Samsung and Bank of America did not immediately respond to requests for comment for this story. Google and Epic both declined to comment.
Photo: Getty Images
Cross-store updates trace back to Android's roots on the fairly open Linux platform, and they have advantages. Because app updates undergo security reviews and other store-specific checks, a download can arrive at different app stores at different times. By having one of the app stores installed on their phone update an app, users can ensure that their apps are updated as quickly as possible to fix bugs or security holes, says Bogdan Botezatu, director of threat research and reporting at cybersecurity firm Bitdefender. “Users don't have to worry about receiving the update,” he says.
In an encouraging sign, Esther Onfroy, co-founder of security research firm Defensive Lab Agency, conducted an analysis of three popular apps commissioned by WIRED and found no difference between copies of the same app downloaded from Google Play and the Galaxy Store.
There are risks associated with cross-store updates, though those risks are small, Onfroy said. An app store with weak security could be exploited to push a malicious update, and if a device has multiple stores, there’s a good chance that only one will get corrupted. An app store could also package an update with code that enables a form of intrusive data collection.
Users are more likely to encounter annoying issues such as updates from other app stores that don't work properly. Edward Cunningham, a director of product management at Google, Donato said in court documents that in 2022, smartphone maker Oppo's app store released an unauthorized and outdated update to Google's Chrome browser. Some users who installed the update were unable to load web pages on Chrome.
On RedditUsers have complained that Google Play is updating apps downloaded from the Amazon Appstore, leaving them without access to subscription features and the ability to pay with virtual currencies unique to apps from Amazon's marketplace. In a court filing in JuneGoogle's lawyers acknowledged that users could lose in-app purchases and subscriptions. App stores support different billing systems, and the billing system used in the current update to the app may be the only one that works. So if a game downloaded from Epic's store is updated by Google Play, it may be Google, rather than Epic, that gets a commission on in-app purchases, and items acquired in the past may not work as intended.
Cross-store updates can also lead to more app crashes, in part because they can disrupt the phased launches that app developers sometimes use to discover bugs before they spread. This is the kind of measure that helps prevent disasters like the recent CrowdStrike collapse.
To further add to the confusion surrounding overclocking, app developers can limit the capabilities updated from multiple app stores by publishing to each store under different references or version numbers. However, if users then want to switch to updates from a different app store, they may have to reinstall the app by downloading a new version from their preferred store, and may lose some data in the process. Users who want to keep the current version of an app because they prefer it may also be disappointed if they disable updates from one store without realizing that they also need to disable updates from another store.