Imagine only having one copy of the system so when a situation like this occurs, you lack the ability to automatically switch to a working one, re-download and retry, without danger of this occurring.
This was fixed a decade ago with Android. They could have literally taken the source code from aosp and added it, or at least converted it (if in different programming language), and never had this issue. It would cost $0 and minimal time. But no. That won't ever happen. It's built ford tough.