[the_snooze]

It's not just security, but simple functionality too. Connected devices rely on remote services, by definition. Those services' APIs will change and get deprecated over time. At the very least, you need to keep clients up-to-date to conform to those API changes.

[rkangel]

I would argue that connected devices should only rely on your services - otherwise how do you know that they're not going away?

And if they're your services then you can maintain their stability.

[the_snooze]

"Your services" aren't entirely yours. Practically speaking, no one builds systems entirely from scratch. A service likely has remote dependencies too, some of which will trickle down to the clients of your service. For Spotify specifically, they rely on SSO providers and third-party payments services; if those APIs change, then the client will likely require updates even though Spotify didn't change anything in their own core functionality.