COMPETITION IN THE

MOBILE APPLICATION
ECOSYSTEM

DEPARTMENT OF COMMERCE
February 2023
Table of Contents
EXECUTIVE SUMMARY 1
STATE OF PLAY 4
Introduction 4
The Apple Ecosystem 5
The Google Ecosystem 6
Distribution of Revenue 7
Interoperability 8
Activity to Examine and Change the Ecosystem 9
MEANS OF DISTRIBUTION 15
Preinstalled App and Default Options 15
Mobile App Stores 17
Mobile App Store Benefits 20
Sideloading 20
Exceptions 23
Browsers and Web Apps 24
Browsers 24
Web Apps 25
WebKit Critiques 26
TECHNICAL LIMITATIONS 28
Mobile App Store Screening 28
Apple’s Review Process 29
Google’s Review Process 29
Critiques of the Mobile App Store Review – Transparency 30
Critiques of the Mobile App Store Review – Security 30
Critiques of the Mobile App Store Review – Commercial Data Collection 33
Critiques of the Mobile App Store Review – Updates 33
In-App Purchasing 34
Other Limitations 37
Near Field Communication 37
Access to Location Tracking 39
Access to Private APIs 40
Other Protections Affecting Privacy Interests 40
Gaming/Cloud Streaming Apps 41
RECOMMENDATIONS FOR INCREASING COMPETITION AND INNOVATION 43
Measures to Support Antitrust Enforcement in App Markets 43
Measures to Create a Level Playing Field for Third Party Apps and Mobile App Stores 44
Limit Pre-installed, Default Options and Anticompetitive Self-Preferencing 44
Limit or Prohibit Anticompetitive Restrictions and Conditions on Sideloading, Alternative Mobile App Stores,
Browsers, and Web Apps. 45
Address Limits on In-App Purchasing 45
Improve Transparency and Fairness for App Developers in the Mobile App Store Screening and Review
Processes 46
Encourage Tools and Standards to Increase Interoperability and Reduce Developer Costs 46
Additional Considerations 47
CONCLUSION 48
 Executive Summary

Mobile devices have become an ever-present and essential tool for many Americans. The
ubiquity and utility of these devices is in large part due to the range of innovative software
applications (apps) that have revolutionized the way we work, play, and connect with each other.
The numbers are impressive: Millions of apps are on the market, actively used by more than
300,000 companies in the United States. 1 Globally, the app economy has been reported to be a
$1.7 trillion ecosystem. 2 Over the past 10 years, the usage of smartphones—the primary vehicles
for apps—skyrocketed from 27 percent of persons ages 3 and older to 70 percent. 3 From 2008 to
2022, 2.56 million U.S. jobs were reported to have been generated by the app economy. 4 Apps
are integral to work and commerce as well as tools for many other pursuits; from social
networking, to participation in democracy, to citizen science to gaming.

In 2021, President Biden signed the Executive Order on Competition, committing the
Administration to the promotion of innovation and competition across the economy. 5 In that
Order, he expressed concern that “dominant Internet platforms use their power to exclude market
entrants [and] to extract monopoly profits.” Mobile devices are, in our times, arguably the
nation’s (and the world’s) leading technological platform. For that reason, the state of
competition and innovation on the platform are a matter of national importance.

The mobile app ecosystem is complex and features a variety of stakeholders and technologies.
However, two firms are responsible for the leading mobile operating systems that dictate how the
vast majority of the world’s apps exist and function: Apple, Inc. and Google LLC. These firms
control vertically integrated distribution chains. These companies manage their app ecosystems
differently, but they both play a significant gatekeeping role by controlling (and restricting) how
apps are distributed. Unlike desktop computers, the primary means through which third-party
apps on mobile devices are made available is through mobile app stores—specifically, Apple’s
The App Store and the Google Play Store—and the policies and technical requirements of these
stores fundamentally shape the mobile app ecosystem.

1
State of the U.S. App Economy: 2020, ACT | The App Association, at 4 (Jan. 31, 2021), https://actonline.org/wp-
content/uploads/2020-App-economy-Report.pdf.
2
Id.
3
Rafi Goldberg, New NTIA Data Show Enduring Barriers to Closing the Digital Divide, Achieving Digital Equity,
National Telecommunications and Information Administration (May 11, 2022) (citing to the NTIA Internet Use
Survey), https://www.ntia.gov/blog/2022/new-ntia-data-show-enduring-barriers-closing-digital-divide-achieving-
digital-equity.
4
Michael Mandel and Jordan Shapiro, U.S. App Economy Update, 2022, Progressive Policy Institute (PPI), at 4
(May 2022), https://www.progressivepolicy.org/wp-content/uploads/2022/05/PPI_US-App-Economy-Update-
2022_V4.pdf; see, also, Comment from PPI, #96, 1-2 (2020 data).
5
Executive Order on Promoting Competition in the American Economy, The White House, (Executive Order on
Competition), (July 9, 2021), https://www.whitehouse.gov/briefing-room/presidential-actions/2021/07/09/executive-
order-on-promoting-competition-in-the-american-economy/.

1
Our review suggests that the mobile app store model has provided a range of benefits to both app
developers and users, 6 but has also created conditions of competition that are suboptimal. The
policies that Apple and Google have in place in their own mobile app stores have created
unnecessary barriers and costs for app developers, ranging from fees for access to functional
restrictions that favor some apps over others. These obstacles impose costs on firms and
organizations offering new technology: apps lack features, development and roll-out costs are
higher, customer relations are damaged, and many apps fail to reach a large number of users.

In addition, the structure of the ecosystem has made possible the extraction of disproportionate
returns by the operating system owners, yielding an outsized economic share for the platform
owners as opposed to other parts of the ecosystem. The incentive structures created by the
current policies and practices of Apple and Google leave any alternative distribution models with
significant disadvantages and limited functionality. 7 It is challenging for other firms to compete
in the mobile ecosystem for both distribution mechanisms (e.g., mobile app stores and web
browsers, as discussed below) and amongst apps. 8

Above all, these setbacks mean that app developers and alternative mobile app stores are not
afforded the opportunity to compete on a fair playing field— whether with each other or with the
products and services offered by the gatekeepers. All of these factors translate to potential losses
for consumers: prices that are inflated due to the fees collected by gatekeepers, innovation that is
hampered by policy decisions to limit access to smartphone capabilities, and the loss of choice of
apps that are not featured or even accessible for smartphone users.

We generally expect fair competition on a level playing field to generate more choice, better
quality and lower prices. As President Biden stated with respect to the economy as a whole in the
2021 Executive Order on Competition: “[A] fair, open, and competitive marketplace has long
been a cornerstone of the American economy.”

In the Executive Order on Competition, the President, understanding both the growing
importance of the mobile app market to the economy and the need to promote increased
competition and innovation in this space, instructed the Secretary of Commerce to, “in
consultation with the Attorney General and the Chair of the Federal Trade Commission, conduct
a study, including by conducting an open and transparent stakeholder consultation process, of the
mobile application ecosystem, and submit a report to the Chair of the White House Competition
Council, regarding findings and recommendations for improving competition, reducing barriers
to entry, and maximizing user benefit with respect to the ecosystem.” 9

6
For purposes of this report, we use the term “developers” as a group inclusive of any entity trying to distribute
apps, whether they are the business that commissioned an app or the designer/developer.
7
See Majority Staff, H. Subcommittee on Antitrust, Commercial and Administrative Law, Comm. on the Judiciary,
Majority Staff Rep. and Recommendations on Investigation of Competition in Digital Markets 2021 (Final House
Report), at 78-79, https://www.govinfo.gov/content/pkg/CPRT-117HPRT47832/pdf/CPRT-117HPRT47832.pdf.
8
See, e.g., CMA’s Market Study Into Mobile Ecosystems: Final Report Summary, at 3, Competition and Markets
Authority (UK) (June 10, 2022) (UK CMA Report Summary), https://www.gov.uk/cma-cases/mobile-ecosystems-
market-study#final-report.
9
Executive Order on Competition, https://www.whitehouse.gov/briefing-room/presidential-
actions/2021/07/09/executive-order-on-promoting-competition-in-the-american-economy/.

2
The following report is responsive to this tasking. It is based on a review of public reports and
literature; consultations with a diverse array of stakeholders from multiple sectors of industry,
academia, and civil society; and the comments received in response to a public Request for
Comment published in April 2022. 10 First, it describes the current state of play in the United
States, focusing on the role of the two companies that act as gatekeepers and the differences
between the respective ecosystems of Apple and Google. It then describes in greater detail the
means of distribution for apps, exploring mobile app stores, their benefits and drawbacks, and
their alternatives. The report then details additional technical limitations that pose barriers to
third-party app development and distribution. Finally, the report raises a number of possible
options to further promote competition and innovation in the mobile app ecosystem.

Our key findings are as follows:

1) Means of distributing apps other than the Apple and Google mobile app stores
are possible, but significant barriers remain to fully implementing those
alternatives and attaining meaningful competition in the mobile app ecosystem.
2) Within the app marketplaces, Apple and Google place multiple restrictions on
apps that create barriers to developers. While Apple and Google provide a range
of benefits to developers and users, their central role in the development and
distribution of apps translates into power over developers, including those who are
potential competitors of Apple and Google. These restrictions are not an inevitable
feature of the technical structure of mobile platforms, but are instead business choices
made by Apple and Google, which often lead to a less competitive ecosystem.
3) As the Administration considers taking action to increase competition and
innovation in the mobile app ecosystem, it should carefully assess trade-offs and
risks associated with different options. Some proposals by stakeholders to increase
competition might entail consideration also of user convenience, privacy, and
security.

This report concludes with a series of recommendations, including:

• Promoting alternative means of app distribution, by, for example, considering

measures to limit pre-installation or reducing restrictions on sideloading, competing
app stores, and competing browsers that would allow fully-featured web apps.
• Considering measures to remove technical limitations on developers, by, for
example, improving the fairness of mobile app store review processes, permitting
broader in-app purchasing options, support stronger antitrust enforcement and
encouraging interoperability.

The issues at hand are complex, multifaceted, and overlap with other technologies and markets.
Further study is needed in many areas, and additional resources and authorities may be required
to fully evaluate and implement policies that promote competition and innovation in this
ecosystem.

10
Request for Comments on Competition in the Mobile App Ecosystem, 87 Fed. Reg. 24134, (Apr. 22, 2022),
https://ntia.gov/files/ntia/publications/fr-mobile-app-rfc-04222022.pdf.

