Stay updated
  • Expert Opinion

How App Platforms can contribute to a safe digital experience

In this article, the Tech For Good Institute analyses the current safety guardrails implemented by app stores to maintain app security as well as its evolving role within a dynamically changing digital ecosystem.

By Ming Tan, Ethan Ng, Keith Detros, Tech for Good Institute

The digital revolution has firmly taken root in the Southeast Asia region, spearheaded by a surge in smartphone adoption. Approximately 100 million of the region’s 460 million internet users have only come online in the last three years, and many of these users are mobile-first or mobile-only.  In Indonesia, for instance, fixed broadband penetration stands at 5%, while mobile penetration stands at over 125%.

This smartphone-driven internet adoption has transformed whole industries and changed the way consumers interact with services. With smartphones being the predominant window to the digital universe for millions of users, almost all sectors have sought to develop and tailor offerings for mobile access.

At the heart of this transformation are mobile apps, which provide a self-contained and direct way for developers and businesses to connect with and serve users in a highly controllable and customisable environment, fostering business-to-business, business-to-consumer and consumer-to-consumer interactions. While some of these apps provide online products and services such as video games, content streaming or financial services, many facilitate transactions with both online and offline components. As apps increasingly shape the way we live, work and play, responsibility for safety issues in app-facilitated virtual and real-world interactions are emerging. While app developers naturally play a primary role in ensuring the safety of the services, the role of app stores has also been thrust into the spotlight, given their position as the gatekeepers of the app ecosystem.

Evolving expectations: From Functionality to Dependability

While internet access via mobile phones was already available in the late 1990s, different manufacturers used different proprietary standards to enable wireless communication. This led to the development of the Wireless Application Protocol (WAP) standard in 1997, jointly developed by Ericsson, Motorola, Nokia and Unwired Planet to standardise the way wireless devices could be used for internet access. The WAP and the Wireless Markup Language (WML) that came with it provided a new standard for developers and content providers to design applications and functionalities that would work across a wider spectrum of mobile devices. Simple WAP commercial applications emerged, largely to allow users to customise their wallpapers and ringtones.

Yet the WAP protocol was short lived – connection fees, the inability to render more graphically-intensive operations and the inability to provide consistent user experiences across device types in a time when devices were getting more powerful meant that more compact versions of common operating systems such as Linux and Windows quickly obsoleted WAP.

This change meant that developers could create more sophisticated applications on proprietary platforms that provided them with better tools and support. Developers could now also design apps that were more likely to work, and that were also more appealing and responsive to user needs. Platforms such as Palm OS, Symbian, RIM, iOS and Android sprouted over time, each tailored for different use cases.

This allowed mobile apps to improve in scope and quality quickly, in turn transforming their impact in our lives significantly. From mere novelties allowing us to customise our phones, they now serve as essential tools for daily life. Consequently, the questions surrounding mobile apps have also matured along with their development. Where users might once have asked “Will it work? ” or “Will it work well?”, they now ask “Is it safe?”,  “Is it dependable?” and “Can I trust the developers?,” especially with more and more apps handling sensitive data. This has placed greater responsibility on app platforms, especially Apple’s App Store and Google’s Play Store – the two dominant ecosystem players – to ensure safety and dependability for users.

Safety in App Stores

A review of Apple’s and Google’s consumer- and developer-facing policies showed that both Apple and Google had clear and comprehensive policies prohibiting apps that transmit malware, contribute to device or network abuse, or lead to undesirable modifications of settings that may leave devices more exposed to cyber security threats.

These policies were also backed by robust enforcement measures, with both app stores working hard to prevent malicious apps and mitigate potential impacts of cybersecurity vulnerabilities stemming from apps on their platforms. In 2022, Google reported removing over 1.4 million fraudulent and abusive apps, while also preventing another 500,000 apps from unnecessarily accessing sensitive permissions. Similarly, Apple rejected nearly 29,000 app submissions for containing hidden or undocumented features, blocked another 24,000 apps which had the capability to morph into other apps, and rejected another 400,000 apps submissions for privacy violations. Errant developers on both platforms faced sanctions including the termination of their app development rights.

Both app stores also had clear data-related policy provisions seeking to minimise the amount of data collected, thereby mitigating the exposure of sensitive data in case apps are compromised by cyber attacks. In particular, both also made specific provisions relating to the collection and use of child data, even if appropriate consent is obtained.

Depending on App Services

Both app stores had clear guidelines and policies prohibiting developer fraud, such as billing and product fraud. Notably, Google’s developer policy goes a step further by explicitly addressing additional forms of fraudulent activity, such as misrepresentation, impersonation, and social engineering. To this end, both platforms have also rolled out significant and robust back-end protections and policies designed to monitor and detect such fraudulent activities and bad actors – in 2022 alone, Apple and Google disclosed that they had each prevented over US$2 billion in fraudulent and abusive transactions using various combinations of automated and human-led internal safety checks. 

Furthermore, developer insolvency also poses a key risk to the dependability of app services, especially to consumers who may have purchased apps and digital products, invested funds into financial service apps, e-wallets and deposit accounts, or who have come to rely on critical services provided by app developers. While these risks are inherent to all products, fintech consumers are especially vulnerable, especially because many providers of such services are relatively new operators in a fast evolving and ever-changing space. 

Neither Apple nor Google have specific provisions addressing the issue of developer insolvency or app closure, though they offer limited protection for consumers through discretionary refund policies. These discretionary refund policies also limit the maximum cost recoverable to the sum paid for the app in question and are typically permitted only if the consumer has recently purchased the app. In most cases, in-app purchases and deposits are not covered, as app stores themselves are not parties involved in such transactions.

