Android apps have been traditionally released in the form of APKs (Android Packages). APK is a compiled version of the app and necessary media resources like sound and icons. It also contains a manifest file that provides details about the app on Android. It also includes information on the Android system and an array of signature keys and certificates that verify the authenticity of the publisher.
In May of 2018, Google launched a new packaging format for apps designed to fix some problems in APKs. Android App Bundles (AABs) serve the same purpose as APKs but have distinct implementation differences.
In Google I/O 2021, Google announced that AAB would be the standard Android format for apps. At the end of August, it will be mandatory for apps to use the Play Store to require new app publication submitted as an AAB file. End users who use the Play Store don’t have to take any action. For developers, the situation is slightly more complex.
Table of Contents
App Bundle Benefits
AAB was initially created to address specific common problems with packaging within The Android ecosystem. For example, Android runs on various devices, covering a wide array of sizes for screens and performance benchmarks, and CPU architectures. Unfortunately, the APK format isn’t scalable to match this wide range of devices since each package is a complete set of apps’ resources.
If you install an application on your smartphone, there is no need to download high-res tablet versions of the graphics. However, when you download an APK, you’ll typically have every variation, which leads to more downloads and a more significant storage usage. If a developer wants to provide more efficient builds, they must manually sign and compile different APKs.
App Bundles adopt a different approach. They “bundle” various versions of an application into one rational package. The Play Store then sends only the necessary bits to every device that asks for an installation. It will create the appropriate bundle for every user on demand which means that an American user who has 10 inches of Intel device will receive one different app to a German person with a 5-inch ARM phone. Importantly, all devices receive APKs. Users won’t ever be able to interact with the App Bundle directly. The distinction is that APKs are created dynamically through the cloud.
App Bundles also benefit from less complicated load-up of modules for add-ons and improved support for massive assets such as game-related content. According to Google, all of this usually will result in the reduction of 15% in the size of downloads, as in comparison to apps that are distributed in the form of an APK.
What’s changing for APKs?
Google will gradually discontinue support for APKs beginning in August 2021. Apps that are submitted on the Play Store will need to be made available in a bundle. Existing APK-based apps will be supported, and app developers can expect to continue to issue updates. The apps are listed as “currently exempt from the requirement,” which suggests that updates may require release through AABs later on.
According to Google, the changes are intended to make it easier for more users can benefit from the App Bundles benefits. From an average end-user’s viewpoint, it’s hard to doubt the value of App Bundles. They promise lower downloads, and smaller stores are a welcome feature for many people, especially those using lower-end devices or with slow internet connections.
People who are using older Android versions won’t reap the benefits since their devices won’t be able to put together “split” bundles to create an application that works. However, older OS versions will be able to download App Bundle applications from the Play Store, through – the Bundling system will detect that it’s working with older devices and offer an all-in-one standard APK instead.
What are the drawbacks?
While the main benefits are well-established, App Bundles have one major drawback for power users and developers alike. Because the App Bundle system is based on the dynamic generation of signed APKs, developers must give their app signing keys to Google. Instead of app developers signing updates on their framework, Google will take an App Bundle and convert it into signed APKs on its own.
The process of signing allows Android devices to ensure that updates originate from the same source as the app currently installed. It’s a crucial ecosystem component that stops criminals from creating malicious applications that insidiously erase genuine downloads. Google promises the developers that they will have the ability to provide their keys, but they’ll have to remain in the Play Store.
Google has trusted Google to store signature keys will give the company more control over the Android distribution of apps. Anyone who has successfully hacked the Play Store could begin publishing app updates to developer accounts since the signing keys are centrally stored within Google’s infrastructure.
Additionally, Google could now publish app updates on its own, possibly when a government is forced to. Google does have the capability to run apps without revealing the source for Android devices. Now, it is the key for the developer’s kingdom and could even accept requests to install updates that the developers disapprove of existing apps secretly.
Can a government agency convince Google to download a modified encryption application on a user’s device? This kind of request could allow the agency to access messages without the user being more aware. Application Bundles, as well as hosted signature, make this possible.
The risk is said to be reduced through the use of a “code transparent” system. This will provide the developers and users an opportunity to ensure that the downloaded APKs correspond to the bundle uploaded for approval to the Play Store and eliminate the risk of an intrusion.
Android does not check the signatures of code transparency. Therefore, it’s up to the community to create tools around the issue. Additionally, openness for code is optional and is only activated if the APK contains a transparency file. Since Google has the keys required to create new APKs, It can remove the transparency of the code whenever it wants to.
App Bundles as well as Third-Party App Stores
App Bundles can also pose an obstacle to the openness in Android. Android ecosystem. In recent years, Google has been demonstrating more responsibility to steward the ecosystem. App Bundles are another insult to the third-party app stores, which provide APK downloads directly.
Developers will now have to build App Bundles APK build capabilities left out of the picture. It’s just an issue of time before Google removes direct APK installation completely or completely removes APK build functionality in Official Android Studio releases.
In the meantime, developers will be able to download signed standalone APKs through the Play Store following the submission of App Bundles. These APKs are ready for upload to third-party apps, and there’s no immediate danger to this new deployment method. This is still a challenge for developers, but you’ll need to download your signed APKs manually or create them locally on your device.
Google announced the switch to App Bundles just a few days after Microsoft released Windows 11 with support for Android apps available on Amazon’s App Store. Amazon App Store. While the switch to App Bundles is several years in development, Google’s decision to implement the change is likely to mitigate the effects of the partnership between Microsoft and Amazon, which will only work with the regular APKs.
Google App Bundles are a brand new app compilation format that has higher efficiency than the regular APK. While devices will still receive an APK, each will be customized to the operating system version and the device’s shape, and the active locale.
Although App Bundles are a popular choice by the majority of Android users, they’re not the ideal solution for developers and the larger Android ecosystem. App Bundles are not the best solution for developers and Android users. App Bundle model gives Google more significant control over the distribution of apps and requires the release of signing keys, resulting in forced updates for apps possible while also threatening the third-party storefronts.