Pandemic platform governance: Mapping the global ecosystem of COVID-19 response apps

Pandemic global ecosystem Abstract: This article provides an exploratory systematic mapping of the global ecosystem of COVID-19 pandemic response apps. After considering policy updates by Google Play’s and Apple’s App Store, we analyse all the available response apps in July 2020; their different response types; the apps’ developers and geographical distribution; the ecosystem’s ‘generativity’ and developers’ responsiveness during the unfolding pandemic; the apps’ discursive positioning; and material conditions of their development. Google and Apple are gatekeepers of these app ecosystems and exercise control on different layers, shaping the pandemic app response as well as the relationships between governments, citizens, and other actors. We suggest that this global ecosystem of pandemic responses reflects an exceptional mode of what we call ‘pandemic platform governance’, where platforms have negotiated their commercial interests and the public interest in exceptional circumstances.


Introduction
On 11 March 2020, the World Health Organisation (WHO) officially declared the coronavirus (COVID-19) outbreak as a global pandemic. By definition, a pandemic signals an ' out of control' contagion that threatens an entire population and implies a shift away from containment strategies towards extraordinary governance conditions (French et al., 2018). The WHO further stated: 'it's a crisis that will touch every sector, so every sector and every individual must be involved in the fight' (WHO, 2020a, p. 3). Given the central role of platforms and apps in everyday life (van Dijck et al., 2018;Morris and Murray, 2018), this call to action would also necessarily involve working with big tech companies. Almost immediately, however, concerns were raised by civil society organisations and academic researchers about the development of apps to intervene in the COVID-19 crisis. These included risks for civil liberties regarding their potentially excessive surveillance capacities to doubts regarding their actual effectiveness particularly for digital contact-tracing, among other concerns (Ada Lovelace Institute 2020; Kitchin, 2020;Privacy International, 2020). For major platform companies such as Google and Apple, therefore, getting 'involved in the fight' would include making carefully negotiated decisions about how to regulate their emerging COVID-19 app ecosystems, and how to balance the concerns and priorities of multiple stakeholders.
Critical questions regarding how platforms govern stem in part from a recognition that as intermediating or multi-sided techno-economic systems, platform companies like Apple and Google have begun to resemble political actors by utilising a layering of interrelated yet distinct mechanisms to control and exploit innovation (van Dijck et al., 2018;Klonick, 2017;Suzor, 2018). Platforms like app stores, for instance, use both technical and legal regulatory means to govern their relationship with third-party software developers, end-users, and other stakeholders (Eaton et al., 2011;Gillespie, 2015;Greene and Shilton, 2018;Tiwana et al., 2010), while navigating ' external' legal frameworks from national and supranational institutions (Gorwa, 2019). Moreover, from the perspective of a public policy platform, corporations are also increasingly understood as political actors beyond strictly the terms of market power since they have become powerful gatekeepers of societal infrastructure that requires new forms of regulatory engagement (Khan, 2018;Klonick, 2017;Suzor, 2018). This is especially the case due to their entanglement with public communication, education, and healthcare, among other domains. Indeed, as a recent European Commission report on platform power observes, 'the COVID-19 crisis has made the societal and infrastructural role taken up by platforms even more apparent' (Busch et al., 2021, p. 4).
The exceptional conditions of the pandemic have produced equally exceptional responses from platform companies concerning the development of COVID-19 apps.
Their interventions have, accordingly, shaped the complex and dynamic relations between software developers, users, and governments during the crisis. This article presents an exploratory systematic empirical analysis of this COVID-19 app ecosystem and draws attention to how layered platform governance and power relations have mediated the app response to the pandemic as a singular global emergency.We use the term ' ecosystem' to refer to a platform and the collection of (mobile) apps connected to it (Tiwana et al., 2010). Both the Android and iOS mobile platforms technically produce distinct COVID-19 app ecosystems with their own apps, despite being organisationally interconnected since many developers produce apps for both Android and iOS.
The numerous socio-political risks and issues identified with COVID-19 apps suggest an obvious need for critical observation of this domain of platform activity (Rieder and Hofmann, 2020). Rapid research outputs have assessed how the powerful global technology sector 'mobilised to seize the opportunity' and how the pandemic 'has reshaped how social, economic, and political power is created, exerted, and extended through technology' (Taylor et al., 2020). Critical commentators, moreover, have drawn attention to how specific protocological interventions by platform companies, such as the development of the GAEN (Google/Apple Exposure Notification) system, demonstrated the significant asymmetries between national governments and platform companies controlling these processes (Veale, 2020). Likewise, Milan et al. have explored the 'technological reconfigurations in the datafied pandemic' from the perspective of underrepresented communities (2020). Efforts to broadly map, document and categorise COVID-19 apps, meanwhile, have mainly originated from computer science with an interest in security and cryptography (Ahmed et al., 2020;Levy and Stewart, 2021;Samhi et al., 2020;Wang et al., 2020) or from public health research aiming to evaluate apps according to policy-related frameworks (Davalbhakta et al., 2020;Gasser et al., 2020).
Other scoping studies have been conducted by the European Commission (Tsinaraki et al., 2020), yet such research has not systematically analysed platforms and app stores' mediating role as socio-technical innovation and control (Eaton et al., 2011). Albright's study is notable by stressing how 'hundreds of public health agencies and government communication channels simultaneously collapsed their efforts into exactly two tightly controlled commercial marketplaces: Apple's iOS and Google's Play stores' (2020, n.p.). However, a comprehensive empirical analysis of the specific ways that platform governance has played out in the emergence of COVID-19 apps has largely been missing.
Drawing from multi-situated app studies (Dieter et al., 2019), we address this gap by empirically mapping COVID-19 apps across Google's Play store and Apple's App Store ecosystems. By analysing apps in multiple infrastructural situations, moreover, we draw attention to how platform governance is layered across different dimensions. Specifically, this includes: the algorithmic sorting of COVID-19 apps; the kinds of actors involved in app development; the types of app responses; the geographic distribution of the apps; the responsivity of their development (i.e., how quickly apps are released or updated); how developers frame their apps and address their users; and the technical composition of the apps themselves. While we recognise the above mentioned importance of the GAEN protocol used to facilitate digital contract-tracing through mobile apps, it is not included in this study because it had not yet been widely implemented at the time of this analysis. 1 Similarly, while access to mobile device sensors (e.g. GPS sensors, Bluetooth adapters, etc.) is governed and controlled on the level of Google and Apple's mobile operating systems (i.e. on the level of Android and iOS) as well as through app permissions requested from users, this study focused primarily on the governance by app stores. 2 Finally, we offer an assessment of our findings across these layers concerning key themes in discussions of platform governance, particularly around the dominance and public legitimacy of platforms as private governors, and suggest some implications for policy considerations that stem from the eventfulness of global crisis-driven platform interventions.

