Thank you Matt,
I somehow expected 2. to being that way 
For 1. I basically need a a mechanism to rollback the application software in case the last update flashed an application that cannot connect to the update server anymore (I update through http file downloads). So the catastrophic error for me would be that the new application has a broken update mechanism. I can very well detect in an application or from the outside world if the application still can connect to the update server but until now I did not find any builtin functionality to tell the firmware to rollback the application.
From what I understood from your answer you suggested that I create a very small bootloader application additionally to my single application that I am running now. This bootloader could communicate with the application somehow and flash a fallback image that I saved before with the same bootloader.