Devil's advocate: Why wouldn't Ubuntu/Debian adopt/replicate APK format/infrastructure for non-Android?

Every time I see references to Snap, Flatpack or AppImage, one question keeps creeping up from my subconscious to my forebrain:

• Why wouldn't Ubuntu/Debian adopt/replicate APK format/infrastructure for non-Android?

To be clear, I am NOT suggesting the adoption of the APK infrastucture as-is!!!

The fact that it has been adopted so widely and successfully suggests that it could be "retrofitted" successfully for non-Android Debian-based Distros (admittedly no guarantee there), without the use of the likes of Waydroid or Anbox.

Has there been any concerted effort to examine that approach to application portability/deployment?

Or has the non-APK approach been to focus on taking the sandboxing function/process out of the User's decision-scope?

Any time "Android" is mentioned I tune out. What is it you are asking?

Sorry, Fred, but I tried to spell it out as clearly as I could!

Could you please try re-reading that again?

I'm afraid I have not understood the essence of your question either. Here is why.
Look, APK is just a package. It is unpacked and its contents is installed into a system. How is it different from, say, .deb files I wonder? What is there to be mimicked? What you actually meant mentioning its format?
Next to it is infrastructure. To me, format and infrastructure are drastically different things. When I see a mention of infrastructure for some packaging system the first thing is its delivery system. I.e. including public repositories and client-side utilities. So far, so good. I am strongly convinced that snap infrastructure already closely mimics Google's "playstore" ideology, does not it? And I am unaware of Google's "playstore" technological advantages , if any. Could you please elaborate?

While Android is more secure than Windows, “sideloading” an apk it the best way to get your phone hacked. Malicious apps have got into the play store, nodejs npm, and virtually all other repos. It seems to me that Google’s infrastructure is the only advantage of apk, and since Android is based on a Linux kernel I’ve often wondered why they didn’t just use deb or rpm?

Without elaborating what you perceive as advantages, I see no gain only pain from such an effort. We already have too many packaging formats, and “sandbox systems” as it is. IMHO we’d be better off if the all major distros Debian, RedHat, Ubuntu, etc would pick one either after Trump-Putin-Zelinsky type negotiations, or pick one at random and make it secure and develop tools to make it easy to use.

My ideal software utopia would be: unzip an archive and run the app from the resulting directory.

Thanks, Eric. I did read it again, and I still am curious: Why would you consider APK to be superior to Snap, Flatpack, AppImage or even apt-get? Another package distribution method isn't likely to make things easier. To the contrary, I think it might confuse things even more.

I don't find github to be a preferred method, nor do I care for Snap. AppImage works for me in a Docker-sort of way, with everything bundled. But that can lead to "bulkiness," which isn't helpful for those with limited storage space.

With 10 TB hard drives being like $200 and a Samsung external 10TB SSD being “only” 10 times that, the real reason people end up with devices short on storage is the manufacturers basically gouging on extra storage and make it difficult for the user to upgrade. SD cards are second class citizens on phones (and many can’t even use them) and external storage are third class citizens at best. The difficulty and risks of moving a working system to a larger media without reinstalling is another reason.

In the old days I made decent money as a side line doing this for Windows 95, WinNT, and Windows 2000. XP and its “activation” is what made me commit to Linux, although I’d used it since RedHat 2.0 when the two most popular choices were buy a book about using RedHat that came with a free installation CD, or install Slackware as a replacement when Apple basically dropped its A/UX system that I had been using, along with BSDI on a i386. IBM OS/2 was another thing I evaluated at the time, but it was as hardware limited as Apple OSes are.

Windows 11 is making a lot of people take a look at Linux now, we should be welcoming to new users and help make it easier for them to migrate. A younger friend, has been able to install, run, and update Windows11 on antique Windows10 hardware that MS says “won’t work”. He sets them up with dual boot Win11 and Ubuntu-Mate or Ubuntu. He started with Ubuntu and being a heavy phone user Unity worked for him, but when I helped him install my AI security system he quickly saw how Mate was an easier transition.

[1] Awareness ...

I am aware that APKs are application bundles that can be

• searched for
• triaged and chosen from, then
• installed

based on "target" compatibility.

[2] Decision-point ...

I am also aware that their interaction/access is spelled out during the install prompting and, unless you "consent" to such, the install abandons.

That says that the User has a conscious, pre-install decision-point.

