it can't accomplish what companies with a fraction of Google's budget or manpower can do.

Doesn't have to be taken away by Google either. They're extremely bad at processing DMCA notices, so a competitor or malicious teen can take you off the store for weeks. No recourse.

For this reason I would never trust my livelihood with the Play Store. Beer money, yes, paying my bills, hell no.

I guess you can say that. So ... maybe his investment of time and money in the android ecosystem has been taken away. And this should give pause to other such investors.

What if the reason is they were scraping all your private data against the Terms of Service, and hiding it in obfuscated dynamic bytecode loading... if that was the case, you think it's still bad that they can be kicked off the app store?

I mean, we only have the developer's word that they weren't shipping malware in these bytecode files, unless someone reverse engineers it (unlikely), or Google publicly explains the reason for the banning (which they never do).

If that is the reason they were kicked off, why can't google just say so?