back to article New Google Play terms ban non-store app updates

Google has amended the policies of its Play app store for Android to prohibit third-party app update mechanisms, in a move seemingly designed to put the kibosh on a contentious feature being tested by Facebook. As of Friday, the "Dangerous Products" section of the Chocolate Factory's Google Play Developer Program Policies - …

COMMENTS

This topic is closed for new posts.
  1. stephajn
    Meh

    Simpsons Tapped Out comes to mind....

    Under these terms, when The Simpsons Tapped Out wants to download new updates and such to add more content, does this mean that they now have to find a way to distribute that new content through the play store as an entire app update rather than the smaller bite sized updates that are done in the app as they are needed?

    1. jonathanb Silver badge

      Re: Simpsons Tapped Out comes to mind....

      Satnav apps generally download maps separately from the app. I guess it is OK if it is data it is downloading rather than executable code.

      1. Anonymous Coward
        Anonymous Coward

        Indeed

        I don't think this new policy will prevent the case where you download that game that's on sale, only to be told it then needs to download more GBs of data than you have storage.

        1. silent_count

          Re: Indeed

          I know it's not what this policy update is aimed at but I'd love to see Google kill the practice of: you buy an app then it spends 15+ mins downloading data so, by the time you discover that the app doesn't work, you can't get a refund any more.

      2. Anonymous Coward
        Windows

        Re: Simpsons Tapped Out comes to mind....

        As a non programmer asking, would it not be possible for an app tp seemingly download, say, map data but then compile the code back into malware et al??

    2. Irongut

      Re: Simpsons Tapped Out comes to mind....

      I thought of the Simpsons game and several others too but note the exact wording - "may not modify, replace or update its own APK binary code". The Simpson's game has had a number of updates through Play as well as within the app itself recently. I'm guessing that the in game updates are data only, like new buildings and characters. Any actually new functions, like whacking snakes, have come with the updates through Play.

      There is a limit on the size of an Andoid app install, 50Mb IIRC. So any app that needs a large amount of data, like a map or some games, downloads it on first run.

      1. TheVogon
        Mushroom

        Re: Simpsons Tapped Out comes to mind....

        So downloading another app is OK then, just so long it doesn't modify the original?

    3. LarsG

      This is just like

      This is just like trying to control the weather.......

      If it is going to rain it will rain no matter what you do.

  2. Paul Crawford Silver badge

    Considering the recent security problems with apps (I hate that term!) updating themselves to become full blown Trojans, this makes sense. However, part of me also wonders about the more sinister control aspect...

    1. Anonymous Coward
      Anonymous Coward

      What?????

      You think Google are about to go all Apple on us?

      1. Anonymous Coward
        Anonymous Coward

        Re: What?????

        Seems like it, the more they try to control us the less actual control they have.

        "The more you tighten your grip, Tarkin, the more star systems will slip through your fingers."

        Facebook will just laugh at this in the grand scheme of things.

        1. Anonymous Coward
          Anonymous Coward

          Re: What?????

          Facebook will just laugh at this in the grand scheme of things.

          I forgot to add, Facebook is more popular than Google, so in theory it has a bigger fanbase, thus they could just add a mention on their frontpage of how to install the Facebook application outside of the Sookle store.

    2. Shannon Jacobs
      Holmes

      Tradeoff of security for freedom

      Actually, I think the google has already gone all evil on us. EVIL is as American corporations are required to become, and corporations are NOT people, my friend in a flying pig's eye!

      Having said that, I think that Android really has become more of a security threat than a convenience, and for that basis I have to say that the new rule is stupid because it does not go far enough. The google needs to provide a mechanism to identify apps that have ALREADY driven a truck through this gaping security hole. Since that probably isn't possible, then at least the google should provide a way to reinstall any apps that might have done so. At least that would be theoretically possible if the google has been bothering to keep tracks of the apps they have been feeding us through Google Play--including the poisonous apps.

