This also suggests a need for app development companies to ban developers from using personal accounts to associate with a project. I realize this just sends more money in the direction of Google but if every app developer was set up with a G-Suite (or whatever it's called this week) account for developer access then there could be no question of actions a developer does on their own accounts coming back to bite the company. Likewise, there needs to be a mechanism for the company to mark a developer's account as "fired for cause" so that if they did anything toxic on the company-assigned account the company could pre-signal to Google that they are proactively taking care of things and following the rules.

> ban developers from using personal accounts to associate with a project

As I understand it, this may not be sufficient, since Google also looks at things like "logged in from the same browser" or "logged in via the same IP" to find associated accounts.

> mark a developer's account as "fired for cause"

Which, practically (and maybe legally) speaking is not something Google needs to know. Then again, in a world where Google can shut your company down arbitrarily, perhaps it is something Google needs to know...

So you need to have separate WiFi networks, separate corporate devices that are so locked down that developers can never use their personal accounts from your devices or your corporate IP range (and ensure the same applies in reverse).

To absolutely prevent any and all association.

This sounds virtually unenforceable. Gated and protected phones and computers are the domain of highly secretive projects, and cost an arm and leg to enforce. It means searching personnel as they enter the protected zone for watches, phones, computers, tablets, etc. Since phones geolocate and Google has this data, the protected zone needs to be enormous. Like, an entire city block to prevent the algorithm from detecting the handover. If you somehow overcome this, you need to ensure that the employee never ever, for any reason ever logs into anything personal on the gated devices. It basically means preventing them from using the internet. How productive are developers who can't go online? It also means zero cross-communication to outside the zone. No emails to/from home/work. No sending files, no checking emails, no taking calls (someone could easily use a connected service to make the call). This "air" gap is extremely difficult to enforce.

I've ever seen anyone successfully pull off this kind of secrecy in anything larger than a 10 person team, and the cost was insane.

>> This sounds virtually unenforceable.

The simple way to "enforce" it is to literally just use AWS/Azure instead. I agree with you, totally unenforceable.

And it's the end of the era of a few friends building an app together and spinning it into a startup.

So, please correct me if I'm wrong, but I think I read a similar HN article a while back, that said a users company and their personal google developer accounts got "associated" somehow (can't remember the specifics), so I'm not sure if that would be a mitigation for this issue.

I do agree that it's a sensible thing to do and it _should_ be enough to mitigate issues like this.

Wouldn't Google associate personal and work accounts by IP address?

> Looks like it's 100% a valid tactic.

It is valid and I’m sure quite effective but it isn’t perfect. You need to provide escape hatches for real people in all anti-fraud systems you create. Even if those escape hatches sometimes let fraudsters through as well.

I’m not Google and I don’t know the kinds of fraud they attract (note: probably all kinds of fraud imaginable) nor do I know the level of effort those fraudsters are willing to put in (note: probably unimaginable amounts of effort)… but I do know that all anti-fraud work needs to allow ways for real people to escape. Your job in this space is to protect real users… and sometimes those real users inadvertently behave like fraudsters and get flagged. There has to be ways out.

> There has to be ways out.

It seems like there is: appeal your case in a public forum (HN, Reddit) and hope you catch the attention of a sympathetic Googler with the political clout to get the case reviewed.

But I can't imagine this will work forever. It certainly doesn't scale.

I think it would be more accurate to say, when an employee leaves, it's imperative to cut that associated account, regardless of whether you're on good terms with them or not.

And also that they never violate Google's TOS.