

Facebook pushes Android update to enable silent updates in the future - alexlitov
http://liliputing.com/2013/03/facebook-pushes-android-update-to-enable-silent-updates-bypassing-the-play-store.html

======
ohazi
How has this not received more attention?

One of the major barriers to malware installation on mobile devices has been
the move to managing software with a repository. On Android, people don't
expect to go to a website, download an application as a regular file, and then
execute it (although this is certainly possible if you enable it and ignore
several warnings). Normal users expect to get all of their software and
updates via Google Play. They're used to this, and regard anything else as
highly suspicious.

With this update, Facebook can unilaterally break this suspicion. Users will
be confused and/or pissed off for the next week or so, but when it all blows
over, it will be _significantly_ easier for someone to publish an app on
Google Play that then downloads and executes arbitrary code. "If Facebook is
doing it," they'll think, "it must be the new cool thing to do, so it's
probably fine."

No, it's not fine. Average users should not be doing this. Google should
punish Facebook quickly and harshly if they have any desire to keep Android
malware at a manageable level.

~~~
hugoc
_We've reached out to Facebook for clarification on its new policy, and also
to Google to ask if it's aware a Play Store app is updating itself through
alternate channels. Google's terms of service do not allow apps "that cause
users to unknowingly download or install applications from sources outside of
Google Play." The important question is whether Google feels Facebook is being
clear enough that this is not a Play Store download._ \-
[http://www.theverge.com/2013/3/15/4107376/facebook-
android-a...](http://www.theverge.com/2013/3/15/4107376/facebook-android-app-
update-build-141046-not-using-google-play-store)

It would amuse me if Google were to drop Facebook from the play store over
this.

