App privacy depends a lot on where you were when you downloaded it
An app downloaded in the US isn't necessarily the same as an app downloaded elsewhere.
When you download an app, you generally expect the that it is the same version that everyone else is already using. That may be the case within individual countries, but a new study from a group of researchers at the University of Michigan surveying the global app availability landscape not only determined a wide array of discrepancies in both availability and features, but also identified how users’ privacy and security varies even when using the same app in various countries.
“While our study corroborates reports of takedowns due to government requests, we also found many differences introduced by app developers,” notes co-author Renuka Kumar in a summary for The Conversation. “We found instances of apps with settings and disclosures that expose users to higher or lower security and privacy risks depending on the country in which they’re downloaded.”
Kumar and colleagues poured over data from globally popular apps across the top 22 app categories in the Google Play Store, and found a staggering amount of geoblocking—aka online restrictions based on geographic location. Of the 5,684 apps surveyed, 3,672 were found to be unavailable in at least one of the 26 countries included in the study. While some of these instances likely boiled down to copyright issues, many more were due to nations’ own laws regarding issues like online gambling and political leanings. “While the Indian government’s takedown of Chinese apps happened with full public disclosure, surprisingly most of the takedowns we observed occurred without much public awareness or debate,” wrote Kumar.
Apart from simple availability, the team found a wide spectrum of differences within the apps’ security and data privacy regulations. 127 apps varied depending on location in what they were allowed to access on users’ phones , “49 of which had additional permissions deemed ‘dangerous’ by Google.” Canada is listed as one of the countries requesting the most additional permissions, alongside Bahrain and Tunisia.
[Related: App usage stands at 4-5 hours a day.]
Over 100 of the studied apps featured differing privacy policies based on country, and particularly posed a problem to consumers living under California’s Consumer Privacy Act and the European Union’s General Data Protection Regulation. To top it off, almost 30 apps using dangerous permissions “make no mention [on this usage], despite Google’s policy requiring them to do so.”
Researchers offered a number of recommendations to begin addressing these issues, including urging app makers to better moderate countries’ targeting features, provide more detailed app takedown transparency reports, increase app vetting, and push for better developer clarity regarding their decisions to change app policies. The team also suggested to “host app privacy policies themselves to ensure their availability when the policies are blocked in certain countries.”
While unsurprising, the report is a sobering reminder a major goal for many apps is to reach as many people (and their data) as possible. Hardly anyone reads all those Terms & Conditions litanies, but studies like this one might you pause before pressing download.