back to article New Google Play terms ban non-store app updates

Google has amended the policies of its Play app store for Android to prohibit third-party app update mechanisms, in a move seemingly designed to put the kibosh on a contentious feature being tested by Facebook. As of Friday, the "Dangerous Products" section of the Chocolate Factory's Google Play Developer Program Policies - …


This topic is closed for new posts.


  1. stephajn

    Simpsons Tapped Out comes to mind....

    Under these terms, when The Simpsons Tapped Out wants to download new updates and such to add more content, does this mean that they now have to find a way to distribute that new content through the play store as an entire app update rather than the smaller bite sized updates that are done in the app as they are needed?

  2. jonathanb Silver badge

    Re: Simpsons Tapped Out comes to mind....

    Satnav apps generally download maps separately from the app. I guess it is OK if it is data it is downloading rather than executable code.

  3. Anonymous Coward
    Anonymous Coward


    I don't think this new policy will prevent the case where you download that game that's on sale, only to be told it then needs to download more GBs of data than you have storage.

  4. Irongut

    Re: Simpsons Tapped Out comes to mind....

    I thought of the Simpsons game and several others too but note the exact wording - "may not modify, replace or update its own APK binary code". The Simpson's game has had a number of updates through Play as well as within the app itself recently. I'm guessing that the in game updates are data only, like new buildings and characters. Any actually new functions, like whacking snakes, have come with the updates through Play.

    There is a limit on the size of an Andoid app install, 50Mb IIRC. So any app that needs a large amount of data, like a map or some games, downloads it on first run.

  5. silent_count

    Re: Indeed

    I know it's not what this policy update is aimed at but I'd love to see Google kill the practice of: you buy an app then it spends 15+ mins downloading data so, by the time you discover that the app doesn't work, you can't get a refund any more.

  6. LarsG

    This is just like

    This is just like trying to control the weather.......

    If it is going to rain it will rain no matter what you do.

  7. TheVogon Silver badge

    Re: Simpsons Tapped Out comes to mind....

    So downloading another app is OK then, just so long it doesn't modify the original?

  8. Anonymous Coward

    Re: Simpsons Tapped Out comes to mind....

    As a non programmer asking, would it not be possible for an app tp seemingly download, say, map data but then compile the code back into malware et al??

  9. Paul Crawford Silver badge

    Considering the recent security problems with apps (I hate that term!) updating themselves to become full blown Trojans, this makes sense. However, part of me also wonders about the more sinister control aspect...

  10. Anonymous Coward
    Anonymous Coward


    You think Google are about to go all Apple on us?

  11. Shannon Jacobs

    Tradeoff of security for freedom

    Actually, I think the google has already gone all evil on us. EVIL is as American corporations are required to become, and corporations are NOT people, my friend in a flying pig's eye!

    Having said that, I think that Android really has become more of a security threat than a convenience, and for that basis I have to say that the new rule is stupid because it does not go far enough. The google needs to provide a mechanism to identify apps that have ALREADY driven a truck through this gaping security hole. Since that probably isn't possible, then at least the google should provide a way to reinstall any apps that might have done so. At least that would be theoretically possible if the google has been bothering to keep tracks of the apps they have been feeding us through Google Play--including the poisonous apps.

    Even without decrypting the legalese, I already know that the google license agreement already absolves them of any blame or liability. What else was there to learn from that passed master of EVIL, the Microsoft?

  12. Anonymous Coward
    Anonymous Coward

    Re: What?????

    Seems like it, the more they try to control us the less actual control they have.

    "The more you tighten your grip, Tarkin, the more star systems will slip through your fingers."

    Facebook will just laugh at this in the grand scheme of things.

  13. Anonymous Coward
    Anonymous Coward

    Re: What?????

    Facebook will just laugh at this in the grand scheme of things.

    I forgot to add, Facebook is more popular than Google, so in theory it has a bigger fanbase, thus they could just add a mention on their frontpage of how to install the Facebook application outside of the Sookle store.

