Google’s policies have long said that third-party app stores would not be distributed via the Play Store, but no policy has ever taken a firm stance against applications installing APKs as long as users grant authorization and there is no malware involved. The situation is going to change, however, since a new regulation targets this feature and restricts usage to a very small number of applications.
APKs may only be installed by apps if part of their core functionality is to either transfer app packages or enable users to install them, according to the April 2022 Developer Program Policy update, which specifies that apps must be able to transfer app packages or enable users to install them in order to be allowed to install APKs.
This ultimately comes down to stating that applications should only have the ability to install an APK if doing so is a clear need for the sort of app in question – file managers and web browsers, for example. Exemples of the opposite would include items like games, podcast players, and camera programs, none of which should need the installation of any other applications.
The REQUEST INSTALL PACKAGES permission of the Android operating system, which has been in use since Android 6.0 Marshmallow, is at the core of this policy modification. If this permission is included in an app’s manifest, which means that the program is claiming that it requires this ability, it may trigger an install request, which requests the user to let an APK installation to proceed, if the permission is present in the manifest. Apps that do not explicitly request this permission will not be impacted by the new rule. However, it’s worth noting that app developers should double-check that any third-party libraries used in their applications, including ad networks, have not also extended this privilege to their users.
What is the purpose of adding this rule? However, although Google hasn’t provided an official explanation for the move, it’s possible that it’s intended to prevent some of the more controversial approaches that have gained popularity, such as ad networks that seek to install APKs on devices without redirecting users to the Play Store.
Google’s new policy goes on to identify a number of functionality and app kinds that are deemed appropriate by the company, including:
surfing the web or doing a search; or
Communication services that allow for the attachment of documents; or
or the transport, storage, and administration of files; or
Device management for large organizations.
In addition, it’s worth noting that the criteria ban self-updates, changes, and bundling of APKs; however, an exemption has been made for device management, which falls within the purview of corporate software and deployment tools in most instances.
Finally, applications must have Play Store descriptions that include a disclosure regarding the ability to install apps, as well as an explanation of the essential features that make use of the capacity to install apps.
The new regulation will take effect on August 11, 2022, according to the schedule. However, it is unclear how these limitations will be implemented, and whether the Play Store will simply ban app updates that have the permission, or if current applications will remain unlisted until developers publish new versions of their apps, will be determined. Based on previous experience, Google often likes to remove applications first and sort out the issue afterwards, which means app creators should be as proactive as possible in order to minimize difficulties.
After another Play Store statement that applications with obsolete API levels would be hidden from search, this policy change follows up with another announcement that takes a more restrictive approach to apps designed for children.