Trusting App Services

Another emerging issue is how to build trust in apps offering services for which there is emerging regulation or licensing requirements. Given the ease of marketing apps to consumers internationally, developers may now intentionally or unintentionally target traditionally safeguarded and unreachable international prospects. Out of reach by local regulatory authorities, unlicensed apps have increasingly posed safety concerns for consumers. This is especially the case in sensitive sectors such as financial services, gambling, healthcare and telemedicine, as well as transportation and ride-hailing. Examples of unlicensed apps that have been taken down in Southeast Asia include money lending apps in the Philippines, Thailand and Vietnam,  ride-hailing apps in Philippines and Malaysia, and gambling apps in Vietnam, often following takedown requests by regulatory authorities.

Both Apple and Google have implemented measures to address compliance in sectors such as financial services and gambling, where developers in these areas are required to submit proof of compliance with local regulations. The platforms have also implemented measures requiring clear disclosure of medical functionalities and limitations while also prohibiting the unauthorised sale or purchase of prescription drugs. Furthermore, the Apple App Store has explicit requirements for drug dosage calculators while Google Play Store stipulates data sharing provisions for their Health Connect data. These measures help foster trust and confidence in the app ecosystem, creating a safer and more accountable environment for all.

Yet there remains work to be done. Evolving regulations in healthcare and transportation remain less aligned and are relatively underdeveloped, which correspondingly mean a lack of clear, unified policies addressing such apps offering such services.  In the absence of legislation, consumers are left in a caveat emptor position, while potentially also creating confusion for developers who may wish to innovate in these areas.

Safety in an evolving digital ecosystem

The evolving role of app stores reflects the changing regulatory landscape, as policymakers grapple with both emerging technologies and new business models. As gateways to app services, app stores play an increasingly important role in implementing emerging regulations and ensuring user safety. In the content space, companies are already partnering with trusted flaggers such as social service organisations to identify harmful content

On the other hand, app stores are not the only avenue in which users may access apps. Sideloading and jailbreaking enable users to bypass official distribution platforms, with operating systems taking different approaches to supporting the app developer ecosystem. Google Play Protect, for example, allows Android users to scan their devices for harmful apps, irrespective of source. App developers themselves also have built in security features into their apps to detect other risky apps on users’ phones, as in the case of OCBC bank in Singapore.  

Technical fixes aside, Apple and Google also support ongoing digital literacy through their app stores, complementing extensive efforts by government agencies across Southeast Asia

App store operators have an important role to play in earning and maintaining public trust not only in their products and services, but also in building confidence in the digital ecosystem as part of the whole-of-society approach needed to protect user safety in the face of the rapidly evolving threat landscape.

Download Agenda

Download Report

Latest Updates

  • Articles

Shifting the Mindset from Cybersecurity to Cyber Resilience

Latest Updates​
  • Articles
Shifting the Mindset from Cybersecurity to Cyber Resilience

Tag(s):

, , ,

Follow us on Linkedln

Interested in learning more about our work? Get the latest.

Contact Us
3 Media Close Singapore 138498 Republic of Singapore
The Institute
Legal Terms​
Connect with us
Thank you for your interest in the Tech for Good Institute. Follow us on social media to stay updated with our latest events, reports and insights.
Linkedin Youtube
Contact us

All rights reserved. © 2021 Tech For Good Institute​

Connect with us​

Linkedin Youtube
Stay updated
Linkedin Youtube

Keep pace with the digital pulse of Southeast Asia!

Never miss an update or event!

Subscribe now ➞

Mouna Aouri

Programme Fellow

Mouna Aouri is an Institute Fellow at the Tech For Good Institute. As a social entrepreneur, impact investor, and engineer, her experience spans over two decades in the MENA region, South East Asia, and Japan. She is founder of Woomentum, a Singapore-based platform dedicated to supporting women entrepreneurs in APAC through skill development and access to growth capital through strategic collaborations with corporate entities, investors and government partners.

Dr Ming Tan

Founding Executive Director

Dr Ming Tan is founding Executive Director for the Tech for Good Institute, a non-profit founded to catalyse research and collaboration on social, economic and policy trends accelerated by the digital economy in Southeast Asia. She is concurrently a Senior Fellow at the Centre for Governance and Sustainability at the National University of Singapore and Advisor to the Founder of the COMO Group, a Singaporean portfolio of lifestyle companies operating in 15 countries worldwide.  Her research interests lie at the intersection of technology, business and society, including sustainability and innovation.

 

Ming was previously Managing Director of IPOS International, part of the Intellectual Property Office of Singapore, which supports Singapore’s future growth as a global innovation hub for intellectual property creation, commercialisation and management. Prior to joining the public sector, she was Head of Stewardship of the COMO Group and the founding Executive Director of COMO Foundation, a grantmaker focused on gender equity that has served over 47 million women and girls since 2003.

 

As a company director, she lends brand and strategic guidance to several companies within the COMO Group. Ming also serves as a Council Member of the Council for Board Diversity, on the boards of COMO Foundation and Singapore Network Information Centre (SGNIC), and on the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre.

 

In the non-profit, educational and government spheres, Ming is a director of COMO Foundation and Singapore Network Information Centre (SGNIC) and chairs the Asia Advisory board for Swiss hospitality business and management school EHL. She also serves on  the Council for Board Diversity and the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre.

 

Ming was educated in Singapore, the United States, and England. She obtained her bachelor’s and master’s degrees from Stanford University and her doctorate from Oxford.