Why is Google changing Android’s app format? – CloudSavvy IT

android robot
ShantBits / Shutterstock.com

Android apps have historically been distributed as APKs (Android packages). An APK contains a compiled version of an app with important media resources such as icons and sounds. They also include a manifest file, which provides app information to the Android system, and a set of certificates and signing keys that verify the identity of the publisher.

In May 2018, Google launched a new app packaging format intended to address some of the shortcomings with APKs. Android App Bundles (AABs) perform the same role as APKs but have significant differences in implementation.

At Google I/O 2021, Google announced that AAB would become the default Android app format. From the end of August, new app publications will be required to submit the Play Store as AAB. End users who only use the Play Store will not need to do anything. For developers, the story is a bit more complicated.

App Bundle Benefits

AAB was originally introduced as a way to solve some common packaging challenges in the Android ecosystem. Android runs on thousands of devices covering a vast range of screen sizes, performance baselines, and CPU architectures. The APK format doesn’t scale to meet this diversity because each package contains all of the app’s resources.

If you install an app on your phone, you don’t really need to download the high-resolution tablet variant of its graphics. Yet with APKs, you’ll generally get every variation, leading to larger downloads and increased storage usage. If a developer wants to offer a more streamlined build, they need to manually compile and sign many different APKs.

App bundles take a different approach. By design, they “bundle” several different versions of an app into one logical package. The Play Store then sends only the relevant bits to each device that requests the install. This will produce the correct bundle on-demand for each user, so a US user with a 10-inch Intel device will get a separate download for a German person with a 5-inch ARM phone. Importantly, devices still receive APKs – users will never interact directly with the app bundle. The difference is that APKs are generated dynamically in the cloud.

App bundles also benefit from simpler add-on module loading and advanced support for larger assets such as game content. According to Google, all of this typically results in a 15% reduction in download size compared to the same app distributed as an APK.

What’s changing for APKs?

Google will gradually end support for APKs from August 2021. New apps submitted to the Play Store will need to be released as app bundles. Existing APK-based apps will still be supported and developers will be able to release updates. These apps are described as “currently exempt”, suggesting that updates may need to be released in the form of AAB in the future.

According to Google, the changes are being made so that as many users as possible benefit from the benefits of the app bundle. From a typical end user’s perspective, it’s hard to argue with the promise of app bundles: Smaller downloads and less storage space will be welcomed by many, especially those on low-end devices and slow Internet connections.

Users on older Android versions won’t see the benefits as their device will be unable to assemble the “split” bundles into a working app. Older OS versions will still be able to install app bundled apps from the Play Store – the bundling system will realize it’s handling an older device and serve up a regular all-in-one APK instead.

What about shortcomings?

While the benefits of the headline are undeniable, app bundles have a significant drawback for developers and power users alike. Since the app bundle is focused on dynamic in-cloud generation of system signed APKs, developers will have to hand over their app signing keys to Google. Instead of developers signing app updates to their own build infrastructure, Google will take an app bundle and turn it into a self-signed APK.

The signing process lets Android devices verify that updates come from the same publisher the app is currently installed on. It is an important part of the ecosystem that prevents bad actors from creating malicious apps that silently overwrite the actual download. Google promises that developers will be able to provide their own keys, but they will still need to be kept in the Play Store.

Relying on Google to store signing keys gives the company even more control over Android app distribution. Anyone who has successfully compromised the Play Store can start publishing app updates to developer accounts, as all signing keys will be centralized within Google’s infrastructure.

Also, Google can now self-publish app updates, perhaps if a government forces it. It already has the ability to silently install apps on Android devices. Now it holds the key to developer empires, it can comply with requests to secretly install declined updates to existing apps.

Can a government agency get Google to install a modified encrypted messaging app on a target user’s device? Such a request could let the agency intercept messages without the target being any sane. App bundled and hosted signing make the scenario theoretically possible.

The risk is believed to be mitigated by a “code transparency” system. This is to give developers and end users a way to verify that the downloaded APK matches the bundle that was submitted to the Play Store, eliminating the possibility of intrusions.

Android doesn’t actually check code transparency signatures, so it’s up to the community to build tooling around it. Furthermore, code transparency is completely optional and is enabled only if a transparency file is included in the APK. Since Google already has the keys needed to create new APKs, it can delete the code transparency file whenever it wants.

App Bundles and Third-Party App Stores

App bundles are also a threat to the open nature of the Android ecosystem. In recent years, Google has been pushing for a stronger management role. App bundles are another knock against third-party app stores that offer direct APK downloads.

Since developers will now be required to compile app bundles, APK builds are being bypassed. It may only be a matter of time before Google completely disables direct APK installation or removes APK build capabilities from official Android Studio releases.

For the time being, developers will be able to download signed standalone APKs from the Play Store, after submitting an app bundle. These APKs will be ready to be uploaded to third-party app stores, so there is no immediate risk to this deployment model. It’s still a developer’s inconvenience though – you’ll either have to download your signed APKs manually, or build them separately on your local machine.

Google announced the mandatory switch to app bundles just days after unveiling Windows 11 with support for Android apps from the Amazon App Store. Although changes to the app bundle have taken a few years to form, Google’s decision to make the move now may be intended to limit the impact of the Microsoft/Amazon partnership, which will only support regular APKs.

Conclusion

Android App Bundle is a new app compilation format that has a lot more efficiency than regular APKs. While devices will still receive an APK eventually, each will be tailored specifically to the OS version, device form factor, and active locale.

While app bundles should be welcomed by most Android users, they are not a perfect solution for developers and the wider Android ecosystem. The app bundle model gives Google more control over app distribution, requiring the disclosure of signing keys that can make forced app updates a reality, while threatening third-party storefronts.

Source link