The possible reasons Google is moving away from APKs on Android

Image: quietbits/Shutterstock

Google is always up to something. Now, before you jump to a rather significant conclusion, let me make myself clear: I don't believe Google is always up to something of a nefarious nature. I am of the opinion that most of what Google does is positive—at least on the front of technology. Call me Pollyanna or not, I want to give them the benefit of the doubt. And given how easy it is for the court of public opinion to spread like a meme on a slow Friday, any company up to nefarious doings should understand it's not a matter of if, but when they get caught.

SEE: Hiring kit: Android developer (TechRepublic Premium)

So when it was announced that Google was moving away from APKs on Android, in favor of Android Play Bundles, my mind went to one very particular place (one it tends to visit frequently). Said place is security. 

Hear me out before you roll your eyes or judge me (or both). 

One of the issues I've been harping on for years is sideloading applications. With Android, it's not all that hard to find an APK file from any given website and install it on your phone. The problem with this is, you have no way of knowing if that file was vetted for security. In the end, you could have just installed a piece of malware or ransomware on your phone, assuming that APK was just an innocent-looking game.

Too late.

And sites offering APKs are everywhere. Some of them might not have malicious intent in mind, but many do. Google knows this and they've been battling it for years. As for my part, I regularly come out to say, "Don't install apps from anywhere but the Google Play Store!" Many listen, while some do not.

SEE: Electronic communication policy (TechRepublic Premium)

If Google has anything to say about this, the APK might be dead in the near future.

Say huh?

That's right. Google has officially announced it is moving away from APKs to Android Play Bundles. And they've only given developers a month's notice to make the shift. Of course, current apps on the Play Store are exempt from the change, but all new apps must be submitted in the new format, else they won't be accepted.

SEE: Samsung Galaxy S21 Series: A cheat sheet (free PDF) (TechRepublic)

There has been some speculation that this move was made after Microsoft announced it would allow Android APKs to run on Windows 11. Although that's tempting fodder for the media cannon, I don't buy it. I think Google is looking further ahead than that and its end game is to do away with APK files altogether. 

But why? What's the play here? I believe Google has finally had it with side-loading and is making this shift to put an end to it. That makes the most sense because the need for security is at an all-time high. Malicious apps and attacks are not going anywhere. In fact, they're only going to continue increasing and getting smarter than ever. Companies that produce, curate and distribute software have been at a loss as to how to stop ne're-do-wells from doing what they do. If Google's mindset is in line with mine, then this move is a clear checkmate against those who set out to steal users' data and hold their devices for ransom.

And that would be a huge step forward. If Google were to finally do away with the ability to side-load applications, it would go a long way toward preventing users from installing malicious apps.

The caveat

Before I continue, understand this is complete conjecture on my part. I'm drawing a conclusion that might be way off the mark. But for Google to pull this off, with any measure of success, they're going to have to hold that Android Play Bundle format close to the vest. The second the specs are released for this new format, they'll find side-loadable apps everywhere. That is why, once they've officially made the shift to the new format (in August 2021), Google should also permanently disable side-loading for both the old and the new format.

SEE: Password-stealing spyware targets Android users in the UK (TechRepublic)

This might ruffle the feathers of some developers and companies, but the security of the end-user must come first. Period. And although it's great to have options, in this case end-users should only have one option: the one that gives them even the slightest guarantee of security. If the security of end-users and consumers does not come first, then you're going about the business of business all wrong.

The caveat to the caveat

Here's the thing: There will always be a certain user type who installs alternative ROMs on their Android devices. This should always be a possibility for those who choose. And Google should honor that community going forward. Even though the Android Play Bundle will be the default format moving forward, the company should allow APKs for alternative ROMs. So, here's how I see it playing out in the future (not immediately):

• For official Android builds—Android Play Bundles will be the only supported format, which can only be found in the Google Play Store. 
• For unofficial ROMs—Both APK and Android Play Bundles are supported.

The above would do two things:

• Better protect consumers.
• Placate those who want to use unofficial ROMs.

I think this is the best option for Google. Anyone who's bothered to glance into the security crystal balls knows the situation is only going to get far worse. Unless Google does something now, Android could become a veritable playground for hackers and thieves. This migration to Android Play Bundles could go a long way to head that off... if Google plays its cards right.

But again, this is only conjecture on my part. Google may have other reasons for migrating away from APKs (like speed and size of installation or preventing Windows 11 from integrating with the Google Play Store). Only time will tell, but I do hope this lands in favor of more security for consumers.

Subscribe to TechRepublic's How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Also see

• Samsung introduces $999 Galaxy Book Pro and $1,199 Galaxy Book Pro 360 (TechRepublic)
• Password-stealing spyware targets Android users in the UK (TechRepublic)
• How to become a cybersecurity pro: A cheat sheet (TechRepublic)
• Security threats on the horizon: What IT pro's need to know (free PDF) (TechRepublic)
• Checklist: Securing digital information (TechRepublic Premium)
• Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)