Attackers have been searching for security vulnerabilities to exploit in Android applications. Such security vulnerabilities include Android applications that could load code at runtime which helps attackers avoid detection by static analysis tools. In this study, an extensive analysis is conducted in order to see how attackers employ updating techniques to exploit such vulnerabilities and to assess the security risks of applications in the marketplace using these techniques. A comprehensive analysis was carried out on nearly 30,000 applications collected from three different Android markets and two malware datasets. Static, dynamic and permission-based analyses were employed in order to monitor malicious activities in such applications, and new malicious applications using updating techniques were discovered in Google Play. The results show that applications employing code updating techniques are on the rise. It is believed that this is the first study of its kind to monitor updating behaviours of applications during their execution. This analysis allows us to deeply analyse suspicious applications and thereby develop better security solutions.