      Even without decrypting the legalese, I already know that the google license agreement already absolves them of any blame or liability. What else was there to learn from that passed master of EVIL, the Microsoft?

      1. Shannon Jacobs
        Holmes

        Disagreement is good, if you have some basis for it

        If you disagree with me enough to vote thumbs down for the post, why don't you say why? Or are you just sock puppets "working for" the google of EVIL?

        No, I don't like making mistakes, but I do like learning new things. If you think you can teach me something, let's see your data or your corrections of my analyses.

        1. Anonymous Coward
          Anonymous Coward

          Re: Disagreement is good, if you have some basis for it

          Have a downvote for whining about downvotes. And using the shill argument. And always typing "evil" in capitals. Makes you look like a petulant child stamping their foot.

          1. Anonymous Coward
            Anonymous Coward

            Re: Disagreement is good, if you have some basis for it

            Well I NEVER get any apps from their app store. You have to give them your phone number to download anything, and that I specifically refuse to do.

            I don't mind getting a Google account, because I can do that anonymously, but I draw the line at a phone number. My only alternative would be to buy a SIM card from Tesco for a quid and use one of those -- just the once. But I suspect they will want to download over the air, rather than across the Internet, so I'd be no better off.

            So from that perspective of Google trying to get some data that can really identify me, I'd say they were EVIL. I want to remain as anonymous as I can, and so I don't use their apps directly.

            Muppets.

            1. Dan 55 Silver badge

              Re: Disagreement is good, if you have some basis for it

              So far I haven't needed to give a phone number, but I haven't yet downloaded a paid-for app. FYU there appear to be a lot of gmail accounts starting with "AndroidPhone" and ending in several digits so I suspect many people have had a similar idea.

              I suspect that Google already have read your phone number or IMEI anyway.

        2. Anonymous IV
          Thumb Down

          Re: Disagreement is good, if you have some basis for it

          Possibly people were downvoting Shannon Jacobs for putting "passed master" instead of "past master"?

          Stroppy persons really need to minimise grammar, spelling and homophone errors in their posts!

    3. Nameless Faceless Computer User

      No doubt. If Google was concerned about trojans, they need only insist on a secure connection for updates from the author's website rather than their own.

  3. dssf

    Instead of retro-rules that *seem* well-intentioned for the users

    How about giving us VAULTS to keep voice apps from raiding our contact lists? If we only want a voice app so we can try to compensate for no longer having a phone plan, then, why the hell does a phone app need one-time approval to plunder our contact list? Sometimes, those names in the contact list are not people we talk to but people about whom we make flags/tags/personal notes, and we DAMNED SURE do NOT want 3rd party types being privvy to that stuff.

    How about giving us the ability to install and tweak firewalls without having to be root or without having to deal with restrictions imposed by the carrier?

    How about making carrier-locked phones become non-carrier-locked when our contracts formally expire? If we do not remain with the carrier, WHY the HELL should their custom ROM impositions remain in force on our phones? For instance, I am no longer with my carrier, but when I installed Google Talk, Google told me it was installing a version customized just for my phone by my carrier, which has not been my carrier for over 11 months. I have not had a phone account in all that time, and yet, Android does not know how to unenslave itself.

    I a phone contract expires, and the user does not reactivate it before the number is recycled, and if a Google phone number verification fails, then obviously, the phone contract lapsed and the carrier should no long impose upon the phone, especially if the phone has been month-to-month for a 6 months or a year prior to any other reason the phone is not part of the carrier any more.

    Gods, google. You guys and girls need to be more creative and more user-considerate.

    1. Number6

      Re: Instead of retro-rules that *seem* well-intentioned for the users

      How about making carrier-locked phones become non-carrier-locked when our contracts formally expire? If we do not remain with the carrier, WHY the HELL should their custom ROM impositions remain in force on our phones?

