I don't think this is correct? Can't you install any prod build regardless of source as long as you sign it with the prod credentials (and do not opt-in to google managed creds)?
That's correct. As long as you have the correct apk with the same signature as the one you already have installed you can update without issue (I've done it myself several times).
The opposite also applies, if you install a signed previous version, play store will update it.
You're right, I just successfully updated Tor Browser with an apk. In the past I've had errors updating other apps, presumably because they used Google's signing services, I assumed it was the same for all apps but was wrong. Thanks for pointing that out, I edited the comment.
