-2 C
London
Thursday, December 8, 2022

The same app can pose a threat to security and privacy, depending on where

Must read

Who is David Scott Simon? Insight into the life of Alison Berns’ husband

David ScottSimon is the husband of an American former actress Alison Berns who is known for her work in films like Genitals (1997), The...

Rapper who bragged about Covid aid fraud sentenced to over 6 years

LOS ANGELES — A Tennessee rapper who bragged about committing aid fraud with Covid-19 in a music video was sentenced to more than six...

Pixyle AI aims to make visual search more intuitive for online retailers • londonbusinessblog.com

When Svetlana Kordumova was studying for her PhD in AI and computer vision, she became frustrated with the process of searching for items to...

Sigfox owner UnaBiz doubles its Series B financing to $50 million londonbusinessblog.com

UnaBizthe Massive Internet of Things service provider and owner of Sigfox, announced today that it has raised an additional $25 million in Series B...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

The mobile phone giants have more than 200 Chinese apps, including many downloaded apps like TikTok, requested by the Indian government in recent years. Similarly, the companies removed LinkedIn, an essential professional networking app, from Russian app stores at the request of the Russian government.

However, access to apps is just one concern. Developers regionalize apps too, which means they produce different versions for different countries. This raises the question of whether these apps differ by region in their security and privacy capabilities.

In a perfect world, access to apps and app security and privacy capabilities would be consistent everywhere. Popular mobile apps should be available without increasing risk that users are spied on or tracked based on the country they are in, especially considering that not every country has strict data protection rules.

My colleagues and l recently studied the availability and privacy policy from thousands of worldwide popular apps on Google Playthe app store for android devices, in 26 countries. We found differences in app availability, security and privacy.

While our research confirms reports of takedowns due to government requests, we also found many discrepancies introduced by app developers. We found cases of apps with settings and disclosures that expose users to higher or lower security and privacy risks, depending on the country in which they were downloaded.

Geoblocked apps

The countries and one special administrative region in our study are diverse in location, population and gross domestic product. They include the US, Germany, Hungary, Ukraine, Russia, South Korea, Turkey, Hong Kong, and India. We also included countries like Iran, Zimbabwe and Tunisia, where it was difficult to collect data. We surveyed 5,684 popular apps worldwide, each with over 1 million installs, out of the top 22 app categoriesincluding books and references, education, medical and news and magazines.

Our research showed large amounts of geo-blocking, with 3,672 of 5,684 popular apps worldwide blocked in at least one of our 26 countries. Developer blocking in all our countries and app categories was significantly higher than the number of takedowns requested by governments. We found that Iran and Tunisia have the highest blocking rates, with apps like Microsoft Office, Adobe Reader, Flipboard, and Google Books all not downloadable.

We found regional overlap in the apps that are geoblocked. In European countries in our study – Germany, Hungary, Ireland and the UK – 479 of the same apps were geo-blocked. Eight of those, including Blued and USA Today News, were blocked only in the European Union, possibly because of the regions General Data Protection Regulation. Turkey, Ukraine and Russia also show similar blocking patterns, with high virtual private network app blocking in Turkey and Russia, consistent with the recent increase in supervision laws.

Of the 61 country-specific takedowns by Google, 36 were unique to South Korea, including 17 gambling and gaming apps that were removed in accordance with the national ban on online gambling. While the takedown of Chinese apps by the Indian government took place with full disclosure, surprisingly most of the takedowns took place without much public awareness or debate.

Differences in security and privacy

The apps we downloaded from Google Play also showed country differences in their security and privacy capabilities. One hundred and twenty-seven apps varied in what the apps were allowed to open on users’ cellphones, 49 of which had additional permissions deemed “dangerous” by Google. Apps in Bahrain, Tunisia and Canada demanded the most extra dangerous permissions.

Three VPN apps enable clear text communication in some countries, allowing unauthorized access to users’ communications. One hundred and eighteen apps ranged in the number of ad trackers included in an app in some countries, with the categories Games, Entertainment and Social, with Iran and Ukraine having the most increases in the number of ad trackers compared to the base number common for all countries.

One hundred and three apps have country-based differences in their privacy policies. Users in countries not covered by data protection regulations, such as the GDPR in the EU and the California Consumer Privacy Act in the US, are at greater privacy risk. For example, 71 apps available through Google Play have GDPR compliant clauses in the EU only and CCPA only in the US Twenty-eight apps that use dangerous permissions make no mention of it, despite Google’s Policy oblige them to do so.

The role of app stores

App stores allow developers to target their apps to users based on a wide variety of factors, including their country and the specific features of their device. Although Google has taken few steps to transparency in the app store, our research shows there are flaws in Google’s control of the app ecosystem, some of which could compromise users’ security and privacy.

Possibly also due to app store policies in some countries, app stores specializing in specific regions of the world are becoming increasingly popular. However, these app stores may not have adequate auditing policies, allowing modified versions of apps to reach users. For example, a national government could pressure a developer to deliver a version of an app that: back door access. There is no easy way for users to distinguish a modified app from an unmodified one.

Our research offers several recommendations to app store owners to address the issues we found:

  • You better moderate their country targeting features.
  • Provide detailed transparency reports on app removals.
  • Bold apps for differences based on country or region.
  • Insist on transparency from developers about their need for the differences.
  • Host app privacy policies themselves to ensure their availability when the policies are blocked in certain countries.

Renuka Kumar is a Ph.D. student of computer science and engineering at the University of Michigan.

This article was republished from The conversation under a Creative Commons license. Read the original article.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Who is David Scott Simon? Insight into the life of Alison Berns’ husband

David ScottSimon is the husband of an American former actress Alison Berns who is known for her work in films like Genitals (1997), The...

Rapper who bragged about Covid aid fraud sentenced to over 6 years

LOS ANGELES — A Tennessee rapper who bragged about committing aid fraud with Covid-19 in a music video was sentenced to more than six...

Pixyle AI aims to make visual search more intuitive for online retailers • londonbusinessblog.com

When Svetlana Kordumova was studying for her PhD in AI and computer vision, she became frustrated with the process of searching for items to...

Sigfox owner UnaBiz doubles its Series B financing to $50 million londonbusinessblog.com

UnaBizthe Massive Internet of Things service provider and owner of Sigfox, announced today that it has raised an additional $25 million in Series B...

Monash 3D printing spinout Additive Assurance raises $4.1 million for global plans

A Melbourne startup tackling the daunting task of ensuring the quality of 3D printing for aerospace, defense and advanced manufacturing has raised $4.1 million...