Google is reminding developers who’s in charge in the Android relationship — and it’s not the developers.

In an effort to take control over self-updating apps, Google is now making it clear that developers can’t update Google Play apps by any other means than Google Play. The move is an indirect dig at Facebook, which was found to be doing that very thing with its own app last month.

“An app downloaded from Google Play may not modify, replace, or update its own APK binary code using any method other than Google Play’s update mechanism,” says the new text added to the “Dangerous Products” section of Google Play’s developer program policy

Right now, the only apps that may update without Google Play are apps that weren’t downloaded from Google Play in the first place. (These are called “side-loaded” apps.)

For Google, the core of the problem is security: If developers can circumvent Google Play for app updates, how difficult would it be for bad guys update their apps with new, potentially dangerous features and permissions that Google isn’t aware of?

“Google play is a trusted source for Android application downloads, and we are¬†committed¬†to providing a secure and consistent experience,” Google says.