And what we can do about it.
With this year’s passage of the EU’s Digital Markets Act (DMA), very large online platforms – those with EU revenues of €75 billion or more and at least 45 million EU users – will have to open up their devices to rival app stores.
While this has implications for game consoles, the main attraction is the mobile market, specifically Apple’s iOS-based mobile devices: iPhones, iPads, iPods and Apple Watches. These devices are locked to Apple’s official App Store, and EU law prohibits the public from modifying them to accept alternative app stores from other vendors, under Article 6 of 2001’s EU Copyright Directive (EUCD).
With the public unable to legally reconfigure their devices to use rival app stores, we are dependent on Apple’s permission if we want to get our iOS apps elsewhere, and, according to a Bloomberg report, that’s just what Apple is about to do.
Though Apple hasn’t formally announced a plan to open its devices to rival app stores (and indeed, has not yet affirmed that it will comply with the DMA at all), Bloomberg’s Mark Gurman cites multiple Apple employees who provide early details of the plan.
Apple Protects Its Customers, Just Not At the Expense of Its Investors
As ever, the devil is in those details. Apple’s App Store does a generally excellent job of protecting users from malicious code, privacy invasions and deceptive practices, but not always. Like any company, Apple will sometimes make mistakes, but the risk to Apple customers is by no means limited to lapses and errors.
Apple’s commitment to its customers’ privacy and integrity is admirable, but it’s not absolute. Apple continuously strikes a balance between its customers’ interests and Apple’s shareholders’ interests. When the Chinese government ordered Apple to remove working VPNs from the App Store, Apple complied. When the Chinese government ordered Apple to install backdoors in its cloud backup service, Apple complied. When the Chinese government ordered Apple to break AirDrop so it couldn’t be used to organize anti-government demonstrations, Apple complied.
On the other hand, when the FBI ordered Apple to add backdoors to its devices, Apple refused – and rightly so.
This doesn’t mean that Apple values the safety, privacy and free expression rights of its Chinese customers less than it values the safety, privacy and free expression rights of its American customers.
Rather, it’s that the Chinese government can harm Apple’s shareholders worse than the American government can: if Apple was denied access to low-waged Chinese manufacturing and 350 million middle-class Chinese consumers, it would have to pay much more to manufacture its products, and it would sell far fewer of them: none in China, and fewer elsewhere, thanks to the higher prices it would have to charge.
The App Tax
Even when powerful governments aren’t involved, Apple sometimes puts its shareholders ahead of its customers: the company’s policy of charging very high payment processing fees (30% for large businesses, 15% for some small businesses) means that some products and services simply can’t be offered at all without losing money. For example, the wholesale discount on audiobooks is 20%, so a bookseller that makes its wares available through an iOS app will lose money on every sale.
In the case of audiobooks, Apple uses its high fees to clear the field of competitors for its own product, Apple Books, which sells books that are permanently locked (through Digital Rights Management) to Apple’s platform.
Incredibly, that’s the best outcome of Apple’s “app tax.” In other cases, companies simply pass on Apple’s commission to Apple’s customers by raising prices (since everyone who sells via an iOS app must pay the app tax, they all raise prices). Even that is better than the worst outcome, where products and services never come to market because they can’t be profitable after paying the app tax, and the products won’t sell if the app tax is added onto their sale price.
These bad outcomes are endemic to all app store businesses. Once a company has the power to decide what you can and cannot buy, and how much you must pay for it, it can use that power to shift value from their customers to their shareholders. The more those customers have invested in the platform, the worse the platform’s proprietor can treat them without fearing that they will quit. High switching costs are the enemy of good corporate behavior.
Walled Gardens and Prison Walls
It’s fine for companies to build walled fortresses around their products to keep bad guys out, but those fortress walls can quickly become prison walls that lock their customers in. For example, Apple made privacy changes to iOS that effectively block most third party tracking, but they secretly continued to spy on iOS users even if they had opted out of tracking. This is where the DMA comes in: by forcing companies to open their app stores to rivals, the DMA will use competition to discipline large companies. They’ll make sure Apple builds fortresses, but not prisons. For example, a third-party app store could block Apple’s tracking on iOS devices and let Apple device owners truly opt out of all tracking.
