3 comments

[ 2.6 ms ] story [ 25.9 ms ] thread
I believe I was just hearing about high profile apps including Facebook doing this recently. This is a somewhat out of character move to attempt to wrangle in the Play Store content.
I can see the problem. If every app is self updating than hackers just need to break some small of single developer account (one of the thousands) and be able to deliver working payloads. Which will leave users defenseless because of the security models employed on the smartphones.

And still a javascript based app can self update with eval.

Edit: Just to clarify. I do not approve walled gardens or feudal models of security. I believe that every user should have the full control of the devices and its security be his own problem.

This isn't about control, this is a sane move. Self updating applications are a security risk, Google just plugged up a hole that quite frankly shouldn't have existed in the first place. Users of iOS know better than anyone else that updates that go through the store are checked not only for security risks, but also potential memory leaks and poorly optimised code. How would you feel if your favourite Android app received a self-update from the developer that removed a crucial feature or heavily crippled the app of your phone.