Hi @dciupureanu
We do not encourage apps to expect a single shared secret, and we have plans for returning back to per-installations based shared secret.
However, this change has not been rolled out to all tenants yet, but is enabled on Ecosystem Beta Group and Early Adopter tenants for testing. Also, this feature is only enabled for the apps with signed-install feature opted-in.
Just to be clear with the existing behaviour on all other production tenants, if you are installing your app manually from developer mode with your descriptor URL, you will always get a new sharedSecret. And if the install was triggered from the marketplace, your app will receive a single shared secret for all tenants.
Additionally, if your app had received a mismatching shared secrets from production environment, this is due a recent Marketplace failure that made connect to safely fallback by sharing a locally generated shared secret. If I remember correctly, there was an incident early this month that may have lead to this fallback mechanism.