2 min

The developers have to use their own methods to deliver updates.

When Microsoft introduced Windows 11, the company confirmed there would be a new Microsoft Store, backported also to Windows 10. The company said that all the content in the store will be “tested for security, family safety and device compatibility.”

But some applications will use their own update mechanisms, bypassing the new store. This is now raising concerns about security and user experience.

Does Microsoft’s new store have too many new rules?

Microsoft principal program manager Pete Brown explained in a blog post that the new store means developers can “publish those traditional desktop applications using your own install packages.”

Brown showed how developers can submit a classic setup application in .exe or .msi format, located on the vendor’s own infrastructure,. But he also stipulated that that “once submitted, the binary at the provided URL must not change.” It must also be a complete installer, not a downloader for another install package. And moreover, the installer has to run in silent mode.

The terms for the new store say updates will be different for apps packaged as a Win32 Apps. End users will not be able to receive updates from the Store. Rather, “Apps can be updated directly by you via your app that is installed on a Windows Device after download from the Store.”

Risking uneven user experiences and security vulnerabilities

These new policies appear to be problematic for several reasons. For example, we know that the user experience for applications that handle their own updates is by no means uniform. Some Apps update frequently, and they use annoying pop-ups. Others install background services solely for the purpose of updating the application.

Moreover, if a user installs an application from the store, and the App then updates itself, the updated version has avoided any checks which Microsoft made on the submission. This means that Microsoft cannot, in good conscience, say that the content is “tested for security, family safety and device compatibility.”

This new store model is thus very different from Apple’s App Store, or Google’s Play Store. Those platforms still maintain control over the updating process, so every update goes through automated vetting for security and quality.