



Android app bundle logo.

The app bundle allows the Google Play server to customize the app for each user.

Midrange phone users get the base APK, xhdpi image assets, ARM v7 code, and English.

Here, a high-end phone gets a xxxhdpi asset bucket, ARM64, and a whopping three languages.

At Google I / O 2018, Google said that splitting the APK configuration resulted in an average 20% space savings thanks to more targeted languages, image assets, and architecture.

To save more specific app size, Google has unveiled this chart.

Google I / O 2018

Splitting the configuration only works on Android 5.0 Lollipop and above. Therefore, for older devices, a complete APK will be generated.

APK (Android PacKage), an Android app file format, has been used since the launch of Android in 2008. It’s a portable, structured .zip file that’s easy to create and widely supported by a variety of tools. Windows 11 will support this format as part of future Android compatibility. However, Google doesn’t want the APK to be a way to publish Android apps. Google’s Android developer blog summarizes how new apps uploaded to the Play Store starting in August will need to use the new Android App Bundle (AAB) format to distribute apps. This sounds like a mere beginning, but according to Google, AppBundle “replaces APK as a standard public format.”

Android app bundles were introduced into the Android ecosystem in 2018 and I wrote a big section about them in the Android 9 review. The basic pitch is that Android devices have a lot of different hardware and language combinations that apps need to support, and shipping all that code on an individual device is a waste of space.Android is a waste of space. Over 150 languages, 4 different CPU architectures (ARMv7, ARMv8, x86, and x86_64), and several screen resolution buckets. It’s common to stack all of this into a single APK (which may be split by CPU architecture), but doing so often means that each device has nothing to do with a particular combination of CPU, locale, and screen. Means get the code and resources for the size. This waste of storage space is less important for high-end phones with good internet connectivity, but it can be a big problem for cheap devices with limited storage or where high-speed internet is difficult to access. ..

Google’s solution is the Android App Bundle. This transforms Android app distribution from a monolithic universal APK to a collection of “split APKs” that can be run specifically on the Google Play store for each individual device. As the name implies, these “split APKs” are not the entire app. These are part of the app, each targeting a specific area of ​​change and combined to form the final app. For app bundles, if you have a high resolution ARMv8 device whose locale is set to English in the app bundle, the Play Store will spit out a set of split APKs that only support that device type. If your friend has a low resolution ARMv7 phone set for English and Hindi, you can get another APK set to support it exactly. Google Play can generate a custom APK for all users and provide them with only the code they need. According to Google, the result is an app that is 15% smaller than the universal APK.

Developers who use app bundles can also modularize the functionality of their app. This will only deliver to devices that support the feature. Alternatively, the feature will not be included in the initial download and will only be available to users as an on-demand download. The same on-demand feature works when the user changes the locale setting.

The App Bundle system prefers to send a flashy new split APK, but you don’t have to. You can format your app the way you like, so you can generate backwards-compatible monolithic APKs. This makes this approach universally compatible with all Android phones, no matter how much the current device is ignored.

Ecosystems other than app bundles and Google Play

As with many new Android features, the change from APK to Android App Bundle provides a more complex and sophisticated feature set for rolling out apps. But it also gives Google more control over the Android ecosystem. To use the Android app bundle, it must be processed on the cloud computer of the app store. App Bundles are in open source format and Google has open source “bundletool” apps that can compile them, but other companies build their own infrastructure and pay server costs to host in the cloud, You have to deal with terrifying things. App signing requirements (more on this later).

The open source AppBundle makes it easier for development tools to support them. However, the alternative app store has to take on so much work and responsibility that it is doubtful that the format will be something other than the Google Play app package.

One of the main security components of APK is the app signature. This is a digital certificate owned by the app developer that proves that you created the app. The app’s signature isn’t really relevant on the first install, but at every point thereafter, the signature must match. This means that the original app developer can only update the app with the certificate owner. Random third parties cannot create an APK called “Google-Pay.apk” to overwrite the actual Google Pay app and steal all bank information.

AppBundle spits out the APK. This means that you need to host your entire app build system in the cloud. This also means hosting individual developer app signing keys in the cloud, effectively shifting app responsibility from developers to Google. Google calls this “Google Play App Signature” and the company seriously promises that you still own the app. You can continue to access it. However, this arrangement is like transferring a certificate to your home to a third party.

Google’s control of the Play Store means that it already owns the streets and driveways, but now it has more control over the app. If Google Play’s automatic terminator bot roving band targets developer accounts as the target of perceived violations, it’s even less reliable.

The Android App Bundle puts a great deal of power and responsibility on app store owners. If the app store infrastructure is compromised, a third party could access the developer key and start pushing malicious updates. It’s a shame if you don’t trust the owner of the app store. They currently have a signing key and can change the app if needed without their knowledge. The government can also force app store owners to make changes to their apps. For Google, the company probably does a better storage security job than most app developers. But again, it’s hard to imagine a non-Google store that uses this.

Google has made some concessions to alleviate concerns about this. Developers can keep a local copy of the signing key uploaded to Google so they can generate valid updates that can be installed on top of the Google Play version. Developers can also download the signed “Distribution APK” from the Google Play Developer Console. This is an old-fashioned universal APK that you can upload to other app stores. If Google is concerned about changing apps without consent, according to Google, an optional new “code transparency” feature allows developers to match the hash of the downloaded app code with the one uploaded. You can check it.

Starting in August, new apps will require an app bundle. According to Google, “existing apps are currently exempt from app bundle requirements” at this time. We will consider the existence of the word “present” as a major indicator of future plans.

Android app bundles are a big issue for Google. At Google I / O 2018, the company announced that it would save 10 petabytes of bandwidth per day if all apps were switched to bundles. This is an incredible number that indicates how big the Play Store is running. But for those of us who don’t mind Google’s bandwidth billing, a potential 15% space savings is worth overturning the entire APK ecosystem and transferring more power to the Play Store and Google’s servers. Is it?

