26
Apr
facebook

Shortly before the Facebook Home launch, some users noticed a new version of Facebook was available on their device, but it wasn't through the Play Store. Instead, the update came directly through the app, bypassing the Store altogether. Naturally, there was outrage, people were angry, felt violated, and whatnot. For Facebook, however, this was a way of getting a beta version of its app out to some users without having to give it to all users. It did a similar sort of update just last night, proving that this wasn't just a one-time thing.

1 2 3

Regardless of why Facebook has chosen to circumvent the Play Store for its own update mechanism, though, that didn't sit too well with Google.

Alongside the newly released Play Store, Google updated its Developer Program Policies to include the following clause as part of the "Dangerous Products" subsection:

An app downloaded from Google Play may not modify, replace or update its own APK binary code using any method other than Google Play's update mechanism.

And with that one sentence, Google has effectively closed the loophole that Facebook has been using to send in-app updates. Of course, that disallows any developer from performing such updates – not just Facebook.

Looks like Zuckerberg and company will have to find a new way to beta test upcoming builds of its software – perhaps a separate beta channel listing in the Play Store would suffice? Seems like a logical option to me, and possibly the only one Facebook has left if it wants to continue publicly testing its beta apps.

via Dave Kover (Twitter)

Cameron Summerson
Cameron is a self-made geek, Android enthusiast, horror movie fanatic, musician, and cyclist. When he's not pounding keys here at AP, you can find him spending time with his wife and kids, plucking away on the 6-string, spinning on the streets, or watching The Texas Chainsaw Massacre on repeat.

  • Nathaniel Webb

    So would this also mean apps like Nova Launcher will have to shutter it's beta channel that downloads straight from an FTP? I would guess so.

    • Sqube

      I think it's more a matter of "if you're in the store, you have to update through the store" and not so much "updates only ever come through the store."

      Maybe Nova Launcher beta would get a pass because it's not through the store? I guess we'll find out soon enough.

      • woj_tek

        but nova has exactly same mechanism as FB - in the app you can select 'update to beta' and then launcher checks for updates and download them bypasing store... IMHO google move is uber dumb :|

        • Alan Shearer

          Facebook did not let the user know it was a beta update. The user received an update notification for the app, nothing mentioning changes or beta or anything. Just you have an update, accept? type of stuff. Nova at least will let you know "Hey, this is a beta update, interested?" Facebook said "you, beta test, NOW!"

          • woj_tek

            well, not exactly and you are contradicting yourself:
            - first you claim that FB did not mention that it was 'beta' and at the end you put "you, beta test, NOW!"
            - second thing - related to the 'test, now" - you didn't have to - you still had option.

            but google shut all beta updates alltogether - grrr;

            ps. if you don't like facebook ant it's attitude (it's the same as with the bullish update) then just don't use it ... fb sucks big time with this attitude...

          • Alan Shearer

            First, Google did not shut down beta tests specifically, they shut down apps from the play store installing updates without using the play store update system (which potencially malicious apps could do to cause problems and install crapware). Betas can still be released on the store, seperate app with beta tag, or they can offer it for sideloading.

            Second, never said I did not like facebook, it is a great communication and socialization tool for connecting people the world over with others whom they lost contact with, or have the same likes and desires, etc. Yea I may not like some things they do, but same with google and any other company, some things are good, others suck, no company in the world has ever been able to obtain 100% satisfaction with 100% of its userbase/fanbase.

            I like facebook, I like google, but I am not a blind user, when they screw up, they screwup.

          • QwietStorm

            He didn't contradict himself, he was being facetious when he said "YOU BETA TEST NOW," clearly because they don't actually tell you.

          • spacekobra

            Facebook never even notified you about the download. It just showed up.

    • edzuslv

      Not really.

    • http://www.keithbluhm.com/ Keith

      How does FB currently handle their updates? I've never used it. With Nova Launcher, you are side-loading. Nova isn't installing the updates, you must manually install the APK.

      Does FB point you to an APK that must be side-loaded or is the update process built into the app itself?

      • Nathaniel Webb

        Yeah i don't use FB either, but i would assume it isn't side loading, but rather updating existing. But even side loading would still accomplish what google is trying to prevent- updates outside the store. Now i love my Nova and i use the beta channel, i'm just curious.

      • http://www.androidpolice.com/ Artem Russakovskii

        FB does it exactly the way you see in the screenshots above.

