February 20, 2008

Google's Mac Installation Mechanism

I just downloaded Google's Notifier application for Macs, and was pretty surprised when, after clicking on the download link, my Mac asked me whether I wanted to start the Google Updater app "for the first time." There was no download involved; i just clicked the download link and my Mac asked me whether I wanted to start the app.

At first, this seemed like a security issue. Did Google somehow put an app on my Mac and start it, all without my interaction? Turns out they didn't. Here's what Google does: They check whether you already have the updater on your disk. If so, they launch it using its URL handler (the same way an FTP url might launch your FTP client); if not, they download it to your disk. Since I already had the updater, clicking on download did not download it again, but launch it, which triggered the message asking me whether I wanted to launch the app. Here's the relevant JS code:

if (GSPH_havePlugin()) {
   link.src="google-updater://sph?product=" +
   productId + "&action=install&source=web";
} else {
   link.src = downloadURL;
}

So how do they know whether I already have the updater on my Mac? That seems like a bit of a security issue, too. Turns out there's an explanation for this, too. They simply check whether you have their plugin installed in your Browser. If so, they assume you have the app, too:

function GSPH_havePlugin() {
   var havePlugin = false;
   var deluxe = navigator.plugins["Google Update
      One-Click Deluxe Installer Plugin"];
   if (deluxe) {
      havePlugin = true;
   }
   return havePlugin;
}

Presumably, the plugin doesn't actually do anything, other than serve as a flag for this piece of JavaScript.

By the way, that code is really weird, why not just write

return(navigator.plugins["Google Update One-Click
     Deluxe Installer Plugin"]);

or something similar? There are probably some casting issues since values like "undefined" are evaluated to "false" by JavaScript, but even so, they could write something like

return(navigator.plugins["Google Update One-Click
     Deluxe Installer Plugin"]?true:false);

Thus getting rid of some unneccessary variables and saving a bit of bandwith, too. Anyway, it's a clever solution Google came up with here. My hat's off to them!

Something else I noticed: it seems the "Do you want to open this app for the first time?" dialog only goes away if you launch it yourself from the Finder; if the app is launched by an URL, Mac OS X does not seem to count this as being launched, so the error message will appear each time you download something until you launch the app manually. It's in /Library/Google/Google Updater/, if you have it on your system.

If you require a short url to link to this article, please use http://ignco.de/3

designed for use cover

But wait, there's more!

Want to read more like this? Buy my book's second edition! Designed for Use: Create Usable Interfaces for Applications and the Web is now available DRM-free directly from The Pragmatic Programmers. Or you can get it on Amazon, where it's also available in Chinese and Japanese.