Back to Insights

What a 'Two-Day' Android Update Taught Us About the Real Cost of Neglecting Your App

A two-day Android update turned into a week-long rebuild. Here's what happens when apps go untouched for years - and how to avoid it.

Posted by: Casey Whearity
Android developer head on desk whilst trying to resolve an app which has not been updated for years

App development is often seen as a linear process with a start and finish: it begins with the planning and design, and ends with a successful submission to the Play Store. The reality is that post-launch maintenance is equally as important as the development, with many potential risks and consequences for apps that are left untouched.

As developers who work with both brand-new apps and retainer projects, we see these consequences first-hand quite often. Take, for example, the case of updating a client’s app to support Android 16: the codebase had not been touched since 2020, and Google had stopped offering the app to modern devices as it was no longer optimised for newer hardware. For some projects, an Android version update is a straightforward process, but others are not quite so lucky.

We estimated two days for this app’s upgrade. The reality was closer to a week.

This project was one of the unlucky ones, and this mostly comes down to the use of third-party libraries. Almost all Android apps rely on libraries and dependencies to provide functionality, ranging from visual features to backend database/server logic - and as the Android world is constantly evolving, so do the libraries.

A good, well-maintained library will be updated regularly, and a good app should also update its library versions frequently. One of the greatest risks of libraries - particularly third-party ones - is security vulnerabilities. When a danger is exposed, the library will usually be updated to make it more secure, but unless the app that uses this library is updated, it will still contain that vulnerability.

Libraries are only as good as their updates - and quite often, they are left to become stale and outdated. Official Google libraries are also not immune to this, as they can be deprecated (no longer maintained) and not recommended for use anymore. In these cases, the best option is to replace unmaintained libraries with newer ones.

The project in question relies heavily on libraries, one of which - an official library from Google - was deprecated a few years ago. Finding and implementing a replacement for this library is where most of the work came from, as it quickly turned from a simple ‘switch out the library’ to rewriting a whole chunk of functionality.

You might wonder: why bother updating/replacing old libraries if the app works? For some projects, the effort seems pointless on the surface, but there are a whole host of reasons why updating is so important:

  • Older libraries are more likely to contain security vulnerabilities
  • New features can’t be published unless the app meets the Play Store requirements (e.g. targeting the newest Android version)
  • Apps can be removed from the Play Store/not offered to modern devices if no longer compliant
  • Updating an app becomes more difficult/costly the longer it’s left

This is why we recommend apps being checked and updated on a regular basis, whether that’s a periodic health check or as part of a monthly retainer. Android version upgrades (supporting the latest OS version) should be done annually, in order to keep up with the Play Store’s guidelines and avoid compliance issues, whereas library updates can be done more frequently. Keeping on top of an app’s status and doing small, regular updates helps stop a two-day job spiraling into a week of untangling old, deprecated code.

Some things we recommend keeping an eye on:

  • Target SDK version - is your app supporting the most recent Android version? If it’s below the Play Store’s minimum (usually the version before the most current release) then you won’t be able to publish any updates until it’s been upgraded.
  • Library / dependency versions - do any libraries have any major version updates available? Are any libraries deprecated/no longer receiving updates?
  • Deprecated code warnings - while most code deprecations won’t break your app, they can cause problems/further work in the long run, and newer code solutions generally perform better and are more secure.

Technology is always advancing, and so should your app. Keeping everything up to date helps keep your app functional, secure, and reduces costs and struggles in the future.

If you’re unsure where your app stands against security and Play Store requirements, feel free to get in touch with us for an app health check.

Tags

AndroidSecurityMobile Development

Share

Do you have an idea for an app or web project?

Whether you need web or app development, our confidential and responsible approach ensures your idea is always safe with us. Let's explore your idea and see what's possible...