    • http://GPlus.to/Abhisshack Abhisshack D

      Nova could add another app in their a/c as Nova Beta , just like firefox beta dolphin browser beta

      • Hothfox

        The problem with that is they'd have to probably do two betas - one for the free version and one for the paid version. I bought the paid version, and install betas. Would I have to purchase the "new" paid beta app too? That would irritate me.

        • enomele

          That's exactly what I was thinking. I'm really hoping the way Nova does it is okay.

          • http://GPlus.to/Abhisshack Abhisshack D

            check my comment to @hothfox:disqus

        • http://GPlus.to/Abhisshack Abhisshack D

          as consumer i found getting update from Play store is much easy for me than getting the apk than click enable getting update from outside , then click apk . to many steps , , but i dont get it what would be their's problem if they add extra two more apps !!! does not any dev upload apps more then one !!!!

        • http://GPlus.to/Abhisshack Abhisshack D

          the paid version of Nova is just an authentication app not the main app, you still need to download main free app , so if you can download the main free app ,then authenticate, why it will be a problem to add a new beta app which be authenticate the same way the nova free app done. (english is not my native language so pardon my mistake :)

  • http://www.facebook.com/MikeJwF Mike Fougere

    I don't agree with this if it's a legit beta program.

    • http://www.facebook.com/MikeJwF Mike Fougere

      Based on the thumbs down I'm getting I guess everyone else thinks these dev's crash coarses should go live in the Play store. Interesting.

      • Thomas

        Not really.

        They can still provide the beta and their updates outside the store, and as long as you are not doing an upgrade, but rather a seperate installation it should technically pass the new requirements in the case of switching from Live -> Beta.

        • http://www.facebook.com/MikeJwF Mike Fougere

          Well that's what I was getting at.

        • didibus

          Or they'll just push it to all users. Once you beta test to the public, it means you've passed all internal tests. So technically, you are not aware of any more bugs that you consider require fixing before release. Obviously, facebook is not dumb and know that out in the wild, there are always more bug discovered. Instead of pushing it to everyone, and having everyone complain about major bugs they had no way to discover internally, they only do it to a subset of users first. What is wrong with that? I think it's very smart, and a much better approach.

      • PhilNelwyn

        Why not? Doesn't that work well for Chrome beta?

        • didibus

          Many things are different here.

          First, the Facebook app has notifications. Those would be duplicated if you installed both the beta, and the stable one. Facebook runs a service, which they would conflict with each other, unless care was taken for them not too, means extra work.

          Facebook updates at a slower pace. Chrome's beta is often regarded as the bleeding edge, you always get the newest features first. Facebook might not always need a beta. So the beta channel wouldn't necessarily be bleeding edge. Only Facebook knows, but that's my guess, and because of it, does not make as much sense.

          Finally, Facebook might have precise testing requirements that must be met. Maybe it needs to test a feature to only a particular hardware specification, geographic location, or even a certain use case. Google always does it with their apps, they push to a subset of users, and slowly bring the apk to the rest of the world. Often incrementing and fixing bug as they go along. I don't see why Facebook shouldn't be allowed to do the same. Their technique wasn't the best, but Google must therefore provide a means to allow devs to test their apps like this. It will only allow for better apps.

          • andy_o

            Even though I don't see many people having installed both stable and beta versions, the apps can communicate with each other and disable one's notification. Their own FB Messenger does exactly that.

            Regarding your third paragraph, they can absolutely allow the beta install only for some devices and geographic location even if updating through the Play store. Regarding certain specific Facebook "use cases", they can just put notices on users' news feeds or FB pages directing them to download the apk via browser.

          • didibus

            I know they can address the issue of duplication, but that requires adding or changing the code base, which can introduce even more bugs.

            Ah, good to know, I did not know the Play Store already had mechanism in place to push an update to only a subset of users based on device specifications and geographic locations. Thanks for telling me that.

            I don't really see this as that different to what they did. Instead of, Click to Update -> Download in chrome -> lunch .apk they did Click to Update -> download in facebook app -> lunch .apk. Actually, isn't it weird that the policy now allows an app to update other applications, but not their own application?

      • Sqube

        If a beta is live in the store, why shouldn't it be updated in the store? If it's not live in the store, there's nothing saying that you have to update it through the store.

        I think the downvotes are more disagreeing with your interpretation, and not so much thinking that we should all be given secret betas.