  14. Shannon Jacobs

    Disagreement is good, if you have some basis for it

    If you disagree with me enough to vote thumbs down for the post, why don't you say why? Or are you just sock puppets "working for" the google of EVIL?

    No, I don't like making mistakes, but I do like learning new things. If you think you can teach me something, let's see your data or your corrections of my analyses.

  15. Anonymous Coward
    Anonymous Coward

    Re: Disagreement is good, if you have some basis for it

    Have a downvote for whining about downvotes. And using the shill argument. And always typing "evil" in capitals. Makes you look like a petulant child stamping their foot.

  16. Anonymous Coward
    Anonymous Coward

    Re: Disagreement is good, if you have some basis for it

    Well I NEVER get any apps from their app store. You have to give them your phone number to download anything, and that I specifically refuse to do.

    I don't mind getting a Google account, because I can do that anonymously, but I draw the line at a phone number. My only alternative would be to buy a SIM card from Tesco for a quid and use one of those -- just the once. But I suspect they will want to download over the air, rather than across the Internet, so I'd be no better off.

    So from that perspective of Google trying to get some data that can really identify me, I'd say they were EVIL. I want to remain as anonymous as I can, and so I don't use their apps directly.


  17. Dan 55 Silver badge

    Re: Disagreement is good, if you have some basis for it

    So far I haven't needed to give a phone number, but I haven't yet downloaded a paid-for app. FYU there appear to be a lot of gmail accounts starting with "AndroidPhone" and ending in several digits so I suspect many people have had a similar idea.

    I suspect that Google already have read your phone number or IMEI anyway.

  18. Anonymous IV
    Thumb Down

    Re: Disagreement is good, if you have some basis for it

    Possibly people were downvoting Shannon Jacobs for putting "passed master" instead of "past master"?

    Stroppy persons really need to minimise grammar, spelling and homophone errors in their posts!

  19. Nameless Faceless Computer User

    No doubt. If Google was concerned about trojans, they need only insist on a secure connection for updates from the author's website rather than their own.

  20. dssf

    Instead of retro-rules that *seem* well-intentioned for the users

    How about giving us VAULTS to keep voice apps from raiding our contact lists? If we only want a voice app so we can try to compensate for no longer having a phone plan, then, why the hell does a phone app need one-time approval to plunder our contact list? Sometimes, those names in the contact list are not people we talk to but people about whom we make flags/tags/personal notes, and we DAMNED SURE do NOT want 3rd party types being privvy to that stuff.

    How about giving us the ability to install and tweak firewalls without having to be root or without having to deal with restrictions imposed by the carrier?

    How about making carrier-locked phones become non-carrier-locked when our contracts formally expire? If we do not remain with the carrier, WHY the HELL should their custom ROM impositions remain in force on our phones? For instance, I am no longer with my carrier, but when I installed Google Talk, Google told me it was installing a version customized just for my phone by my carrier, which has not been my carrier for over 11 months. I have not had a phone account in all that time, and yet, Android does not know how to unenslave itself.

    I a phone contract expires, and the user does not reactivate it before the number is recycled, and if a Google phone number verification fails, then obviously, the phone contract lapsed and the carrier should no long impose upon the phone, especially if the phone has been month-to-month for a 6 months or a year prior to any other reason the phone is not part of the carrier any more.

    Gods, google. You guys and girls need to be more creative and more user-considerate.

  21. Number6

    Re: Instead of retro-rules that *seem* well-intentioned for the users

    How about making carrier-locked phones become non-carrier-locked when our contracts formally expire? If we do not remain with the carrier, WHY the HELL should their custom ROM impositions remain in force on our phones?

    This may be solving itself soon, with carriers separating out the phone cost from the airtime contract. I realised some time ago that it's better to get the phone unencumbered by a contract, although it's a big hit of money for some. I did manage to flash a manufacturer's image onto my Nokia E71 some years ago, over the carrier's image. It didn't unlock the phone (but then I didn't expect it to) but some interesting new menu options appeared.

    And yes, it should be a default that if a carrier locks a phone for the duration of a contract, the unlock should be free and automatic at the end of that period without the user having to do anything. If anything, it's to the carrier's benefit that they do this silently, because then they'd be making money from people who haven't bothered to upgrade their phone.

