Samsung and Bank of America did not immediately respond to requests for comment for this story. Google and Epic both declined to comment.
Photo: Getty Images
Cross-store updates go back to Android’s roots in the relatively open Linux platform, and they bring benefits. Because app updates go through security reviews and other store-specific checks, a download may appear at different times in different app stores. By allowing any of the app stores installed on their phone to update an app, users can ensure their apps are up to date as quickly as possible to fix bugs or security vulnerabilities, says Bogdan Botezatu, director of threat research and reporting at cybersecurity company Bitdefender. “Users shouldn’t worry about whether they’ll get the update,” he says.
In an encouraging sign, an analysis of three popular apps commissioned by WIRED by Esther Onfroy, co-founder of security research firm Defensive Lab Agency, found no difference between copies of the same app downloaded from Google Play and the Galaxy Store.
There are risks with cross-store updates, but those risks are small, Onfroy says. An app store with weak security could be exploited to deliver a malicious update, and having multiple stores on a device puts the risk of only one of them being compromised. An app store could also package an update with code that enables some form of intrusive data collection.
Users are more likely to face annoyances such as updates from other app stores that don’t work properly. Edward Cunningham, a product management director at Google, told Donato in court documents that smartphone maker Oppo’s app store released an unauthorized and outdated update to Google’s Chrome browser in 2022. Some users who installed the update were unable to load web pages in Chrome.
On Reddit, users have complained that Google Play updates apps downloaded from the Amazon Appstore, preventing them from accessing subscription features or paying with virtual currencies reserved only for apps from the Amazon marketplace. In a June court filing, Google’s lawyers acknowledged that users may lose in-app purchases and subscriptions. App stores support different billing systems, and the billing system used in the app’s current update may be the only one that works. So if a game downloaded from the Epic Store is updated by Google Play, Google, rather than Epic, may receive a commission on in-app purchases, and items purchased in the past may not work as intended.
Cross-store updates can also cause more frequent app crashes, in part because they can disrupt the staggered launches that app developers sometimes use to catch bugs before they spread — a measure that helps avert disasters like the recent CrowdStrike crash.
Adding to the confusion around clobbering is the fact that app developers can restrict updates from multiple app stores by publishing under different credentials or version numbers in each store. But if users then want to switch to updates from a different app store, they may have to reinstall the app by downloading a new version from their preferred store, which can result in data loss. Users who want to keep the current version of an app because they prefer it may also be disappointed if they disable updates from one store without realizing that they must also disable updates from another store.