  • Simerre

    Does this have ramifications regarding cyanogen's autoupdate mechanism?

    • http://www.keithbluhm.com/ Keith

      I would say no as that is a firmware update versus app updates through the store.

    • jramirezw

      It shouldnt. Cyanogen doesn't go through Google Play.

    • http://www.facebook.com/MikeJwF Mike Fougere

      No not at all, that's a ROM. It has nothing to do with the Play Store.

    • Bazar6

      negative... only app updates

    • http://twitter.com/wyattearp Wyatt Neal

      Negative. CM's autoupdate rolls though the ROM, not the play store. You don't even have to install the play store on CM ROMs if you don't want to.

  • http://twitter.com/wyattearp Wyatt Neal

    Really though, this makes more sense from an end user satisfaction perspective. For example, Tasker only put their beta out as a side-load app. You could get it directly from the developer and load it IF you were really one of those people that wanted to truly participate in the beta thing.

    Total side thought, I wonder if it would encourage Facebook to open their own App store and then you've got your developer community that's already building Facebook apps you can leverage. That way they could control the update and flow of their apps as well as the others that develop for them without going to the big G.

  • Yannick Binnenweg

    This would only be a problem for applications that update the app itself, which the play store installed right? If Facebook is com.facebook.katana and they want to update that specific app, with that package name through their own sources, it's disallowed. But if they want to install a beta version of Facebook com.facebook.whateverbeta through their own sources it would be allowed, since they're not modifying, replacing or updating the play store binary.
    (yes that would mean you have 2 Facebook applications installed)

    I may be totally wrong here, please correct me.

    • FrazerMcIntosh

      Kind of. The app itself com.facebook.katana wouldn't be allowed to update itself, however, they could allow you to go to m (dot) facebook/beta or something and replace com.facebook.katana with a manual download. There isn't anything against that.

      I suppose the app could install a secondary beta app as you said (I hadn't even thought of that), but I have no idea how that will affect the connection between the facebook and facebook messenger apps

      • didibus

        I think google should just have an update api that can be embedded inside an app. This would solve the issue entirely. The .apk would still have to be uploaded on Google servers, and therefore, will let them scan it for malware, and remove it if they feel it goes against Play Store Policy, but apps could still have more seamless update experiences if they wanted to.

        • FrazerMcIntosh

          I like that idea, but it would have to have a notification by default, then the user could opt into silent updates after being warned about the risks (insertion of malware etc).

  • jramirezw

    Hmmm... I'm not fully in agreement with this. On one side, I get that they want to regulate everything, but they're moving a bit Apple-like, and taking away from the whole openness of Android. On the other hand, I'm more partial to how Avast does it for their anti-theft plugin, giving people the option to grab the update either through the Play Store or through sideloading,

    • Sqube

      Well, it's not like they disabled sideloading. They just said that, if you're in the store, you have to update through the store.

      If you don't like it, don't be in the store. Swype did it for years. And if Facebook is really that bothered by this, they can just leave. It's not like people will stop installing Facebook because it's not in the Play Store.

      I don't think this is particularly onerous.

      • Shane Milton

        It's not even that bad. Re-read the one-liner. What is forbidden is for an app to side-load an update automatically itself. However, what is *not* forbidden is for a user to side-load an update manually. So if you want to release a beta update on your website, you can, you just can't have your app install that update. But you can have your users go to your website, download the update, and manually install it. That's still allowed. And that still allows beta programs to operation just fine!

        Personally, I approve of this change. This eliminates a shady way to get an app onto your phone that didn't come from the Play Store.

        • didibus

          I'm confused. Facebook never installed the update itself. It downloaded it for you, then started the installer. You still had to go through the installation process. This is not similar to how the play store updates, where it actually performs the install for you. In a way, it performs the same steps a browser app would have you perform to download an apk, and side-load it. Only difference being, facebook had already downloaded the apk, that might be a bit too much.

          I still think it's being more closed. We'll have to see if it was really necessary in the name of security. But it's definitely, an obstacle to some legitimate uses. One of those being background updates, silent updates, pre-loading of big updates. Or things likes package managers, apps that turns themselves from trial to full version, creating a Steam for Android, and probably things I can't think of, but that could have been awesome.

      • NexusKoolaid

        I stopped using Swype _because_ they were not in the store - their distribution model, at least early on, was insanely inconvenient.

