Hacker News new | past | comments | ask | show | jobs | submit login
Android developers can now force app updates (techcrunch.com)
53 points by canada_dry 8 days ago | hide | past | web | favorite | 75 comments

> In addition, Google is launching its dynamics updates feature out of beta. This allows developers to deliver some of their apps’ modules on demand, reducing the file size for the initial install.

So you can install an app, go offline, try to use it, and realize that you can't because you did not install it after all but Google lied to you.

A lot of apps (games in particular) already do this by downloading a bunch of resources on first launch. It sounds like Google is giving them a proper way to do it.

I believe the modules it refers to are executable code (dex and so files), which you're currently not allowed to download because it circumvents the app store and its approval process.

Google now supports uploading such modules to the Play store where they can be approved, analyzed and tracked, thereby allowing on-demand features without allowing third parties run arbitrary, unvetted executable code on your device.

Right... but that is a distinction without a difference: it was the case that some assets were being downloaded after the app started, and that without those assets the app did not work, and now that is still the case; the form of the asset doesn't matter as long as it prevents the app from working after the base install without first downloading whatever it is.

I hadn't seen that -- but I don't install or use most games. If I did encounter it, though, I'd probably immediately uninstall it because it would fail. I tend to keep my apps firewalled off so that they can't use the internet.

Having a proper way likely means that it will be done more often.

This is most likely only going to be used by apps that would require an internet connection to work anyways - users would shit on any dev that had something like that going on pretty quick.

I hope the UI for this feature says "This app requires an update to work. Update or Uninstall?"

If developers see even a small fraction of users choose uninstall, they won't force updates anymore. Nearly half of android users at any point in time have run out of space and can't install updates anyway.

> Nearly half of android users at any point in time have run out of space and can't install updates anyway.

Do you have a source for this? Not saying that you're wrong but I'd be very surprised if this was the case. In my experience Android is so laggy as to be completely unusable at anything above about 85% storage utilization. In fact it's the first thing I check when friends / family members complain about their phone being "slow".

Android becomes laggy when nearly full because it starts to delete cached jit compiled data. That means every app startup gets super slow as the compiler runs. The compiler also uses a bunch of ram, causing background apps (like the launcher) to get unloaded.

I have a Nook tablet with 8Gb internal storage and a 32 Gb MicroSD card installed. Almost all of the Google and Nook apps cannot be moved to the MicroSD card space. Android takes up almost half of the 8Gb internal storage and the unmovable apps take up almost half of the rest, leaving very little space to work with. I've had lots of occasions where the system has told me it needs more space to do an update, and I would have to delete some of my apps to get that update.

I really like my Nook, but having Android and Google apps locking up so much of the internal space seriously impacts its usability.

Maybe you can move these apps when you root your tablet, but you should do some research first

Any app developer can see free storage space. These are numbers from my app, which might not be truly representative, but is probably pretty close. Just add storage space logging to your app. Anything under 5 percent free and the play store refuses to do updates.

I think private storage is limited in size.

Public storage is a different story, but that is not "any app" anymore.

I don't think your link is relevant to this discussion

I understand the attraction from a developer's point of view... but as a user this is a troubling path toward even less control over my device.

Just what I want when I try to use an app quickly (e.g. my bus tickets or something related to time-sensitive travel) - forced updates.

I'm going back to Nokia.

> Developers can force users to update, say with a full-screen blocking message, force-install the update in the background and restart the app when the download has completed or create their own custom update flows.

I don't like this idea from a user experience point of view. I hate auto updates (on iOS) because I have been disappointed heavily more than a few times with some games that got worse (on ads or more ads or experience) or some apps that made bigger changes in how they work and how they charge users (like going to a subscription model from a fixed price model).

I also like to read the release notes of app updates so that I get to know about new features in a release. This is very cumbersome (or impossible) to know if auto-update is turned on. Some apps show the list of changes on launch of the new version, but this is up to the developers to do in a way that's not very intrusive while keeping it interesting. Ideally, there should be APIs for these, and users should be able to reject updates and stay on an older version if that's what they want (subject to some platform related restrictions or constraints).