      This may be solving itself soon, with carriers separating out the phone cost from the airtime contract. I realised some time ago that it's better to get the phone unencumbered by a contract, although it's a big hit of money for some. I did manage to flash a manufacturer's image onto my Nokia E71 some years ago, over the carrier's image. It didn't unlock the phone (but then I didn't expect it to) but some interesting new menu options appeared.

      And yes, it should be a default that if a carrier locks a phone for the duration of a contract, the unlock should be free and automatic at the end of that period without the user having to do anything. If anything, it's to the carrier's benefit that they do this silently, because then they'd be making money from people who haven't bothered to upgrade their phone.

  4. Tom Jasper

    Err - I see a flaw

    This, I think, is on the whole laudable.

    However, a subset of developers who are very connected with their customers, will utilise functionality within there application to enable the customer to download a beta version of the next revision...

    For instance the wonderful Apex Launcher will, if the "Beta Channel" option is enabled, give the option for the customer to click a download link and install said beta version.

    I think this falls foul of the amended T&C.

    Saying that, I wonder if the mere notification that a beta version is available would, in itself, also be construed as a method other than the Play store... Or does "update itself" mean that if there's user consent then it's not updating itself all on it's own.

    1. Voland's right hand Silver badge
      Devil

      Re: Err - I see a flaw

      Err... BS.

      Just look at how Sygic and other Aura apps are implemented. There is a loader and small core app in the APK, 120Mb or so extra code and resources downloaded after that just to be able to run the app.

      Presently that is being updated along with the APK. Nothing prevents them from doing those two out of sync - the APK may stay relatively unchanged for a long time and extra "resources" downloaded regularly to be up to date. So all the developer needs is to structure its app accordingly (it will still be fully compliant to GPlay terms this way).

    2. Anonymous Coward
      Anonymous Coward

      Re: Err - I see a flaw

      Add an option to install the beta from the Play Store.

      Firefox and its beta are on Play. You can install Aurora separately by downloading form the Mozilla site.

  5. ratfox
    Thumb Up

    Setting rules on the playground

    The Google Play Store being supposedly safe (well, as much as possible) it makes sense not to allow apps which require you to disable the third-party App Store lock. Especially for silent updates! The third-party App Store lock can be disabled temporarily to explicitly load an app that you trust; disabling it to allow silent updates completely defeats its purpose.

    Not that I particularly distrust Facebook, but the security hole they are opening for others is just too big to ignore. Smartphone security is still uncharted land, but it is better to think ahead.

  6. cyberpenguin

    Binary executables only

    The notice specifically mentions that the restriction only applies to binary executable code. Nothing else like data is restricted.

    1. TheVogon
      Mushroom

      Re: Binary executables only

      So downloading source code and compiling it on the phone is OK?

      1. Zot

        Re: Binary executables only

        What's to stop a compressed 'data' file with no App extension name being uncompressed and renamed by another app? Would that be possible?

        1. Charles 9 Silver badge

          Re: Binary executables only

          IIRC that counts as installing an app, which means Android intervenes and will either block it as third-party or (if you enable the option) prompt you accordingly. The key aspect is making the app accessible to Android, which normally requires going through the Installer or Android won't see it (theoretically, if you root your device and let a program have SuperUper permission, they could do it outside the Installer framework, but apart from backup programs I don't recall such a program existing).

  7. toadwarrior
    Meh

    Hypocrites

    I'm glad they're attempting to secure their device but it does make google look like complete hypocrites given the way they install chrome is done to by pass windows restrictions. I guess it's only acceptable when they do it.

    1. Adam 1

      Re: Hypocrites

      Links?

      (serious question)

    2. Robert Carnegie Silver badge

      Re: Hypocrites

      I take it you're referring to the Chrome Frame "plug-in" for Internet Explorer, from around 2009, that in 2011 came out in a version that you could install on your PC without being administrator... if non-administrators are allowed to install any software, that is. Then you would see selected web sites presented using Webkit instead of IE's rather unsatisfactory internal mechanism for representing web sites.

      http://mcpmag.com/articles/2011/06/23/bypass-ie-and-admins.aspx

      I don't know if this is still around. I don't suppose that it can really have been installed on PCs where users weren't allowed to install their own software. If there was such a loophole, wouldn't that be Microsoft's own fault?

