Facebook for Android is prompting users to download an update to a new build of its app, 141046, without going through Google's official Play app store. As Liliputing first reported, users are receiving a persistent notification letting them know that an update is ready, and on clicking the notification are taken directly to the Facebook app to download the new version.
Although we've yet to receive an update prompt ourselves the new update system appears to be legitimate, rather than the result of a third-party app or malware. A thread in Facebook's help forum includes a reply from a Facebook product manager named Ragavan Srinivasan who says:
"We're working quickly to improve Facebook for Android and want to make sure everyone is using the best version of our app. You'll experience these updates when you are on Wi-Fi, and they won't rely on your data plan."
That guidance has since been added to Facebook's Help Center. Facebook's motivation for nagging users to update appears to be to ensure all users are using the latest version of its app, but it's not clear why clicking on the notification — or the "update" button within the app — couldn't forward users to Google Play and have the same end result. It also raises questions about security: if Facebook can skip Google Play to update its app, what's stopping a malicious developer from circumventing Google Play's built-in virus scanner?
We've reached out to Facebook for clarification on its new policy, and also to Google to ask if it's aware a Play Store app is updating itself through alternate channels. Google's terms of service do not allow apps "that cause users to unknowingly download or install applications from sources outside of Google Play." The important question is whether Google feels Facebook is being clear enough that this is not a Play Store download.