3
State of Play

Introduction

Smartphone apps have greatly broadened the utility of today’s mobile phones. The apps allow
users to connect to the Internet (through a browser app), to send messages, to listen to podcasts
or view videos, to have quick access to record voice or video, to play games, and more. As one
commentator wrote, “Without apps, a smartphone is just a phone.” 11

Mobile apps are essentially software applications, which are found on every type of computing
device. The model of having a platform layer on top of which other applications can be
developed is not an innovation novel to mobile devices and this model has long been found
across digital technologies. For that reason some commentators argue that focusing only on apps
in the mobile ecosystem is misleading 12 and that NTIA’s study of this ecosystem should
encompass software applications in a broader ecosystem that might encompass everything from
cars to gaming consoles. 13 Others questioned whether operating systems that run on desktop
computers or gaming consoles should be considered in the analysis of this market. 14

However, there are some distinctions—whether artificially created or organic—that make the
mobile app ecosystem unique. One of the unique aspects of this environment is that consumers
nearly exclusively obtain apps through downloads from mobile device app stores (primarily the
Apple and Google mobile app stores), which is a different method of distribution than that found
in other ecosystems. Furthermore, the functionality of many mobile apps is both enhanced and
constrained by the nature of the devices and limitations imposed by the platforms in charge of
the ecosystem. 15

Despite past efforts by entrepreneurs to launch and sustain various mobile devices using different
operating environments, from Blackberry to Windows, today most “smart” mobile phones 16 rely
on Apple’s and Google’s technology. Those two separate and distinct mobile app ecosystems are
based on operating systems from Apple (iOS) and Google (Android), which are used by most
mobile devices in the United States. 17 Those two companies have an outsized impact on the
form, capabilities, and access method for millions of apps.

Both Apple and Google maintain that many of the measures they have put into place for the app
ecosystems, such as restrictions on the functionality of apps, are in place to support the security

11
Comment from ACT | The App Association, #130, at 6.
12
See, e.g., Comment from Jonathan Hicks, #7; Comment from Jon Stacey, #68.
13
See, e.g., Comment from SIIA, #129, at 4-5; Comment from Mozilla, #131, at 5. See generally, Comment from
Competitive Enterprise Institute, #114.
14
See, e.g., Comment from Public Knowledge, #127, at 1 (the focus on mobile devices is appropriate). Comment
from Match Group, Inc. (Match), #142, at 30-31 (describing the relevant market in its lawsuit against Google).
15
See, e.g., Comment from William O’Connell, #108.
16
We note that this report assesses only mobile devices.
17
See, e.g., Final House Report, at 77 (“…iOS and Android run on more than 99% of mobile devices in the U.S. and
globally.”) (citing, Market Study into Mobile App Stores, at 15, Authority for Consumers and Markets (Netherlands)
(April 2019), https://www.acm.nl/sites/default/files/documents/market-study-into-mobile-app-stores.pdf).

4
of the whole ecosystem; including the operating system, the device of the user, and apps
themselves. Debates continue about how to best give third parties legitimate access to proprietary
technology in order to foster competition and allow for innovation, while retaining or even
improving the security of the platform. Importantly, it is not necessarily the case that security
and competition are in tension. On the contrary, a mobile environment open to more developers
and innovations might also foster greater competition amongst apps and app stores, along
multiple dimension of quality, including code review, curation, privacy and security, where the
current incumbents’ monopoly position might leave them under-incentivized to invest in
developing those areas. 18

Many developers have benefited from both Apple’s and Google’s development of their
ecosystems. Apple says it “gives developers access to hundreds of millions of potential
customers across the world,” particularly benefiting “the small businesses and solo coders who
have taken advantage of the app-building tools and distribution network that Apple provides to
turn their ideas into the next big thing.” 19 The same is true of Google, which claims that its app
ecosystem has created two million American jobs, and its mobile app store supports “500,000
American developers.” 20 In comments filed with NTIA, R Street contends that Google’s and
Apple’s dominance of this ecosystem should not overshadow the fact that there is vigorous
competition between them. 21 However, many have noted that currently the barriers to innovation
and competition for apps—including against Google and Apple—are significant. Echoing a
sentiment expressed by others, in comments the group Open Web Advocacy (OWA) describes
Apple and Google as having a “stranglehold” on app development. 22

The Apple Ecosystem

In the Apple ecosystem, Apple supplies the devices (iPhones), the mobile operating system, and
the store, giving it total control of its ecosystem. Apple manufactures its own devices and
consumers purchase those from Apple directly or through third parties. The devices all run on
Apple’s operating system (iOS). The mobile devices come with apps that have been “preloaded”
by arrangement between Apple and, usually, the carrier providing the services to operate the
device (the voice and Internet service purchased for the device). 23 As discussed below, apps that
are preloaded have competitive advantages.

Furthermore, the only approved way for users to add more apps to their device is to download
them from the Apple mobile app store, named “The App Store.” 24 The number of available apps

18
See, e.g., the discussion entitled “Critiques of Mobile App Store Review – Security” below.
19
Comment from Apple, #132, at 1.
20
Comment from Google, #140, at 1-2 (internal citation omitted).
21
Comment from R Street Institute, #116, at 1; see also, Comment from ACT | The App Association, #130, at 9-10.
22
Comment from Open Web Advocacy (OWA), #149, at 42; see also, Comment from Meta Platforms, Inc. (Meta),
#145, at 3.
23
Users might also use Wi-Fi from other sources to connect to the Internet and even some voice applications (e.g.,
Signal, WhatsApp, Facetime).
24
One commenter said that Apple prohibiting installing apps from alternative sources “makes it literally impossible
to install anything on an iPhone without going through Apple’s arbitrary, lengthy and complicated verification
process.” Comment from Michaela Merz, #82.

5
worldwide on Apple iOS—through Apple’s mobile app store—is estimated at about 2 million. 25
As detailed below, Apple earns significant revenues and profits from apps in its store for in-app
purchases, and, by virtue of its position, it obtains information about a wide variety of
businesses, including customer relations data and technical details about other apps. In order to
get an app into Apple’s mobile app store, developers must comply with a variety of requirements
and are subject to a review process from Apple. As discussed below, these requirements include
that third-party apps do not attempt to access private, proprietary Application Programming
Interfaces (APIs) which Apple’s own apps can utilize. No other mobile app stores are allowed on
Apple devices. The advantages of that system, as well as critiques of it, are detailed below in the
section on mobile app stores.

It is technically possible for iOS device users to configure their devices so that they can accept
downloads from other sources, but that practice, which is referred to as “jailbreaking,” violates
the terms of service for Apple devices, affects warranties, and can result in security and
functionality problems, as further discussed below.

Several commenters, including industry associations and more than 20 individuals, say they
value the security of this closed Apple ecosystem. They urge the government to avoid taking any
action that would open that system to more third parties. For example, a self-described “ok tech
savvy dad,” says that a video that showed how to sideload a kid-targeted app posed a risk to his
daughter, who he has now asked to stay within the Apple mobile app store. 26 Whether the
security protection stems from the mobile app store vetting process or other aspects of the
ecosystem, such as the operating system, is the subject of debate, as discussed below.

The Google Ecosystem

In the Google ecosystem, Google supplies an operating system to device manufacturers through
a license and, for reasons discussed below, operates its own mobile app store, named the
“Google Play Store,” that is used overwhelmingly by devices on that operating system
(Android). In the United States, the vast majority of non-Apple smart phones use Android. Many
Android devices come with preloaded apps based on contractual arrangements between Google,
the manufacturer of the device, the carrier providing the services to operate the device, and third
parties seeking to distribute apps. Purchasers of Android devices, similar to those of Apple
devices, will find apps that are also offered as defaults available for use (even if not fully
downloaded yet). The competitive significance of this is discussed below.

Android is an open-source system, and, unlike Apple, Google allows device makers to not only
license the system for the devices they make, but also to tailor that operating system to a certain
degree. The Software & Information Industry Association (SIIA) noted that Google’s open-
source software is used in more than 1,300 brands on 24,000 different kinds of Android
devices. 27

25
See, e.g., Apple App Store, https://www.apple.com/app-store/.
26
Comment from Kit Lammers, #69 (“Sure, this means the app my daughter wanted lost out by not being in the App
Store. Yes. But the protection the App Store offers, the level of trust they have to maintain is worth that to me.”).
27
Comment from SIIA, #129, at 3-4; Comment from Google, #140, at 1.

6
On Google devices, it is possible for device users to download apps either through a mobile app
store on the mobile device or directly from other sources. While there are other mobile app stores
on some Android mobile devices, commenters note that more than 90 percent of app downloads
on Android devices are through the Google Play Store. 28 The number of available apps through
Google Play as of March 2022, for example, was 2.7 million apps. 29 While it is possible to
download apps outside of a mobile app stores in the Android ecosystem, as discussed below, this
process comes with additional, sometimes cumbersome, security hoops. 30

Distribution of Revenue

Apple and Google have earned a significant amount of revenue from the products and services
they provide, 31 and part of that revenue – and ultimately profit – comes from the mobile app
ecosystem, including the companies’ own mobile app stores. 32 Whether or not such profit is
warranted by the services provided is the subject of debate. In a District Court ruling in an Epic
Games lawsuit against Apple, the judge found that “under any normative measure, the record
supports a finding that Apple’s operating margins tied to the App Store are extraordinarily high.

28
More than 90% of Android app downloads come from Google Play. Comment from Match, #142, at 35 (citing to
the federal court complaint Match filed against Google in May 2022 in the Northern District of California).
29
Number of available applications in the Google Play Store from December 2009 to March 2022, Statista,
https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/; Google’s
Comment notes that consumers downloaded 12 billion apps from Google Play in 2011 and 111 billion apps per year
by 2021, and they spent $170 billion in app stores in general in 2021. See Comment from Google, #140, at 4.
30
A commenter described that the steps required by Google and some device operating equipment manufacturers are
“both misleading and disproportionately cumbersome.” Comment from Daryl Kunzmann, #38.
31
See, e.g., Alphabet, Inc., Annual Report (Form 10-K), at 32 (Feb. 1, 2022) (Alphabet 2021 10-K Form),
https://abc.xyz/investor/static/pdf/20220202_alphabet_10K.pdf (reporting “consolidated revenues” of $257.6 billion
USD for the fiscal year ending on December 31, 2021); see also, Kim Lyons, Google parent company Alphabet
broke $200 billion in annual revenue for the first time, The Verge (Feb. 1, 2022),
https://www.theverge.com/2022/2/1/22912196/google-alphabet-200-billion-annual-revenue-youtube-pixel-search.
See, e.g., Apple, Inc., Annual Report (Form 10-K) (Oct. 28, 2021) (Apple 2021 10-K Form),
https://s2.q4cdn.com/470004039/files/doc_financials/2021/q4/_10-K-2021-(As-Filed).pdf (reporting “total net
sales” of $365.817 billion USD for the fiscal year ending on September 25, 2021).
32
In the mobile app store context, for example, in explaining the metrics that went into its 2021 10-K report, Apple
attributes revenue to “services” it provides, including “digital content,” which covers its mobile app store. See Apple
2021 10-K Form, at 5. See also, Apple 2021 10-K Form, at 24 (“Services net sales increased during 2021 compared
to 2020 due primarily to higher net sales from advertising, the App Store and cloud services.”), and Kif Leswing,
Apple implies it generated record revenue from the App Store during 2021, CNBC (Jan. 10, 2021),
https://www.cnbc.com/2022/01/10/apple-implies-it-generated-record-revenue-from-app-store-during-2021-.html.
Alphabet, Google’s parent company, listed revenues in 2021 for the Play Store as “Google Other Revenues,” which
also include revenues in addition to the Play Store (e.g., hardware such as Google Nest products). See, e.g., Alphabet
2021 10-K Form, at 56 (“Google other revenues consist of revenues from: Google Play, which includes sales of apps
and in-app purchases and digital content sold in the Google Play store; hardware . . .; YouTube non-advertising . . .;
other products and services”). An unsealed court filing in an ongoing lawsuit brought by 37 state attorneys general
indicated that Alphabet earned $11.2 billion USD in revenue from the Google Play Store in 2019, with $8.5 billion
USD in gross profits. Paresh Dave, Google Play app store revenue hit $11.2 bln in 2019, lawsuit says, Reuters
(Aug. 30, 2021), https://www.reuters.com/technology/google-play-app-store-revenue-reached-112-bln-2019-
lawsuit-says-2021-08-28/.

