Xiyuan: you did some work to disable system auto-updates for kiosk apps. Was there also a mechanism to block app auto-updates?

Kiosk apps are updated as other apps. I added code recently to defer a kiosk app update if it has a required_platfrom_version manifest key whose value is not compliant with the current platform. It is not disabling AU, just defer the actual app install until certain conditions met.

I ddded a InstallGate [1] interface for that. If we want to use the same defer mechanism, we can use that.

[1] https://cs.chromium.org/chromium/src/chrome/browser/extensions/install_gate.h?rcl=0&l=14

Bad app update pushes can break any workflow, not just login. This is an inherent risk that is part of the auto-updating workflow.

The main way to mitigate this risk is to work in "channels". Have a subset of users on a staged version of the software (both the OS i.e. beta channel and the app in some staged form).


I think trying to fix this on the system level would lead to a complex and over-engineered solution. This problem exists in any auto-updating system and should be solved by proper processes in the company/school that is deploying. For example, they pin Chrome OS versions until their software providers certify the software for a certain version.

Per triage: sounds like this issue is Won't Fix.  Please chime if you feel there is action required.