Samsung and Bank of America did not immediately respond to requests for comment on the story, while Google and Epic declined to comment.
Photo: Getty Images
Cross-store updates, which date back to Android’s roots as a fairly open Linux platform, also have benefits: App updates go through security reviews and other store-specific checks, so downloads can happen at different times between app stores. By allowing app updates through whichever app store is installed on their phone, users can ensure that apps are up to date as quickly as possible to address bugs and security vulnerabilities, says Bogdan Botezatu, director of threat research and reporting at cybersecurity firm Bitdefender. “Users don’t have to worry about getting updates,” he says.
In an encouraging sign, Esther Onfroy, co-founder of security research firm Defensive Lab Agency, analyzed three popular apps for WIRED and found no differences between copies of the same apps downloaded from Google Play and the Galaxy Store.
Onfroy said there are risks with cross-store updates, but they are small: A weakly secured app store could be exploited to distribute a malicious update, and having multiple stores on a device increases the chance that one of them will become corrupted. App stores can also wrap updates in code that allows for some kind of intrusive data collection.
Users are more likely to experience annoyances, such as updates from other app stores not working properly. Google’s director of product management, Edward Cunningham, told Donato in court documents that smartphone maker Oppo’s app store released an unauthorized and outdated update for Google’s Chrome browser in 2022. Some users who installed the update were unable to load web pages in Chrome.
On Reddit, users complained that Google Play updated apps downloaded from the Amazon Appstore, causing them to lose access to subscription features or to be unable to pay with the virtual currency specific to Amazon Marketplace apps. In a June court filing, Google’s lawyers acknowledged that users could lose in-app purchases and subscriptions. App stores support a variety of billing systems, and only the billing system used in an app’s current update may be functional. So if a game downloaded from Epic’s store is updated by Google Play, it may no longer be Google, not Epic, that receives commissions for in-app purchases, and previously acquired items may not work as intended.
Store-to-store updates could also cause app crashes more frequently because they could disrupt the phased releases app developers sometimes use to catch bugs before they spread — the kind of countermeasure that helps avoid disasters like the recent CrowdStrike meltdown.
To further add to the confusion caused by overrides, app developers can restrict updates from multiple app stores by publishing to each store with different credentials or version numbers. However, if a user wants to switch to updates from a different app store, they will have to download the new version from their preferred store and reinstall the app, potentially losing some data in the process. Users who want to keep the current version of an app as their preferred store may be disappointed when they turn off updates from one store, not realizing that they also need to turn off updates from the other store.
1 Comment
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.