Google, Android, and Private APIs.

[Declaration of interest: My company runs AndAppStore, an alternative to Googles Android Market]

Theres been a fair amount of talk around Googles use of “Private APIs” in their Android applications since the Andy Rubin interview which appeared in the NY Times Bits blog, and I’d like to point out what appears to be a glaring mistake in one of the replies Andy gave.

During the interview he said;

I don’t know whether he said this because he doesn’t know about what’s in some of Googles Android applications, or whether he was towing a party line about Androids' open source nature, but that statement simply isn’t true.

If you look at Android Market, an application which Google have gone to great lengths to point out isn’t part of the Android OS, you’ll see at least one glaring example of the use an API which isn’t available to third parties and hence, to me, is a clear example of a “Private API”.

When a user installs an application via Android Market they’re shown the permissions an application needs, then, if the user agrees to give the application those permissions, Market downloads and installs the application without asking the user to confirm the permissions again. Third party markets are forced to use the Android package installer which requires them to download the application and then requires the user to confirm the downloaded applications requested permissions.

This leaves third party markets with two user experience choices; Either the user is shown the applications requested permissions twice (initially by the market alternative prior to download, then again by the package installer as part of the installation process), or the third party market must download the whole application and pass a pointer to it to the package installer at which point the user is shown the requested permissions (which could involve a several megabyte download over a cellular network for something the user may end up not wanting to use). Neither one is as slick or user friendly as the mechanism open to Market via the private APIs it has access to.

One reason this example is important is that Google actually removed the public API for package installation. If you look at the headline changes between the Android 1.5 and Android 1.6 APIs you’ll see no mention of any changes around package handling, it’s only when you go into the API differences report and drill into the package you’ll see the package installation methods were removed and weren’t replaced with anything providing similar functionality.

So essentially Google took the installation API from public to private between Android 1.5 and 1.6.

The package installation API had “openness issues” prior to it’s removal in 1.6 because to use it you’d need the approval of the carrier, device OEM, or whomever created the firmware of the device, thus rendering it unusable by most third party markets. This could arguably be interpreted as the API being private from its' first appearance in Android and that the removal from the SDK was simply confirmation of this.

But, no matter how you look at it’s prior status, the fact is that Google Android Market for Android 1.6 and later clearly uses a private API and so, in my view, Andy Rubin was clearly wrong.

To me this is the most prominent example I’ve found of Google using private APIs in their Android apps, feel free to share more examples.