    3. Andrew Ed
      Facepalm

      Re: Hypocrites

      Well it doesn't have auto updates on Linux or Mac OS/X so I guess it only auto updates in Windows. The only time this causes an issue at home is on a kids computer when the firewall blocks the update because it sees an executable that is being changed from the Internet. Solution, block the update completely, set firewall to prompt you to allow/disallow or set firewall to always allow it if you really trust it.

      You can always turn of google updates by setting a registry key to the right value. Stops it even trying to update.

      Personally I prefer to get prompted on any Windows computers for updates. My Linux and OS/X boxes are also set up the same way, although Chrome doesn't even ask on Linux you have to update it via the package manager.

      This caused an issue a year or so ago when I wanted to access my old employers Sharepoint site and it wouldn't in Chrome on my netbook or my phone unless it was the latest version.

  8. Jason Hindle Silver badge

    Thinking on, it's fine by me

    Android gives you two options for installing software, the nice, safe, curated app store or you can change your security settings, download and install packages. If Google wants to tweak the terms and conditions of their on-line store front, that's fine by me.

  9. MrMur
    Thumb Up

    I didn't realise this *wasn't* a restriction. Seems very sensible to me. If your going to play with Google's ball, then they sey the rules. If you don't want to play by their rules, they let you find your own ball.

  10. Richard Neill

    File permissions

    What happened to the idea that the user that the app runs as shouldn't have write permission to the binaries anyway?

    Surely only root should be able to change the apks, (with access via sudo for google play, the terminal, and cron's auto-updater).

  11. John Robson Silver badge
    Facepalm

    When will we able to define *which* WiFi connection to download apps over

    Just because it's wifi, doesn't mean it's unmetered (phone tethers/mifi devices being the most obvious)

    1. Neil Lewis

      Re: When will we able to define *which* WiFi connection to download apps over

      Presumably you're in control of the device when the original download is done, so you should know which type of connection you're using and whether or not it's costing you per MB.

      When it comes to updates, Android has, for as long as I can recall, provided a setting to disable them for 3G connections. As an 'ultimate' control over metered data, you can also set all updates to ask first before downloading.

    2. KjetilS

      Re: When will we able to define *which* WiFi connection to download apps over

      Atleast on Jelly Bean you can tag WiFi connections as being a mobile hotspot, which will make Android treat it as a mobile connection, and not a regular WiFi connection.

      Settings -> Data usage -> (options key) -> WiFi zones for mobile

      (Translated from my native language, so sorry if the option names are wrong)

  12. IGnatius T Foobar

    Facebook is evil

    Facebook is evil. Therefore, whatever is bad for Facebook is good for everyone else. I support Google's efforts.

    1. BigbenNZ

      Re: Facebook is evil

      Funny thing that I have a Top APP that is on the Google's shop that I brought direct from the developer and I get updates, but may be not via Google.?

    2. Anonymous IV

      Re: Facebook is evil

      @IGnatius T Foobar "Facebook is evil. Therefore, whatever is bad for Facebook is good for everyone else. I support Google's efforts."

      Aren't you being a bit binary? You have ignored the possibility of them both being evil...

  13. charlie-charlie-tango-alpha
    Headmaster

    a plea

    Please dear Reg, use english in your reporting. The phrase "The Register reached out to Facebook" simply made me cringe. Yes, I am an old fart, yes I am being finnicky, yes I know what you think it means, but it is nonsense. It irritates me almost as much as "going forward" and other such twaddle.

    There, I feel so much better now.

    1. Don Jefe

      Re: a plea

      What would you have them say?

