Facebook update

Facebook had been confusing users with unsolicited 'beta' updates outside the app store

Google recently changed its Google Play Developer Program Policies to prevent applications from using Google's app store and then going off the reservation for updates. 

The change likely is in direct response to Facebook doing that very thing under the guise of a "beta" program. While there might be any malicious intent there, it is a bit specious, and confusing to consumers.

The new policy language reads thusly:

An app downloaded from Google Play may not modify, replace or update its own APK binary code using any method other than Google Play's update mechanism.

That should still leave room for applications that are distributed through Google Play to simultaneously have beta tracks outside of Google's app store, so long as those trains stay on their proper tracks. 

Source: Google Play Developer Content Policy; via The Verge


Reader comments

Google: If you distribute your app through Google Play, you'll update it through Google Play


This will affect a lot more than just Facebook.
There are quite a few apps that have a development track outside of the play store, and the development version replace the store version.

Take Csipsimple for example. The nightly builds come from Source Forge, and every 6 months or so a stable release is pushed to Google Play. Truth be told, most users use the nightly builds.

This is a good move by Google. Some apps also request full internet permissions in order to do their self-update also, which is both redundant and uses extra data & CPU cycles in the background unapproved by the user.

I thought this was a given in the first place, I was mistaken. This is better though in my opinion as it perhaps should help bring a little more peace of mind/less chance of someone thinking they are getting an ok update but it really isn't, type thing.

i would think a two strikes your out deal if there wasnt any malware.

its weird this wasnt in there b4 but it least its there now. i went crazy looking for apps that i might have installed and is now pushing a virus disguised as facebook to my phone.

They remove the offending app from Google Play.

Repeated violations of the policies results in termination of developer's account.

Facebook should at least have provided a more detailed changelog as to what you're updating... "Bug fixes" is too general

Sometimes, bug fixes is the best description. People don't care or have a clue if you say "changed the maximum size of a database look up table" or "made the caching of images more efficient for phones with no SDCard". Only tech heads care. Most people see a bug fix update and just hope it got rid of the thing that had been bothering them most.

Then provide a link to details. Simple. It's better to provide more info than less, the people who don't care ignore info anyway.

I was wondering how long it would take Google to change their policy as a result of Facebook's shenanigans.

I believe Facebook Home is an attempt to gauge interest in a Facebook ecosystem. And now that Google has put their foot down regarding Google Play, Facebook may eventually create their own market (a la Amazon) to sell more apps & services targeted specifically at Facebook users.

They already have that, but their apps will only run IN Facebook (see all those invitations to play? Those are the apps :P). Now, if you take this, plus the Parse buyout Facebook just announced, it's clear their shift to mobile touted by Zucks a while back is happening...

This is kind of shitty.. i always downloaded Nova Launcher Prime beta through the app... how will that work now ?

Not only that, but this is vastly safer for the majority of users who never install things outside of google play, at least with updates going through google play the bouncer has a chance to find malware, if more apps followed facebooks lead a developer could release a perfectly malware free app and then release a upgrade through the app, outside of google play which "upgraded" it to include malware and Google play would never know.

Even if you trusted facebook, or Nova launcher to release malware free updates, would you want to trust every random app you download? I highly doubt it.

I think this is why they changed the policy :P A lot of us got the in-app update (second time in the past couple of months).

I had one a whole ago last as well, but seeing as I got one last night, I am guessing it broke this new little tidbit. Would like to report them for it.

Way to go, Google! That's totally appropriate and I'm glad they did it. It was both confusing and annoying to keep getting this repeating notification (which I didn't authorize) to update the Facebook app.

If I remember correctly, Google did the same thing with Chrome Beta for Android, at least initially.

@Phil Nickinson

Thanks for the informative post.

Google should make this condition long time before. But then also very good decision from google at present.

Thanks in Advance

Glad to see this. I had to delete FB app this week. Kept crashing and suspicious behavior. I don't trust FB. Prefer G+ but FB is still big so necessary evil I guess.

Some people are confusing apps that have a separate beta app. If you install your own beta app and overwrite the market app, no big deal. This is specifically targeting shady apps, like Facebook, that used their installed market app to download and overwrite the market app with their own external APK.

Those who installed an APK on the side and want to keep overwriting the APK with the outside one, Google doesn't care about that. Or if you have a market app and want to overwrite it yourself with an outside APK, that is fine. But you can't have an app you downloaded from Play decide that it is going to download and overwrite itself with an outside the market app.

Agreed. Let's be honest folks: if a developer updates an app that was originally downloaded through the app store with something that is shady, or even an APK that just doesn't work, the Play Store takes most of the heat. This is even though the Play Store's APK could work perfectly fine. The app on the Play Store will still be the one to get downrated and avoided, leading an unscrupulous developer to then say "hey, download our version directly from us and you won't have those problems". I for one wouldn't put it past Facebook to do exactly that! Google is stopping this before it opens up a whole can of worms.

Yes I agree with what Saneless said, people don't seem to be aware that there is a security risk.

An app that updates itself can Chang policies and setting. Without the user being aware

My question is how does it install without enabling unknown sources? That is the biggest issue to me considering if an app can do it so can a website right.