  22. Tom Jasper

    Err - I see a flaw

    This, I think, is on the whole laudable.

    However, a subset of developers who are very connected with their customers, will utilise functionality within there application to enable the customer to download a beta version of the next revision...

    For instance the wonderful Apex Launcher will, if the "Beta Channel" option is enabled, give the option for the customer to click a download link and install said beta version.

    I think this falls foul of the amended T&C.

    Saying that, I wonder if the mere notification that a beta version is available would, in itself, also be construed as a method other than the Play store... Or does "update itself" mean that if there's user consent then it's not updating itself all on it's own.

  23. Voland's right hand Silver badge

    Re: Err - I see a flaw

    Err... BS.

    Just look at how Sygic and other Aura apps are implemented. There is a loader and small core app in the APK, 120Mb or so extra code and resources downloaded after that just to be able to run the app.

    Presently that is being updated along with the APK. Nothing prevents them from doing those two out of sync - the APK may stay relatively unchanged for a long time and extra "resources" downloaded regularly to be up to date. So all the developer needs is to structure its app accordingly (it will still be fully compliant to GPlay terms this way).

  24. Anonymous Coward
    Anonymous Coward

    Re: Err - I see a flaw

    Add an option to install the beta from the Play Store.

    Firefox and its beta are on Play. You can install Aurora separately by downloading form the Mozilla site.

  25. ratfox Silver badge
    Thumb Up

    Setting rules on the playground

    The Google Play Store being supposedly safe (well, as much as possible) it makes sense not to allow apps which require you to disable the third-party App Store lock. Especially for silent updates! The third-party App Store lock can be disabled temporarily to explicitly load an app that you trust; disabling it to allow silent updates completely defeats its purpose.

    Not that I particularly distrust Facebook, but the security hole they are opening for others is just too big to ignore. Smartphone security is still uncharted land, but it is better to think ahead.

  26. cyberpenguin

    Binary executables only

    The notice specifically mentions that the restriction only applies to binary executable code. Nothing else like data is restricted.

  27. TheVogon Silver badge

    Re: Binary executables only

    So downloading source code and compiling it on the phone is OK?

  28. Zot

    Re: Binary executables only

    What's to stop a compressed 'data' file with no App extension name being uncompressed and renamed by another app? Would that be possible?

  29. Charles 9 Silver badge

    Re: Binary executables only

    IIRC that counts as installing an app, which means Android intervenes and will either block it as third-party or (if you enable the option) prompt you accordingly. The key aspect is making the app accessible to Android, which normally requires going through the Installer or Android won't see it (theoretically, if you root your device and let a program have SuperUper permission, they could do it outside the Installer framework, but apart from backup programs I don't recall such a program existing).

  30. toadwarrior


    I'm glad they're attempting to secure their device but it does make google look like complete hypocrites given the way they install chrome is done to by pass windows restrictions. I guess it's only acceptable when they do it.

  31. Adam 1 Silver badge

    Re: Hypocrites


    (serious question)

  32. Robert Carnegie Silver badge

    Re: Hypocrites

    I take it you're referring to the Chrome Frame "plug-in" for Internet Explorer, from around 2009, that in 2011 came out in a version that you could install on your PC without being administrator... if non-administrators are allowed to install any software, that is. Then you would see selected web sites presented using Webkit instead of IE's rather unsatisfactory internal mechanism for representing web sites.

    I don't know if this is still around. I don't suppose that it can really have been installed on PCs where users weren't allowed to install their own software. If there was such a loophole, wouldn't that be Microsoft's own fault?

  33. Andrew Ed

    Re: Hypocrites

    Well it doesn't have auto updates on Linux or Mac OS/X so I guess it only auto updates in Windows. The only time this causes an issue at home is on a kids computer when the firewall blocks the update because it sees an executable that is being changed from the Internet. Solution, block the update completely, set firewall to prompt you to allow/disallow or set firewall to always allow it if you really trust it.

    You can always turn of google updates by setting a registry key to the right value. Stops it even trying to update.

