App security varies depending on where it’s downloaded

When you download an app, you usually expect it to be the same version that everyone else is already using. This may be the case in individual countries, but a new study by a group of University of Michigan researchers examining the global app availability landscape not only pinpoints a wide range of inconsistencies in both availability and features, but also identifies how user privacy and security vary even when using one and same application in different countries.

“While our study confirms reports of takedowns due to government requests, we also found many differences introduced by app developers,” co-author Renuka Kumar notes in an abstract for The conversation. “We found cases of apps with settings and disclosures that expose users to higher or lower security and privacy risks depending on the country they were downloaded from.”

[Related: A ‘Data safety section’ is coming to Google Play Store.]

Kumar and colleagues crunched data from globally popular apps across the top 22 app categories in the Google Play Store and found a staggering amount of geoblocking — also known as online restrictions based on geographic location. Of the 5,684 apps surveyed, 3,672 were unavailable in at least one of the 26 countries surveyed. While some of these cases likely boil down to copyright issues, many others are due to nations’ own laws regarding issues such as online gambling and political bias. “While the Indian government’s removal of Chinese apps occurred with full public disclosure, surprisingly most of the removals we observed occurred without much public awareness or debate,” Kumar wrote.

Beyond simple accessibility, the team found a wide range of differences within the apps’ data security and privacy policies. 127 apps varied by location in what they were allowed to access on users’ phones, “49 of which had additional permissions deemed ‘dangerous’ by Google.” Canada is listed as one of the countries that want the most additional permits, along with Bahrain and Tunisia.

[Related: App usage stands at 4-5 hours a day.]

Over 100 of the apps surveyed have different privacy policies depending on the country and are a particular problem for users living under California Consumer Privacy Act and the European Union General Data Protection Regulation. To top it off, almost 30 apps using unsafe permissions “are not mentioned [on this usage]although Google policy requiring them to do so.’

The researchers offered a number of recommendations to begin addressing these issues, including calling on app makers to better moderate party targeting features, provide more detailed transparency reports on app downloads, increase app verification, and insist for greater clarity to developers regarding their decisions to change application policies. The team also suggested “hosting app privacy policies themselves to ensure their availability when the policies are blocked in certain countries.”

While not surprising, the report is a sobering reminder that the primary goal of many apps is to reach as many people as possible (and their data) as much as possible. Hardly anyone reads all those litanys of Terms and Conditions, but studies like this might give you pause before hitting download.