How has this not received more attention?<p>One of the major barriers to malware installation on mobile devices has been the move to managing software with a repository. On Android, people don't expect to go to a website, download an application as a regular file, and then execute it (although this is certainly possible if you enable it and ignore several warnings). Normal users expect to get all of their software and updates via Google Play. They're used to this, and regard anything else as highly suspicious.<p>With this update, Facebook can unilaterally break this suspicion. Users will be confused and/or pissed off for the next week or so, but when it all blows over, it will be <i>significantly</i> easier for someone to publish an app on Google Play that then downloads and executes arbitrary code. "If Facebook is doing it," they'll think, "it must be the new cool thing to do, so it's probably fine."<p>No, it's not fine. Average users should not be doing this. Google should punish Facebook quickly and harshly if they have any desire to keep Android malware at a manageable level.