7
Apple did nothing to suggest operating margins over 70% would not be viewed as such.” 33 The
profits these companies skim off this ecosystem, to the extent they are well above marginal costs
(even allowing for what might generally be considered reasonable profits), is suggestive of
substantial market power and might negatively affect developers and end users. 34 The Court
went on to suggest: “a third-party store could likely provide game distribution at a lower
commission and thereby either drive down prices or increase developer profits.” 35
A number of commenters speak of this impact on developer and user costs. 36 For example, Epic
Games, which describes having to pass on additional costs to users, says that “[i]ntroducing
competition at the app distribution level would give developers and consumers the ability to
decide how best to distribute and download apps as well as incentivize innovation and would
free them from the monopolistic terms of service that Apple and Google impose.” Epic is among
the commenters who have suggested that adding competition for app payment mechanisms could
“lead to higher quality services, increased innovation, and lower prices for developers and
consumers.” 37

Interoperability

Apple’s and Google’s operating systems are not interoperable, meaning that the same apps must
be built differently for each ecosystem. For traditional apps, called “native” apps, app developers
must build for both ecosystems or their app will not reach all users within the U.S. market. 38

33
See, e.g., Rule 52 Order After Trial on the Merits at 43, Epic Games, Inc. v. Apple Inc., No. 4:20-cv-05640 (N.D.
Cal. Sept. 10, 2021), at 44 (Epic Order).
34
See, e.g., id. at 99 (finding that Apple’s restrictions on iOS game distribution have increased prices for
developers). See also, Gilad Edelman, Why Lawmakers Are So Interested in Apple’s and Google’s ‘Rents’, Wired
(Apr. 22, 2021), https://www.wired.com/story/lawmakers-interested-apple-google-rent/; Kim Lyons, Epic-backed
expert says Apple’s app store profit is as high as 78 percent, The Verge (May 1, 2021),
https://www.theverge.com/2021/5/1/22414402/epic-expert-apple-app-store-fortnite-court-profit (noting a dispute
between Epic and Apple over identification of the amount of profit derived from Apple’s mobile app store); Utah
AG Leads Bipartisan Lawsuit against Tech Giant Google, State of Utah Office of the Attorney General, (alleging
that Google’s commission fee “is much higher than the commission that consumers would pay if they had the ability
to choose one of Google’s competitors instead.”); Mobile Ecosystems: Market Study Final Report, Competition and
Markets Authority (UK) (UK CMA Report), Appendix C: financial analysis of Apple’s and Google’s mobile
ecosystems, (June 10, 2022), https://www.gov.uk/cma-cases/mobile-ecosystems-market-study#final-report
(providing a financial analysis that supports the UK CMA’s “understanding of where Apple and Google have been
able to generate returns persistently higher than would be expected in a competitive market.”).
35
Epic Order, at 99.
36
See, e.g., Comment from Coalition for App Fairness (CAF), #148, at 6; Comment from OWA, #149, at 7.
37
Comment from Epic Games, #134, at 3; Comment from R Street Institute, #116, at 3 (“The user trust that is
engendered by a well-screened and regulated app store provides a tangible benefit to smaller app developers that is
crucial to their ability to compete with larger, more established apps. Without that trust, consumers are inclined to
stick to well-known, established software, whereas an upstart app in a well-curated app store is more likely to find
users willing to download unfamiliar software because of the assurance that there is little downside to doing so.”)
(internal citation omitted).
38
Comment from OWA, #149A, at 32; see also, Daniel Na, The What, Why, and How of Mobile Applications,
Mobile Web 20 (Oct. 2011), at 22, http://www.webdesignblog.gr/wp-content/uploads/2012/03/5.pdf#page=22.
Native apps are those downloaded directly to user phones from, for example, a mobile app store. They are “written
to run on a specific operating system, and, as such, interact directly with elements of the operating systems in order
to provide relevant features and functionality.” See UK CMA Report, at 11.

8
There are fundamental architectural differences between Android and iOS. 39 These differences
between the mobile operating systems translate into different capabilities, features, and
permissions for app developers to navigate. 40

Cross-platform development tools (such as Flutter and React Native) may help reduce
development costs, but these tools come with drawbacks. Because they are limited to features
that are shared by both major operating systems, their feature libraries are often smaller than
other apps can use. These tools can also increase the complexity and reduce developers’ ability
to optimize app performance. Lastly, because these frameworks can support new features only
after each respective operating system provides them, developers using cross-platform
frameworks must often wait to implement these features. 41

Writing apps for Apple is generally regarded as easier for first-time or small-scale developers:
Apple’s Swift programming language, for example, is designed for mobile app programming;
Apple’s device lineup is less fragmented, meaning developers need to spend less time
considering unique device screen sizes and capabilities when designing apps; and Apple pushes
operating system and device updates in a more coordinated manner across than Android. 42

Activity to Examine and Change the Ecosystem

A number of government entities around the world have been studying and taking action to
increase competition in the mobile app ecosystem. Many of these initiatives are aimed at
addressing emergent competition challenges posed by digital ecosystems. 43 Some efforts focus

39
See UK CMA Report Summary, at 16 (“We found the strongest case for interventions to enhance interoperability
of Apple’s connected devices with Android (e.g., Apple Watch) and ensuring access to all the necessary. APIs to
enable smoother migration of apps and data.”), but see Comment from Spotify, #126; Comment from Proton AG
(Proton), #147.
40
There are also differences and costs associated building with web apps, but those are based upon browsers, as
discussed below. See Comment from OWA, #149A, at 36 (discussing how web apps are interoperable because they
only require a full browser).
41
See, e.g., Comment from OWA, #149A, at 8-9 (noting that developers may leave features out where one service is
“provided by one vendor but not another.”).
42
IOS v. Android App Development: What’s the Difference?, MOOC Blog Team (Nov. 29, 2021),
https://www.mooc.org/blog/ios-vs.-android-app-development.
43
For more information on this topic, see, generally: Unlocking digital competition: Report from the Digital
Competition Expert Panel, HM Treasury (UK) at 86 (Mar. 2019) (the “Furman Report”) (generally recommending
changes in competition policy to address digital markets) and at 86 (“[P]rinciples of competition policy are generally
applicable to the digital economy. However, their implementation will be affected by the challenging economic
characteristics of digital markets”),
https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/785547/unlocking
_digital_competition_furman_review_web.pdf; Digital platform services inquiry, Interim report No. 5 – Regulatory
reform, Australian Competition & Consumer Commission (Sept. 2022) (generally describing digital platforms) and
at 32 (“While many of … characteristics are not unique to digital platforms, their strength and presence in
combination makes their effects on market dynamics and outcomes significantly greater than in most other areas of
the economy”), https://www.accc.gov.au/system/files/Digital%20platform%20services%20inquiry%20-
%20September%202022%20interim%20report.pdf; and 2022 Compendium of approaches to improving competition
in digital markets, G7 Germany (October 12, 2022), https://www.gov.uk/government/publications/2022-
compendium-of-approaches-to-improving-competition-in-digital-markets (generally describing concerns and

9
on various barriers to competition in this ecosystem, primarily related to mobile app stores and
app payment mechanisms.

Among others, the U.S. House Committee on the Judiciary Subcommittee on Antitrust,
Commercial, and Administrative Law looked into mobile app competition as part of an
investigation into digital markets in 2020. 44 As noted below in more detail, the Department of
Justice (DOJ) and state attorneys general have taken on the topic in lawsuits, South Korea has
investigated the app ecosystem, and both the European Union and United Kingdom have been
looking at approaches to digital markets and, in particular, mobile ecosystems. 45

Concerns regarding the app ecosystem, and on digital platforms generally, are also being
examined in a variety of legal venues, from courts to legislatures. 46 One potential solution to
many of the structural issues present in the current app ecosystem is increased antitrust
enforcement, both domestically and internationally. DOJ, 47 state attorneys general, 48 and private
parties, 49 have significant competition law cases currently underway. One concern, voiced for
example in a March 2019 UK report analyzing how to move forward on approaches to digital
competition, is that innovative start-ups cannot stay in business while battling large companies in
the often long and legally complex competition lawsuits. 50 However, to the extent that private
litigants face business or legal obstacles to success in antitrust litigation, greater support for

