Samsung and Bank of America did not immediately respond to requests for comment for this article. Google and Epic declined to comment.
Cross-store updates date back to Android’s origins on the fairly open Linux platform, and they have their advantages. As app updates go through security reviews and other store-specific checks, a download may arrive at different times on different app stores. By allowing any of the app stores installed on their phone to update an app, users can ensure their apps are updated as soon as possible to address bugs or security vulnerabilities, says Bogdan Botezatu, director of threat research and reporting at cybersecurity firm Bitdefender. “Users shouldn’t have to worry about getting the update,” he says.
In an encouraging sign, an analysis of three popular apps commissioned by WIRED by Esther Onfroy, co-founder of security research firm Defensive Lab Agency, found no differences between copies of the same app downloaded from Google Play and the Galaxy Store.
According to Onfroy, cross-store updates do carry risks, though these are remote. An app store with weak security could be exploited to push a malicious update, and having multiple stores on a device increases the chance that just one of them will be corrupted. An app store could also wrap an update in code that allows for some form of intrusive data collection.
Users are more likely to encounter issues such as updates from other app stores not working properly. Edward Cunningham, director of product management at Google, he told Donato in court documents In 2022, smartphone manufacturer Oppo’s app store released an unauthorized and outdated update to Google’s Chrome browser. Some users who installed the update were unable to load web pages in Chrome.
On RedditUsers have complained that Google Play updates apps downloaded from Amazon’s Appstore, limiting their ability to access subscription features or pay with virtual currencies exclusive to Amazon’s marketplace apps. In a June court filingGoogle’s lawyers acknowledged that users may lose in-app purchases and subscriptions. App stores support different billing systems, and the billing system used in the current app update may be the only one that works. So if a game downloaded from Epic’s store is updated through Google Play, it’s possible that Google, not Epic, will get a commission on in-app purchases, and items purchased in the past may not work as expected.
Cross-store updates can also lead to more frequent app crashes, in part because they can disrupt the staggered releases that app developers sometimes use to catch bugs before they spread — the kind of measure that helps avoid disasters like the recent CrowdStrike collapse.
To add to the confusion about app abuse, app developers may limit updates from multiple app stores by publishing to each store with different credentials or version numbers. But, if users want to switch to updates from a different app store, they may have to reinstall the app by downloading a new version from their preferred store, and they could lose some data in the process. Users who want to keep the current version of an app because they prefer it may also be disappointed if they turn off updates from one store without realizing that they must also turn off updates from another store.