[Update: Fixed] The Samsung Wearable App Sideloads Samsung Pay in Violation of Play Store Policy

The Samsung Wearable app for Galaxy smartwatches is reportedly prompting users to sideload the Samsung Pay APK on Android phones in apparent violation of Play store policies. According to reports, the prompt comes when setting up Samsung Pay on a Galaxy Watch from a non-Samsung smartphone. Apparently, the Play Store version of the app doesn’t come with the Samsung Pay plugin. So it downloads a fully built and signed apk from AWS and prompts the user to install it.

The action, which was first pointed out by Max Weinbach seems to be a violation of Play Store rules. According to section 4.5 of the Google Play Developer Distribution Agreement, apps cannot install other software from sources other than the Google Play Store. So basically, the Samsung app here can’t download or prompt users to install apps from a third-party server.

The Samsung Galaxy Watch Active2 Plugin app does not have Samsung Pay Plugin as part of the apk and does not sign the app. It, instead, downloads a fully built and signed apk off AWS then prompts the user to install it.

This action breaks Google Play TOS. pic.twitter.com/VOmnUrMtlT

— Max Weinbach (@MaxWinebach) June 9, 2020

When an app breaks the Play Store’s terms of service (ToS), Google generally removes it from the platform until the developer gets rid of the illicit function. However, in this case, the app was still available on the store when we checked. It will be interesting to see if Google will act on the report, or if it will turn a blind eye to the infraction.

The action of pulling the Samsung Pay APK from third-party servers is seemingly specific to the Play Store version of the app. The Galaxy Store version apparently comes with the necessary API to install the plugin in the background without any user interaction. Either way, there’s no further clarification on this matter at this point, but we’ll hopefully get more info soon.