Android’s app file format, the APK (Android PacKage), has been with us since the 2008 launch of Android. It’s portable, easy to create since it’s just a structured .zip file, and widely supported by a variety of tools. Windows 11 is even going to support the format as part of its upcoming Android compatibility. Google, though, doesn’t want APKs to be the way to publish an Android app anymore. Google’s Android Developer Blog recaps how, starting in August, new apps being uploaded to the Play Store will need to use the new Android App Bundles (AAB) format to distribute apps. This sounds like just the beginning, and Google says that App Bundles “will replace the APK as the standard publishing format.”
Android App Bundles were introduced to the Android ecosystem in 2018, and I wrote a big section about them in the Android 9 review. The basic sales pitch is that Android devices have plenty of different hardware and language combinations that apps have to support, and shipping all of that code to every individual device is a waste of space. Android supports over 150 languages, four different CPU architectures (ARMv7, ARMv8, x86, and x86_64), and several screen resolution buckets. It’s common to pile all of this into a single APK (though sometimes they are split up by CPU architecture), but doing so means each device gets a lot of code and resources that are irrelevant for its specific combination of CPU, locale, and screen size. While this waste of storage space doesn’t matter much on high-end phones with good Internet connections, it can be a big deal for cheaper, storage-limited devices and in places where speedy Internet is hard to come by.
Google’s solution is the Android App Bundle, which turns Android app distribution from a monolithic, universal APK to a collection of “split APKs” that can be specifically doled out by the Google Play Store for each individual device. As the name suggests, these “Split APKs” aren’t entire apps. They’re parts of an app, each targeting a specific area of change, that combine to form the final app. With App Bundles, if you have a high-resolution, ARMv8 device with a locale set to English with App Bundles, the Play Store will spit out a set of Split APKs that supports only that device type. If your friend has a low-resolution, ARM v7 phone set for English and Hindi, they’ll get another set of APK that supports exactly that. Google Play can generate bespoke APKs for every user, giving them only the code they need and nothing more. Google says the result are apps that are 15 percent smaller than a universal APK.
Developers using App Bundles can even modularize features of an app. This allows the features to only be delivered to devices that support them, or they’re just not included in the initial download and are only available to users as an on-demand download. The same on-demand feature kicks in if a user changes the locale settings.
While the App Bundle system would prefer to send out the fancy, new split APKs, it doesn’t have to. Since it can format apps however it wants, a backward-compatible, monolithic APK can still be generated. That makes the approach universally compatible with all Android phones, no matter how neglected your current device is.
App bundles versus the non-Google Play ecosystem
Like many new Android features, the change from APKs to Android App Bundles results in a more complex, sophisticated feature set for rolling out apps. But it also gives Google a lot more control over the Android ecosystem. Android App Bundles need to be processed by an app store’s cloud computer in order to be useful. While App Bundles are an open source format, and Google has an open source “bundletool” app that can compile them, some other company would need to build its own infrastructure, pay the server costs to host it in the cloud, and handle the scary app signing requirements (more on that later).
App Bundles being open source allows development tools to more easily support them. But an alternative app store would have to take on so much work and responsibility that it’s doubtful the format will become anything other than the Google Play App Package.
One major security component of APKs is app signing. This is a digital certificate owned by the app developer that certifies it made the app. The app signature is not really relevant on the first install, but for every point after that, the signatures need to match. That means only the owner of the certificate—the original app developer—is able to update that app. No random third party can make an APK called “Google-Pay.apk” that overwrites the real Google Pay app and steal all your bank information.
App Bundles spit out APKs. That means an entire app build system must be hosted in the cloud. That also means hosting each individual developer app signing key in the cloud, effectively transferring the responsibility of an app from the developer to Google. Google calls this “Google Play App Signing,” and the company seriously pinky promises that you still own the app and will still have access to it. But this arrangement feels a bit like transferring the deed to your house to a third party.
Google’s control over the Play Store means it already owned the street and the driveway, but now it has even more control over your app. If Google Play’s roving bands of automated terminator bots target your developer account for some perceived infraction, you’ll have even less recourse.
Android App Bundles place an enormous amount of power and responsibility in the hands of the app-store owner. If the app-store infrastructure gets compromised, a third party could get access to the developer keys and start pushing out malicious updates. If you don’t trust the app store owner, too bad. They own the signing key now and can change your app without your knowledge, if they wanted. A government could compel the app store owner to change your app, too. In the case of Google, the company is probably doing a better job of storage security than most app developers. But again, it’s hard to imagine any non-Google stores adopting this.
Google has made some concessions to alleviate concerns about this. Developers can keep a local copy of the signing key they upload to Google, allowing them to generate valid updates that can be installed over-top of Google Play versions. Developers can also download signed “Distribution APKs” from the Google Play Developer Console, which are old-school universal APKs that can be uploaded to other app stores. If you’re concerned about Google changing your app without your consent, Google says an optional new “code transparency” feature will let developers verify that the hashes on downloaded app code matches what they uploaded.
As of August, App Bundles will be mandatory for new apps. Google says that, for now, “Existing apps are currently exempt” from the app-bundling requirement. We’re going to take the presence of the word “currently” as a big indicator of future plans.
For Google, Android App Bundles are a big deal. At Google I/O 2018, the company said that, if every app switched to bundles, Google would save 10 petabytes of bandwidth per day, which is an incredible number indicating the scale the Play Store operates at. For those of us who don’t care about Google’s bandwidth bills, though, is a potential 15 percent space savings really worth upending the entire APK ecosystem and transferring even more power to the Play Store and Google’s servers?
Listing image by Google
https://arstechnica.com/?p=1777546