        • andy_o

          And it was a beta. It was right there in the name. Also, Swype made it unnecessarily tricky to install it. They could just have had the apk for download, but instead they had to email you with a link to an apk which was just the "installer". And yet, so many people installed it anyway.

          • Sqube

            Honestly, after a while, Swype was a beta like Gmail used to be a beta. That said, Swype being as much of a pain to keep up with as it was made it a little easier for me to make the switch to SwiftKey.

            Haven't looked back since.

          • andy_o

            Swype was a beta like Gmail used to be a beta.

            Dunno if I agree. Pretty much every update made some drastic changes and they weren't progressive by any means. They kept taking out or putting in features, sometimes more than once. The current non-beta seems like a sort of culmination of the beta program actually. For instance, now you can choose "qwerty" versions of different language keyboards (in my case Spanish), which were the subject of many complaints when they decided to add unnecessary keys and antiquated punctuation nobody uses in the regular versions.

            I suspect at least part of the reason they made it more difficult than it could be is both to curb the number of people that installed the beta version to a number of people that really wanted it, and to let people absolutely know in no uncertain terms what they were installing.

          • Sqube

            Well, I stopped using it a good while ago, so things could have very well changed since then. That said, I seem to remember reading an article (might have even been here) indicating that Swype only wanted to deal with OEMs for a while, which explains why the process was so unnecessarily complicated. So I agree with you as far as that goes.

    • Gustavo Gomez

      They need to create a facebook beta apk. It is bs to send unsolicited updates.It should be banned

  • Alan Shearer

    GOOD! You should never become a beta tester, facebook, without prior consent. Some people want the app to work, and are not interesting in beta testing.

    • http://www.facebook.com/profile.php?id=100000003999549 Mike Harris

      As bad as the app sucks, I wonder how bad the beta could be.

    • didibus

      But only Facebook decides what is beta and what is not. All that was happening, is some users were getting an update, while others were not. I had to wait 2 weeks to get the play store new look. And while I waited, they iterated over 3 versions of the store. So when I got it, it was a later version than some other people had received. Effectively, people out there beta tested the new Play store... See the similarities?

  • http://www.anivision.org/ Christopher Bailey (Xcom923)

    I wonder how this effects people who do select to be beta testers. I know beyondpod allows for you to update (side-load) when new beta apks come out.

  • Cherokee4Life

    OH HELL NO.... uh oh....

    I was just beta testing Fieldrunners 2, and when they had an update they would e-mail a new apk to install.. even they didn't do this in the app itself.. Shame on you Facebook. You are NOT above the Google Law! :)

  • http://twitter.com/s99nj S. Ali

    Google is scared that facebook is slowly taking over core apps. Camera, messaging, launcher....

    • Mark Curtis

      You're already allowed to do an separate app store (see Amazon), so Facebook should just do that.

    • Chris

      if that were the case then wouldn't they ban all those said apps? Hell even apple allows some theird party apps (mail, broswers etc)

  • Himmat Singh

    What about games that do "silent updates"?

  • Alan

    "An app downloaded from Google Play may not modify, replace or update its own APK binary code using any method other than Google Play's update mechanism."

    The Google need to tighten the reins on the Play store certification process and have a set of rules in place ( I guess they have but I haven't checked)!!!!

  • http://www.facebook.com/profile.php?id=100000003999549 Mike Harris

    I don't understand why so many of you think this is a bad thing. This does not make Google closed like Apple because anybody could still release their beta apk for sideloading and if you use it, you understand the risk. Regular users should not be forced into becoming beta testers without their knowledge.

    • Dave

      Exactly. Betas should not be distributed through Play.
      I read somewhere that Facebook was pushing the updates outside of Play to users that have apk sideloading enabled, as a way of "beta testing", but that is a really sleazy way of beta testing.
      If they want to beta test, they should do it properly.

      • squiddy20

        "Betas should not be distributed through Play." ...Except where it specifically says "beta" in the title (as is the case for Chrome Beta, Firefox Beta, uTorrent Beta, DSLR Controller (Beta), Wikipedia Beta, etc).

        On another note, as I understand it, the Facebook "Beta" update was not labeled as such and the users who were prompted to update had no idea that it was buggy beta software they were updating to. Had they at least put a notification, blog post, changelog update, SOMETHING to say what was going on instead of silently rolling it out, it would've gone at least a little smoother. Not saying it would've been perfectly fine, because it wouldn't have been, but better.

