Preventing third-party app stores from being listed on the Google Play Store has been part of Google’s policy for the longest time. However, the company has never been strict on preventing apps from installing APKs. This is as long as the user installing the app gives consent, and malware is not flagged during the installation.
This workaround however is about to be brought to an end as the tech giant is introducing a new rule that will limit the capability of apps installing APKs to only a narrow group of apps.
The change, which comes as part of the April 2022 Developer Program Policy, specifies that apps will only be allowed to install APKs if part of their core functionality is to either transfer app packages or enable users to install them.
The wording basically restricts the ability of apps to install APKs to only apps that will not function at all without the capability, like file managers and web browsers. However, this ability will be removed from apps that can function without it, like games, music player apps, camera apps, podcast players, etc.
The policy officially defines the acceptable functionalities and app types as follows;
- Web browsing or search; or
- Communication services that support attachments; or
- File sharing, transfer or management; or
- Enterprise device management.
To find the apps that have this ability and check whether it is necessary for their functionality, Google will be taking a look at an Android OS permission called REQUEST_INSTALL_PACKAGES.
To use it, a particular app declares in its manifest that it needs the OS permission, which triggers an install request that prompts the user to permit an APK installation to continue.
This particular OS permission has been around since Android 6.0 Marshmallow, but Google notes that apps that do not declare the permission will not be affected by the policy, however, developers are encouraged to check that any third-party libraries included in their apps have not added this permission, including ad networks.
Google has not made it public why they are enforcing this change, but aiming to block some unapproved tactics like some apps and ad networks installing APKs on devices without directing users to the Play Store is a plausible explanation.
Other restrictions introduced by the policy include specifying that self-updates, modifications, and bundling of APKs have been prohibited. However, an exception has been made for device management, which might be intended for enterprise software and deployment tools.
The last requirement from the policy is that apps listed on the Play Store must have descriptions containing a disclosure about the ability to install APKs and an explanation of the core features that will utilize the said ability.
The policy will go into effect starting 11th August 2022. At the moment, Google has not made it clear how the policy will be rolled out and what will happen to the apps being caught on the wrong side of the policy.
There is the possibility of the affected apps simply being unlisted from the Play Store until the developers make their apps compliant, or the hard stance of the tech giant permanently deleting the infringing apps from the Play Store when August 11 comes around.