But again, the devil is in the details. The app store plan reported in Bloomberg has many gotchas that would allow Apple to claim to have complied with the DMA without satisfying either the letter of the law, or – more importantly – its intent: to allow customers true alternatives to Apple and its compromised judgments about what is best for them.
How To Sabotage the DMA
Here are some red flags to watch for as Apple’s plans mature:
Forcing software authors to sign up for Apple’s Developer Program: Apple’s Developer Program offers many tools and services to software authors who choose to pay to join it. But it should be a choice. Some developers may see the benefits of paying for Apple’s blessing on their products, while others may choose to save their money – or they may choose not to sign onto Apple’s eye-glazingly long and bowel-looseningly terrifying developer terms and conditions.
As part of opening up iOS devices to other app stores, Apple must not impede the development of rival toolchains and software development kits (SDKs) for iOS developers. Software authors should be able to choose which tools they use.
Forcing rival app stores use the same editorial criteria as Apple’s App Store: The DMA doesn’t propose to turn app stores into a free-for-all; Apple is permitted to impose some security standards on third party iOS app stores. However, Apple should not be permitted to bootstrap genuine security concerns into general editorial oversight of its competitors’ stores. Apps that don’t meet Apple’s editorial standards – like games that simulate work in an offshore sweatshop or apps that report civilian deaths from US drone strikes – should not be blocked on other app stores if they meet those stores’ editorial standards.
Requiring that third-party app stores pay Apple for security vetting: It’s one thing for Apple to oversee the criteria by which third-party app stores assess the security of the apps they carry; it’s another thing for Apple to require its competitors to pay it to vet the apps they sell. According to Bloomberg, this is what Apple plans. Despite Apple’s submissions to the world’s governments, it is not the only entity capable of assessing the security of an app, nor can it claim to do so perfectly.
Requiring third-party app stores to process payments through Apple: Third party app stores and the apps they carry should be able to use any secure payment processor. If Apple wants their business, it should make a competitive product, not order all comers to pay a 30% app tax.
Arbitrarily revoking third party app stores: A common complaint among businesses that rely on Apple’s App Store is that Apple capriciously and arbitrarily rejects their apps. Apple removes some apps from the App Store for violating rules, while turning a blind eye to other apps that violate the same rules. This is frustrating when it applies to individual apps, but it could be much worse if it is applied to whole app stores.
When Apple removes an app store for allegedly failing to meet its security obligations, it could take a long time to figure out whether the action was warranted, and during that delay, the suspended app store’s customers could lose access to the media they’ve purchased, the services they use, and the data they’ve entrusted to their apps.
Bad-faith app store deletions represent a serious danger to the entire DMA. It wouldn’t take more than a couple of bad experiences with a third-party app store disappearing without warning to dissuade the public from ever trusting another third-party store.
How to Defend the DMA
Luckily, the DMA doesn’t give companies the final say on these matters. The European Commission, the EU’s administrative body, has the power to oversee and enforce compliance with the regulation.
All of these items – the standards for security vetting, the editorial standards, the criteria for removal of an app store, the remedies for the users of those app stores when they are removed – can’t solely be left to the judgment of the firms involved. These companies have their customers’ backs sometimes, but when it comes down to a fight between their customers’ interests and their shareholders’ interests, the shareholders always win.
Why Should Europeans Get to Have All the Fun?
All of this is still up in the air: Apple almost certainly hasn’t finalized its plans, and the EU is still gearing up to enact and administer the DMA.
One thing we dearly hope is that Apple will not withhold the rights it gives back to its European customers from its customers all over the world. Every person deserves the right to technological self-determination, no matter where they are.
The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows. Visit https://www.eff.org