Google Play dumps APKs for the more Google-controlled 'Android App Bundle'

The APK (Android PacKage) is Android's file format for app files. It has been around since Android was launched in 2008. Because it is a simple.zip file with no structure, it can be easily created and is widely supported by many tools. Windows 11 will support this format as part its Android compatibility. Google doesn't want APKs as the only way to publish Android apps. Google's Android Developer Blog explains how new apps that are uploaded to the Play Store in August will have to use the new Android App Bundles format (AAB) to distribute them. Google claims that App Bundles will replace the APK as standard publishing format.Android App Bundles were added to the Android ecosystem in 2018. I wrote a large section about them in my Android 9 review. The idea behind Android App Bundles is that there are many different language and hardware combinations that Android devices can support. It is not practical to ship all that code to each device. Android supports more than 150 languages and four different CPU architectures (ARMv7/ARMv8, x86_64, x86_64, and x86_8). There are also several screen resolution buckets. Although it is common to combine all this information into one APK, sometimes they are broken up by CPU architecture. However, each device will get a lot more code and resources than necessary for its particular combination of CPU, screen size, and locale. This is not a problem for high-end phones that have fast Internet connections. However, it can make a difference for lower-end devices with limited storage and those in areas where slow Internet is difficult to get.Google's solution to Android app distribution is the Android App Bundle. This transforms Android app distribution from one monolithic, universal APK into a series of "split APKs", which can be dispensed by the Google Play Store specifically for each device. These "Split APKs", as the name implies, aren't complete apps. These are parts of an app that each target a specific area for change and combine to create the final app. App Bundles allows you to have a high resolution ARMv8 device and a language set to English. The Play Store will then generate a set split APKs for that type of device. A set of APKs will be generated for your friend's low-resolution ARM v7 phone that is set to English and Hindi. Google Play can create bespoke APKs, which are unique for each user. They will only need the code they require. Google claims that the result is apps that are 15% smaller than an APK universal.AdvertisementApp Bundles allow developers to modularize features within an app. App Bundles allow developers to modularize features of an app. Features can only be delivered to devices that are compatible with them or they can be downloaded on-demand. If the user alters their locale settings, the same on-demand feature kicks into effect.The App Bundle system may prefer to send the fancy, new split APKs but it doesn't have the right to. It can create a monolithic, backward-compatible APK by formatting apps in any way it likes. This makes it universally compatible with all Android phones regardless of how old or neglected they are.App bundles are better than the non-Google Play ecosystemAs with many other new Android features, the switch from APKs (Android App Bundles) results in a more sophisticated and complex feature set for distributing apps. It also gives Google more control over the Android ecosystem. To be useful, Android App Bundles must be processed by an application store's cloud computer. App Bundles can be compiled using an open-source app called "bundletool". However, App Bundles must be processed by an app store's cloud computer.App Bundles are open-source, which allows developers to easily support them. However, an alternative store for apps would need to do so much work and be so responsible that it is unlikely the format will ever become the Google Play App Package.App signing is a key security feature of APKs. This digital certificate is owned by the app developer and certifies that the app was created. While the app signature isn't relevant for the first install, it is important for all subsequent installations. The signatures must match. This means that only the original app developer can update the app. An APK called Google-Pay.apk can only be created by the original app developer. It cannot be overwritten by Google Pay and stolen all your bank details.App Bundles generate APKs. This means that an entire app build process must be hosted on the cloud. This means that each developer app signing key must be hosted in the cloud. It effectively transfers responsibility for an app from the developer and to Google. Google calls this "Google Play App Signing" and promises that the app will remain yours and you will have full access to it. This arrangement is akin to transferring your deed of trust to your home to a third party.Google's control of the Play Store means that it already owns the street and driveway. But now, it has more control over your application. You'll be less protected if Google Play's automated terminator bots, which roam around your developer account, target it for any perceived infraction.AdvertisementAndroid App Bundles give the app-store owner a lot of power and responsibility. A third party could gain access to the developer keys, and begin distributing malicious updates, if the app-store infrastructure is compromised. It's a bad idea to trust the app store owner. The app store owner has the signing key and can make changes to your app without you knowing. The government could also force the app store owner of your app to update it. Google is likely doing a better job than most app developers in terms of storage security. It's difficult to imagine non-Google stores adopting these policies.Google has made concessions to address concerns. Developers have the option to keep a local copy from Google's signing key. This allows them to generate updates that can be used over top of Google Play versions. Developers can also download signed Distribution APKs from the Google Play Developer Console. These are old-school universal APKs which can be uploaded to other apps stores. Google has added an optional "code transparency" feature that will allow developers to verify that the downloaded code matches what was uploaded.App bundles will become mandatory for all new apps starting in August. Google states that "Existing applications are exempted" at the moment from the app-bundling requirements. The presence of "currently" in the title is going to be a major indicator of future plans.Android App Bundles are big for Google. Google I/O 2018 stated that if all apps switched to bundles, Google would save ten petabytes per day. This is a remarkable number and demonstrates the size of the Play Store. If you don't care about Google bandwidth bills, however, is a 15 percent space saving worth disrupting the APK ecosystem and transferring more power to Google's servers and the Play Store?Google Listing Image