Is Google’s Android app unbundling good for security?

Is Android about to change for better or worse?

If you live in the European Union (actually, the Europen Economic Area, which consists of the EU plus Norway, Iceland, and Liechtenstein), turning on a new Android device after 29 October 2018 could be less familiar than in the past.

Until now, almost all Android users have been greeted by Google’s own suite of 11 factory-installed apps that includes Gmail, Chrome, Maps, Search, and – most important of all to most users – Google Play. 

This happened because Google’s licensing compelled device makers to install apps such as Search and Chrome if they wanted to install Google’s well-stocked app repository, the Play Store.

In July 2018, the European Commission (EC) concluded this was a ploy to give Google Search a monopoly on Android, fined the company €4.34 billion ($5.1 billion) on anti-trust grounds.

Even though Google has appealed the latest ruling, which will likely wend its way through the courts for several years, the company nevertheless yesterday announced plans to comply with the decision.

However, there’s a sting in the tail: device makers will no longer have to bundle Google’s apps, but if they do they’ll pay for the privilege.

As Google Senior VP Hiroshi Lockheimer put it:

Since the pre-installation of Google Search and Chrome together with our other apps helped us fund the development and free distribution of Android, we will introduce a new paid licensing agreement for smartphones and tablets shipped into the EEA.

Specifically, device makers will have to license Google apps and then separately license Search and Chrome to get the full suite. They’ll also be able to install these on their own “non-compatible or forked” versions of Android.

Could there be unintended consequences for security?

The worry is that, having battled fragmentation for years, the Android ecosystem will now have even more fragmentation to deal with.

The simplest scenario is that device makers will pay up and pass that cost on to everyone buying an Android phone.

Another possibility is that device makers will switch to third-party apps in place of the Google versions.

Plausibly, rivals such as Microsoft and Amazon could pay to get Bing and Amazon Search onto Android devices, along with other apps from outside the Google stable.

As much as some resent Google’s domination of Android, the EC’s action could end up annoying the one group the data economy still depends on – developers.

The Developer’s Alliance, which actually backed Google in its case, claimed:

There is a risk that diverging versions of Android will lead to devices where apps don’t work for users. Developers may also need to do costly rewrites of apps for multiple incompatible versions.

It’s somewhat reminiscent of the EU’s protracted battle with Microsoft 20 years ago over the bundling of Internet Explorer with Windows 95.

Arguably, the banishing of that alleged browser monopoly-in-the-making helped seed the conditions for the rise of Google’s Chrome years later.

The EC won its battle then but set the scene for an even bigger one with a less certain outcome.