Google Play Store security has been improved, with the company taking an additional measure to make sure you don’t download malware thinking it’s a legitimate update.
After the latest revamp, Google has now also updated the Play Store Developer Program Policies, making sure that if you download an app from the Google Play Store, that’s the only place you’ll update it from. The updated Developer Program Policies now clearly state as follows:
An app downloaded from Google Play may not modify, replace or update its own APK binary code using any method other than Google Play's update mechanism.
google play developer program policies
This makes it very clear for developers that apps downloaded from the store are not in any way allowed to update otherwise than using the store’s update mechanism. This improves Google Play Store security, as users won’t be able to download malware, thinking they’re just updating an app they’ve previously installed. Facebook has pushed an update outside the store this March, but that most certainly won’t happen again.
So, from now on, if an app you know you’ve installed from the Google Play Store claims to install an update otherwise than through the Play Store, you should definitely refuse to download it (even if your device allows installations from unknown sources).
Google tries to fight malware downloading by users of its products as much as possible, which is also proven by the latest security measures it has taken for Google Chrome, as well as by the large number of apps that have been removed from the Google Play Store in February alone.