        • didibus

          How do we know it was a beta? Did facebook actually said it was? Or do we assume that's what they did?

          • wajd valentine

            they said somewhere in a separate blog post that this was their way of testing features before general release which by definition means beta testing.

          • didibus

            Ah ok, if they said it in a post. You probably know this, but just to clarify, beta testing is only a subset of types of testing that can be done on software before general release. It's a phase where you give the product to a subset of the consumers, to see if it meets their expectations, before fully releasing to all consumers. There is no approved and official way of doing a Beta test, so no rules in the way you select the subset of consumers exists, it is up to the development team to decide.

          • Matthew Fry

            But it's bad practice to give betas to customers without telling them they're getting one. The fastest way to alienate customers is to change things from under them or break existing functionality. They get ticked.

          • didibus

            Ya I agree, just saying that it's really only Facebook's decision. Betas are often a marketing strategy, one which Google uses a lot. How long was gmail a beta? Was it really a beta? Maybe Facebook was confident that it was bug free to an extent it found they could risk having a few users try out, without having to bias them into thinking it's really full of bugs and call it a beta.

      • http://feigdev.com/ emil10001

        My major concern with this was that it was pretty sketchy and taught users bad behaviors. It would have been pretty easy to have a website that looks like the Facebook app update page that downloads some malware for you to install. The malware could even contain a webview of facebook's mobile site, and most users would have no idea that anything had gone wrong.

        http://www.recursiverobot.com/post/45447666701/facebook-updates-as-malware

    • QwietStorm

      Nail. Head.

    • didibus

      A beta is not tangible, all software is beta, only the dev decides if it wants to call it a beta or not. No formal definition exists that let you precisely say this release is a beta and this one is not. Therefore, it is up to the dev to market itself as it wants.

      There is no risk in forcing a user to update to a beta, unless your beta contains malicious code. Google can't force a dev into quality control. If Facebook thinks it's app is good enough to risk alienating some of it's users with bugs, up to them. An alternative would be for them to just push the beta to everyone as a play store update, that would just be worse.

      • andy_o

        An alternative would be for them to just push the beta to everyone as a play store update, that would just be worse.

        Why would that even register as "an alternative", when other obvious sensible options (one of which is in the article) exist? Like, have an apk available publicly like so many others do?

        • didibus

          Well it would be up to facebook to tell you why they did it this way instead. But if I had to guess. Maybe the notifications would be duplicated with both beta and stable installed. Maybe the facebook services would conflict, and code would need to be changed in order to accommodate the beta channel.

          Maybe they needed to test a feature with a precise hardware specification. Or a precise geographical location, say their feature was the new video chat, but they only had a datacenter for it in texas, they don't want someone in Urugai to test the feature.

          Or maybe they wanted to target a cultural group, and see how the new interface worked with them in particular, if they liked it and understood it.

          Hey, why didn't the Play Store roll to all users at once? And why didn't they release a Play Store Beta channel? If Google had good reason for it, I bet Facebook did too.

      • http://www.facebook.com/people/Kai-Chun-Lin/613460634 Kai-Chun Lin

        The problem is not about Facebook. At all.

        The problem is that this opens door for innocent apps to be uploaded to Google Play, passing Google's malicious app detection, and be downloaded by users, after which non Google Play updates are pushed out containing whatever the hell the developers wish.

        Obviously this simple clause doesn't prevent those people, but it allows Google to terminate such apps as soon as side-loading updates is detected, instead of waiting for something bad to blow up in everyone's face.

        • didibus

          Now YOU nailed it!

          Facebook just made Google realise, and mostly, the people that complained, that this was a possibility, which the Play Store was not addressing. But to say this is not also possibly closing in on some legitimate use cases is retarded. They are constraining apps, in the name of security, which is often what Apple, BB and WP uses as arguments on it's closed eco-system. I believe that it was required here, and actually, I worry that it is only a Play Store Policy, and not a software security layer that would just prevent an app from doing so. Yet I don't understand people denying that Google is closing down doing this, they are, it's obvious, they still remain the most open of all viable mobile OSs, but from now on, are a little more closed than they were yesterday.

    • Qliphah

      You could say the same thing about the Amazon store app. In fact the free app of the day that has to be sideloaded updated just this morning.