approaches to competition issues in digital markets) and at 7 (“There are certain common features present in many
digital markets which often lead to firms gaining a large and powerful position. These features may tend to increase
market concentration, raise barriers to entry, and strengthen the durability of market power”).
44
See, e.g., Final House Report, at 144-207 and 277-317, et seq.,
https://judiciary.house.gov/uploadedfiles/competition_in_digital_markets.pdf?utm_campaign=4493-519 .
45
See, e.g., South Korea approves rules on app store law targeting Apple, Google, Reuters (Mar. 8, 2022),
https://www.reuters.com/technology/skorea-approves-rules-app-store-law-targeting-apple-google-2022-03-08/; KCC
Begins Fact-Finding Investigation of Three App Market Operators Including Google, Apple, Press release, Korea
Communications Commission (KCC), (Aug 9, 2022),
https://www.kcc.go.kr/user.do?boardId=1058&page=E04010000&dc=E04010000&boardSeq=53609&mode=view;
Deal on Digital Markets Act: EU Rules to Ensure Fair Competition and More Choice for Users, European
Parliament News (Mar. 24, 2022), https://www.europarl.europa.eu/news/en/press-room/20220315IPR25504/deal-
on-digital-markets-act-ensuring-fair-competition-and-more-choice-for-users. The full text of the DMA is available
here: https://competition-policy.ec.europa.eu/sectors/ict/dma_en. In addition, Japan is one of several other countries
that has been studying the mobile ecosystem. See Competition Assessment of the Mobile Ecosystem, Interim
Reports on Mobile Operating System, Secretariat of the Headquarters for Digital Markets Competition, Cabinet
Secretariat, (Japan) (Apr. 26, 2022),
https://www.kantei.go.jp/jp/singi/digitalmarket/pdf_e/documents_22220601.pdf.
46
See, e.g., Hearing of the Senate Subcommittee on Competition Policy, Antitrust, and Consumer Rights, Antitrust
Applied: Examining Competition in App Stores (Apr. 21, 2021),
https://www.judiciary.senate.gov/meetings/antitrust-applied-examining-competition-in-app-stores; Digital platform
services inquiry, Interim report No. 2 – App marketplaces, Australian Competition & Consumer Commission
(March 2021), https://www.accc.gov.au/system/files/Digital%20platform%20services%20inquiry%20-
%20March%202021%20interim%20report.pdf.
47
See, e.g., Amended Complaint, United States v. Google LLC, No. 1:20-cv-03010, (D.D.C. Jan. 15, 2021).
48
See, e.g., First Amended Complaint, Utah v. Google LLC, No. 3:21-cv-05227 (N.D. Cal Nov. 1, 2021) (Filed Nov.
1, 2021) (37 Attorneys General allege Google’s conduct has driven up competitor prices, limited consumer choice,
and misrepresented security risks of apps outside of its mobile app store) (37 AGs v. Google Complaint).
49
Epic Games, Inc. v. Apple, Inc., 559 F.Supp.3d 898, (N.D. Cal. 2021) (regarding Apple taking a percentage of
apps’ revenues and limiting their communication with consumers) (on appeal at the Ninth Circuit); see also
Complaint, Epic Games, Inc. v. Google LLC, No. 3:20-cv-05671 (N.D. Cal. Aug. 13, 2020).
50
See, e.g., Furman Report at 103-4

10
government enforcers – and in particular, the DOJ Antitrust Division and FTC – might help to
secure relief that would help to restore competition and deter anticompetitive conduct by
gatekeeper firms like Google and Apple. 51

Law enforcement efforts and regulation affecting the mobile app sector already has proven
effective in changing business practices deemed to be anticompetitive. For example, the Dutch
government expressed concerns about Apple’s requirement that dating apps—unlike ride-sharing
apps—must use Apple’s own payment mechanisms. 52 The Dutch government was ultimately
able to get Apple to change its way of doing business vis-à-vis dating apps in the Netherlands. 53
To obtain the same relief, in the United States, The Match Group, which operates several dating
apps and websites, filed a lawsuit against Google for similar restrictions. 54 Alongside private
litigation and efforts by foreign regulators like these, given the bounds of legal jurisdiction, U.S.
antitrust enforcers will continue to need empowerment and resources to ensure that the app
ecosystem remains competitive in the United States .

Notably, competition law has been used to significant effect to reduce barriers and help open up
markets in relevant ways, such as the concept of using software between the operating system or
the user interface to disaggregate markets and welcome in competition. Two decades ago, the
United States filed a lawsuit alleging, in part, that Microsoft was leveraging its power in the
operating system market in a way that impacted the browser market. 55 The court noted that,
among other things, that Microsoft’s “license restriction prevent[ed] many [equipment
manufacturers] from pre-installing a rival browser and, therefore, protect[ed] Microsoft’s
monopoly from the competition that middleware might otherwise present.” 56

The large number of Windows-exclusive applications served as a significant barrier to entry in

the operating system market at that time. Microsoft feared that if a cross-platform middleware
product like Netscape became popular, it would expose APIs to allow programs to be written for
many operating systems at once, reducing this entry barrier and, eventually, increasing
competition in the operating system market. The district court noted that without the constraints
Microsoft imposed on the market, Microsoft feared “the more popular middleware became and
the more APIs it exposed, the more the positive feedback loop that sustains the applications

51
The Department of Justice website provides information on the role of antitrust laws. See, e.g., Antitrust Laws and
You, https://www.justice.gov/atr/antitrust-laws-and-you.
52
ACM to assess adjusted proposal of Apple regarding its conditions for dating apps, Authority for Consumers and
Markets (Netherlands) at 129 (Mar. 03, 2022), https://www.acm.nl/en/publications/acm-assess-adjusted-proposal-
apple-regarding-its-conditions-dating-apps; see also, Comment from Match, #142, at 2 (noting that dating apps are
uniquely sensitive to Apple’s and Google’s requirements because dating apps must exploit the network effects of
mobile platforms).
53
ACM: Apple Changes Unfair Conditions, Allows Alternative Payments Methods in Dating Apps, Authority for
Consumers and Markets (Netherlands) (June 11, 2022), https://www.acm.nl/en/publications/acm-apple-changes-
unfair-conditions-allows-alternative-payments-methods-dating-apps; Distributing Dating Apps in the Netherlands,
Apple Developer, https://developer.apple.com/support/storekit-external-entitlement/, (last visited Aug. 29, 2022).
54
Complaint, Match Group, LLC v. Google LLC, No. 3:22-cv-02746 (N.D. Cal. May 9, 2022). See also, Exclusive-
Tinder-owner Match ups antitrust pressure on Apple in India with new case, Aditya Kalra, Reuters (Aug. 24, 2022).
55
United States v. Microsoft, 84 F.Supp.2d 9, 110-111 (D.D.C. 1999); aff’d in part, United States v. Microsoft
Corp., 253 F.3d 34 (D.C. Cir. 2001), cert. denied, 534 U.S. 952 (2001).
56
United States v. Microsoft Corp., 253 F.3d at 54.

11
barrier to entry would dissipate.” 57 As a result of the DOJ’s suit, Microsoft was forced to relax
its contractual restrictions on distribution of rival browsers, which ultimately led to a resurgence
of competition in the browser market and innovation on the browser platform, including the
growth of many of today’s major tech firms. 58

In the communications markets, it has been the policy of the United States to restrain the power
of the network service providers and foster competition and innovation in downstream markets
by promoting open networks and facilitating interconnection. As far back as 1866, the Post
Roads Act sought to open the telegraph market up to competition by lowering the barriers to
market entry for competitors by granting them access to the rights-of-way needed to place the
wires used to carry information. 59 In the 1913 settlement known as the Kingsbury Commitment,
DOJ agreed to settle an antitrust investigation into AT&T’s practices in exchange for the
company’s enforceable commitment to (among other things) allow certain competitors to send
messages over AT&T’s network. 60 Congress and the Federal Communications Commission
(FCC) have taken a similar approach to facilitating competition in the telecommunications
market, most notably in the drafting and implementation of the Telecommunications Act of
1996, which required incumbent providers to unbundle certain elements of their networks to
competitors and to interconnect with those competitors’ networks. 61

Under the FCC’s framework, offerings such as the dial-up Internet and “over the top”
applications (from VOIP to video streaming) all could enter the market without permission from
or coordination with the Bell Telephone network as long as these offerings conformed to open
standards and did not harm the underlying networks. The FCC applied this framework to
Broadband Internet Access Service in its 2015 Open Internet Order, which recategorized
providers of these services as common carriers and subjected them to net neutrality requirements
(although this decision was rescinded in 2018). 62 There are, however, significant differences
between communications networks and digital platforms (such as mobile app stores), and the
relative benefits of analogizing between the two is the subject of debate.

During the development of this report, Congress considered bipartisan legislation to increase
competition in digital markets. The Biden Harris Administration has been strongly supportive of
these efforts. 63 Several proposals would have affected Apple’s and Google’s mobile app
ecosystems more broadly. The Senate and House introduced bills addressing platform

57
United States v. Microsoft, 84 F.Supp.2d 9, 56-57 (D.D.C. 1999).
58
See, e.g., Tim Wu, The Curse of Bigness, Antitrust in the New Gilded Age, Ch. 5 (2018).
59
Post Roads Act of 1866, 14 Stat. 221, 39 Cong. Ch. 230 (1866) (repealed 1947).
60
United States v. AT&T, 552 F. Supp. 131 (D.D.C. 1982), aff’d sub nom. Maryland v. United States, 460 U.S. 1001
(1983).
61
Telecommunications Act of 1996, Pub. L. No. 104-104, 110 Stat. 56 (1996). See generally, Robert Cannon, The
Legacy of the Computer Inquiries, 55 F.C.L.J. 167 (2003).
62
In re Protecting & Promoting the Open Internet, 30 F.C.C. Rcd. 5601 (FCC 2015) (Open Internet Order); In re
Restoring Internet Freedom, 33 F.C.C. Rcd. 311 (FCC Jan. 4, 2018).
63
See, e.g., Principles for Enhancing Competition and Tech Platform Accountability, Readout of White House
Listening Session on Tech Platform Accountability, The White House, (Sept. 8, 2022),
https://www.whitehouse.gov/briefing-room/statements-releases/2022/09/08/readout-of-white-house-listening-
session-on-tech-platform-accountability/.

12
competition, such as the American Innovation and Choice Online Act (AICOA). 64 While these
type of bills are aimed at digital competition generally, if passed they would directly affect the
ways in which mobile app stores are governed. For example, DOJ expressed its strong support
for AICOA, explaining that, if enacted, such a law would make it clearer that certain
anticompetitive self-preferencing practices are prohibited conduct. Both the House and Senate
Judiciary Committees advanced bills on a bipartisan basis with co-sponsors from across the
aisle. 65

In addition, the Senate Judiciary Committee advanced the Open App Markets Act (OAMA) on a
bipartisan basis in February 2022 and it included co-sponsors from both parties. 66 This bill
sought to ensure that independent app developers are able to compete on fair and equal terms and
to prohibit the worse types of anticompetitive conduct by the gatekeeper firms that own and
operate the largest app stores and mobile platforms. Both OAMA and AICOA included language
that allows the operating system operators to take steps to safeguard security, as well as privacy
and safety, in narrow ways, but otherwise would prevent security from being used pretextually to
justify anticompetitive behaviors.

