Google outlaws Android app updates that don't come from its Play store

Google outlaws Android app updates that don't come from its Play store

Summary: Doing what Facebook did in March will now considered a 'dangerous' act for Android developers. From now on, apps listed on the Play store can only be available through that channel.


Google has tightened the security screws on Android app developers, forbidding them to issue updates to apps available on Google Play outside of the store.

From now on, if an Android app is downloaded from the Google Play store, no updates can be issued to it through any other channel.

"An app downloaded from Google Play may not modify, replace or update its own APK binary code using any method other than Google Play's update mechanism," says Google in a statement recently added to the 'dangerous products' section of its Google Developer Program Policies.

It's not certain exactly when or why Google added the new rule, however, its introduction comes after Facebook surprised some Android users in March by pushing a new beta build of the Facebook app to their devices outside of Google Play.

Users took to the social network's community pages to voice their disquiet over the move, questioning whether the "install new build" for Facebook could actually be malware. The update was legitimate and was seeking permission to install future updates without notifications, but Facebook never explained why it was attempting to issue it outside Google Play.

While Facebook had not breached Google's developer policies at the time, it will now have to limit itself to issuing new build updates through Google Play.

The new guidance only affects updates of apps originally downloaded through the Play store — Android owners will still be able to install apps outside Google’s official store, however.

Topics: Security, Android, Apps, Mobility, Software Development

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • not just Facebook

    At one time I was getting updates for installed apps from both Google Play and Amazon's Store, regardless which service was used for the original install. That seems to have stopped, but in my opinion this had as much impact on Google's rule change as Facebook.
    Jim Johnson
    • Different type of issue

      That was an issue where Google and Amazon were both looking at installed app names to check for updates but couldn't see if the app was actually downloaded from their store or not. That was unintentional, not an intentional bypass like Facebook did.

      Personally I'm curious about why Facebook pursued that approach.
      • My guess is "auto-update".

        Cool idea in away. Just like Chrome or Firefox and other major browsers auto-update, I am sure FB saw their app in much the same light. To keep people on the same version. This has proven very successful for applications like Chrome.

        But cool ideas are not always good ideas.
        • Google Play apps can already auto-update

          That wouldn't explain Facebook's moves considering apps through the Google Play store can already auto-update, unless the intention was to force auto-update on the users and not give them an option to avoid it. That's a bit heavy-handed, though.
          • i agree

            This is a good policy for Google. There are even adware libraries that can load their own code unscreened.
            The opposite issue, Google still needs to be able to update apps not downloaded through Google play. Otherwise all pre loaded phone apps won't update.
        • Re: My guess is "auto-update".

          Sounds like somebody is not accustomed to having the OS provide the auto-update service for installed apps as standard.
        • it was Beta software

          they wont have wanted to make beta software too widely available, as that could amount to a massive pr disaster
  • Am I missing something?

    I thought Android was "Open". This looks like a rule.
    • Well being so open

      has open Android too kind of malware. Is that good for people? If this reduces that the better. I'd be suspicious of any company trying to bypass the play store anyway.
      • Agreed

        Agreed. I've accepted Facebook's updates because... I mean... it's Facebook, come on. Though I do suspect that they're up to no good, here.

        But just about any other company... no way, no how.
        • Disagreed - FB is more than meets the eye

          In my opinion, facebook is the last app I would trust. It is quite obvious that FB is atempting to force its updates on its users.
          FB is not about social networking. Its about building profiles about every person in its database. And with its new face recognition and gps co-ordinates on all photos stored in your smart phone, they have more knowledge about you than the FBI and CIA combined.
          And who knows what else they are doing with your private info.
          I deleted my FB account 2yrs ago, I think you should do the same before it is too late!
          Etienne Schembri Wismayer
    • Android is open

      Android is open. The Google Play store is not. Nothing prevents you from checking the "install from other sources" box and shopping at third-party app stores.
      • Well said

        I agree. Google needed to be stricter about security when it came to the Google Play store, and this is a start. Android is still as open as ever.
        • Exactly

          Exactly, because that is the entire point of the Play Store: being a (relatively) trusted source of clean apps adhering to certain guidelines. Open, or clean and secure—you can't have both. Android is the open system, and Play is the trusted, moderated software repository.

          I think many people don't know that the coupling between Android OS and Google Play Store is not as direct and exclusive as with iOS and iTunes. You don't have to jailbreak or hack or root an Android device if you want to install software from outside the official store.
      • But the Play store has been evolving away from the "open" it once touted.

        For example, from 2011 write up, this description holds the common view of the Android Market (now the Play Store):

        "Apple's game-plan has been a tightly-controlled system in which developers need to pass strict requirements to be listed in the store. On the other hand, Google doesn’t have an approval system, so developers can quickly submit and revise their applications at will. Apple's walled-garden approach has long been one of the biggest complaints for app developers, limiting what they could release and sell based on Apple's ever-changing restrictions."
        "One other significant advantage of Android Market apps is that they do not differentiate between the phone's core applications and one's developed by a third-party. This means developers have equal access to all the mobile device capabilities, providing users with a broader spectrum of available services."

        The long held belief is the Play store is without limits and the App Store is a "Walled Garden". It has been one of my primary complaints with Android personally and Google has been slowly improving things. Play was never as unrestricted as fans wanted to make people believe. Google has de-listed 10's of thousands (if not 100's of thousands) of apps and has had to use remote delete multiple times. Of course there are limits to the type of software Google allows and the restrictions (like the App Store) are evolving (ever-changing restrictions) but this is not the narrative you hear. When it brought out, you hear the "Play is not open Android is." But it is often ignored in many other contexts.
        • Er...

          Sounds like the narrative you want to hear is: Google is totally cool with hackers submitting malware to the Play Store.
          • Hackers?

            I'm sure you meant to say "Google is totally cool with crackers submitting malware to the Play Store."

            Since Android is spyware on a massive scale, I don't see why Google should object to others adding malware to their malware...
        • Re: But the Play store has been evolving away from the "open" it once toute

          Since when was the Play Store touted as being "open"?
    • You seem confused...

      Android IS Open. You're confusing the OS with the Google Play store. The Google Play store is not "open". This rule only applies to the store itself.

      Sideloaded apps (which avoid the Google Play store) aren't applicable to this rule. Also, Android can still be freely tweaked and modified and put onto other devices and bypass the Google Play store entirely, such as the Kindle Fire... which, of course, is also not applicable to this rule.
    • I'll say you are missing something

      So you think that by android being "open", there are supposed to be "no rules" - are you serious? By that measure windows is the most "open" because you can just download any file anywhere on the internet with an .exe extension and try to run it, no questions asked. Android is open source, with relatively few play store rules compared wtih other app stores. I don't think you know what is meant by open.

      How this for open:
      1. download free android OS source code.
      2. optionally customize, then compile it
      3. flash it to your nexus phone.

      Create an app and submit to the play store, as long as bouncer doesn't find any maliciousness within it.

      All with free open source tools.

      Try that with apple, blackberry or windows phones.