    Personally I prefer to get prompted on any Windows computers for updates. My Linux and OS/X boxes are also set up the same way, although Chrome doesn't even ask on Linux you have to update it via the package manager.

    This caused an issue a year or so ago when I wanted to access my old employers Sharepoint site and it wouldn't in Chrome on my netbook or my phone unless it was the latest version.

  34. Jason Hindle Bronze badge

    Thinking on, it's fine by me

    Android gives you two options for installing software, the nice, safe, curated app store or you can change your security settings, download and install packages. If Google wants to tweak the terms and conditions of their on-line store front, that's fine by me.

  35. MrMur
    Thumb Up

    I didn't realise this *wasn't* a restriction. Seems very sensible to me. If your going to play with Google's ball, then they sey the rules. If you don't want to play by their rules, they let you find your own ball.

  36. Richard Neill

    File permissions

    What happened to the idea that the user that the app runs as shouldn't have write permission to the binaries anyway?

    Surely only root should be able to change the apks, (with access via sudo for google play, the terminal, and cron's auto-updater).

  37. John Robson Silver badge

    When will we able to define *which* WiFi connection to download apps over

    Just because it's wifi, doesn't mean it's unmetered (phone tethers/mifi devices being the most obvious)

  38. Neil Lewis

    Re: When will we able to define *which* WiFi connection to download apps over

    Presumably you're in control of the device when the original download is done, so you should know which type of connection you're using and whether or not it's costing you per MB.

    When it comes to updates, Android has, for as long as I can recall, provided a setting to disable them for 3G connections. As an 'ultimate' control over metered data, you can also set all updates to ask first before downloading.

  39. KjetilS

    Re: When will we able to define *which* WiFi connection to download apps over

    Atleast on Jelly Bean you can tag WiFi connections as being a mobile hotspot, which will make Android treat it as a mobile connection, and not a regular WiFi connection.

    Settings -> Data usage -> (options key) -> WiFi zones for mobile

    (Translated from my native language, so sorry if the option names are wrong)

  40. IGnatius T Foobar

    Facebook is evil

    Facebook is evil. Therefore, whatever is bad for Facebook is good for everyone else. I support Google's efforts.

  41. BigbenNZ

    Re: Facebook is evil

    Funny thing that I have a Top APP that is on the Google's shop that I brought direct from the developer and I get updates, but may be not via Google.?

  42. Anonymous IV

    Re: Facebook is evil

    @IGnatius T Foobar "Facebook is evil. Therefore, whatever is bad for Facebook is good for everyone else. I support Google's efforts."

    Aren't you being a bit binary? You have ignored the possibility of them both being evil...

  43. charlie-charlie-tango-alpha

    a plea

    Please dear Reg, use english in your reporting. The phrase "The Register reached out to Facebook" simply made me cringe. Yes, I am an old fart, yes I am being finnicky, yes I know what you think it means, but it is nonsense. It irritates me almost as much as "going forward" and other such twaddle.

    There, I feel so much better now.

  44. Don Jefe

    Re: a plea

    What would you have them say?

  45. charlie-charlie-tango-alpha

    Re: a plea


  46. Ian Johnston Silver badge
    Thumb Up

    Re: a plea

    Dead right. "Reached out" is a horrible American journalistic expression which says nothing which "contacted" doesn't.

  47. Number6

    Re: a plea

    "Reached out" could be with a clenched fist. I'm sure there are many who'd like to use that definition.

  48. Persona non grata

    On the subject of the Facebook app

    I would like the rights to remove it completely without rooting my phone.

    Simply: I will never have a facebook account so I, like many millions of others, will never need this app and its numerous updates taking up valuable phone storage real-estate .

    Make the Facebook app uninstallable!

  49. RegGuy1

    Re: On the subject of the Facebook app

    And while you're about it allow me to change the /etc/hosts file so I can stop those fucking adverts *without* rooting my phone.

  50. Craigie Bronze badge

    Re: On the subject of the Facebook app

    Which phone do you have that you can't remove the facebook app without root?


This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2018