A few days ago, at its worldwide developer conference (WWDC 2020, held in full virtual mode because of the coronavirus outbreak), Apple unveiled the next version of iOS. One of its innovations is App Clips, mini apps that can begin running on the device without having to be installed.
Apple requires these programs to be no more than 10MB so they can load and run instantly. If the app seems useful, the user will have the option to download the full version at any time and switch to it.
In addition, Apple recommends that App Clips be used in conjunction with the Sign In with Apple feature and, of course, Apple Pay. This eliminates another two painful stages preventing people from starting using apps quickly: registration and entering payment data.
Why App Clips?
Apple provided some practical examples of how App Clips could prove useful. Say you’re walking down the street, see an electric scooter, and decide to rent it. Before App Clips, that would have involved downloading and installing an app, registering, and linking it to a payment card. Then you might face a wait while the rental system carried out the necessary checks.
However chic the scooter, its appeal fades in the face of such virtual red tape.
In the shiny new world of App Clips, it should all be a breeze. You scan the graphic code or NFC tag with your smartphone; the mini app starts instantly; you log in through Sign In with Apple, pay the fee through Apple Pay, and scoot off into the sunset.
The graphic code or NFC tag is designed to simplify user interaction with physical objects in the real world, like the aforementioned scooter or a billboard. Links perform an analogous role in the virtual world.
For another example, say you search for home food delivery. You see an ad in the results and click on it. With App Clips, the corresponding mini app starts instantly, and you can use it to select a tasty-looking meal, pay with Apple Pay, and just wait for the delivery.
A third example: More and more cities worldwide are introducing app-based parking payment, but at the same time, traditional parking meters (not to mention staffed payment booths) are expensive and becoming obsolete.
But occasional or one-time city visitors are unlikely to waste time searching and installing — and registering with, and linking a credit card to — a local parking app. Here again, mini apps can come to the rescue. You run the app instantly, use Apple Pay to pay for parking, and go about your business.
Google’s alternative: Android Instant Apps
For all of Apple’s hype, App Clips is nothing new. Google presented a mini-app concept three years ago at its own annual developer conference, Google I/O 2017. In the Androidverse, it goes by the name Android Instant Apps.
Unveiling the technology, Google was somewhat more open about the real reason behind it. Instant Apps can greatly facilitate users’ lives in various scenarios, at least in theory, but app developers are the real beneficiaries.
The two largest app stores — Apple’s App Store and Google Play — are home to millions of unique programs, and it is becoming increasingly difficult for users to find a specific app inside the virtual haystack. Meanwhile, developers are having trouble making their creations stand out among the endless competition.
Instant Apps lend a hand by giving users a chance to try them immediately, without having to navigate a labyrinth of offers. And if an instant app makes a good impression, the user is much more likely to install the full version.
One common use of Android Instant Apps is to demo ultralight versions of games. In the form of an instant app, the user is offered, say, one level of the game. The main attraction is not having to install anything — you can play right there and then. And if you’d like to play the next level, you can download the full version and get sucked in.
The scheme is very similar to sample tasting in grocery stores. Instead of consuming abstract advertising or a promotional sample that’s best opened at home, you can try the product on the spot, and if you like it, buy it.
Are the apps safe?
The very concept of running something without installation sounds a little suspicious. The usual rules of digital hygiene state that before installing anything, you should do some due diligence: research the developer’s reputation, read user reviews, and scan the downloaded file with antivirus software at the very minimum.
Instant launch contradicts that common wisdom. What if the app is dangerous? Sure, you download mini apps from the same app store as their full versions, but that’s no guarantee everything’s on the up and up. Google Play is no stranger to malicious apps and Trojans.
The potential danger should not surprise you; app stores are teeming with millions of apps that get updated regularly, and a common practice among cybercriminals is to upload a clean app and then update it with malicious features. Even powerhouses such as Apple and Google don’t have the resources to go over such a vast number of programs with a fine-tooth comb.
There’s another problem. For Instant Apps to work, certain launch mechanisms are used to bypass the standard installation procedure. Cybercriminals can exploit flaws in these mechanisms. In December 2019, at the Chaos Communication Congress hacker conference, Chinese security researcher RonnyXing presented a report examining several practical ways to attack instant apps.
He showed that they are vulnerable to information leakage, identity theft, account hijacking, and other unpleasant things. According to RonnyXing, up to 60% of Android devices are prone to this type of attack.
How to keep Android Instant Apps under control
Like the full apps on your phone, instant apps need to be kept on a short leash. At a minimum, you should periodically review the list of recently used ones. To do that, go to Settings, select Google, and tap Instant Apps. You can also disable the Instant Apps feature there.
There’s good news as well. We created and recently patented a technology for protecting your smartphone against malicious instant apps. So, there shouldn’t be any need to worry: simply install Kaspersky Internet Security for Android and no malicious apps, neither traditional nor instant, will be of any danger.