Edit: It's ironical and amusing that Android, the (almost) "do whatever you want" OS on mobile, is the one forcing this on users first. Surely there'll be ways developed to disable this by/after rooting the device?!

Especially annoying when an update comes out that is known to have issues on your device and you'd like to avoid it until the issues clear up. For instance, I don't update my Macbook to the latest version of macOS immediately after the update comes out -- this is because I know there are likely to be bugs and I don't need to live on the bleeding edge most of the time.

Another example: venmo recently updated on my iPhone SE (very small 4" screen by modern standards). I can no longer send a payment request or pay a friend because the buttons for those options are literally displayed off screen. I can also no longer dismiss the "get the venmo card!" popup that appears a few times a day when I log in because, you guessed it, the dismiss/ok/cancel buttons are all rendered off-screen. I actually knew this was an issue prior to updating because of a friend, but auto-update pushed the new version to me before I could stop it and now I can't use venmo.

Software needs different release channels for different users. A lot of us would rather be on stable stuff than the bleeding edge. Of course, with modern alpha/beta testing techniques bugs are going to show up in most applications no matter what (looking at you, Spotify)... but it would at least help a little.

I wonder if it will be a permission users can see an app has before installing for the first time or updating to a version that includes this "feature". I guess one will have to be even more careful deciding to purchase any apps, and make backups of apks so one can restore a previous known working version without the forced auto updates...

Hint to other developers out there: if you do this to an app on my phone, I will delete it and give you a nastygram low rating on the play store. Just don't.

You'd probably give a nasty rating if you opened the app and everything was deprecated.

Whats the big deal exactly? Do you complain when a web page changes?

I like ownership of my phone and it's OS. I like control over what is on my phone. I pay attention to who develops the apps I use, and I read their changelogs after approving upgrades. I don't give nasty ratings to apps that I haven't updated, that job is on me, because it's my device. So no, I probably wouldn't do that.

I have complained at web page regressions, especially when they sacrifice usability for visual improvements, but only when I have some sort of stake in the page, such as paying for the service or being a long time user who has contributed consistently.

And the specific part that galls me about this feature, which will result in nastrygram ratings and comments stems from this new "feature": "Developers can force users to update, say with a full-screen blocking message, force-install the update in the background and restart the app when the download has completed or create their own custom update flows."

That is a hard no from me.

>Do you complain when a web page changes?

Given some of the responses to the Reddit and Slashdot redesigns...

> Do you complain when a web page changes?

There is a universe of difference between an app and a web page.

Totally fair, but by the same token I don’t think users who’ve chosen to do this should reasonably expect any kind of support for old versions. From the developer’s perspective, it’s pretty frustrating to have a small group of users using years-old versions emailing in expecting bug fixes and support.

I could almost be willing to agree that old versions shouldn’t expect to get bug fixes and tech support. But an old version should at least still work as it did the day it was released.

“The developer wants you to upgrade” is never a compelling reason to upgrade. Plenty of software gets worse and worse with every release, so it’s critical to at least allow users to stay on the older, better versions.

> But an old version should at least still work as it did the day it was released.

Developers can't commit to maintaining old web-facing APIs forever.

Right, the line has to be drawn somewhere. I shouldn’t be locked into design decisions or be expected to write adapter code for a handful of users who insist on running a version of my app that was released two years ago.

Yeah, so don't worry about those edge cases. When their version stops working, they'll either update, because it isn't working, or they'll delete it; either way, problem solved.

As I developer I understand the perspective you're talking about. As I developer I will only support the newest version, and possibly one or two legacy branches of an app. If someone emails me about a bon supported version issue, I do what nearly every other dev does; tell them to update to the newest version or figure out a solution themselves. I do NOT force software onto their computer, nor cause full screen popups demanding they update. That is incredibly invasive, and not worth the trouble for either of us.

> it’s pretty frustrating to have a small group of users using years-old versions emailing in expecting bug fixes and support.

Why? The dev just says "the issue is fixed in the current release" or "we can only support current releases". Job done.

What if an app is sold and I don't trust the new developer?

