GitMate.io thinks possibly related issues are https://github.com/nextcloud/server/issues/7002 (Automatic app updates), https://github.com/nextcloud/server/issues/3182 (Automatic updates of apps as an option), https://github.com/nextcloud/server/issues/5933 (Automatic disabled apps are not updated from the app store), https://github.com/nextcloud/server/issues/4663 (Update with disabled app store), and https://github.com/nextcloud/server/issues/74 (Add Automatic Tagging).

As a first step I would propose we write an occ command (maybe as an app so we can iterate a bit before integrating it).

11053 😉

Sifting through the many issues related to automatic app updates, heres what I've found as the current state of app updates:

• Apps should auto-update on every major release: https://github.com/nextcloud/server/issues/15416
• The occ tool can update all apps. This can be scripted/scheduled at the OS level: https://github.com/nextcloud/server/pull/11053
• An "update all" web UI button is an open request: https://github.com/nextcloud/server/issues/6989
• Some discussion of full automatic updates took place here: https://github.com/nextcloud/server/issues/3182
  > I see a point in having auto updates. On the other hand since apps are not checked in the slightest way before published in the app store, I wouldn't really recommand auto update for everything.

My personal two cents:

1. The security concern quoted above is valid, so only official apps should auto-update by default.
2. Doing it that way offloads the responsibility for checking third party apps to the user/admin. My only problem with this is that it's only a good justification if the user/admin is made aware that checking apps themselves is a necessary step. In other words, how many people are even aware that nobody is looking at third party apps before they're added to the app store? How many people think it's totally safe to just click that update button?

If the security of these apps is a genuine concern and we're going to offload that responsibility to them, then we'd need to explicitly tell them we've done so.  Some examples to look at would be how MacOS and Android handle allowing unchecked, third party apps to be installed.  I believe Win10 might also handle this with some kind of warning now?

While I get the concerns. I also do not think people check all their android apps. And you have to think if you even want to install a random app from the appstore if you do not trust the developers.

I agree with that. Another point to that end is apps on Nextcloud are installed by server administrators who hopefully have more experience in this situation than end users.

On the other hand, the stakes here are higher compared to a personal phone: Far more users could be at risk on one server, and they are putting their trust in the administrator to keep their data safe.

Personally, I lean towards "secure by default". In this case, that means auto-update only the official apps by default but have a separate toggle for auto-updating third party apps, disabled by default. A line of text there to caution people that third party apps are not checked is good enough for me.