By this fall, Apple and Microsoft will have followed in the footsteps of Google to automatically update apps on their mobile and desktop platforms, another step in the trend to take security out of users' hands.
"This is one of the best things we've seen in security in the last decade," argued Andrew Storms, senior director of development and operations at San Francisco-based CloudPassage. "Historically, we've always relied on the end user to update, and praying that they do so. Auto-updating means that the moment [a new version] is released, the majority has the most secure code available installed."
Google's Android and Chrome OS -- the latter based on the Chrome browser -- automatically update installed apps, silently and in the background, without bothering the user.
Both Apple and Microsoft will mimic Google later this year, when the former ships OS X Mavericks for the Mac and iOS 7 for the iPhone and iPad. Microsoft, too, has committed to app auto-updates, a feature that will debut in Windows 8.1 this fall.
On Windows and OS X, the new approach to app updating applies to just parts of their software ecosystems.
Only Windows Store apps -- those the company calls "Modern" but which many still dub "Metro" -- will auto-update. Older, traditional Windows apps, those that run on the old-school desktop -- will not.
OS X Mavericks is in the same boat: Only apps downloaded and installed through the Mac App Store will update hands-off. Software acquired through other channels -- downloads direct from the developer, for example -- will remain the user's responsibility.
Although legacy applications on Windows and OS X are out of the auto-update loop for now, many applications offer their own auto-updates. And third-party patch managers for enterprises and consumers -- an example of the latter for Windows is Secunia's Personal Software Inspector (PSI) -- are available to fill the gaps.
"The question becomes, how much more can be automated?" said Morten Stengaard, the CTO of Secunia. "Frankly, the more automation the better, because we cannot keep up with all the patches available."
This fall's roll-out of app auto-updating on Windows, OS X and iOS 7 is only the latest in a continuum of similar moves over the years to remove the weak link -- the user -- from the equation, Storms noted.
"What we're seeing is the operating system [makers] putting a stake in the ground, that moving forward, this is the best way to go," said Storms.
Operating systems like Android, Chrome OS, iOS, OS X and Windows have long offered either partial (as in the case of iOS and OS X) or complete (Android, Chrome OS, Windows) auto-updates to provide patches; the Chrome and Firefox browsers have gone to fully-silent updates; Microsoft has enforced auto-upgrades to its Internet Explorer (IE) browser; and the most popular plug-ins and add-ons, such as Adobe's Flash and Oracle's Java, have shifted to a more hands-free model.
Not everyone's enamored by auto-updating. At each point in the years-long trend some have bemoaned the loss of control, arguing that because they own the hardware, they should have the final say over what's dropped on their devices.
"I'd say that that is still a majority of users," said Stengaard. "Most still want to have control."
In most cases, including Windows 8.1 and OS X Mavericks, app auto-update, while switched on by default, can be disabled by the user.
Going forward, Stengaard expects to see a push, at least on Microsoft's part, to assume even more of the burden. "I'd be very surprised if, in three to five years, Microsoft doesn't take over complete responsibility for updating everything on the operating system, at least for consumers," Stengaard said.
"It's good that Microsoft is going in this direction, and certainly what most expect," he added.
This article, Apple, Microsoft to leap on app auto-update bandwagon, was originally published at Computerworld.com.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is [email protected].
Read more about security in Computerworld's Security Topic Center.