      This actually makes sense as why would Walmart hand out Kmart flyers in their stores, much less let them setup a small kiosk. Why would the Play store offer competing marketplaces? And yes, Facebook is a marketplace, just a market for very stupid people that spend real cash for fake wanking rights.

      • enomele

        Not sure if I completely misread you post or you missed the point.

    • Russell Walker

      I really hate how Facebook handles testing new features. Instead of having a voluntary beta like literally everyone else does, they roll the features out slowly and randomly, so people that didn't want the new features get them, and the people that want the new features just have to wait. This makes zero sense.

      I just got graph search yesterday (which started rolling out in like January), and I still haven't gotten the new News Feed, despite being on the "waiting list" for both from like the day they were announced. Not to mention Facebook Home still only being on six devices for no reason.

      • Uthor

        It makes perfect sense. It's called randomised testing. It allows Facebook to see how random users use (or don't use) features. If only people who wanted to use a feature got it, then Facebook would have skewed results and wouldn't know how it would work for the general population. It lets them tweak and do A/B testing to make the best product. I don't like a lot of things Facebook does, but A/B testing is one of the smart things I admire from them.
        Google "literally" does the same thing.

        • Russell Walker

          Making tiny adjustments to a search algorithm and testing that randomly is one thing, but doing that with complete UI changes is another. I may be wrong, but I don't recall Google ever rolling out huge changes like that over the course of months in random order.

          Compare how Google did the Gmail re-design to how Facebook does things: Google says "hey, we're gonna change some stuff soon, check it out and tell us what you think!", while Facebook says "hey, we're gonna change some stuff, you might get it today or months from now, who knows! here click this button and we might think about giving it to you." It might be good for Facebook, but it's just frustrating for most users.

          • Uthor

            Why's it different? You want to see how similar users change their behavior when the UI changes.

            Google's been doing it pretty much constantly, most recently with all the changes they've been making to Google Image Search. You'll see posts on tech blogs about "some users are seeing new versions of X" and trying to find details of what the changes will be before they roll out to the general population.

      • Chris

        I don't know about you, but I had the option to go to the new news feed and even the timeline. I wasn't "forced" in to it. I would have been if I waited...

    • Chris

      some android users are really sensitive and hate change. makes me wonder why they don't still like the Gingerbread look..

    • anony

      if they have to test out the beta i am pretty confident they can hire ppl for that particular task

  • Dipish

    So it would also affect the Humble Indie Bundle downloader/updater?

    • http://twitter.com/NothAU Tony

      HIB isn't downloaded through Play, so no

    • Cherokee4Life

      no... do you install the Humble Bundle app from the Play Store? you side-load it which has nothing to do with Play Store, so its good

      • Cherokee4Life

        that was snarky, my apologies. No this will only effect apps you install from the Google Play Store. Anything you sideload is fair game

      • Dipish

        You're fine :)

        I forgot that HIB app does not come from the Play Store...

  • RitishOemraw

    Good!! Hopefully that awful permission (download files on background without user permission) will be removed and I can use the app again instead of the mobile website.

    The mobile website is soo broken for me that the app seems awesome.

  • Chris Sanner

    fine with me.
    I just got done doing a beta with another app and their method of updates was "here, download this and sideload it" - then all the updates to THAT BETA happened via the FB method, until the beta was over and it updated via google play. I think that's the best way to do it. self-selecting beta testers.

  • Jachym Kokesh Lukes

    I find this way of sneaky telling people to use beta really stupid. Having second app in the Store would be much better solution. The same as Opera, Firefox as others. You simply select to install Beta app and you get updates more often.

  • http://twitter.com/lukamlinar Luka Mlinar

    U can't beta test on a region without people agreeing to the beta test in the first place. I mean u can but it's not right. So what one part of the world is a guinea pig for the other?
    This whole thing with FB on phones got stupid anyway. I mean i can't delete FB from my Sony phone. DA FUQ?

  • Maxime MARAIS

    As far as I can remember, any Android device may allow its owner to download an .apk file and install it after allowing unsigned apk installation. Why did not Facebook provide the beta version of its app this way? So many companies, including majors compagnies like Twitter, do this.

    • didibus

      Maybe I've got something wrong, but isn't this exactly what Facebook did? Or is it just that you have to go through another app to install the update? Let me explain, facebook said, Update available, Click to Install, when I clicked, it downloads an .apk and lunches it, switching me out of Facebook, and into normal .apk side loading process.