App stores' responses to the COVID-19 pandemic
On 14 March 2020, three days after the initial pandemic declaration, Apple announced significant restrictive changes to its App Store policies. Apple would now evaluate all apps developed for the coronavirus disease with a heightened degree of attention. Reiterating their mantra of the App Store as 'a safe and trusted space' , Apple affirmed a commitment 'to ensure data sources are reputable' as 'Communities around the world are depending on apps to be credible news sources' (Apple Developer, 2020a, n.p.). This would mean only accepting authoritative apps 'from recognized entities such as government organisations, health-focused NGOs, companies deeply credentialed in health issues, and medical or educational institutions' (Apple Developer, 2020a, n.p.). For Apple, this also meant that 'Entertain-1. While the Google-Apple Exposure Notification (GAEN) protocols were introduced on 20 May 2020, we found that only 8 out of the 410 Android apps in our source set included (GAEN) API in their An-droidManifest.xml file by November.
2. While not discussed in this article, the collected data and information about the permissions requested by each app is openly available in the Open Science Framework (OSF). ment or game apps with COVID-19 as their theme will not be allowed' ( health-related apps that are 'misleading or potentially harmful' (Pichai, 2020, n.p.).
As the pandemic spread and intensified throughout the year, both companies continued to update their editorial and policy positions for managing COVID-19 apps, while elaborating a set of regulatory mechanisms, and developing new standards and techniques to control what had become an exceptional niche of software development activity. In May 2020, Google Play released its official developer guidelines for COVID-19 apps. In addition to setting Google up as an information matchmaker, ' connecting users to authoritative information and services' , Google outlined economic limits on COVID-19 apps -that is, any apps that meet their eligibility requirements (Google Help, 2020b) -noting they could 'not contain any monetisation mechanisms such as ads, in-app products, or in-app donations' (Tolomei, 2020, n.p.). Similarly, it restricted content that contained ' conspiracy theories, misleading claims, "miracle cures" or dangerous treatments, or any patently false or unverifiable information' (Google Help, 2020b, n.p.). In an update to their App Store Review Guidelines, meanwhile, Apple required that apps providing services 'in highly-regulated fields' , such as healthcare, should be submitted by a legal entity that provides the services, and not by an individual developer' and that medical apps 'must clearly disclose data and methodology to support accuracy claims relating to health measurements' , as well as new policies for collecting health-related data (Apple Developer, 2020b, n.p.). To ensure this, Apple claims that ' every app is reviewed by experts' based on its App Store Review Guidelines (Apple Developer, 2020b, n.p.). Both stores also added new pandemic-related requirements to their general app store policies (e.g., around health and medical advice) and expedited the app review process so that COVID-19 apps could be approved more quickly (Google Help, 2020a, n.p.;Google Help, 2020b, n.p.;Tolomei, 2020, n.p.).
Such policy changes indicated a suspension of 'business-as-usual' for COVID-19 apps, as particular mechanisms around competition and monetisation -typically central to the app economy -were altered by the platform companies to support the emergence of a unique space of software development. Moreover, these policy changes are also implemented through different layers of technical agency, from unique modes of algorithmic curation (i.e., Google's editorial filter) to new protocols for developers (e.g., GAEN). In this respect, they signal broader changes that ultimately extend throughout the platform infrastructure. In what follows, we map how these layered changes initiate a form of pandemic platform governance that unfolds through an interplay between a platform's affordances for app development, the emergence of app ecosystems around platforms, and the platform's regulatory mechanisms, which together simultaneously enable generativity and control (Eaton et al., 2011;Tiwana et al., 2010). That is, these governance mechanisms become central to the creation, evolution, and regulation of the COVID-19 app ecosystems that have emerged around Google's Android and Apple's iOS mobile platforms. In turn, they support the efforts of a heterogeneous network of third-party actors that aim to intervene in and manage the unfolding pandemic as a crisis -whether or not these aims were ultimately achieved.  (Statcounter, 2021). As a consequence of the platform companies tightly connecting their app stores to their mobile operating systems, Google's Play store (except in China) and Apple's App Store have become the key distribution channels of apps worldwide.

