Exploring Hidden Geographic Disparities in Android Apps

TL;DR

This study uncovers significant regional differences in Android apps, including variations in permissions, libraries, and app bundles, which impact security, fairness, and transparency across different geographic markets.

Contribution

The paper introduces the concept of GeoTwins and reveals regional variations in base.apk files, highlighting previously unexamined disparities in Android app behavior across countries.

Findings

GeoTwins often differ in permissions and libraries despite similar branding.

Base.apk files vary regionally, indicating hidden customizations.

Regional app differences can bias security and privacy assessments.

Abstract

While mobile app evolution has been widely studied, geographical variation in app behavior remains largely unexplored. This paper presents a large-scale study of location-based Android app differentiation, uncovering two important and underexamined phenomena with security and fairness implications. First, we introduce GeoTwins: apps that are functionally similar and share branding but are released under different package names across countries. Despite their similarity, GeoTwins often diverge in requested permissions, third-party libraries, and privacy disclosures. Second, we examine the Android App Bundle ecosystem and reveal unexpected regional differences in supposedly consistent base.apk files. Contrary to common assumptions, even base.apk files vary by region, exposing hidden customizations that may affect app behavior or security. These discrepancies have concrete consequences. Geographically distinct variants can lead the same app to be labeled benign in one malware study but suspicious in another, depending on the region of download. Such hidden variation undermines reproducibility and introduces geographic bias into assessments of security, privacy, and functionality. It also raises ethical concerns about transparency and consent: visually identical Google Play listings may mask subtle but important differences. To study these issues, we built a distributed app collection pipeline spanning multiple regions and analyzed thousands of apps. We also release a dataset of 81,963 GeoTwins to support future work. Our findings reveal systemic regional disparities in mobile software, with implications for researchers, developers, platform architects, and policymakers.