Recent years have brought about improvements in corporate transparency regarding content takedown requests by governments. Google and Twitter, for instance, specify details of content takedowns in their transparency reports, allowing to identify which government authority demanded what content to be removed and why. Other takedowns can be demanded by private actors on copyright grounds for instance. The Lumen database gives more insight into takedowns of such nature.
However, little to almost no transparency exists when it comes to mobile app stores. Mobile app stores are a sort of marketplace on phones and allow for the download of health, productivity, privacy, and other apps. These marketplaces are very opaque, and it is a challenge to know why an app was removed. Is it for financial, legal, or political reasons?
In an upcoming paper, our co-authors Marios Isaakidis, Benjamin Fabian, and us examine the Apple, Google and Tencent app stores and the availability of privacy apps on them. Privacy apps are of particular interest, since they are at higher risk of state censorship. To investigate government censorship we developed a new methodology to query major app stores and cross-verify our data with network measurements.
We find that not all app stores are available in all countries. While it was easier to figure out that the Tencent App Store is only available in China, it was a bigger challenge to identify where the Google and Apple app stores are accessible. Google Play Store for instance indicates that it is available in 144 countries and a “Rest of the World Category.” Neither do we know which countries are in the “Rest of the World Category,” nor is the number of countries in that category available. Apple is more transparent and indicates that it is unavailable in 96 countries. Nevertheless, it remains unclear whether this is due to sanctions (North Korea is an obvious example), financial, legal, or other reasons.
Having examined app stores more generally, we got into the weeds of studying an important category of privacy apps: VPNs (Virtual Private Networks). VPNs are tools that allow you to evade internet filtering and censorship deployed by your local ISP (or network administrator). When you connect to a VPN server you are routing all your network traffic to a server (that is typically) located in a different geographical location, thus allowing you to access network services and websites as if you were physically present there. In that way, VPN apps help internet users to evade censorship or to access information that was previously limited or controlled by their local ISP.
Our paper studies the availability of VPN apps in Russia and China – two countries that are notorious for their censorship practices – in more depth. Both countries have passed restrictive laws or regulations on VPN providers. For instance, In 2017, the Russian government amended the Federal law On Information, Information Technologies and Information Protection, which now requires VPN providers to block censored websites that are being accessed through them and share information with the government on their users.
In China, for its part, the 2017 Notice of the Ministry of Industry and Information Technology on Cleaning up and Regulating the Internet Access Service Market and China’s recent cyber security law have increased the pressure on VPN providers. In essence, only government approved providers are allowed. If VPN providers do not comply with these regulations, they are removed from app stores or blocked through other measures.
As a result, the Chinese government has asked Apple to remove over 600 VPN apps, whereas in Russia 50 VPNs have been blocked, and other censorship-circumvention tools that allowed users to access the Telegram messaging app have also banned by the government.
Despite both Russia and China having restrictive laws, we found that most major VPN apps are still available on the Apple and Google app stores in Russia. However, on the Apple and Tencent app stores in China, there are close to none. Of course, the Google app store does not operate in China at all. These differences suggest that Russia might be more lenient, less capable, or has less leverage over companies in enforcing its law than China. It also highlights the tough situation that Chinese citizens face when trying to jump “China’s Great Firewall.”
What can users currently do to gain access to VPN apps? They could turn to lesser-known app store alternatives such as F-Droid. Yet, to do so users would have to lower their phones’ security features, as they would install an app from non-audited app stores. Furthermore, apps from such alternatives do not receive regular updates which makes them more easily exploitable. Last but not least, most people are simply not aware of alternative app stores -often they use the default (pre-installed) app stores provided by their phone’s vendor, which makes government’s censorship of major app stores an effective measure for policing the vast majority of average internet users.
So why should one care? Billions of users interact with and download apps on major app stores on a daily basis. It is important for them to know why certain apps that they might have been using, or would want to use to freely access information on the internet, are not accessible anymore. Currently, corporate transparency reports’ focus on content takedown requests by governments is not sufficient. While transparency reports are important, because they offer an insight into how governments attempt to access our data, as well as how much companies are willing to share, they should also indicate where and why governments have requested the takedown of apps. In 2018, Apple announced that it will start reporting government requests. It has not yet lived up to its promise.
This post is based on a paper that will appear in the June Proceedings of the 27th Conference on User Modelling, Adaptation, and Personalization Adjunct (UMAP’19 Adjunct), Larnaca, Cyprus. ACM New York, NY, USA. The complete git repository of our measurements and methodology can be found here.