      1. charlie-charlie-tango-alpha

        Re: a plea

        "contacted"

    2. Ian Johnston Silver badge
      Thumb Up

      Re: a plea

      Dead right. "Reached out" is a horrible American journalistic expression which says nothing which "contacted" doesn't.

      1. Number6

        Re: a plea

        "Reached out" could be with a clenched fist. I'm sure there are many who'd like to use that definition.

  14. Persona non grata

    On the subject of the Facebook app

    I would like the rights to remove it completely without rooting my phone.

    Simply: I will never have a facebook account so I, like many millions of others, will never need this app and its numerous updates taking up valuable phone storage real-estate .

    Make the Facebook app uninstallable!

    1. RegGuy1 Silver badge

      Re: On the subject of the Facebook app

      And while you're about it allow me to change the /etc/hosts file so I can stop those fucking adverts *without* rooting my phone.

    2. Craigie
      FAIL

      Re: On the subject of the Facebook app

      Which phone do you have that you can't remove the facebook app without root?

      1. Number6

        Re: On the subject of the Facebook app

        Usually anything that comes with the original phone is difficult to remove. Unfortunately the FB app is one of them.

        A far better way (for consumers, not the companies involved) would be to receive the phone with the bare minimum installed, register the phone with the Android infrastructure and then either using a web browser on the phone or on a desktop PC, select from a pre-defined list of 'standard' apps. That way the carrier/Google could still extract money from companies who want their app to be on the list, and those of us who'd rather not have said apps can easily avoid having them on our phones.

  15. Ian Johnston Silver badge
    WTF?

    What's the big deal?

    I have Google Play apps on my phone and my tablet. I have set some, but not all, of them to auto update.

  16. Tim Bates
    Thumb Up

    Sounds fine to me.

    I'm with everyone saying it all sounds fine - the only "apps" I know of that ever downloaded their "updates" outside of the Play Store were those trojans The Register had an article about last week.... OK, and now Facebook too, although it's updates have progressively been turning a crap app into a steaming pile of crap with an app inside it somewhere.

    This change of terms only effects Play Store, not other stores or privately distributed APKs. That sounds fine to me. I still get the choice of what goes on my phone, unlike all the iSheople.

  17. jb99

    Step by step

    They are not evil yet, but each week I see something new from google that makes me think that inch by inch they are slowly heading that way. Perhaps with good intentions sometime, perhaps with the intention of protecting their profit other times, but they appear to slowly but surely moving from a champion of openness into a more and more closed company.

    I understand why they might do this, and it's not evil in itsself but gradually, step by step over the last few years I've gone from thinking that people calling google evil were paranoid idiots into thinking I'm not quite sure I trust them any more, and that perhaps I ought to move my email and contacts and spreadsheets and phone away from their control over time.

  18. Azzy
    Thumb Up

    Thank you, Google - this is an improvement in my user experience.

    People seem to be looking at this from a security standpoint - and trashtalking appropriately, since it's well known that security on android is substandard, and protecting apps from updating themselves to be malicious isn't going to change that (though I recall reading an article on the register a week or few ago about some malicious android apps that did exactly that - maybe that's what this is a response to?).

    Regardless of any security ramifications, though, forcing app developers to update through the play store improves the user experience. Getting app updates shoved at me via non-standard methods is fucking annoying - one of the really obnoxious things about windows is how every application has it's own method of getting updates, each with their own quirks. Getting updates through the app store on android is much more pleasant....

    With normal Google Play Store updates, I can easily:

    * Use the app without a nag screen telling me to update (FB updates were giving an obnoxious message that left me unsure as to whether the app would even run if I didn't update it). In-app prompts to update interrupt workflow - we start apps to use them, not to check for updates.

    * Check reviews on the latest version before updating, so I can avoid getting a version that everyone says broke stuff.

    * Update all my apps at once, in one place.

    * Know when an app has been updated (ex, to track down new problems).

    Meanwhile, in-app updates seem to offer little to no benefits to compensate for all these shortcomings. Can anyone explain what benefit an in-app update has?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021