The European Union (EU) has adopted the Digital Markets Act (DMA), which includes
provisions to stop platforms from taking steps to give preferential treatment to their own apps
and services. 67 The DMA complements the enforcement of competition law at the EU and
national level. It includes restrictions on combining personal data from different sources,
mandates to allow users to install apps from third-party platforms, prohibitions on bundling
services, and prohibitions on self-preferencing practices. The European Commission (EC) will
be the sole enforcer of the rules, in close cooperation with authorities in the EU Member States.
The DMA also gives the EC the power to carry out market investigations to ensure that the
obligations set out in the regulation are kept up to date in the constantly evolving reality of
digital markets.

Just as with legal rulings about apps in specific context and countries, there are other significant
issues that span well beyond mobile apps and yet are critical to the app ecosystem analysis.
Privacy presents important consumer protection and competition concerns that are often
interrelated. 68 As the UK’s Department for Digital, Culture, Media & Sport said in a 2022 report

64
American Innovation and Choice Online Act, S. 2992, 117th Cong. (2021). See also, American Choice and
Innovation Online Act, H.R. 3816, 117th Cong. (2021).
65
See S.2992, the American Innovation and Choice Online Act, All Actions webpage, Congressional website,
https://www.congress.gov/bill/117th-congress/senate-bill/2992/all-actions?overview=closed#tabs (last visited July
27, 2022); H.R.3816, the American Choice and Innovation Online Act, All Actions webpage, Congressional
website, https://www.congress.gov/bill/117th-congress/house-bill/3816/all-actions (last visited Aug. 29, 2022).
66
Open App Markets App Act, S. 2710, 117th Cong. (2021). There was a similar bill (H.R. 5017) and a related bill
(H.R. 7030) introduced in the House and were referred to Committee on Energy and Commerce (former) and
Committee on the Judiciary (latter).
67
Regulation (EU) 2022/1925 of The European Parliament and of The Council on contestable and fair markets in
the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828, (Sept. 14, 2022), (Digital Markets
Act), https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32022R1925&from=EN; see also, Deal on
Digital Markets Act: EU Rules to Ensure Fair Competition and More Choice for Users, European Parliament News
(Mar. 24, 2022).
68
See, e.g., Alexander, Laura M., Privacy and Antitrust at the Crossroads of Big Tech (December 16, 2021),
available at SSRN: https://ssrn.com/abstract=4013003 or http://dx.doi.org/10.2139/ssrn.4013003.

13
on app privacy, these are challenging issues that deserve international consideration. 69 Content
regulation and intellectual property issues are among other items that also cut across the digital
universe. For example, some commenters raised concerns about content moderation in app
screening, 70 several commenters highlighted important issues raised by intellectual property
rights considerations, 71 and others noted that intellectual property licensing issues generally can
implicate antitrust issues, as described by DOJ and FTC guidance. 72
While all of these are important issues, this report has been focused on areas that may have
particular relevance to the mobile app ecosystem.

69
App security and privacy interventions, UK Department for Digital, Culture, Media & Sport (May 4, 2022).
70
See, e.g., Chamber of Progress, #123, at 4-6 (discussing need for companies to be able to screen for content)
(discussing items such as InfoWars, Baby Shaker, and RT).
71
See, e.g., Recording Industry Association of America, #122, at 2 (“The distribution of apps that flagrantly infringe
our members’ music copyrights is a large and persistent problem. To address this problem, it is essential that mobile
app stores engage in prudent due diligence before permitting an app on their storefront.”); Copyright Alliance, #117,
at 2 (“The problem of infringing mobile apps is growing. [. . .] One of the most important actions that can be taken
to mitigate against such harm [caused by “infringing mobile apps”] is to have the mobile app storefronts engage in
reasonable, enhanced screening of the app developers and the mobile apps before they are offers on the mobile app
storefront, and other best practices to deter infringing apps.”); Engine Advocacy, #98, at 3 (“The government should
continue to take positive steps to ensure that certain [standard essential patent] holders are not able to demand
inflated licensing rates or threaten startups with injunctions. . . ”; “It is essential policymakers resist the pull to
expand the universe of what software development activities constitute copyright infringement. . . . If established
companies were able to use copyright threats to prevent startups from using certain software interfaces—for
example application programming interfaces (APIs)—it would deprive startups of important tools necessary for
interoperability. That would, in turn, make it harder for them to launch and compete.”).
72
Antitrust Guidelines for the Licensing of Intellectual Property, DOJ and FTC (Jan. 12, 2017),
https://www.justice.gov/atr/IPguidelines/download.

14
Means of Distribution
Apps are crucial to the attractiveness and utility of devices. Without apps, mobile devices
provide only the most basic phone functionalities. However, while Google’s and Apple’s mobile
ecosystems are dependent on apps to provide added value, the firms’ dominant positions in the
mobile ecosystem allows them to limit how device users can access apps. This control over app
distribution affects competition among mobile app stores for users and developers and their
control over mobile app stores limits competition.

App installation typically occurs via three mechanisms: Apps are loaded already before a user
gets the device (preinstallation or preloading), a user downloads them from mobile app stores
after purchase or selection, or a user downloads them from outside of mobile app stores (also
known as “sideloading”). 73 Sideloading, discussed in a section below, is not available to most
consumers on Apple devices. Other alternatives, such as mobile app stores (including, e.g.,
Amazon Appstore and Samsung’s Galaxy Store) beyond those of the two dominant firms or web
apps, are further means of distributing apps and services, but are not currently sufficiently viable
options to create robust competition.

Preinstallation and mobile app stores are currently the most significant distribution channels for
apps. Both of these channels, at present, are closely controlled by Apple and Google, with
extremely limited options for distribution outside their default apps and proprietary mobile app
stores.

Preinstalled App and Default Options

One of the primary distribution mechanisms for apps is preinstallation. Over time, consumers
have come to expect certain functionality from their new devices, and preinstalled and default
apps may offer a more seamless experience when they start the device. 74 Google says that
Android devices are preloaded with as many as 40 apps from multiple developers. 75 In addition,
some apps are set as defaults, although they are not downloaded until the device user triggers
that option. For example, a particular browser app might be presented when the device user
clicks on a link.

Access to preinstallation as a means of distribution is limited for most app developers. Decisions
about which apps will be preloaded or set as defaults typically are established by agreements
between carriers, device manufacturers, operating system providers, and third-party developers.
AT&T, the only carrier to comment in NTIA’s Request for Comment, states that Apple
determines which apps will be preloaded or set as defaults on iOS devices, and that Google

73
Sideloading is also allowed for some enterprise customers and for developers for beta testing. See Comment from
Microsoft, #146, at 10.
74
While preloading and preinstalling generally refer to the same concept, one carrier distinguishes between these
terms by noting that preloaded apps are apps that are installed during device set up, and preinstalled apps are apps
that consumers find are already installed and available on devices “out of the box.” Comment from AT&T, #112, at
1-2. For purposes of this report, we will use these terms interchangeably.
75
Comment from Google, #140, at 16.

15
works with a variety of device manufacturers to negotiate which apps will be preinstalled or
presented as defaults on Android devices. 76 AT&T reports that it does not have “sole or even
primary discretion” of which apps will be preloaded, preinstalled, or set as defaults on devices,
nor is it always provided visibility into relevant discussions with device manufacturers.

Device manufacturers are mostly limited to Android for the operating system they can use 77 –as
Apple does not make its operating system available for external device manufacturers – but they
can choose to distribute their own apps and mobile app stores on Android. 78 For example,
Samsung pre-installs a number of its own apps, its Galaxy Store, and the S-Browser on all
Samsung smartphones that operate on the Android operating system. 79 AT&T reports that it
works with some device manufacturers to preload a limited number of apps, which may include
its own branded apps. 80

Agreements to preload specific apps and not to preload others have come under legal scrutiny,
including in a DOJ lawsuit against Google filed in 2020. 81 As part of this lawsuit, DOJ and more
than a dozen states highlighted Google’s requirement that device manufacturers preload their
devices with specific apps chosen by Google, including Google Play, Chrome, and Google’s
search app, in order for them to be allowed to access Google’s proprietary application
programming interfaces in addition to open source Android code. 82 They allege that conditioning
distribution in this way “reinforces Google’s monopolies.” 83

Commenters pointed out that preloaded and preinstalled default apps have a competitive
advantage, particularly in terms of gaining app users and recognition. Public Knowledge notes
that while customers do expect certain apps to be pre-loaded or set as defaults, the “power of
defaults … has major competitive implications.” 84 Forrester Research points out that even if
consumers are aware of other options, they are likely to keep the preinstalled app out of
convenience. 85 Proton, provider of ProtonMail email, VPN, and other communications services,
notes that “pre-installation” is a “powerful tool to lock in users to these specific services” (e.g.,
mobile app stores), since the “average user is subject to ‘default bias’ or ‘status quo’ bias.” 86
Preinstalled apps also can have advantages in the choice of names for the apps as those app
developers can reserve basic, easily recognizable and common search terms for themselves. 87

76
Comment from AT&T, #112, at 2.
77
See UK CMA Report at 29.
78
Comment from Google, #140, at 17.
79
Comment from Google, #140, at 17.
80
Comment from AT&T, #112, at 2.
81
See generally Amended Complaint, United States et al. v. Google LLC, No. 1:20-cv-03010 (D.D.C. Jan. 15,
2021). DOJ and the states allege that “[f]or years, Google has entered into exclusionary agreements, including tying
arrangements, and engaged in anticompetitive conduct to lock up distribution channels and block rivals.” Id. at ¶ 4.
Through these practices, DOJ claims, “Google has thus foreclosed competition for internet search.” Id. at ¶ 6.
82
Id. at ¶ 73-76, 134; See also id. at ¶ 54-55, ¶ 67.
83
Id. at ¶ 135.
84
Comment from Public Knowledge, #127, at 5.
85
Comment from Forrester Research, #102, at 13.
86
See, e.g., Comment from Proton, #147, at 8.
87
John Bergmayer, Tending the Garden: How to Ensure That App Stores Put Users First, at 22, Public Knowledge
(Tending the Garden) (June 2020), https://publicknowledge.org/wp-content/uploads/2021/11/Tending_the_Garden-
1.pdf; Comment from Spotify, #126, at 3.

