Microsoft packs Store apps with telemetry wrapper

Stop - Pixabay[German]The move from Microsoft, which has just been uncovered and is causing anger among developers. Their Store team has started to secretly repackage Store apps. The apps are provided with an executable .NET wrapper that adds telemetry and other code into the app. Furthermore, .netfx 4.7.2 is currently being used – regardless of what .netfx version the app uses. The explanation I read, is that Microsoft now wants to offer .exe applications for download directly from the store in a simple way. Here is some information on this.


Advertising

Store apps secretly repacked

I became aware of the issue on X via the following tweet by Rafael Rivera. Rafael Rivera reports that the Microsoft Store team has started wrapping apps like EarTrumpet with a malware-looking .NET executable wrapper (with the name of his app, of course).

Microsoft packt Store-Apps mit Telemetrie

This integrates telemetry and other code for other functions into the .exe file. Rivera writes that the apps packaged in this way use Netfx 4.7.2, while his app relies on Netfx 4.6.2.

The tweet above shows the details with the store installer in the properties. The data of the components used is listed on the right. The use of Netfx 4.7.2 is also documented there. Rivera is rightly pissed off and has posted the download address of the app.

The master plan behind it

Rudy Huyn, Principal Architect Microsoft Store / Copilot / Windows at Microsoft, has outlined the plan behind this in a series of tweets on X (I've since come across it on X and here). They've just introduced the Microsoft Store Installer for the Web – a new and streamlined way to install Store apps directly from apps.microsoft.com, according to the following tweet.


Advertising

New Store installer from Microsoft

The reason given for this is that feedback showed that the installation process required too many clicks. Previously, the following was required for installation:

  • Clicking on "Install" on the Microsoft website
  • Confirm the deep link dialog (unless the link was already allowed)
  • Clicking "Install" again in the mini-window of the store

A second Install button should ensure that the installation was initiated by a user and not by a malicious script, as this poses a risk when using deep links.

To improve the user experience and increase the conversion rate for Microsoft's ISVs (Independent Software Vendors), the developers at Microsoft have been conducting an experiment over the last five months:

Instead of launching the store via a deep link and opening a mini window that simulates an installation program, a standalone installation program was used.

This program manages the prerequisites, permissions, downloads and installations in the same way as the manual installation method outlined above, packaged in a much smaller and undocked executable file, according to further tweets.

Outsourcing the code to the installer has many advantages, writes the Microsoft man. Only two clicks are required to install the Store app. The whole thing is done by a lean installation program that starts much faster than the Store.

It is also always up to date, with the latest functions and support for all products, even if the Store app has not been updated for months. The approach always works, even if the store has been removed. And the approach supports parallel multiple installations.

The feedback from developers and users who took part in the first three rounds of the Microsoft test was extremely positive. On average, this new method of installing Store applications has led to a 12% increase in installations. And the number of applications launched after installation has increased by 54%, wrote Microsoft product manager Huyn.


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *