, thank you for your reply.
"I added code which checked if the app the user tries to install..."
- yes, but this is not enough because all safety checks are only in your application (untrusted) and operating system cannot control it.
Let me explain better why I see same signing certificate as the issue. Hope I make it understandable.
- Why is it a problem?
When customer download and install app from google play, application get own secured storage where app store sensitive data.
App can generate private keys, etc. The Android is responsible for this sandboxing.
I, as user, believe there is not easy way to get access to this data.
It's not easy access this storage and the only way how to do this is application signed with same key.
Then you can override GP version (which is trusted, reviewed by GP) and get access to sensitive data and keep approved permissions.
If you get crazy and create app version which i.e. upload the previews cache and let TC download it on background on startup
and persuade user to install it (confirm installation) then you "published" bad version which override trusted GP version and was not reviewed by Google.
You exactly did what google wants to avoid.
There are two applications from different sources with exactly same signing.
One is at GP and second one is at Forum.
But version downloaded from GP can be updated with version from forum which add banned functions and has access to same sensitive data and approved permissions as previous installed GP version.
You have 10m+ impact so you have to pass more detailed GP analysis. This is usual on GP.
This is reason why other file browsers with free apk download don't facing this issue, yet.
We can believe you block TC installation but don't have to. No way how to confirm it.
GP doesn't analyse your code instruction by instruction so they don't know about some if in the flow.
All what they can see is:
The application contains code for data download and application install.
The application requesting privileged permission for file system access.
Two sources of same application with same signing. Second source can override version from first, trusted source.
Conclusion - The application with privileged permissions can download and install other version of self from not trusted source.
This is breaking trust in application supply chain.
From my point of view GP wants to see that there is not public version of you application which can override GP version.
The way how to do this is using Play App Signing with new signing key (a bit longer way how to achieve it).
After that there is the only one way how to update TC app - only using GP where is stored the only one copy of signing key.
If you meet this condition then you can add install function because there is not way how to "...modify, replace, or update itself using any method other than Google Play's update mechanism."
The installation is rejected by Android OS itself because second application had to use different signing key.
This is one of trusted way how to prove you are not able to modify or install itself.
An another solution, i.e., is using lower build number for public version then build number on GP. Android OS do not allow application downgrade and block the installation.
Sorry for the long post, here's potato