Use of the REQUEST_INSTALL_PACKAGES permission

Google Play restricts the use of high-risk or sensitive permissions, including the REQUEST_INSTALL_PACKAGES permission, which allows an application to request installing packages. Apps targeting API level 26 or newer must hold this permission in order to use Intent.ACTION_INSTALL_PACKAGE or the PackageInstaller API. To use this permission, your app’s core functionality must include:

  1. Sending or receiving app packages, AND
  2. Enabling user-initiated installation of app packages. 

If your app does not meet the requirements for acceptable use below, you must remove it from your app's manifest in order to comply with Google Play policy. Suggestions for policy-compliant alternative implementations are also detailed below.

If your app meets the policy requirements for the acceptable use of the REQUEST_INSTALL_PACKAGES permission, you will be required to declare this and any other high-risk permissions using the Permissions Declaration Form in Play Console.

Apps that fail to meet the policy requirements or do not submit the Permissions Declaration Form may be removed from Google Play.

Important: If you change how your app uses these restricted permissions, you must revise your declaration with updated and accurate information. Deceptive and undeclared uses of these permissions may result in a suspension of your app and/or termination of your developer account.

When should you request the REQUEST_INSTALL_PACKAGES permission?

The REQUEST_INSTALL_PACKAGES permission only takes effect when your app targets Android API level 26 or later on devices running Android 8 or later.

To use this permission, your app must fall within permitted uses below, and have a core purpose to enable installation of packages. Core functionality is defined as the main purpose of the app. Without this core ability to install additional applications on the device, the app is 'broken' or becomes unusable. The core functionality, and any core features that comprise this core functionality, must all be prominently documented and promoted in the app's description.

Collapse all Expand all

Permitted uses of the REQUEST_INSTALL_PACKAGES permission

Apps that must enable installation of app packages for interoperability purposes may be eligible for this permission. Permitted uses include:

  • Web browsing or search; OR
  • Communication services that support attachments; OR
  • File sharing, transfer or management; OR
  • Enterprise device management.  
  • Backup and restore
  • Device migration/Phone transfer

Apps granted access to this permission must comply with the user data policies, including prominent disclosure and consent requirement, and may not extend its use to undisclosed or invalid purposes.

Invalid uses

Below is a list of use cases that won't be allowed to request the REQUEST_INSTALL_PACKAGES permission:

  • Where the use of the permission is not directly related to the core purpose of the app.
    • This includes peer-to-peer (P2P) sharing. P2P must be the core purpose of the app in order to qualify as a permitted use.
  • When the required task can be done with a less intrusive method.

Note: This list is not exhaustive.

Frequently asked questions

Why does Google want to introduce this policy?

REQUEST_INSTALL_PACKAGES permission provides apps with the ability to install new packages on a user’s device. We are committed to preventing abuse on the Android platform and protecting users from apps that self-update using any method other than Google Play's update mechanism or download harmful APKs. To this end, we are introducing the 'Request install package' policy to explain which permitted functionalities and actions are allowed for the permission.

How do I know whether I have a permitted use case for this permission or not?

We encourage you to review the policy carefully for permitted use cases and make any required changes to keep your app compliant. If your app does not meet the criteria for a permitted use case, you need to remove this permission from your app before the policy effective date in order to keep your app compliant.

What are the timelines to ensure compliance?

The new policy will be enforced starting from 11 July 2022.

Will this new clarification impact app review timelines?

There is no expected delay on the app reviewing timelines with regard to this update.

What if I need additional time to comply with the requirements?

The new policy will become effective on 11 July 2022. We encourage you to review the policy carefully for permitted use cases in a timely manner and make any required changes to keep your app compliant. If your app does not meet the criteria for a permitted use case, you need to remove this permission from your app before the policy effective date in order to keep your app compliant.

My app has been removed from Google Play due to the violation of this policy. I believe this was in error – what should I do?

Please review guidelines on this Help Centre page for options.

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the Help Community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Search
Clear search
Close search
Main menu
3837877578724305971
true
Search Help Centre
true
true
true
true
true
92637
false
false