Until now the apps which have been installed from a 3rd party source cannot be updated automatically over-the-air directly from Google Play Store due to security reasons. Google did not consider them as Play Store apps and were not shown in the Google account app list as well.
At the end of last year, Google had declared their plans to set up an automated mechanism to verify the authenticity of a 3rd party app by adding a small amount of security metadata on top of each Android application package (in the APK Signing Block) distributed by its Play Store.
This metadata is similar to a digital signature that helps your Android device to verify if the origin of an app you have installed from a third-party source is a Play Store app and have not been tempered, for example, a virus is not attached to it.
This year they have started implementing this mechanism and did not require any action from the users or developers, helping the company to keep its smartphone users secure by adding those peer-to-peer shared apps to a user’s Play Store Library in order to push regular updates.
Google have announced that a new enhancement to its plan was made by adding offline support for metadata verification that would allow your Android OS to determine the authenticity of “apps obtained through Play-approved distribution channels” while the device is offline.
Product Manager at Google Play, James Bender said that one of the major reason they are doing ths was to help the developers reach a larger audience, especially in countries where peer-to-peer app sharing is common because of costly data plans and limited connectivity.
One should keep in mind that this feature doesn’t protect you from the threat of installing apps from third-party sources but it just helps you to receive latest updates if their origin is Google Play Store.
Last year, Google has added a built-in behavior-based malware protection for Android devices, known as Google Play Protect thath uses machine learning and app usage analysis to separate the dangerous and malicious apps.
Google Play Protect scans apps installed from official Play Store and also monitors apps that have been installed from third-party sources. Besides Play Protect also supports offline scanning so that they take care of new metadata verification as well.
Since Play Store itself is not immune to malware, users are advised to download apps from the official app store to minimize the risk of getting their devices compromised.