Updating Android apps is usually very simple: Click on the Google Play Store app, My Apps and “Update all.” You can even set apps to update automatically. This process is simple for the end user, but creates a time-consuming middleman for app creators.
Some apps tried to circumvent this process by including automatic updaters right in the app, but Google has put a stop to this process: As of now, all Google Play Store app updates will come via the Play Store or not at all.
This ban on auto-updaters only applies to software acquired through the Play Store. Users can still install third-party apps from stores such as Amazon or Tencent, or even directly from the Web, by allowing app installation from “unknown sources” in a phone or tablet’s settings.
In fact, users in China have no access to paid apps in the Play Store whatsoever, and must rely on alternate sources of apps. [See also: 10 Tips to Keep Your Android Phone Safe]
Amazon and Tencent provide reputable apps, like the Play Store, but downloading Android apps from the Web is a little like the Wild West: Some are good, but most are dangerous hotbeds of malware and pirated apps.
The issue received considerable attention last month when Facebook — one of the most popular Android apps — automatically downloaded an update and pestered users with unrelenting vibrations and beeps until they broke down and installed it.
Luckily for Android users, this was a perfectly legitimate Facebook update and presented no threat, but it still circumvented the protective Play Store entirely.
Google does not object to Facebook’s self-updates specifically, but rather seems concerned that they might set a perilous precedent. Less savory apps could easily present a safe download in the curated Play Store, then apply malicious updates as soon as users install it. Common Android hacks can irritate users with ads, gain access to private photos or even compromise financial information.
The guidelines for the Google Play Store changed last Thursday (April 25), according to Droid Life. Now, apps that allow self-updaters are listed under the “Dangerous Products” supposedly forbidden in the store.
“An app downloaded from Google Play may not modify, replace or update its own [code] by any method other than Google Play’s update mechanism,” the new language states.
Clearly, Google is not taking a hard-line approach, since the Facebook app is still up and running, and widely available. However, it will have to change its update protocols if it wants to retain its spot in the Play Store.
Apps without Facebook’s clout may face expulsion, but the Play Store has generally been lenient in the past, choosing to issue warnings rather than ban apps outright.
This protocol update will patch a potential security flaw before it becomes a major issue, which is always the best time to do it. As for Facebook, it will have to continue to deal with updating through the Play Store: a hassle for coders, but a boon for everyday users.