Demarcating pandemic app ecosystems
4. For the purposes of this article, we interpret the 'developer name' listed on the app store details page as the actor responsible for the development of that app. However, the actor listed as the 'developer' on the app details page is not necessarily, or not always, the same as the developer of that app (e.g. when the 'developer' merely listed the app in the app store, without having developed it).
sivity across countries by retrieving all app version updates to account for the release dynamics in pandemic crisis responses. This responsiveness is enabled by the generative conditions provided by platforms that enable unprompted innovation (Zittrain, 2008), but stresses the capacity of developers, rather than of platforms, to respond quickly in the face of the uncertainties of the pandemic. Fourth, we conducted a content analysis of the app descriptions to examine how developers rhetorically position their apps in terms of techniques used, and how they engage with data and privacy issues. Finally, we examined the building blocks developers use in their app software packages to build COVID-19 apps. Due to the strict technical governance of iOS apps by Apple, we focused on the embedded software development kits (SDKs, i.e., collections of software libraries and tools commonly used by app developers) in Android apps. We used the AppBrain API to retrieve the embedded SDKs. 5 We collected all the data in mid-2020 when most countries already had one or more apps listed in the app stores. Google Play data were collected on 29 June (editorial subset) and on 16 July (non-editorial subset); Apple's App Store data were collected on 20 July. Versions were retrospectively retrieved from App Annie.
In the initial phase of demarcating our data sets, we noticed that both stores have distinct logics and mechanisms for surfacing, organising, and ranking apps. We queried the 150 supported Google Play ' countries' and the 140 supported App Store ' countries and regions' for [COVID], , [corona], and related keywords using custom-built app store scrapers. 6 Apple's App Store returned ranked lists of 100 apps per country for our search queries, resulting in a total source set of 248 unique iOS apps. Google Play, however, did not produce such ranked lists.
Instead, it rerouted all COVID-19 queries to a relatively small set of pre-selected apps in each local store.
Typically, app stores are organised through an algorithmic logic of sorting and ranking, complemented with an editorial logic of 'best of' and ' editor's choice' lists (Dieter et al., 2019;Gillespie, 2014 Play's editorial filter prevents these apps from surfacing for standard  search queries. In addition, there are also apps that are not included in our data set (e.g., the German luca response app) because they do not mention ' coronavirus' , 'COVID-19' , 'pandemic' , or related keywords (Google Help, 2020b), despite being part of the pandemic response. While this is a limitation to our method, it also attests to the governance of this app ecosystem through controlling the terms used on app details pages (as only apps from recognised sources are eligible to use COVID-19-related keywords in their titles or descriptions).

The global ecosystem of pandemic response apps
In what follows, we present results from our analysis of the [COVID-19]-related app ecosystems of Google Play (Android) and App Store (iOS).

Source sets and actor types identified
We first compared the app distribution in our data sets and the different actors involved in their production. Figure 1 shows the distribution of COVID-19 apps across both stores and further distinguishes between the editorial and non-editorial Google Play apps. Individual apps are colour-coded to represent actor types: government, civil society, health authority, academic, and private actors. The most striking finding is the large number of apps that feature in only one store. While the apps shared across stores (N=136) tend to be made by government actors, many government-made apps are only available in one store. About 70% (N=134) of government apps within the Google Play editorial set do not have an iOS equivalent in the App Store. While more fine-grained analysis is needed to understand these differences, one likely factor is the different market shares of the respective mobile operating systems and app stores across countries. To illustrate, Android has a 95% market dominance in India (Statcounter, 2021), and this country produced the highest number of Android COVID-19 apps overall, as we detail below. Another contributing factor is Android's more permissive (open) architecture, as compared to Apple's restrictive (closed) iOS architecture style and governance (Eaton et al., 2011); specifically, the more permissive use of sensors on Android devices, which are key to developing contact-tracing applications. The variance suggests divergent national strategies for implementing apps across platforms, which has consequences for users who may be presented with a different selection of COVID-19 apps based on their mobile operating system and corresponding app store.
There are also notable differences in the composition of actors developing COVID-19-related apps in each store (Figure 2). Government-produced apps are the most prevalent in both stores, positioning governments as key official and recognised sources outlined in the app stores' policies. However, they are significantly more prevalent in Google Play (65%, N=267), and even more so in the Google Play editorial set (79%, N=195), compared to the App Store (48%, N=121). One outcome of Google's editorial strategy is an increased presence and visibility of these government-made apps, yet curiously 42% of Google Play's government-made apps did not make it into the editorial source set, indicating that being a government actor alone is not enough to make the editorial list.
In contrast, private actor apps are relatively more prevalent in the App Store (41%) than Google Play (32%

Geographical distribution of apps by country
After exploring the distribution of apps and actor types across platforms, we focused on their geographical distribution. The App Store's ranked lists of apps are less country-specific and show a high overlap between countries and regions.
Google Play, whose editorial filter surfaces only country-specific COVID-19 apps, allows for a more distinctive geographic image (Figure 3). In this store, we find that most countries offer a small selection of country-specific apps, coupled with two WHO apps (OpenWHO: Knowledge for Health Emergencies and WHO Info). As early as 15 February, a month before the pandemic was officially declared, the WHO stated that 'we're not just fighting an epidemic; we're fighting an infodemic' (Zarocostas, 2020, p. 676  which was made mandatory for government and private sector employees during the early stages of the pandemic, India offers 61 apps in total, far more than any other country. Upon closer inspection, we found that India had a multi-tiered response with many apps developed for specific regions and developed by local governments (Bedi and Sinha, 2020). In contrast, countries such as Taiwan, Denmark, Iceland, Portugal, and Uruguay offered only one app (in addition to the WHO apps), all of which are government-provided. We also see countries where non-government apps are dominant or highly prevalent (Philippines, Thailand, Mauritius, Netherlands, Canada) or where the dominant app involves multiple actors in their production, including collaborations between governmental and private actors (Germany, Czechia, Austria, Kyrgyzstan). In some countries, we found multiple apps reflecting a regional or state-based app response, strategies with multiple apps with distinctive features, or competing (non-governmental) apps and strategies.
It is worth noting two final observations about geographical distribution. First, China is notably missing from our study because it banned Google Play. To battle the pandemic, China has relied on Health Code, a mini-programme developed by Alipay and WeChat, which generates a colour-based health code for travelling (Liang, 2020

Pandemic response types
To understand the type of responses COVID-19 apps offer, we inquired into what kind of apps these actors built. This allows us to identify which response types are dominant, and which emerge with the distinct governance mechanisms of each store and the actors in each ecosystem.
While contact-tracing apps have received the most attention in news reporting, we found many different response types (Figure 4(a)). In both stores, 50-60% of all apps offer news and information on the pandemic, developed by various types of actors (Figure 4(b) and (c)). The prominence of authoritative information, updates and data may result from the WHO's collaboration with platform companies to 'immunize the public against misinformation' by connecting users to official sources (WHO, 2020b).
At the time of the analysis, over 20% of apps engage with contact-tracing and exposure notification, which are typically built by government actors or in collaboration with private actors (Figure 4(b) and (c)). We find a diversity of potential surveillance forms beyond contact-tracing: over 48% of apps offer different kinds of symptom checkers or reporting tools, ranging from keeping a diary to the solicitation of medical and personal data. They are connected to private companies, academic research, or aligned with public healthcare. About 15% of all apps offer tools for remote healthcare developed by governmental and private actors.

Developer responsivity
To analyse how rapidly the COVID-19 app ecosystem emerged and evolved, we examined how responsive app developers have been to the pandemic. We use the term responsivity as a measure or proxy for the dynamics of software updates during the crisis and its openness to unprompted innovation (Zittrain, 2008). Responsivity is defined by how quickly apps are released and is measured by the number of app updates per time interval. It captures a sense of how actively a country/developer is working on those apps and how invested countries are in the response that the app represents. Figure 5 shows the Android apps per country plotted on a timeline, indicating when countries first introduced them in transparent circles and updated them in coloured squares. It shows that early app development commenced almost immediately after the official declaration of the pandemic with most countries launching their apps in March-April 2020. Interestingly, we found that several apps existed before the crisis started. These are primarily pre-existing e-government apps, medical apps for communicating with health professionals and apps providing healthcare information. While conforming with the new platform policies of Apple and Google that prioritise releases from official and recognised entities, these repurposed apps signal the developers' agile response in using existing apps and app functionalities to deal with the crisis. Existing research on 'app evolution' has found that around 14% of apps are updated regularly on a bi-weekly basis (McIlroy et al., 2015), while developers abandon the vast majority of apps shortly after being released (Tiwana, 2015). By contrast, surveying the average pace of updates for the COVID-19 apps per country demonstrates a high level of responsivity, particularly in India, Brazil, and the United Arab Emirates. Zooming into specific examples such as Columbia's CoronApp (the most frequently updated app in our data) reveals how agile development has coordinated with ongoing government injunctions to handle the pandemic. Inspecting the changelogs ('What's New') reveals recurring efforts to synchronise app functionalities with state emergency decrees.
From an inverse perspective on responsivity, a relative absence of development activity can also prompt further research into pandemic governance. Denmark and the UK show limited responsivity, which may indicate delays in developing COVID-19 apps, including due to public controversies. In June 2020, Denmark's da-ta protection agency prohibited its app from processing personal data until further notice (Amnesty International, 2020). The app has since relaunched after addressing multiple privacy issues. England and Wales, meanwhile, initially experimented with an app that used a centralised approach to data collection, but this was eventually abandoned (Sabbagh and Hern, 2020). Thus the findings additionally can reflect cases of backlash and legal contestation, specifically related to data protection and privacy.
Finally, an essential aspect of pandemic app store governance is the degree to which the app stores actively enforce their policies by removing apps. While it is difficult to establish whether the developer or the app store removed an app, and for what reason, two large scale analyses found that after 1.5-2 years, Google Play (Wang et al., 2018) and the App Store (Lin, 2021) removed almost half of the apps in their stores. In our data set, Google Play removed only 7.5% (N=31) and the App Store only 6.0% (N=15) of all apps after eight months. This is even lower than the study by Samhi et al. on COVID-19 apps (2020), which observed that 15% of COVID-19-related apps had been removed in the first two weeks after data collection in June 2020. COVID-19 apps are subject to 'an increased level of enforcement' during the app review phase and are thus likely more thoroughly screened and removed sooner (Google Help, 2020b).

Discursive positioning of response apps
In the next step, we analysed how the apps discursively present themselves to users and how they engage with existing technology and data and privacy debates.
Textual app descriptions address users in particular ways to inform them about the apps' functionalities and use cases, and persuade users to download them. We examined whether apps explicitly mentioned specific techniques and data/privacy concerns in their descriptions, and measured their keyword frequency. The techniques listed in Figure 6(a) and (b) indicate how developers convey different COVID-19 app responses to users. It includes prominent terms like location, notification, track/trace, alongside implementation terms like GPS, Bluetooth, alert, smart, or platform, and even mentions of machine-learning algorithms and artificial intelligence to identify COVID-19 symptoms. We also found related terms such as video, chat, messaging, and bots -often used in relation to remote healthcare and diagnosis. Overall, the distribution of these terms is similar in both app ecosystems, suggesting a similar discourse around techniques is used. Next, we identified the presence of terms related to data/privacy solutions or concerns. Figures 8(a) and (b) show relatively high use of terms describing how apps deal with collected data, including anonymous, encrypted, sensitive, or locally stored data. We also find occasional claims that apps delete data, securely transmit data via HTTPS, or process data adhering to the EU General Data Protection Regulation (mostly European apps). As such, these apps express their compliance with the app stores' policies, which have additional requirements for collecting and using personal or sensitive data to support COVID-19-related (research) efforts (Apple Developer, 2020b;Google Help, 2020b). Overall, we observe that the app response to the pandemic is primarily framed as a data/privacy-sensitive one. Half of iOS app descriptions (N=126) and 40% of Android apps (N=158) mention data/privacy terms, showing how app developers address their users' potential privacy concerns. It bears emphasizing, of course, that the mere presence of these discourses does not mean the operations of these apps conform to such stated capacities and values (Kuntsman, Miyake and Martin, 2019).

Development of response apps
Finally, we inquired into the development of apps from a technical perspective, drawing attention to software development kits (SDKs) as the building blocks for mobile app development, enabling developers to implement particular frameworks and external functionalities. In this context, Google and Apple are essential players with their app stores as means of distribution, and their central role as infra-structure providers offering and controlling the means of production. They function as an ' obligatory passage point' for the production and distribution of apps in which their SDKs function as mechanisms of generativity and control, enabling platforms to govern the development of apps (Blanke and Pybus, 2020;Pybus and Coté, 2021;Tilson et al., 2012). This analysis, however, only focuses on Android apps due to Apple's very restrictive technical governance of iOS apps.
For our 410 Android apps, we find 7,335 SDKs in total, with an average of 19 SDKs per app (28 apps returned no data from AppBrain). 79 apps contain no libraries at all, suggesting that they have not been built with standard development tools such as Android Studio and may have been coded from scratch, or perhaps that developers are cautious about implementing third-party code in this ecosystem.
Among these are apps from the Indian, Nepalese, and Vietnamese government.
The high average number of SDKs shows developers' reliance on these libraries for building apps and for accessing (third-party) functionality. Figure 8 shows that the majority of the embedded SDKs are development tools (98.4%, N=7,217), followed by advertising network libraries (1.06%, N=78) and social libraries (0.54%, N=40).
The main development tools are embedding user interface components, networking, app development frameworks, Java utilities, databases, and analytics. We find very few advertising libraries due to Google's policy restrictions on COVID-19 app monetisation. Interestingly, we found most of them in apps built by governments.
For example, we detected Google's AdMob SDK in government-made apps from India, Qatar, and Singapore, and the Outbrain SDK in government-made apps from Australia, Argentina, Italy, and the United Arab Emirates. When looking at the developers behind the SDKs, we find 134 unique actors. We observe a strong dependency on Google as 56% of all apps rely on at least one Google-owned SDK, and a single app relies on 11 Google-owned SDKs on average ( Figure 9). We further find 70 individual developers, most of them on GitHub, offering specific solutions such as data serialisation, data conversion and image cropping. 81% of all apps use one or more open source libraries with an average app using 15 open source SDKs. We find that Google dominates the means of production by owning the most libraries; not just the ' core' Android ones, but also those used to embed maps and app analytics. By focusing on the ownership of these li-braries, we highlight the material conditions of platforms and apps like Google as 'service assemblages' (Blanke and Pybus, 2020) which reveals some of the deeper ways in which pandemic platform governance, and platform power more generally, manifests.

Conclusion: Governing the pandemic response
A key starting point for our analysis of COVID-19 apps was to go beyond the critical analysis of single apps within a national context. As we have shown, COVID-19 apps also need to be understood relationally, situated within infrastructures and embedded in the context of platform governance. Such an understanding recognises from the beginning that platform companies occupy a central role in app ecosystems, exercised through diverse mechanisms and agencies that operate across different layers (Gorwa, 2019), and mediated by the relationships between governments, citizens and other actors.
In this article, we demonstrated and discussed how the two dominant COVID-19 app ecosystems have taken shape during the pandemic through acts of exceptional platform governance. We observed unique techniques of control determining which apps make it into the stores, how they are positioned and accessed in the stores, who they are developed by, and what kinds of functionality they may have (including restrictions on ads and other economic features). Nevertheless, the platforms' technical affordances have provided generative means for a diversity of responses to emerge, with individual apps negotiating these governing conditions as part of their development.
First, we observed a broad alignment of states, international organisations and platform companies in terms of the recognised need to act or get 'involved in the fight' . While tensions have come to predominantly define the relations between platform companies and national governments in terms of competition, privacy, taxation or content moderation (e.g. Busch et al., 2021;Gorwa, 2019;Khan, 2018;Klonick, 2017;Suzor, 2018), the pandemic re-directs these powerful actors around a global threat in specific ways. This includes the related infodemic and the need to maintain the perception of legitimate authority during the roll-out of apps whose data-gathering powers may otherwise face strong resistance. While such tensions may obviously remain, yet they are thrown into relief by the context of the crisis (as the omission of the WHO apps in the US demonstrate), which allows for a unique empirical mapping of the asymmetries, power relations and points of potential negotiation that shape platform governance more generally.
Secondly, pandemic platform governance has initially supported the production of app ecosystems which are partially 'sandboxed' from the economic activity that typically constitutes platform scenarios. Although COVID-19 apps without a doubt further entrench the economic dominance of platforms overall, during this early period we observe a heightening of their role as 'regulatory intermediators' within this specific niche by connecting citizens with government services and other authorities (Busch, 2020). In the case of Google, for instance, this intermediation is heavily steered through specialised modes of editorialisation. How this role changes over time, however, should remain subject to ongoing critical observation.
Third, this repurposing of platform infrastructures for ostensibly public ends significantly intensifies the intermediation of platform companies and governments.
Platform companies increasingly act as a quasi-critical global infrastructure (yet with limited public oversight); organising and managing the emerging app ecosystem across national contexts while also providing the means of distribution (stores) and production (with SDKs, but also in the case of the GAEN protocols). For their part, national governments are cast in the role of complementors, developing apps under the regulatory conditions of the platform companies, often in partnership with other actors. How governments act in this novel role varies significantly in terms of the apps they develop (app responses), their partnerships (actor types), and ongoing activity (responsivity).
Fourth, several aspects of the COVID-19 app ecosystem help legitimise the production and distribution of apps to respond to the pandemic. Within the apps' descriptions, we detect discourses around specific digital technologies, data and privacy; with apps signalling their technical competence, awareness of data protection is-sues and data policies. Whether the apps actually abide by these stated claims is another question, yet it is telling that both solutionist and privacy protection discourses are mobilised within this niche for purposes of persuasion and reassurance. How these kinds of discourses might contribute to further blurring distinctions between figures of the user and citizen is a point for further inquiry. we thank those who participated in our data sprints during the 2020 Digital Methods Summer School (University of Amsterdam) and the 'Exploring COVID-19 app ecologies' (Aarhus University) and 'Mapping the COVID-19 App Space' workshops (Centre for Digital Inquiry). Finally, we thank the editors and reviewers, Michael Veale, Kaspar Rosager Ludvigsen, Angela Daly, and Frédéric Dubois, whose constructive and attentive comments greatly improved the article.

DATA AVAILABILITY
The data that support the findings of this study are openly available in the Open Science Framework (OSF) at https://doi.org/10.17605/osf.io/wq3dr. Additionally, the available Android application package (APK) files of the COVID-19 Android apps covered in this study are openly available and preserved in the 'COVID-19_Apps' collection of the Internet Archive at https://archive.org/details/ COVID-19_Apps.