Particularly, since app developers tend to be pretty abusive in terms of data collection, my default position is that any app dev cannot be trusted until they've proven otherwise.

This is my biggest concern. One of my favorite mobile games (high stakes, I know) was originally produced by a small indie dev with a strong privacy policy. A year or so ago they sold to Zynga. I've not updated the app since then because I don't want any Zynga apps on my phone. If this forces me to update to the privacy-invasive, user-hostile Zynga version, I'll have to uninstall one of my favorite games. :(

Does auto-update persist when authhor changes?

Yes, alas, same for iOS AFAIK. It's a flaw in the security/trust model of both platforms. Similarly, you'll be prompted for new permissions if a malicious new owner adds new permissions to the app, but nothing tells you it's a new owner so you will likely grant permissions without realising everything might have changed.

It's not really a flaw. Whether it is the same app or not is being distinguished by package name + signing key. If both versions are signed by the same key, for all intents and purposes the newer version is legit.

On Android, in offline scenario, the installer doesn't even know who is the author and whether it changed. Here, all it knows is the above: package name + key used to sign.

That sure sounds like a flaw to me.

Everyone is so damn negative. Devs were force upgrading apps before and this just makes for a consistent UI. It also fixes the race condition where the dev rolls out a forced update but it hasn't propagated to all regions. This is a good feature.

We're 'so damned negative' because this is yet another anti-feature that removes control from the owner of the device.

If I don't want to update now, I shouldn't have to. My device, my rules.

And this feature encourages bait and switching: free app is no ads and free, and then at update+1 gets malware installed for free on forced update. We've already seen this with optional updates - only now they won't rely on tricking the user. They'll just update.

You think anyone that was going to bait and switch was stopped because there wasn't a consistent UI for the feature?

Before devs had to have the insight to implement the force update feature in the first release of the app.

If you didn't do that, then you really couldn't force the updates to the old versions.

You still need to bundle in the library and code for this API.

> This is a good feature.

I disagree. This will just encourage app devs to engage in more forced updates, and forced updates are always bad things.

>forced updates are always bad things.

The major case is game clients for multiplayer games where it doesn't make any sense to split your player community into older versions. Games across all platforms work this way so its nice to see a consistent UI for Android.

That's a more reasonable use case, but it still doesn't make forced updates a good thing. Opt-in automatic updates, sure, but not forced.

However, this will encourage the use of forced updates outside of that use case. That sounds like a terrible thing.

To be fair, developers have been displaying warnings and "you need to update" screens for a long time already. It's just that there is now a standard way to do it.

That's very different than force-upgrading apps. There's no excuse for forced upgrades.

Well as an Android dev, if you didn't already have a deprecation strategy in place, then that's not really a commercial standard app IMO. Since forever, at least for networked apps, we need to be able to deprecate APIs, and know which client versions we explicitly test and support etc. (It's easy to do, along the lines of: simple HTTP call to check latest and minimum supported app version at start up, or once a day or whatever; compare with current app version; then nag, force or do nothing as appropriate).

This might turn out to be a helpful feature from Google... then again it might turn out to be half implemented, have a confusing user experience, not work properly for most usecases, and mainly serve to confuse new developers with yet another thing to learn, when all they needed to do was a bit of HTTP and layout work. 8 years doing Android, I'm 50:50 about most of Google's "help" until I've seen it in action.

I once bought a fantastic yoga app for 4.99$ from an independent developer, I used it every day for a month due to its simplicity and understandably.

It has since been bought by Gaiam, where it was switched to a >4.99$ per month subscription, while offering little to no additional features. Furthermore when contacting the company they had no way of honoring my original purchase, the response was basically "too bad for updating, and here's 10% off a yoga mat".

I greatly fear the integrity of software ownership when it comes to apps. I love the model of paying a fixed price for a great software release that fulfills a need. I feel like there needs to be some way for the user to retain the state of an app or there's no longer the guarantee of keeping what you originally paid for. You're now at the whim of an vendor cutting features or putting them behind a paywall after the original sale.

I look forward to seeing how this feature will work on my phone with no google play services installed.

