Saagar Jha
(replying to Saagar Jha)
Now, what happens to apps that never update? They can keep being installed, and since they were build with SDK X, can keep accessing the old, problematic APIs.
This is the motivation that was used to propose this feature.
This is the motivation that was used to propose this feature.
Saagar Jha
(replying to Saagar Jha)
This is something that should get solved! Or…wait, should it? This definitely solves the problem, but you’ll notice that I never mentioned any harms. Has anyone actually installed an old app and been harmed because it did something that was let through because of the old SDK?
Saagar Jha
(replying to Saagar Jha)
The truth is that I don’t know if this has harmed anyone. At least I didn’t spot any examples when I skimmed the proposal. But, it sounds plausible, so let’s assume it has happened and motivated this change. This does mean we’ll have to look elsewhere when evaluating it, however.
Saagar Jha
(replying to Saagar Jha)
Most apps on the Play Store are not malware (seriously!) This has held true over time. Most of the old apps that haven’t been updated are games, or old utilities, or defunct social networks. Some have backends that don’t work anymore. But they’re not trying to be malicious!
1 replies →
1 replies
Saagar Jha
(replying to Saagar Jha)
Goodwill is incredibly hard to build up and very easy to destroy. This change tells developers that we do not support apps that are “finished” and never updated. It tells our users their apps they’re looking for may suddenly stop being available for them to install.
Saagar Jha
(replying to Saagar Jha)
Nobody is going to stop to think “why” this was done. They’re just going to hate it. In the case of users, this is where they go to the internet and install whatever they find, which will become a prime target for malware if it isn’t already.
Saagar Jha
(replying to Saagar Jha)
And for the few who do understand why…it just comes across as fundamentally lazy. There’s a number inside Google that shows how many apps are available for each SDK. This change makes that number go down for old versions. But that number is irrelevant! This was to stop harm.
Saagar Jha
(replying to Saagar Jha)
We have existing mechanisms to remove malware from the Play Store. This is nothing new! Old apps which exhibit bad behavior can be removed selectively. Apps that use problematic APIs do so because Android allows them to. That can stop being the case! Why was this not scoped?
Saagar Jha
(replying to Saagar Jha)
I *know* this is more work. I really do. But you have to do it. Look, I’m sorry I didn’t mention this to you all when I was at Google. I’m telling you know, and I hope you undo this before someone sideloads something they shouldn’t have. I was waiting for an example to show…
Saagar Jha
(replying to Saagar Jha)
The alternative is people write about how Android doesn’t do backwards compatibility and probably a news story about a sideloaded game that infects people. That, I assure you, will be worse than whatever this change is aiming to improve.
Saagar Jha
(replying to Saagar Jha)
Most of our work was actually navigating around this fact. By their nature, blanket policies affect legitimate use more than illegitimate use, because there is more good than bad. When we cause pain by being overly broad, it makes people resent the process.