Rightly or wrongly, the IOC tries to steer clear of politics.
Still, at the end of the day, what does the app do?
Perhaps you can find some documentation regarding what checks Google/Apple do for an app submitted to the app store. I assume that they don’t demand that all app developers submit the source code of the app (even though there would be some merit in that idea). So, if G/A don’t have access to the source, what do they use for “red flags”? (no pun intended)
I would guess that they would check
- what the required permissions are
- what APIs are used
but in that case that isn’t more than Citizen Lab would have done anyway.
Fairly obviously any app that is permitted to access the internet and that references the API to do that has the potential for tracking and/or data exfiltration.