      Alternatively, Facebook could do what you say, which is... tell me: Update Available Click To Install. Once I click, it brings me to update.facebook.com/facebook.apk which lunches in Chrome, and downloads. I click on the download finished, Chrome runs the .apk, which switches me into the side loading process.

      The only difference I see is that Google is saying an app can not download and run a .apk that will overwrite it's own binaries. But, an app can download and run an .apk that will overwrite other apps binaries.

      Tell me if I'm wrong.

      • wakeboarder125

        Its a violation of the Play Store TOS. They could do it, but the .apk couldn't be listed on the store (ie. Amazon App Store, Humble Bundle, F-Droid)

        • didibus

          But then, shouldn't Browsers lose their listing in the store? Since they allow you to download and side-load .apk ?

          • wakeboarder125

            The browser just downloads the APK (and most warn that the file could be harmful). When you click on the download, it opens it with the built in package manager. Not to mention browsers don't self-update.

          • didibus

            Ya, but that's the same thing Facebook was doing. It was opening it in the built in package manager, just look at the picture at top of the article.

            I think browsers installed through the play store should block you from downloading .apk. Only .apk you bring in from your computer yourself, should be allowed. It would be very easy for me to make an app, that loads a webpage using an in app browser, and have the page ask you to download an .apk and install it. Obviously, with malicious intents.

  • The_Chlero

    It really get me sad that all these people commenting here not get the right idea because this site is supposely fill with a crowd of techie guys that really get into the world of software and tecnologies.

    This new policie DOES NOT PREVENTS YOU from sideloading any app from outside of Play Store, this means that you can still using the "Enviroment Openess" of Android to sideload your hacked and cracked APK from those paid apps.

    This DOES PREVENTS from app DOWNLOADED FROM THE PLAY STORE sideloading "silent updated" that could potentially harm or steal user private date from the phone itself.

    • didibus

      I think we all get it, I just see some legitimate use of such a feature. It be nice for an mmo to silent update itself for example. Or might be really useful for Facebook to slowly roll their new version out to the world, instead of releasing it to everyone day one and unleash a potential nightmare if a small but devastating bug had slipped by them. Which Google does with their own apps by the way, think Play Store.

      • The_Chlero

        Play Store App is not downloaded from the Play Store itself. About slowly rolling out the newer app, that's what the comment system is for, besides the developers are encourage to test to the very limit the app for big potential bugs, of course that there are apps with bugs but usually are minor like we are used to.

        • didibus

          The comment system? I never heard about that, could you elaborate for me?

  • didibus

    I understand the potential safety risks of letting apps do this. Download a legit app, it asks you to "update", then you update to a non-legitimate version that has spyware and whatnot which the Play store can't scan for.

    But at the same time, if they do this, they need to come up with better Play Store updating mechanism for devs. Like a silent update mechanism would be nice. Imagine if Chrome on the PC was banned from silently updating, that's one of it's nicest features. The Play store silently updates, so other apps should be allowed to, given there was a way to opt-out of it.

    Another one is for Betas. With an app on the scale of Facebook, it's not a bad idea to beta test with only some users first. They do the same thing with their website. There is no illegitimate intentions, and it's up to them to decide if they want to do this and risk alienating some users with a buggy software. The Play store should allow you to update an app and push the update only to a subset of Play Store accounts. Then it would be up to Facebook to decide what this subset will consist of. If they want to ask users first, up to them, if they want to send the update to a particular selection of users, up to them.

    I know you could have a second entry in the Play store, and release a Facebook Beta, but that isn't always optimal. Facebook does not iterate like Firefox. They have a controlled environment, and release at a slower pace. You wouldn't want to have facebook installed twice. You would receive duplicated notifications, and the likes. You also would not want to live in the Beta all the time. Facebook has a beta once in awhile and then make that beta final. A gap exists here, where the Facebook Beta channel wouldn't always be the bleeding edge, so it would suck to just live in the Beta channel, as opposed to how it is with Chrome's beta channel.

    • enomele

      There is a way to silently update. Its a little check box called Auto Update.

      And besides the double notifications (which messaging apps found cures for) I don't think Facebook and Firefox betas are any different. Its both in they're best interest to test certai n devices ,languages and regions.

    • Chris

      There is auto update.

      I like to see what apps are being updated, whats changed and any recent reviews to see if the update is worth downloading. I always update manually.

