Google Play dumps APK for more Google-controlled “Android App Bundles”


Android’s app file format, APK (Android PacKage), has been with us since Android’s 2008 launch. It is portable, easy to create as it is just a structured .zip file, and is widely supported by a variety of devices. Windows 11 is going to support the format as part of its upcoming Android compatibility. However, Google doesn’t want APKs to be the way to publish Android apps anymore. Google’s Android Developer Blog explains how, starting August, new apps being uploaded to the Play Store will need to use the new Android App Bundle (AAB) format to distribute apps. This seems like just the beginning, and Google says the app bundle will “replace APKs as the standard publishing format.”

Android app bundles were introduced to the Android ecosystem in 2018, and I wrote a large section about them in my Android 9 review. The basic sales pitch is that Android devices have a lot of different hardware and language combinations that the apps have to support, and shipping that code to each individual device is a waste of space. Android supports over 150 languages, four different CPU architectures (ARMv7, ARMv8, x86, and x86_64), and multiple screen resolution buckets. It’s common to stack it all in a single APK (though sometimes they’re split by CPU architecture), but doing so means that each device gets a lot of code and resources that are tied to a specific combination of CPU, locale, and screen. are irrelevant to. Shape. While the waste of storage space may not matter much on a high-end phone with a good internet connection, it can be a big deal on cheap, storage-limited devices and in places where fast internet is hard to come by.

Google’s solution is the Android App Bundle, which transforms the Android app distribution from a monolithic, universal APK to a collection of “split APKs” that can be pulled out by the Google Play Store specifically for each individual device. As the name suggests, these “Split APKs” are not the entire app. They are parts of an app, each targeting a specific area of ​​change, that combine to form the final app. As with app bundles, if you have a high-resolution, ARMv8 device with a locale set to English with the app bundle, the Play Store will spit out a set of split APKs that only support that device type. If your friend has a low-resolution ARM V7 phone set for English and Hindi, they’ll get another set of APKs that support exactly that. Google Play can generate bespoke APKs for each user, giving them only the code they need and nothing more. Google says the results are apps that are 15 percent smaller than universal APKs.

Developers using App Bundles can also modularize Features of an app. This allows features to be distributed only to devices that support them, or they are not yet included in the initial download and available only to users as on-demand downloads. The same on-demand feature is triggered if a user changes the locale settings.

While the app bundle system would love to send fancy, new split APKs, it is not. Since it can format apps however it wants, a backwards-compatible, monolithic APK can still be generated. This makes Approach universally compatible with all Android phones, no matter how neglected your current device is.

App Bundles vs. Non-Google Play Ecosystem

Like many new Android features, the change from APK to Android app bundle has resulted in the roll out of apps to a more complex, sophisticated feature set. But it also gives Google a lot of control over the Android ecosystem. android app bundle need To be useful has to be processed by the App Store’s cloud computer. While app bundles are an open source format, and Google has an open source “BundleTools” app that can compile them, another company will need to build their own infrastructure, servers to host it in the cloud. There will be costs to be paid, and to handle the dreaded app signing requirements (more on that later).

The app bundle being open source allows development tools to support them more easily. But an alternative app store would have to take on so much work and responsibility that it’s doubtful that the format would turn into something other than a Google Play app package.

A key security component of APKs is app signing. This is a digital certificate owned by the app developer which certifies that he has created the app. The app signature isn’t really relevant on the first install, but for every point after that, the signature should match. This means that only the owner of the certificate—the original app developer—is able to update that app. No random third party can create an APK called “Google-Pay.apk” that overwrites the actual Google Pay app and steals all your bank information.

App bundles spit out APKs. This means that an entire app build system must be hosted in the cloud. This also means hosting each individual developer app signing key in the cloud, effectively shifting responsibility for the app from developer to Google. Google calls this “Google Play App Signing,” and the company seriously pinky promises that you still own the app and will still have access to it. But this arrangement sounds a bit like transferring the deed to a third party in your home.

Google’s control over the Play Store means it already owns Streets and Streets, but now it has even more control over your apps. If a roaring band of Google Play’s automatic terminator bots target your developer account for an alleged breach, you’ll have even less recourse.

Android app bundles place an enormous amount of power and responsibility in the hands of the app-store owner. If the app-store infrastructure becomes compromised, a third party can gain access to the developer keys and start pushing out malicious updates. If you don’t trust the owner of the App Store, too bad. They now own the signing key and can change your app without your knowledge if they wish. A government can even force the app store owner to replace your app. In Google’s case, the company is probably doing a better job of storage security than most app developers. But then again, it’s hard to imagine that any non-Google store would adopt it.

To address the concerns about this, Google has made some concessions. Developers can keep a local copy of the signing key they upload to Google, so they can generate valid updates that can be installed over Google Play versions. Developers can also download signed “distribution APKs” from the Google Play Developer Console, which are old-school universal APKs that can be uploaded to other app stores. If you’re concerned about Google changing your app without your consent, Google says an optional new “code transparency” feature will let developers verify that the hash on the app code they’ve downloaded. Matches uploaded.

From August, app bundles will be mandatory for new apps. Google says that, for now, “existing apps are currently exempt” from the app-bundling requirement. We’re going to take the presence of the word “in the present” as a big indicator of future plans.

For Google, Android app bundles are a big deal. At Google I/O 2018, the company said that, if each app was bundled, Google would save 10 petabytes of bandwidth every day, which is an incredible number that reflects the scale of operation of the Play Store. For those of us who don’t care about Google’s bandwidth bills, though, is the potential 15 percent space savings really worth upping the entire APK ecosystem and moving even more power to the Play Store and Google’s servers?

Image listed by Google



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *