End of the road for Google Drive in Transmit

Original Article ↗ Hacker News Discussion ↗

API policy changes and required audits

  • Google now requires external security assessments for apps requesting broad Google Drive scopes (e.g., full-drive access), performed by “preferred partners.”
  • Costs and difficulty are reported very inconsistently:
    • Some developers say ~$750–$4k and “quite easy.”
    • Others cite “up to $75k/year per program,” or around $60k/year for recertification.
  • Several commenters see this as a protection racket or anti-competitive behavior; others frame it as standard compliance for highly sensitive scopes, analogous to SOC 2 or HIPAA.

Impact on Transmit and similar apps

  • Transmit is a desktop file transfer client whose value is full, general-purpose access to remote file systems (including Drive), so restricted scopes like drive.file do not fit its main use case.
  • The cost, recurring nature, and bureaucratic pain of the audit are judged disproportionate for a niche feature, leading Panic to drop Drive support.
  • Similar issues are reported by other independent developers (e.g., Android apps, other Drive clients, iA Writer, Total Commander).

Security vs. “box‑ticking” compliance

  • Pro-audit side:
    • Full-drive access is extremely sensitive (ID scans, tax records, company data).
    • Audits raise the bar against low-effort attackers and help platforms avoid Cambridge Analytica–style scandals.
  • Critical side:
    • Audits don’t guarantee the audited binary is what users run, or catch targeted backdoors.
    • Especially for local/native apps with no hosted backend, the real security gain is seen as minimal.
    • Many view this as checkbox compliance and liability shielding rather than meaningful security.

Platform power, user choice, and small devs

  • Strong sentiment that this heavily disadvantages indie and small companies and acts as a moat for large players who can amortize compliance.
  • Some argue users should be allowed to choose any client for “their” data; others counter that mass-market users cannot realistically assess risk and will still blame the platform.
  • Broader frustration with Google:
    • Poor, slow, or opaque support processes.
    • Perception of increasing lock‑in, bureaucracy, and lack of empathy for developers.
  • A few predict long-term user migration away from Drive and growth of alternatives (self-hosted storage, WebDAV, S3-compatible services), but others note most users will likely stay within big vendor ecosystems.