16
Indeed, the UK’s Competition and Markets Authority found that preloading mobile app stores
presented a competitive advantage in its study of the mobile ecosystem, evidenced by data which
suggested that “downloads through non-preloaded app stores are very low.” 88 As Forrester
Research remarks, mobile “app stores themselves are apps,” and it contends the prevalence of the
mobile app stores of Google and Apple compared to the relative lack of competing mobile app
stores are indicative of the dominance of these preinstalled apps. 89

Various commenters also recognize that Apple and Google have been able to use their control
over app distribution to their competitive advantage, particularly against any downstream content
competitors in adjacent market segments. 90 For example, commenter Spotify notes that Apple
pre-installs its own music and audio streaming apps, such as Apple Music, on iOS devices.
Spotify argues that might reduce users’ interest in and need for downloading other apps that offer
similar features (Apple does note that twice as many subscribers use Spotify’s app than
Apple’s. 91)

Several governments have been exploring what measures might create a more level playing field
among first-party (i.e., Google or Apple) and third-party apps. 92 One tool being explored is a
choice screen to present users with a number of options, rather than only offering a default app.
In 2019, browser choice screens were implemented on Android devices in Europe, following a
2018 European Commission decision finding that Google had improperly “tied” (required as a
condition) preloading of its search app and browser to its Google Play Store. 93 However, Mozilla
states that this particular effort “did not change the status quo” and others have noted that
different elements might be useful in order for choice screens to be more effective. 94

Mobile App Stores

The second major distribution channel for apps is through mobile app stores. Prior to 2008,
mobile phones did not offer mobile app stores for anywhere near the volume of mobile apps
available today, and the capabilities of apps were much more limited for any catalogs that did
exist. At the time, it was the mobile carriers (e.g., Verizon or AT&T) who were the principal

88
UK CMA Report, at 102, 111. Data provided by Google showed that in May 2021, 3.5-4 million apps were
installed outside of the Play Store and 3-3.5 million in February 2022, compared to an average of 100-200 million
apps installed per month through the Play Store in 2021. Id. at 111.
89
Comment from Forrester Research, #102, at 13. Forrester Research also includes the Amazon mobile app store on
Amazon Devices in its statistics.
90
Comment from Spotify, #126, at 2.
91
Comment from Spotify, #126, at 3. Apple says that third-party apps “compete aggressively” against Apple’s own
apps, and notes, for example, “[a]s of 2019, Spotify has twice as many paid subscribers as Apple Music does
worldwide.” Comment from Apple, #132, at 12 (internal citation omitted).
92
See, e.g., Campbell Kwan, ACCC wants all Android devices to have dedicated screen for choosing search
engines, ZDNet (Oct. 27, 2021) (regarding Australia’s competition authority), https://www.zdnet.com/article/accc-
wants-all-android-devices-to-have-dedicated-screen-for-choosing-search-engines/.
93
Comment from Proton, #147, at 8.
94
Comment from Mozilla, #131, at 16; see also, UK CMA Report, at 315; see also, Omar Vásquez Duque, Active
Choice vs. Inertia? An Exploratory Analysis of Choice Screens Applied in the European Microsoft Antitrust Case
(Jan. 14, 2021), https://ssrn.com/abstract=3766468 or http://dx.doi.org/10.2139/ssrn.3766468.

17
gatekeepers of the mobile platform. Arguing that third party apps would create intolerable
security risks, they did not allow many third-party mobile apps.

In early 2007, Skype, which offered an app for video chatting, requested that the FCC apply its
1968 “Carterfone” policy, which allowed consumers to attach third-party devices to the wireline
network if it did not harm the network, to mobile devices in order to open the wireless
application market and create space for greater mobile application development. 95 Skype argued
that applying a “wireless Carterfone” concept to mobile phones would expand the array of
mobile communications applications allowed on cellular phones by giving subscribers control
over software applications. 96 Verizon and mobile association CTIA argued at the time that
opening the networks to apps would impede the wireless networks’ ability to provide secure and
reliable service, an argument that echoes some current sentiments regarding app distribution via
curated mobile app stores. 97

Some telecommunications providers had already begun to accept that new platforms like Apple
iOS or Android would allow more third-party apps like Skype onto mobile phones, and as
carriers relented, the FCC signaled that it would not need to formally apply Carterfone to the
wireless network. 98 At least one mobile app store existed on Apple phones before Apple
launched its mobile app store in 2008 with 500 apps, for which third-party developers were
required to comply with certain terms, including that they could sell their apps only in Apple’s
official mobile app store. 99 Google introduced its own mobile app store then called the Android
Market, shortly afterwards with “over 50” apps. 100 By 2009, two of the major wireless providers,
AT&T and Verizon, had made clear they would not take action to block apps on the major
mobile platforms. 101

Today, Apple and Google are the primary gatekeepers for apps. Both Apple and Google have
their own mobile app stores and limit the ability of third-party mobile app stores. For Apple, its
mobile app store remains the only one allowed on iOS devices. Apple’s prohibition on third-

95
See In the Matter of Use of the Carterfone Device in Message Toll Telephone Service, 13 FCC 2d 420, 424-25
(1968).
96
Skype Communications S.A.R.L., Petition to Confirm a Consumer’s Right to Use Internet Communications
Software and Attach Devices to Wireless Networks, RM-11361 (filed Feb. 20, 2007); see also, Tim Wu, Wireless
Carterfone, 1 Int’l J of Communication 389 (2007).
97
Verizon Wireless Networks, Comments In the Matter of Skype Communications S.A.R.L. Petition to Confirm A
Consumer’s Right to Use Internet Communications Software and Attach Devices to Wireless Networks; 2007 CITA
– the Wireless Association, Opposition In the Matter of Skype Communications S.A.R.L. Petition to Confirm a
Consumer‘s Right to Use Internet Communications Software and Attach Devices to Wireless Networks (Apr. 30,
2007) at 7 (“Opening handsets to run any software potentially exposes wireless subscribers to a host of quality and
security problems”).
98
See Kevin J. Martin, Remarks of FCC Chairman Kevin J. Martin, CTIA Wireless 2008 Las Vegas, NV, (April
2008), https://www.fcc.gov/document/remarks-fcc-chairman-kevin-j-martin-ctia-wireless-2008-las-vegas-nv.
99
The App Store turns 10, Apple Newsroom, (July 5, 2018), https://www.apple.com/newsroom/2018/07/app-store-
turns-10.
100
See Comment from Spotify, #126, at 1-2; Comment from R Street Institute, #116, at 1.
101
See, e.g., Ryan Signel, AT&T Relents, Opens iPhone to Skype, VoIP, Wired, (Oct. 6, 2009),
https://www.wired.com/2009/10/iphone-att-skype/. Following Microsoft’s purchase of Skype in 2011, Skype
withdrew its petition for wireless Carterfone in 2015. In the Matter of Skype Communications S.A.R.L. Petition to
Confirm a Consumer’s Right to Use Internet Communications Software and Attach Devices to Wireless Networks,
RM-11361, Order, Wireless Telecommunications Bureau, DA-15-471 (adopted Apr. 16, 2015).

18
party mobile app stores is laid out in its Apple Developer Program License Agreement (DPLA).
The DPLA prohibits (a) distribution of iOS apps through any mobile app store other than the
Apple’s, and (b) distribution of third-party mobile app stores through the Apple’s mobile app
store. 102 Commenter Meta argues that Apple has interpreted these provisions broadly, rejecting
even “store-like” interfaces such as Meta’s Instant Games. 103

Some Android users have options to download apps from another mobile app store, including the
Samsung Galaxy Store and the Amazon Appstore for tablets. 104 Google itself reports that the
majority of Android devices are pre-installed with more than one mobile app store. 105 However,
Google also pays some device manufacturers and carriers to reduce the visibility of any other
mobile app store. 106 Existing alternative app stores on mobile phones have not gained in
popularity. 107 A user wishing to install an app that is not already preloaded on the phone or
available in a preloaded mobile app store on that device, must download it directly from a
website (“sideload” it). 108 That process requires that the user click through several prompts
warning them of the security implications of their decision. 109 The UK’s Competition and
Markets Authority also noted other “material barriers” to third-party mobile app stores. 110 These
barriers appear to contribute to the Play Store’s dominance on Android mobile devices. 111

102
Apple Developer Program License Agreement,, Apple Developer, Section 7.6,
https://developer.apple.com/support/downloads/terms/apple-developer-program/Apple-Developer-Program-License-
Agreement-20220606-English.pdf (last visited Aug. 29, 2022) (Apple DPLA) (prohibiting distribution of apps
outside the Apple mobile app store (“In the absence of a separate agreement with Apple, You agree not to distribute
Your Application for iOS Products, Apple Watch, or Apple TV to third parties via other distribution methods or to
enable or permit others to do so”)); Apple DPLA, Section 3.3.2 (prohibiting apps from creating “a store or storefront
for other code or applications.”). Note the agreement also says that distribution can be through custom app
distribution.
103
Comment from Meta, #145, at 16.
104
Comment from Google, #140, at 16.
105
Id. at 16.
106
Comment from Epic Games, #134, at 6 (device manufacturers); Comment from Microsoft, #146, at 1 (device
manufacturers and carriers). See also, UK CMA Report, Appendix E: Google’s agreements with device
manufacturers and app developers at E7.
107
See, e.g., Comment from Match, #142, at 5 (claiming that “Google itself has estimated that users spend only 3%
of the time on the Samsung Galaxy Store [the largest competitor] as they spend on Google Play,” citing a complaint
by a coalition of state Attorneys General (37 AGs v. Google Complaint at 26-27)).
108
Sideloading is the process by which a user installs applications on a mobile device from outside the confines of a
sanctioned or preloaded mobile app store on that device. See, e.g., Sideloading from Unofficial App Stores – Why Do
We Do It?, Corrata, https://corrata.com/sideloading-apps-from-unofficial-app-stores-despite-the-risks-why-do-we-
do-it).
109
See Comment from Public Knowledge, #127, at 6 (“Sideloading exists on Android, but it’s a cumbersome
process”); Comment from Trusted Future, #128, at 6; see also, 37 AGs v. Google, Complaint at 28.
110
UK CMA Report, at 82. See also Comment from Epic, # 134, at 3 (comparing the Play Store’s “various artificial
restrictions that inhibit competing app stores’ ability to challenge Google”) and Comment from Microsoft, #146, at 1
(“Google…has contracted with device manufacturers and mobile carriers to prevent them from pre-installing many
alternative app stores on smartphones within the United States”).
111
See Comment from OWA, #149B, at 97; UK CMA Report, at 103.

19
Mobile App Store Benefits

Mobile app stores can help users find, compare, and download software quickly and easily, and
allow developers and businesses to reach global audiences conveniently. They offer curated
marketplaces for consumers by implementing guidelines and removing or rejecting those that do
not comply. They can also provide a level of trust to consumers who might not have the ability
or tools to investigate every app and app marketplace. For developers, curated app marketplaces
provide services such as a payment system, software update installations, and piracy prevention.
They can also offer reduced marketing and publishing overhead. 112

Some commenters specifically praise the current mobile app store concept as providing key
structures that benefit developers. For example, the International Center for Law & Economics
(ICLE) states that closed and semi-closed systems, such as those in mobile app stores, allow
unknown developers to expand because users do not fear malware, and reduce payment
frictions. 113

While acknowledging the utility of an app store model, the question is whether such utility
requires that the stores be run by the operating system provider. As in other markets, a rival
mobile app store could market itself as offering better curation for quality, better security, or
perhaps better privacy. Another store might advertise lower prices by charging a smaller
commission to developers. At present, however, there is very little competition between mobile
app stores despite indications, including litigation, that some developers are dissatisfied with the
terms available from the dominant mobile app stores. 114 As noted above, one reason for this is
limitations from Apple and Google that prevent or limit app stores being offered through their
own app stores or as preloaded apps, and- as discussed in further detail below- being downloaded
through other means.