Yeah, nah. I decide what software gets installed on my devices and I decide when that software is allowed to update. I'm not going to tolerate a self-updating app any more than I'm going to let Amazon unlock my front door by themselves.

Can't read this because of oauth. Sounds extremely bad. Is there a way to avoid it as a user?

Can developers add new permissions this way?

No, permissions need to be exactly same.

The inline updates thing takes a bit of the advantage away from React Native/Expo, which can push updates without app store changes, although with that tooling there is no notice to the user, the new features just appear.

This lets developers force downgrades after you start using or pay for an app.

This makes an app account hijack even more dangerous.

As a result, this is a net negative and a further appleization of Google app store through removal of choice.

I have 20 apps on my Galaxy S4 with Android 5.0 because i don't wanna give them extra permissions they asked for over the time, if they force this shit on me i'll be really pissed

I wonder what % of users auto update all their apps anyway?

I certainly don't. I want to review any updates before they get installed. Not all updates are desirable.

as a dev ->This is pretty great - no more having to support users who refuse to update apps/are using some hacked version of your app in order to access older APIs you're supporting for older versions of apps. I envision this settling into a LTS version and rapidly updating(or even beta) versioning system - which large app devs like whatsapp already do.

as a user ->i already switch to an app's beta ASAP, this makes doing that unnecessary(if the dev is smart about it and doesn't just force updates for monetisation)

People complaining are forgetting that apps aren't applications - they're small and easily forgotten/uninstalled unless they come up with something new and exciting - which right now is locked behind a clunky visit to the clunky play store. Apps controlling updates isn't me having less control - i always have the power to uninstall an app if it gets irritating about updates. The new feedback/rating system means that apps that mess this up will plummet rapider than before in the play store too!This feedback loop gives me more insight as a user into a devs practices vs before just hoping a popular app was decent about updates.

Google files explorer even encourages you to uninstall apps you don't use for a long time to save space - which (anecdotally) finally led me to nuking all adobe products from my phone and life and switching to arguably better paid app alternatives for mobile.

> People complaining are forgetting that apps aren't applications

Wait what

> Apps controlling updates isn't me having less control

Yes, it totally is.

> i always have the power to uninstall an app if it gets irritating about updates.

So, if I have an app that works perfectly well, then it force-upgrades to a form that doesn't, my only choice is to stop using that app? I should be able to continue use the version that works for me. If I can't, then I don't have control over my own machine.

Well yes, from a business perspective the app dev wants to take the app in a direction that doesn't align with your usecase. your recourses are

1.leave a bad review 2.uninstall the app

That is literally the contract between you and the app dev btw, they aren't obligated to try and keep users if it doesn't make sense business wise and you aren't obligated to stick with them any longer. This is the dark side of the freemium model i guess but how does it make sense for an app dev to provide you free use of their idea by you using an older version of their app(if their business model doesn't align with that)?

I'm confused. What word do you think "app" is short for? What is the difference between "app" and "application"? Because to me they're both programs that run locally at my behest. Is an app somehow different from that?

In my recent memory, Moviepass and Chase Bank already did this last year?... Not sure what makes this different

"Previously, it was only available to a few select Google partners."

It is easy to show an alert about the update or quit app. You don't need this feature at all

Yea you can obviously already do this, Google just added standardized function calls for it so you're not rolling your own. Plus in-line code updating (previously apps could only download additional assets like game data; code updates outside the Play store were against the rules and could get your app pulled).

Damn, this makes me really happy that I'm going to be able to ditch the Android ecosystem.

Yeah I switched to iOS few months back and I don't get along with it at all, but with the regressions of Android 9 along with news like this I don't want to switch back to Android either... Guess I'll have to see what becomes of the Librem Phone.

Why all the negativity?

It has always been possible to implement on your own, and often was. It just removes additional friction. It's a feature intended for apps with security updates, or apps that require online communication with the server, like games.

> It's a feature intended for apps with security updates, or apps that require online communication with the server, like games.

Regardless of the intended use (whether or not that intended use justifies forced updates is a different question), it is certain that app developers will be using this for more things than that.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact