diff --git a/src/apps.js b/src/apps.js
index 71ded8593..7066e9cf1 100644
--- a/src/apps.js
+++ b/src/apps.js
@@ -74,6 +74,8 @@ var BACKUP_APP_CMD = path.join(__dirname, 'scripts/backupapp.sh'),
     RESTORE_APP_CMD = path.join(__dirname, 'scripts/restoreapp.sh'),
     BACKUP_SWAP_CMD = path.join(__dirname, 'scripts/backupswap.sh');
 
+var DEFAULT_MEMORY_LIMIT = (256 * 1024 * 1024);
+
 function debugApp(app, args) {
     assert(!app || typeof app === 'object');
 
@@ -216,7 +218,7 @@ function validateMemoryLimit(manifest, memoryLimit) {
     assert.strictEqual(typeof manifest, 'object');
     assert.strictEqual(typeof memoryLimit, 'number');
 
-    var min = manifest.memoryLimit || (256 * 1024 * 1024);
+    var min = manifest.memoryLimit || DEFAULT_MEMORY_LIMIT;
     var max = (4096 * 1024 * 1024);
 
     // allow 0, which indicates that it is not set, the one from the manifest will be choosen but we don't commit any user value
@@ -377,6 +379,9 @@ function install(appId, appStoreId, manifest, location, portBindings, accessRest
     error = validateMemoryLimit(manifest, memoryLimit);
     if (error) return callback(new AppsError(AppsError.BAD_FIELD, error.message));
 
+    // memoryLimit might come in as 0 if not specified
+    memoryLimit = memoryLimit || manifest.memoryLimit || DEFAULT_MEMORY_LIMIT;
+
     // singleUser mode requires accessRestriction to contain exactly one user
     if (manifest.singleUser && accessRestriction === null) return callback(new AppsError(AppsError.USER_REQUIRED));
     if (manifest.singleUser && accessRestriction.users.length !== 1) return callback(new AppsError(AppsError.USER_REQUIRED));
@@ -444,6 +449,9 @@ function configure(appId, location, portBindings, accessRestriction, oauthProxy,
         error = validateMemoryLimit(app.manifest, memoryLimit);
         if (error) return callback(new AppsError(AppsError.BAD_FIELD, error.message));
 
+        // memoryLimit might come in as 0 if not specified
+        memoryLimit = memoryLimit || app.memoryLimit || app.manifest.memoryLimit || DEFAULT_MEMORY_LIMIT;
+
         // save cert to data/box/certs
         if (cert && key) {
             if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.cert'), cert)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving cert: ' + safe.error.message));
@@ -511,14 +519,19 @@ function update(appId, force, manifest, portBindings, icon, callback) {
         if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such app'));
         if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
 
+        // Ensure we update the memory limit in case the new app requires more memory as a minimum
+        var memoryLimit = manifest.memoryLimit ? (app.memoryLimit < manifest.memoryLimit ? manifest.memoryLimit : app.memoryLimit) : app.memoryLimit;
+
         var values = {
             manifest: manifest,
             portBindings: portBindings,
+            memoryLimit: memoryLimit,
             oldConfig: {
                 manifest: app.manifest,
                 portBindings: app.portBindings,
                 accessRestriction: app.accessRestriction,
-                oauthProxy: app.oauthProxy
+                oauthProxy: app.oauthProxy,
+                memoryLimit: app.memoryLimit
             }
         };