Sideloading

Additional ways to distribute apps exist, including the sideloading of apps, but these distribution
methods currently see only marginal use. In the context of the mobile app ecosystem,
“sideloading” generally refers to the direct installation of a developer’s native app onto a mobile
device operating system, without having to obtain the app from a proprietary mobile app store. 115
Examples of this practice include installation of a native app directly from a website and
installation of an app via a file copied into the operating system from external media. Android
allows for sideloading, but with restrictions, as detailed below. Apple prohibits sideloading of
apps onto its proprietary operating system through its terms of use. 116
112
See generally, Comment from ACT | The App Association, #130 (including in the comment its Amicus filing in
support of Apple in the Epic Games v. Apple 9th Circuit appeal, at 7); Comment from ICLE, #136, at 8 (noting
promotional support, advertising).
113
Comment from ICLE, #136, at 8; see also, Tending the Garden, at 5.
114
See, e.g., Epic Games v. Apple Inc., 559 F. Supp. 3d 898 (N.D. Cal. 2021).
115
See, e.g., Final House Report, at 76, 79-80. See also UK CMA Report, at 11-12, 99. See also, Tending the
Garden, at 53; Comment from Epic Games, #134, at 10-11; Comment from Public Knowledge, #127, at 6 n.3.
116
Apple indicated to the UK CMA that “engaging in jailbreaking is a violation of the iOS end-user software license
agreements and that, under those agreements, Apple may deny service for an iPhone or iPad that has installed any

20
Apple justifies its prohibition on sideloading largely on safety, security, and privacy grounds.
Apple notes that its prohibition on sideloading is “integral to ensuring that all apps loaded on iOS
meet Apple’s quality and safety standards” and that centralized distribution “prevents and deters
bad actors from attempting to bypass Apple’s privacy safeguards.” 117 Apple also points to
several studies and other sources to argue that sideloading presents a security threat. 118

Google does not strictly prohibit sideloading of native apps on Android devices, but it does
create limitations on the practice that, as noted below, can be cumbersome for users trying to
download apps. 119 Google claims that its policies on installing an app from an “unknown source”
help strike a balance between openness and security, for example, by adding installation
warnings that help consumers assess risk. 120 It also argues that users have other app distribution
choices, besides sideloading, available on its ecosystem such as alternate preloaded mobile app
stores. 121

Several commenters echo the sentiment, found often in debates on the topic, that sideloading
prohibitions or other restrictions serve important societal interests. For example, Trusted Future
writes that Apple’s and Google’s policies on sideloading “foster a trusted app ecosystem” 122 and
that consumers should be able to “choose a mobile device in the marketplace designed to protect
their safety, security, and privacy by design out of the box.” 123 The organization points to various
instances of a “malicious” app or code taking advantage of sideloading, 124 as well as guidance
from federal agencies that highlight security risks of sideloading of unvetted apps and use of
unofficial third-party mobile app stores on mobile devices such as the National Institute of
Standards and Technology and the General Services Administration. 125 ACT | The App
Association warns that sideloading mandates “will increase consumer exposure to risk of
malware giving hackers access to users’ personal information” and notes that the “layer of
restrictions” on sideloading (e.g., needing to jailbreak a device or change settings) serves to
prevent malicious actors from having access to “unwitting consumers.” 126 In addition, many

unauthorized software via jailbreaking.” See UK CMA Report, at 110 n.293. Developers have said that jailbreaking
is not a viable alternative for app distribution. Id. Jailbreaking is a technically complex activity. See, e.g., UK CMA
Report, at 110; Final House Report, at 79. Contrast, Comment from Jay Freeman, #151, at 1 (indicating that
“jailbreaking” has been used to install Cydia, an alternative to Apple’s mobile app store, to iOS).
117
Comment from Apple, #132, at 9-10; see also, Building a Trusted Ecosystem for Millions of Apps: A Threat
Analysis of Sideloading, Apple (Oct. 2021),
https://www.apple.com/privacy/docs/Building_a_Trusted_Ecosystem_for_Millions_of_Apps_A_Threat_Analysis_o
f_Sideloading.pdf.
118
See Comment from Apple, #132, at 9.
119
See, e.g., Final House Report, at 77-80, 184; UK CMA Report, at 23, 101, 111-14.
120
Comment from Google, #140, at 19. See also, Comment from Chamber of Progress, #123, at 5-6.
121
See, e.g., Comment from Google, #123, at 17-18.
122
Comment from Trusted Future, #128, at 6.
123
Id. at 9. See also, Comment from NetChoice, #115, at 8; Comment from Information Technology & Innovation
Foundation, #113, at 17-18; Comment from ICLE, #136, at 6-7.
124
Comment from Trusted Future, #128, at 6-7, 9 (listing the SpyFone app and FluBot campaign as examples).
125
Id. at 8.
126
Comment from ACT | The App Association, #130, at 20.

21
individual commenters wrote in to warn against requiring the Apple ecosystem, in particular, to
allow sideloading because of security concerns. 127

Other commenters describe prohibitions and limitations on sideloading as policy choices that
hinder competition and that can be altered while still addressing security interests of consumers.
Public Knowledge, for example, calls sideloading “one of the best ways to increase user choice
in the mobile app market,” though it also stated that as implemented on Android, “it’s a
cumbersome process that, because Google does not require sideloaded apps to be
cryptographically signed by developers, does carry more risk than necessary.” 128 The
organization writes that the difference between mobile app store apps and sideloaded apps is one
of policy, and sideloaded apps “can have the same security protections as App Store apps
(including sandboxing and code-signing).” 129 Epic Games, which has sued Google and Apple for
alleged anticompetitive practices, questions whether there is a technical need at all to prevent app
distribution from outside a mobile app store, and notes that “Apple does not require [similar
mandatory review and distribution] on Mac devices where users are free to download apps and
software outside of the App Store, and security screens are executed via Apple’s notarization
process”—i.e., that sideloading on other types of Apple devices is permitted and alternative
means of security protection are used. 130 In addition, various individuals wrote comments
expressing support for sideloading to encourage competition and expanded control over
consumer mobile devices. 131

Commenters also note that obstacles to the process of sideloading prevent it from being a true
alternative distribution mechanism. The Coalition for App Fairness argues that Google “actively
discourages consumers from downloading apps outside of the Google Play Store with warnings
and other obstacles.” 132 The Match Group writes that because of the difficulty of the process, it
does not make its apps available for sideloading. 133 The company contends that sideloading on
Android devices is “extremely rare” in large part because “Google itself has gone out of its way
to construct technological roadblocks that make sideloading infeasible for all but the most
technologically advanced users.” 134 The organization cites to an ongoing lawsuit that 37 state

127
Comment from Anonymous, #20; Comment from Michael Robey, #60; Comment from Anonymous, #48;
Comment from T C Aldrich, #76; Comment from Philip Alexander, #15; Comment from Anonymous, #30;
Comment from Kyle McMahon, #36; Comment from Anonymous, #57.
128
Comment from Public Knowledge, #127, at 6. The organization further noted that “[s]ideloaded apps are not
inherently more risky than app store apps from a technical perspective.” Id. at 6-7. Public Knowledge also notes that
sideloading can serve as a “release valve for free expression and other values that are harder to quantify in a purely
economic analysis” by making available apps that would not otherwise be distributed through mobile app stores. Id.
at 6.
129
Comment from Public Knowledge, #127, at 7. See also, Tending the Garden, at 52-56 (providing a longer
discussion on sideloading considerations).
130
Comment from Epic Games, #134, at 11. Epic Games further writes that “[t]he primary function of App Store
review is to ensure compliance with app store guidelines – including commercial terms – not to provide a critical
security function. Core security functions are executed at the operating system and hardware level.” Id.
131
See, e.g., Comment from James Wanless, #29; Comment from Anonymous, #83; Comment from Hao Wang,
#61; Comment from Aaron Sobel, #22; Comment from Anonymous, #66; Comment from Jefferson Jenson, #65;
Comment from Timothy Johnson, #63; Comment from Daryl Kunzmann, #38; Comment from Anonymous, #55;
Comment from John Neemidge, #62; Comment from RJ W, #64; Comment from Anonymous, #21.
132
Comment from CAF, #148, at 5.
133
Comment from Match, #142, at 6.
134
Id.

22
attorneys general have brought against Google, which alleges that “Google staff have internally
acknowledged that sideloading requires ‘15+ steps to get app’ versus just ‘2 steps with [Google]
Play.’ ” 135 OWA claims that having to deal with Google’s security “hoops” has led to lower
adoption of sideloading by users. 136 Forrester Research explains how technical limitations
imposed on sideloading—such as restricting certain API access for sideloaded apps—would
require more resources from developers who want to distribute apps outside mobile app stores. 137

Prohibitions on sideloading and rules that otherwise make it more difficult to obtain apps through
sideloading limit the distribution of apps to consumers within the mobile environment. As
referenced in comments critical and supportive of sideloading, the issue is ultimately a question
of harmonizing measures for both openness and security, and these calculations may be different
in the mobile app space than in other parts of the digital environment (e.g., due to a different set
of expectations from consumers). However, it seems likely that proposed reforms to the current
structure could improve both openness and security, while compromising neither. For example,
U.S. legislation previously proposed in the Senate and House aimed at improving competition in
the mobile app market in particular and digital platforms generally, included requirements that
the gatekeeper platforms remove current obstacles to competition while also providing limited
exceptions for gatekeeper actions necessary to improve security and privacy. 138

Exceptions

Both Google and Apple allow certain trusted individuals and entities to install apps from outside
their mobile app stores. This includes programs for enterprise customers to distribute apps and
app suites privately to their employees and staff. 139 Such programs allow for development and
distribution of apps that are not subject to commercial mobile app store policies. In addition,
developers can get permission to directly install apps on their own devices after compiling them
from source code (for Apple this requires a paid developer account). 140 Microsoft and OWA,
among others, contend this is evidence that there are safe options for managing downloading,
other than prohibiting it outright or adding such cumbersome steps. 141

135
Id. (citing to 37 AGs v. Google Complaint at 29). See also, Utah AG Leads Bipartisan Lawsuit Against Tech
Giant Google, Utah Office of the Attorney General (Aug. 6, 2021), https://attorneygeneral.utah.gov/utah-ag-leads-
bipartisan-lawsuit-against-tech-giant-google/.
136
See Comment from OWA, #149, at 43.
137
See Comment from Forrester Research, #102, at 12.
138
See supra notes 56, 58.
139
See Android Enterprise, Android, https://www.android.com/enterprise/ (last visited Aug. 29, 2022); Apple
Developer Enterprise Program, Apple Developer, https://developer.apple.com/programs/enterprise/ (last visited
Aug. 29, 2022).
140
Tending the Garden at 13.
141
Comment from OWA, #149A, at 29; Comment from Microsoft, #146, at 10.

