Starting in August, Android app developers will have to adhere to a new method of distributing apps on the Google Play Store. O Android App Bundle (AAB), as it was called, should decrease the size of the installation file and the space occupied by the application on the operating system. But the move also raises security concerns.
What is Android App Bundle?
By default, Android apps are distributed via APK files. A file of this type contains not only the app’s binaries but also all the resources it needs to run, including images, XML files, and a manifest (a file that describes essential app information).
By concentrating all the features that make the app functional, APK files can be downloaded to install apps on Android that are not available on Google Play Store (or other stores).
But there is a problem: not rarely, APK files are “bloated”. Android is present in devices with different screen sizes, with different types of processors, with different camera sensors and so on. There are so many possible hardware combinations that APK files need to contain features for the app to be compatible with all of them.
That’s where the Android App Bundle format comes into the picture. Introduced in 2018, the standard makes the installation procedure of an application download from the Google Play Store (or other compatible store) only the resources necessary to run it on a given device.
If your phone has a 6-inch screen and is set to Brazilian Portuguese, for example, the AAB file may not include features to support 5-inch screens and other language packs.
This is a hypothetical example. The features that will be downloaded with each install may vary from app to app. But overall, AAB is expected to bring two benefits: it decreases the storage space occupied by the app; reduce the size of the installation file, a feature especially important for those downloading apps from mobile networks.
So what’s the problem with AAB?
Decreasing application installation size is a really important benefit. Despite this, the Android App Bundle causes some concerns. Chief among them is Google’s likely increased control of the Android app ecosystem.
It is necessary for the app store to take charge of analyzing each download request in order to deliver only the packages needed for each device. Google has the infrastructure for this work, but alternative stores may not have the same flexibility.
In practice, the infrastructure limitation can make AAB a technology exclusive to the Google Play Store, despite the standard being open source.
But security concerns are the most important. Every app installed via APK has a digital signature owned by the developer. When a new version of the software is released, the signature is checked to ensure that the app is not being replaced by a fake app developed by a third party. This is one of the reasons why the subscription is so important.
But in AAB, the “assembly” of the app is done in the clouds — on the Play Store servers, if we limit ourselves to Google. This requires that the developer’s signature keys also reside in the clouds. In practice, it’s as if the app subscription were transferred to the store.
It is a mechanism called Google Play App Signing that further increases the company’s control over applications. One of the problems with this approach is that if the store’s infrastructure is compromised in any way, third parties can gain access to the developers’ keys and thus distribute malicious updates.
There is also concern that certain features of the apps are modified by the store without the developer noticing.
AAB applies to new apps
Google has already reacted to these concerns. The company has made it clear, for example, that Play App Signing keys will be stored in the same infrastructure that protects the company’s own keys.
In addition, Google will make available an optional “code transparency” feature that will allow developers to verify that hashes in the code of downloaded apps match what hashes they have.
Anyway, the move to the Android App Bundle will be gradual. The process starts in August, but only for new apps. At least initially, migrating existing apps to the new format will be optional.
With information: XDA Developers, Ars Technica.