In association with heise online

29 April 2013, 12:49

Google locks down updating on Play store

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Google Play logo

Apps from the Google Play store which use mechanisms other than Google Play to update themselves will, from now on, be classified as "dangerous products" and subject to removal from the store. The change has come in the wake of Facebook's introduction of a "silent update" feature for Facebook for Android in March which could download updates to the app and install them without notifying the users.

Google considers this a security risk, especially if less reputable companies adopt the process, as it allows the software maker to skip validation by the Play store's systems. For example, a legitimate application could be downloaded from Google Play only to turn into malware later in its life. To prevent that Google has added a clause to its Google Play Developer Program Policies which reads

An app downloaded from Google Play may not modify, replace or update its own APK binary code using any method other than Google Play's update mechanism.

This clause will most likely bring to an end Facebook's experiment with silent updates though its modifications were only distributed to about one per cent of its Android user base in what has been called a "forced beta" programme. Facebook has yet to say how it will cope with the new requirement.



  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit