Play Services having a custom updater and the ability to silently gain more permissions is definitely not something available to average 3rd party developers.
Both are available. Any app can request complete control over the system, at which point it can do whatever the hell it wants, short of root. Update? Sure thing, install an APK.
Of course the user has to accept your huge list of permissions first.
There are various other Android app store apart from the official play Store
(Amazon, F-droid, etc). Any app can request permission to install other apps silently, or may be even a newer version of itself. Play Store uses no private API which is not available to other Android developer. Ask your users to download the apk from your website, if Google Play store won't carry your app, and then built-in a mechanism to auto-update at will.
Yes, there's a permission to install apps silently (android.permission.INSTALL_PACKAGES), but this isn't a permission that can be granted to a third party app. Other bundled app stores can if they're signed appropriately, or if the device is rooted.
Are you sure this is correct? How is this even possible when you can install Play Services on Android versions before Play Services was even conceived. How can you do this on custom AOSP builds?
Play Services must be playing by the same rules as everyone else or it just wouldn't work on as many devices as it does.
I'm not an Android dev, but I would assume that Play Store has always had special permissions in order to be able to install applications, so Google need only deploy an updated version of Play Store for both old/new devices, and that updated version of Play Store have the necessary code to use its privileges to install Play Services and grant Play Services special privileges.
Of course the user has to accept your huge list of permissions first.