This is precisely why I have auto-updates turned off. No minor security or bug updates are worth getting an all-out infection(or unexpectedly losing features).
Same here. Every now and then some app stops working or politely asks me to update, so an update it'll get (and at that point I have time to look it over and rethink whether I even need the app).
Last time I went on an "update spree" and updated everything I tend to use frequently, I got the new Firefox mobile update, which is frankly utter garbage, and now I regret it.
(Why it's utter garbage? It's much more laggy across the board, and there are issues getting uBlock Origin to work on it. And this tends to be the story with updates - I haven't seen the app that got leaner, or faster, or more ergonomic with an update. Not a single one.)
The short answer is "when the benefits outweigh the risks"; i.e. if there's a huge bugfix or new feature you need, but something like a barcode scanner is something whose change frequency should be very close to zero.
The "update culture" has unfortunately trained users to obediently "bend over and take it", which is horrible from both the security and change-management point of view; but is the dream of those who want to exert control over "the sheeple".
Your dogmatic approach to updating would prevent you from installing a version _without_ malware attached. For example, a version of Xcode circulated in China was infected with malware and once Apple had detected it, they asked all developers to recompile and update their apps immediately.
Every Google Play update prompt in My Apps has a description provided by the publisher. If there is an urgency to update and they don't say so, I'm not going to blithely accept every update.
Ior example, had there not been the exploit risk, I would have left Chrome at the older version, as their new tabgroup implementation is horrible, and it doesn't even allow you to open a new tab without creating a group or going incognito!
> Every Google Play update prompt in My Apps has a description provided by the publisher.
I hate to reply like this but, the vast majority of Google Play app updates go something like this:
"Updates."
"Fixes"
"..."
Having genuine changelogs would be glorious.
Apple and Google should require proper source and issue management, they could then generate changelogs automatically. Having that, they could then use machine learning against the code commits and issue titles to ensure that what people say are happening, are actually happening in the code.
I mean we've got ML that can generate code from natural language, I'm sure the bright sparks at Google and Apple could use some ML to, with a high degree of probability, say that the code does what the comment/issue says it does.
I just looked at the messages for the last ten or so updates on my phone and the last three were worthless like the above, but the rest were relatively detailed and informative. I imagine they are more motivated to give details when it's for new features.
Probably never. I mean, I am on iOS and as a developer I know how hard it is to get your code to run on iOS. Heck, security flaws that jailbreak an iOS device just via network/OTA is paid serious money for, there is no need to implement this.
I seriously ask the question what damage could a potential malicious app on iOS cause? There is no running in the background, so no exploiting while I don't use the app, no being part of a botnet when the app is closed. There is a FS sandbox that will not let you access another Apps data without being able to jailbreak etc. I think an auto-update is more risky on iOS than to live with an older version of the app that does its job (you never know what an update changes/breaks for you, and downgrading is not an option in the appstore).
