Google Play restricts the use of high-risk or sensitive permissions, including the REQUEST_INSTALL_PACKAGES
permission, which allows an application to request installing packages. Apps targeting API level 26 or newer must hold this permission in order to use Intent.ACTION_INSTALL_PACKAGE or the PackageInstaller API. To use this permission, your app’s core functionality must include:
- Sending or receiving app packages, AND
- Enabling user-initiated installation of app packages.
If your app does not meet the requirements for acceptable use below, you must remove it from your app's manifest in order to comply with Google Play policy. Suggestions for policy-compliant alternative implementations are also detailed below.
If your app meets the policy requirements for the acceptable use of the REQUEST_INSTALL_PACKAGES
permission, you will be required to declare this and any other high-risk permissions using the Permissions Declaration Form in Play Console.
Apps that fail to meet the policy requirements or do not submit the Permissions Declaration Form may be removed from Google Play.
Important: If you change how your app uses these restricted permissions, you must revise your declaration with updated and accurate information. Deceptive and undeclared uses of these permissions may result in a suspension of your app and/or termination of your developer account.
When should you request the REQUEST_INSTALL_PACKAGES permission?
The REQUEST_INSTALL_PACKAGES
permission only takes effect when your app targets Android API level 26 or later on devices running Android 8 or later.
To use this permission, your app must fall within permitted uses below, and have a core purpose to enable installation of packages. Core functionality is defined as the main purpose of the app. Without this core ability to install additional applications on the device, the app is 'broken' or becomes unusable. The core functionality, and any core features that comprise this core functionality, must all be prominently documented and promoted in the app's description.
Permitted uses of the REQUEST_INSTALL_PACKAGES permissionApps that must enable installation of app packages for interoperability purposes may be eligible for this permission. Permitted uses include:
- Web browsing or search; OR
- Communication services that support attachments; OR
- File sharing, transfer or management; OR
- Enterprise device management.
- Backup and restore
- Device migration/Phone transfer
Apps granted access to this permission must comply with the user data policies, including prominent disclosure and consent requirement, and may not extend its use to undisclosed or invalid purposes.
Below is a list of use cases that won't be allowed to request the REQUEST_INSTALL_PACKAGES permission:
- Where the use of the permission is not directly related to the core purpose of the app.
- This includes peer-to-peer (P2P) sharing. P2P must be the core purpose of the app in order to qualify as a permitted use.
- When the required task can be done with a less intrusive method.
Note: This list is not exhaustive.
Frequently asked questions
Why does Google want to introduce this policy?REQUEST_INSTALL_PACKAGES
permission provides apps with the ability to install new packages on a user’s device. We are committed to preventing abuse on the Android platform and protecting users from apps that self-update using any method other than Google Play's update mechanism or download harmful APKs. To this end, we are introducing the 'Request install package' policy to explain which permitted functionalities and actions are allowed for the permission.
We encourage you to review the policy carefully for permitted use cases and make any required changes to keep your app compliant. If your app does not meet the criteria for a permitted use case, you need to remove this permission from your app before the policy effective date in order to keep your app compliant.
The new policy will be enforced starting from 11 July 2022.
There is no expected delay on the app reviewing timelines with regard to this update.
The new policy will become effective on 11 July 2022. We encourage you to review the policy carefully for permitted use cases in a timely manner and make any required changes to keep your app compliant. If your app does not meet the criteria for a permitted use case, you need to remove this permission from your app before the policy effective date in order to keep your app compliant.
Please review guidelines on this Help Centre page for options.