If it installs updates without requiring you to specify the desired updates explicitly (i.e. by cryptographic hash), it should not be considered "your" device from a security perspective.