I acknowledge that some of the "required" access appear to be excessive, being

• unrelated to some of, and
• reach far beyond expected functionality for,

the stated nature of the Applications. I also acknowledge that too many people seem to blindly accept all those pre-conditions, rather than think hard and back away, as they should have, for some of those "overreach capabilities"! But that is fully in the User's sphere of control over their own actions.

Being philosophical, I have never understood the tendencies for people to treat their phones with any less Security-mindedness than their computer, especially since such "smart" phones, tend to be the repository of their owner's entire set of life-critical data (something which I still can't understand, and is why I will never have a smart phone until Government forces upon me for medical puposes), in some cases being the only such place where the information is stored! Excuse me for saying so, but what kind of insanity is that?

[3] Integration ...

The mechanism used for "integrating" the APK Apps appears to be working smoothly. From my now 4-year old memory (last usage of Android tablet), the various "Play Stores" (Google being only one such) seemed to keep track nicely of

• my profile,
• what I had as platform, and
• what I had as installed Apps.

Adding and purging of applications seemed straightforward and without complexity, having never encountered any glitches.

[4] Concerns ...

In the APK world, there is no attempt, that I am aware of, regarding regarding true (security-oriented) sandboxing. All efforts at "containment" of malware is left to the installed anti-virus software tools.

It seems to me that, for that "infrastructure" to be more secure, except for tools dealing with actual networking, most other Apps should have "Read-Only" capability in regards to anything which is system, except for the contents of the Apps installation directory.

Since Android does use the Linux Kernel, that is suggestive that privilege control would be identical to what is currently available in Distros of the likes of Debian/Ubuntu.

That is the reason why I believe an adaptation of that "App" infrastructure might be feasible.

After all, it doesn't look like the Android environment is going to face a decline any time soon.

[5] State of mind ...

I don't know which of the various "delivery" and "operational" models is either

• the best, or
• the most workable, or
• the most manageable.

I only know that what is simplest, in its ability to protect the User from himself, while allowing that User to proceed, if and when they deem it sufficiently necessary for themselves, is usually the approach which will gain the most traction by Users.

Now here's the kicker ...

While Users communicate their preference/support by purchasing hardware, which incentivizes developers on the Hardware side, in the FOSS world, it is much harder to "steer" or "focus" developers, where the only true incentive is developers seem to give much weight to is their own need to "make their mark", by either successfully "birthing" a new concept/technology/process which offers benefits previously not attainable, or receiving the well-deserved praise from peers recognizing the novelty or revolution offered by those new works.

The definition, or scope, of what a "Desktop End-User" is, seems to be subsumed in the more operational-oriented "Admin-User" or, given current trends, DevOps practitioner.

Unfortunately for "Old-School" End-Users, such as myself, that DevOps focus seems to be supplanting the needs/preferences/considerations of old-school Users, when it comes time to choosing "flavours" of behaviour, giving more weight to multi-user performance over End-User usability.

At least, that is the trend that I am observing as an "outsider" of the Linux development Community.

[6] Consideration of the APK infrastructure approach ...

Which led me to ask the question ... has anyone even attempted to consider/study the mechanisms/infrastruture supporting APK usage on Android to see if a similar mechanism/infrastructure supporting (call it) LPK usage

• would be technically possible,
• would be technically workable,
• would be functionally desirable, and
• would match APK ease of use?

If so, what did such an investigation reveal?

Has that investigation been completely sidestepped and avoided?

Would an attempt to create an LPK environment only lead to a simple duplication of Android, but under a different name? Or could the LPK environment be a more Debian/Ubuntu infrastructure?

I am of the opinion that a "joint effort" could accelerate the proving-in of such an approach/infrastucture as well as incorporate mechanism for the "transforming" of APKs for LPK-oriented infrastructure.

The potential attraction/motivation would be the massive base of APK Apps that could be "flipped" to native-mode LPK, thereby increasing the Linux User base by some serious numbers, potentially driving the long-deferred migration of Windows Users to Linux!

[7] Bottom line ...

If such an exercise/study has not been attempted, how can we ever know whether the Linux world is overlooking an opportunity ... or a black hole?

Without at least a preliminary study, there is no way to know whether current Snap/Flatpack/AppImage/Devian approaches are the best or not.

So ... has there been a comparative critique of the two? APK-based approach vs Snap/Debian ?