Google has made added a short but very significant clause to its Google Play Developer Program Policies, banning apps downloaded from the official store to “modify, replace or update its own APK binary code using any method other than Google Play’s update mechanism.”
The change is believed to have been provoked by Facebook’s update to its official Android app that would allow the company to push out updates for it without going through Google Play and without asking the users’ permission.
“One possible downside to this is that it now explicitly prevents developers from publishing emergency patches via their own websites, even if only part of the app is changed, while waiting for the new version to be approved into the Play Store. On balance, though, this seems like a loophole that needed closing,” says Sophos’ Paul Ducklin.
The problem is not with Facebook or other legitimate developers – it’s with those who would use Google Play as a way of lending legitimacy to their apps, then update them with malware or make them change their behavior in a way that is detrimental to user privacy, security and finances.
The change in the policies will surely affect all developers in a small or big way. Apparently those that do not change their apps to conform to this new rule will be banned from offering them on Google Play, but Google will probably set a period of grace during which the changes will have to be made.