  • CoreyShaughnessy

    Or just host the .apk on Facebook and request people download it when they visit the mobile site.

    • Chris

      if only everyone knew what an apk is and how to use it.

  • TylerChappell

    I saw this update this morning and did it, but was suspicious of it at first just because it wasn't from the Play Store. Shady FB, shady.

    • Chris

      you must haven't been using your phone for a while as this "update" is weeks old...

      • TylerChappell

        Actually. No. Not my fault FB never prompted me for it until then.

  • Copernicus

    Curious why Dropbox never comes up, they've been doing the same for ages.

    Too bad, though.

    • SHeadius

      They have? Sure you're not running betas?

    • Chris

      I have drop box and what you say is false.

  • http://twitter.com/WillieFDiazSF William Diaz

    The reason why people got upset and this was a bad thing is for many reasons.. 1. That update was using data like a mo-fo! Lot more people no longer have Unlimited Data plans, so without those, it can really add up for something pushing to your device without asking if I wanted to download it. For me, I have Sprint, unlimited data isnt an issue, however data is slow, so it takes forever. 2. A lot of people were mentioning it was stalling out on their phone, not actually downloading, and there was nothing to do to clear it short of resetting the phone and using some hacks. 3. Any app that sees the need to auto-download without permission, beta or not, has to go! If Facebook asked me if I wanted to try a beta version, Id say yes! But ask me first.

  • http://www.facebook.com/profile.php?id=1745689461 Hal Motley

    Forgive my ignorance, but does this mean that those games where just download a front-end of the Play Store and then have to download a huge file to play the game, won't do that anymore? Also the updater in Plants VS Zombies?

    If so, hell yes!

  • dgarra

    Facebook Appstore coming in 3...2....1....

  • http://twitter.com/shamus_carter james kendall

    I wonder if this will effect es filemanager as in the new release to get the classic theme back you need to download the apk for the themeing via esfile manager.

  • Andrew Ruffolo

    This is for everyone's safety. No one wants an app on their phone that can change its code/permissions at will without you being notified.

    • Chris

      I think many people over react to the permissions with out fully understanding why they are needed.

      "oh noes! you can access my phonebook or dialer..... uninstalled....."

      when the app has a "contact us" link that opens the dialer when you click on the number or a way to inport your contacts......

  • http://twitter.com/tomrsvr Tom Roseveare

    This has nothing to do with beta testing, this is revenue protection under the veil of offering pure user experiences. Eyeballs in the Facebook app equals Facebook ad revenue. Eyeballs in Google Play equals Google content revenue. It's about being distracted even for a few seconds and at scale is serious money.

    • http://twitter.com/tomrsvr Tom Roseveare

      They were beta testing the update mechanic, not app functionality

  • JG

    1.) I got the non-Play Store update a few weeks back. It kind of annoyed me. Mostly because I couldn't easily identify if it was legit or if I had somehow obtained malware that was trying to trick me into installing even more icky code. But reading the above, and finding out it was because I was "lucky" to be selected as a beta tester... eh, maybe a little less annoyed. But I would have still prefered to have been informed - especially if I was unknowingly selected to beta test a product. I may not want to have potentially buggy software on my phone, and I might not really be the best beta tester for Facebook (since G+ came out I've only logged into FB maybe a dozen times, so they wouldn't get too much use-case data from me)...

    2.) Don't know if this is required, but reading Google's new clause, if I were to have written it, I may have included an additional clause, prohibiting the modification, change or updating of its own apk binary, *or that of any other application's*. I'm not sure if an app could potentially modify another app's code, but considering how open Android is, I'd assume it'd be possible.

  • David M Whittley

    I'm not sure this just has to do with beta testing. Both companies make their money through advertisements. At present Facebook must send its 900+ million user base to a competitors shop every time it wants to make improvements to it's own product. This is not an ideal solution and must be a thorn in Zuckerdergs side.
    It would not surprise me to see Facebook pull their app from the Play Store completely.

  • Simran

    Google doesn't like it because they're not making any money off this method because we're not opening the Play Store app and looking at BS. This is very wrong, using their service to distribute and application should give them the right to dictate what features you want your application to have.

  • hasan

    I think it's a great thing that Google has done this. Leaving Facebook aside, it stops "unharmful" softwares from updating to then become "harmful" to the user. Loop closed.

  • http://chromebookguru.tumblr.com Jason C

    That sucks for my Widget Locker then!

Quantcast