Google built a little application that downloaded and installed Chrome, and the company submitted that application to the Microsoft Store. Because the Microsoft Store actually imposes minimal verification or validation of submitted applications, Microsoft’s automated processes duly published the app. It was available for a few hours. Then Microsoft took notice of the installer and yanked it from the Store.
This is a sequence of events that’s bad for both companies.
Google wrote its installer app to provide a safe way to install Chrome. Throughout its life, Microsoft’s app store has been plagued with crap applications. Apps that leverage the branding and trademarks of other companies, purporting to be one thing but actually being another, have been endemic in the Store; even today, you can find apps that masquerade as Chrome or try to use Chrome’s name and logos to separate people from their money.
The same problem is repeated on the broader Internet—a search for Chrome will yield not only Google’s official download page but a wide range of scams and, I’m sure, malware.
Microsoft says that it requires apps in the store to provide “unique and distinct value” and that the Chrome installer was in violation of these rules. The company suggests that, instead, Google develop a full browser that’s compliant with the Store’s rules.
The whole squabble feels childish
Both companies should be doing better: Google should be developing more than just an installer. But Microsoft should let the installer stay in the Store.
Google’s reasoning is perfectly sound. Microsoft is well aware of the problem of fake apps and scam search results. The company has its own search engine, Bing, and has to contend with this very issue itself. Google’s rationale is perfectly sound. In fact, I’d go a step further: Google’s action here is actively desirable.
Would Microsoft prefer that companies develop “real” Store apps? Of course. I think Windows users would be better off if companies did that, too. But if the Store became a source of trusted installers for third-party applications, a way that people could reliably find the latest version of Chrome, or Firefox, 7-zip, Notepad++, or Adobe Reader, or whatever other application they wanted to use, a way of avoiding the mess that is “searching the Web?” That would still be desirable. It would make Windows users safer: the Store could, among other things, serve as a directory of installers for quality, trusted third-party applications.
There is simply no way that this would not be an improvement over the current status quo on Windows. Microsoft should not be on the offensive here: the company should be welcoming third parties. I would even contend that using the Store in this way would increase the number of “real” Store apps—one of the Store’s problems at the moment is its low footfall. Cementing the idea that the Store is where you go to get applications and increasing its usage can only help.
But Microsoft isn’t entirely off-base
While I disagree with the implication that installers are of no value at all, they’re arguably the least valuable kind of legitimate application. The Store offers a number of advantages and safeguards to Windows users, and installers like the Chrome installer take no advantage of this. A “real” Store app, by contrast, would.
Apps in the Store fall into two categories. First, we have applications built for the Universal Windows Platform (UWP), Microsoft’s modern Windows API. UWP applications are quite tightly constrained; they run in a sandbox, they have their lifecycle managed in part by the operating system (just like mobile apps, they can be suspended or killed off entirely to preserve battery life or free memory), and they’re prohibited from doing things like installing system services or device drivers, or running as Administrator.
Second, we have “Centennial” apps. These are traditional Win32 desktop applications that have been specially packaged up for distribution through the Store. These apps aren’t subject to the UWP constraints: they’re not sandboxed, and their lifecycle isn’t managed by the system. Microsoft does prohibit them from installing services or drivers, but beyond that, they’re largely free to do what they want; you can even run them as Administrator if you choose.
Even Centennial applications, however, offer some benefits over traditional desktop applications. Their installation, updating, and uninstallation is all handled by the Store. This means that traditional “features”—such as every piece of software you install adding its own service or background task to handle updating—are avoided. The central Store updater handles all that for you. When uninstalling a Centennial app, you shouldn’t be left with relics and remnants of the app scattered across your file system or registry.
As such, Centennial apps are good for Windows users. They don’t provide all the protection and safeguards of UWP apps, but they nonetheless address longstanding pain points when using Windows systems. Consistent upgrading and uninstallation, along with reasonable guarantees that there won’t be any sneaky drivers or services installed with an application, are both good, desirable things.
What they should do
To that end, it would be better if, instead of a mere installer, Google built a Store version of Chrome. A UWP version of Chrome is unrealistic—it would require rewriting large parts of the browser, which is clearly unappealing—but a Centennial version is much more plausible. Instead of using Google’s own updating system (a couple of system services and some update logic within the browser itself), it would defer to the Store. For Google and Microsoft alike, such a set-up would mean that there was a low-risk, crapware-free way of getting Chrome on Windows. For end users, it would mean slightly reduced system overheads due to that centralized updating.
Right now, however, Google has shown little interest in developing a Centennial Chrome, and Microsoft’s own rules would arguably prevent it. In principle, the Store rules require that any applications that show Web content must do so using the system-provided Web rendering engine, the one from Microsoft’s Edge browser. In practice, enforcement of this rule is a little inconsistent. Many Centennial applications embed Chromium (the open source counterpart to Chrome) and use this to display HTML content. While these applications aren’t full-fledged browsers and should constrain the HTML they show to only “trusted” application HTML, the extent to which this is actually enforced by Microsoft appears limited.
But this is not a technical impediment. It’s policy, and policy can be changed or overridden or just plain ignored. I would broadly agree that Microsoft should not encourage or allow adulterated versions of Chromium or Firefox into the store. It would be too easy for a malicious party to modify the open source browsers to add spyware elements and steal your banking credentials, for example. Updating these versions would also be an issue; there’s no way to ensure that developers would pick up every new Chromium or Firefox security fix in a timely manner. Requiring that developers use the system browser control reduces (though does not eliminate) both of these problems. As a general rule, it’s a sensible one.
It’s not, however, a sensible rule when applied directly to Google (or Mozilla). The risk of adulteration or spyware doesn’t apply, as both companies have reputations that matter. Since both companies actively maintain and develop their browsers, there’s no risk of shipping a stale version with known, unpatched security flaws.
Instead of hiding behind a policy that, in this particular instance, makes no sense, Microsoft should be telling Google (and Mozilla; though the Firefox developer hasn’t been involved in this fight, the same logic applies to it, too) explicitly that Centennial versions of their browsers would be welcomed. Microsoft should also tell those companies that they’d be free to use their own rendering engines, their own JavaScript engines, their own sandboxing, and so on. It would be better for all parties: Google and Mozilla gain a new, safe distribution channel; Microsoft gets a more credible, more useful Store.
And most important of all, Windows and Chrome users win, with safer, easier access to the browsers that they want to use.
https://arstechnica.com/?p=1235333