Sign in with
Sign up | Sign in

Google Banning Devs From Updating Outside Google Play

By - Source: Droid Life | B 14 comments

After Facebook began scaring Android users with external updates, Google has decided to clarify its updating policy.

Droid Life has discovered that Google updated one of its Play store policies that prevents developers from updating apps outside the marketplace.

The recent change in Google's developer policy seemingly strikes back at Facebook who several months ago began bypassing Google Play to distribute beta updates directly to select Android app users. This method was supposedly used to test new features before they were officially rolled out to the Google Play masses.

According to reports, the first non-Google Play beta update for the Facebook Android app allowed users to change their profile photo directly from the mobile device, hide stories and report spam. It even featured an audible or vibrating notification that nagged the user until additional updates were installed. These app beta updates were only performed over Wi-Fi, and only on devices that allowed the installation of non-Play apps.

But Google has put a stop to that, and the move is understandable given the nature of Android's open-source focus. Google has enough problems on its hands keeping the level of malware and inappropriate content to a tolerable level – the company doesn't need secret updates sneaking into apps and possibly bricking potential ad sales.

"An app downloaded from Google Play may not modify, replace or update its own APK binary code using any method other than Google Play's update mechanism," the content policy reads under the "Dangerous Products" section.

As Droid Life points out, Google doesn't name a developer, but the move seemingly glares right in Facebook's direction. The "Install a new build" alerts apparently scared Android users to the point where they created threads "all over the Internet" trying to figure out if the updates were real or possibly malware... and for good reason.

Just recently Lookout Security discovered a new family of Android malware called BadNews. It arrived in the form of an ad network in legitimate apps, and pushed fake news to the user including links to "app updates" and other related apps. Most of these updates were actually the AlphaSMS toll fraud app which adds fraudulent charges to the user's phone bill via Premium SMS.

That said, it's understandable why many Facebook users grew paranoid over the in-app beta releases. The move to update outside Google Play's own distribution system seems rather sneaky – it certainly wouldn’t fly on Apple's App Store.

"Google Play is a trusted source for Android application downloads, and we are committed to provide a secure and consistent experience," Google is now telling developers via the Developer Console.

Discuss
Display all 14 comments.
This thread is closed for comments
  • -1 Hide
    itchyisvegeta , April 28, 2013 10:28 AM
    If these Facebook beta updates fix the app from crashing on my phone, stop making every other app crash on my phone, and finally enable the app to transfer to the micro SD card; then shame on Google.
    If the Facebook update does not fix these issues, WELL DONE GOOGLE! Stick it to Facebook!
  • -1 Hide
    joecole1572 , April 28, 2013 11:15 AM
    "and the move is understandable given the nature of Android's open-source focus"
    What? That is completely not understandable. An open source focus means that users and app developers are free to do whatever they want with their operating system and software. Forcing users to user a revenue generator for Google is NOT part of the FOSS philosophy.
  • 1 Hide
    house70 , April 28, 2013 12:03 PM
    Not so. Devs can post their apps on different markets, but they have to abide by the rules of said markets. They still have control of their own apps. There are plenty of apps that are available on gPlay, Amazon Appstore and others. You can pick the market that suits your needs, so can developers.
  • 5 Hide
    house70 , April 28, 2013 12:05 PM
    And, after all the modifications made to this Comments section, one still can't edit comments on Tom's Guide.
    "Kudos" to the webmaster.
  • 0 Hide
    Shin-san , April 28, 2013 12:54 PM
    I'm mixed. I can understand Google's position, but the whole point of Android is that you can use whatever service you want. They could make it a manifest permission
  • 3 Hide
    Camikazi , April 28, 2013 1:42 PM
    @Shin-san I'm mixed. I can understand Google's position, but the whole point of Android is that you can use whatever service you want. They could make it a manifest permission
    Android is open and you can still do anything you want BUT, and this is a big but that most forget, Google is NOT Android and their services have never been Open Source. If you choose to go through the Play Store then you must abide by their rules. Facebook was bypassing the API's in place and Google didn't like that seeing as if there were any problems they could not deal with it but would get the blame. What if a dev made a benign app and put it in Play Store but used the outside updates to turn it into a virus or an information stealer? Google can't help there at all but they will get the blame since the person installed it from the Play Store.
  • 1 Hide
    invlem , April 28, 2013 8:16 PM
    To be honest it makes sense...
    Look at it this way, if people choose to download apps outside the play store, they do so knowingly and also take on the inherit risk that the app may not be safe. For people who don't want to worry about malware and other risks, play store makes sense, its a place for the general consumer who wants to be able to download whatever they want, without incurring risks, a place where they know someone is controlling the content that is available and ensuring it is safe to use.
    Apps purchased via the play store are screened for things like malware, similar to apple's (though much less stringent) approval process.
    Its basically a security measure, if you want to sell your app via the play store and have it scrutinized by Google, then obviously all updates to that app should be subject to the same checks.
    People complain about this, but the fact is that you can easily download apps from sources other than the play store without any modifications to your phone, something that can't be done on IOS without jailbreaking...
    So yeah, Google wants to control the content they distribute, its completely understandable, if a developer wants to sell their app outside of Play, they have that ability, they're not being forced to sell it on Play... Facebook could just as easily provide a link to their app on their own site (Sirius radio does this for Canadians, its a direct link off the Sirius website, no play store involved).
    Its not monopolistic behavior in any way, since other options are available.
  • 0 Hide
    alextheblue , April 28, 2013 8:32 PM
    "These app beta updates were only performed over Wi-Fi, and only on devices that allowed the installation of non-Play apps."
    If you really value safety first, and only install apps from Play, this doesn't even affect you. So I don't know about mass panic, I think most people installing from non-Play sources are probably at least somewhat tech savvy.
  • 0 Hide
    hotice , April 29, 2013 5:24 AM
    They title is misleading, really it's not true at all. The news is that Google is not allowing developers to release apps on Google Play that, once installed, have their own way of getting updates within the app, that's completely independent of Google Play. Developers can still release anything they want on their web site as an apk and any well trained monkey can still install it.
  • 0 Hide
    lathe26 , April 29, 2013 11:17 AM
    Soooo... what is a developer supposed to do if they legitimately need yo run a small beta release before shipping to the masses?
  • 0 Hide
    lathe26 , April 29, 2013 1:18 PM
    Soooo... what is a developer supposed to do if they legitimately need yo run a small beta release before shipping to the masses?
  • 0 Hide
    spentshells , May 2, 2013 4:38 AM
    google can not flog advertising if the developers can update outside of google play.
    Since the OS is free this seems pretty reasonable.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter