Recently there were reports of Facebook updating its Android app by circumventing the Play Store updation mechanism. This has apparently irked Google which has updated its Play Store content policy. The new guidelines ban all apps downloaded from the Play Store from updating themselves without the formal updation mechanism. A new line added to the “Dangerous Products” section of the Google Play Devloper program policies says, “An app downloaded from Google Play may not modify, replace or update its own APK binary code using any method other than Google Play’s update mechanism.”
It appears this is to ensure the safety of the Android platform where it was earlier possible to publish a legitimate app on the Play Store which could possibly update itself to a malicious version later without any security checks or approval from Google.
This is however not likely to affect sideloaded apps which have not been installed from the Google Play Store. So any apps installed from non-official Android markets such as Amazon App Store will be completely unaffected. But, this new policy will now hopefully stop developers and companies like Facebook from automatically updating their Android apps by bypassing the Google Play Store.
It is to be noted however that a lot of other apps also use this mechanism, not just to update themselves but also to do things like install the beta version in place of the Play Store version. Some examples include apps like Dropbox etc. It is yet to be seen how these guidelines are implemented in such cases.
My Dropbox just updated itself this way, bypassing Google Play. I assumed it would take me to Play to do the update when I clicked the notification. Instead, it silently updated in the background after I clicked to download the udpate.