23
Browsers and Web Apps

Browsers

Browsers provide a gateway to a broad quantity of content and experiences as they connect users
to the Internet. Browsers are also a sophisticated form of software that strongly influence the user
experience and can demand significant system resources, while representing vectors for bugs and
malicious code. Browser development and maintenance requires a large staff with expertise in
language design, graphics, cryptography, virtual machine implementation, power management,
code compiling, real-time media, and more. Mozilla refers to browsers as a “cornerstone” for
accessing the open Internet. 142

To some commenters, browsers form an important part of the competition landscape because
they can be leveraged to facilitate the operation of a different type of app that does not require
the same functionality or distribution options of a traditional “native” app. OWA argues that
browsers (when freed from artificial restrictions) can represent an “open and free universal
platform for apps, where developers can build their application once and have it work across all
consumer devices.” 143

On iOS devices, Apple requires that all browsers make use of Apple’s own WebKit browser
engine. Thus, while multiple competing browser engines exist (most notably Chromium and
Gecko), and all strive to differentiate themselves on features, security, and compatibility, any
web browser downloaded from Apple’s mobile app store runs on WebKit. This means that the
browsers that users recognize elsewhere—on Android and on desktop computers—do not have
the same functionality that they do on those other platforms. One commenter alleges that it is
misleading for Apple to create the impression that browsers other than Safari are available on
Apple’s mobile devices. 144 For users, this means highly limited differentiation between the
browsers available on Apple’s mobile app store, to the benefit of Apple and Safari.

Microsoft states that WebKit requires competing browser makers like itself have a team
committed to the complex task of redesigning the browser to fit WebKit’s unique parameters;
then maintaining, debugging, and updating that browser on a continuous basis. 145 It argues that
given WebKit’s lack of support for common features and slow debugging and patching pace,
developers’ ultimate goal has become the creation of the least-kneecapped version of their
flagship browser, in the hopes that their desktop users’ loyalty will keep them in the fight. 146

142
Comment from Mozilla, #131, at 5; Comment from Proton #147, at 4; See generally, Comment from OWA,
#149A.
143
Comment from OWA, #149B, at 9.
144
See Comment from Anonymous, #99 (noting that the Chrome and Firefox apps are all just “wrappers around
Safari” and full browsers are not implementable on the iOS development environment).
145
See, e.g., Comment from Microsoft, #146, at 12, noting that the WebKit requirement “significantly increases
engineering costs and complexity because iOS must be treated differently from other browsers.”
146
See, e.g., Comment from Microsoft, #146, at 13 (“Microsoft’s own browser engine, Blink, provides objectively
better standards support and performance than WebKit. Edge on iOS is slower than Edge on Android, and new and
evolving web standards that Microsoft incorporates into its browser engine are often not supported on iOS’s
WebKit”).

24
Web Apps

Of particular significance, the nature of the web browsers and operating system providers’
policies affect a broad class of browser-based apps called “web apps.” Designed to run in a web
browser, web apps can be distributed to users without the need to download a dedicated app
(native app). Web apps are a potential avenue for competition in app distribution because they
are based on open standards rather than proprietary operating systems, and they are accessible by
consumers without the need to use a mobile app store. However, there are technical limitations
on their adoption, some of which stem from choices made by the dominant operating systems.

Whereas traditional static web pages lack interactive features and dynamic updates, some web
apps (as well as newer, more advanced Progressive Web Apps, or PWAs) make use of advanced
web capabilities to create interactive websites with numerous enhancements to the user interface
and experience. 147 Web apps can be optimized for design, with artfully crafted animations and
widgets; they can also be optimized for unique connectivity constraints, offering users either a
download-as-you go experience for low-bandwidth environments, or an offline mode if needed.
OWA notes that web apps also offer developers and publishers the ability to quickly deliver
page-by-page updates for bugs and vulnerabilities, removing friction from the update process
and increasing the speed at which programming problems are solved. 148 The foundations of web
apps have been in development since the 1990s, and much of their underlying languages and
techniques are considered mature.

Some commenters contend that, given the proper hardware and operating-system level
permissions, web apps can deliver an experience on par with certain native apps on mobile
devices. 149 Microsoft argues that web apps do not offer an equivalent experience currently,
noting that they are not easy for users to find (because they are not available through mobile app
stores), and – because of restrictions and limitations of the WebKit browser that is required –
lack important functionalities (e.g., processing power, access to hardware and operating system
APIs). 150 Meta states that Apple’s functional limitations on browsers “prevent web apps from
emerging as viable, operating system-agnostic alternatives to native apps” and prevents web apps
“from providing consumers with robust, cross-platform experience that would lower switching
barriers.” 151

Given the possibilities, web apps have been proposed by some as an alternative means of
distribution, outside of the mobile app store listing process and the contentious realm of
sideloading. R Street, for example, contends that “browser- and cloud-based software can
absolutely be used to bypass the constraints of the app stores,” and “give some developers
leverage” in the future. 152 Web apps also allow publishers greater control over how their apps are
marketed: whereas Google and Apple exert complete control over the search and surfacing of

147
Comment from OWA, #149B. HyperText Markup Language, Asynchronous JavaScript and Extensible Markup
Language (XML), and Cascading Style Sheets, respectively.
148
Comment from OWA, #149A, at 39.
149
See Comment from OWA, #149A, at 6; Comment from Public Knowledge, #127, at 48; Comment from Google,
#140, at 8.
150
Comment from Microsoft, #146, at 11-12.
151
Comment from Meta, #145, at 3-4.
152
Comment from R Street, #116 at 2; see also, Comment from NetChoice, #115, at 3.

25
native apps to users of their respective native mobile app stores with little recourse or
transparency, a web-centric web app discovery process provide developers and users an
additional means of discovery with countless means to attract potential users’ attention.

Some commenters contend that the major mobile operating system platforms—both of which
derive revenue from native app downloads through their mobile app stores and whose own
browsers derive significant advertising revenue—have acted to stifle implementation and
distribution of web apps. 153 For example, Microsoft argues that Apple and Google strategically
seek to control the offering of web browser applications in order to ensure that web browsers do
not become a competing platform. 154 Google also allegedly interferes with competing browsers
offering direct installation of PWAs on Android. 155

WebKit Critiques

Apple limits the ability of web apps to compete with native apps by restricting the types
of browsers that are available for iOS users. Commenters describe a large number of missing
features from WebKit, the browser engine, and Safari. OWA points out that many of these
features have been present in other browsers for over a decade and are thus mainstays of the web
browsing experience. 156 Google claims that Apple’s restrictions on non-Safari browsers prevent
developers from accessing the device camera, having visual search, or integrating with other
devices, such as Google Lens. 157 Commenters maintain that many of these missing features
block certain app capabilities, including the ability to access Bluetooth or Near Field
Communication (NFC), which provide key functionality in offering touchless payment
mechanisms through a web app. Another area that commenters raise is their inability (until
recently) to push notifications to the user. 158

Among those features that have been missing or partially missing are the following:

• Notifications, widely agreed to be essential to the web app user experience, have been in
place on Chrome for Android since 2015. Notifications allow the user to be notified of
new events in relation with the app even when the mobile device is on a lock screen. 159

153
Comment from CafeMedia, #124, at 1; see generally, Comment from OWA, #149A, at 6; Comment from Meta,
#145, at 4; Comment from Microsoft, #146, at 12; Comment from Forrester Research, #102, at 14; Comment from
Google, #140, at 8.
154
Comment from Microsoft, #146, at 9.
155
Comment from Microsoft, #146, at 2.
156
See, e.g., Comment from OWA, #149B.
157
Comment from Google, #140, at 8.
158
Comment from Microsoft, #146, at 11.
159
See Comment from OWA, #149B, at 23. Comment from Meta, #145 at 14, (Apple’s lack of support for
notifications on mobile Safari “breaks consumer re-engagement on the web and prevents web apps from gaining
consumer traction”); Comment from Match, #142 at 6 (“Data app users rely on the ability to receive real-time push
notifications”); Comment from Proton #147 at 6 (“in the case of ProtonMail, for example, the reception of a new
email”).

26
 • Fullscreen API, which allows web apps to present a full-screen experience with no
browser interface elements visible and which both Chrome and Firefox implemented in
2011 for Android and in Microsoft Edge in 2015. 160
• Badging, which allows developers to place a notification badge (often a red circular
badge with a number to indicate the quantity of unread notifications) on a document or
application icon and has been available for Chrome users on Android since 2020. 161
• Web Bluetooth, which allows web apps to connect to Bluetooth devices for wireless
peripherals. 162
• NFC functionality, which allows apps and web apps to perform contactless payment
functions. 163 NFC functionality is also limited for native third-party iOS apps (not only
those using web browser functionality). 164
• Service Workers, which permit web apps to perform background tasks such as caching
and pre-loading web pages to allow for offline operation. 165

According to commenters, lack of support for these features would be a more acceptable
condition if Apple allowed other, more robust, and full-featured browser engines on its operating
system. 166 Then, iOS users would be free to choose between Safari’s less feature-rich experience
(which might have other benefits, such as privacy and security features), and the broader
capabilities of competing browsers (which might have other borrowers costs, such as greater
drain on system resources and need to adjust more settings). Instead, iOS users are never given
the opportunity to choose meaningfully differentiated browsers and experience features that are
common for Android users—some of which have been available for over a decade. 167

WebKit’s restrictions also have second order effects: In designing for the web, developers are
forced to design using a browser engine with feature limitations or give the large Apple app
audience. Commenter OWA argues that by supporting suboptimal design for a significant
consumer base, Apple’s WebKit restrictions ultimately affect design and hurt all mobile web
users—not just those using iOS. 168 Multiple commenters note that the only obvious beneficiary
of Apple’s WebKit restrictions is Apple itself, which derives significant revenue from its mobile
app store commissions. 169

160
Comment from Microsoft, #146, at 11.
160
Comment from OWA, at 27.
161
Id. at 27.
162
Id. at 27-28.
163
See, e.g., What NFC does, NFC Forum, https://nfc-forum.org/learn/what-nfc-does/ (last visited Aug. 29, 2022);
Lauren Aaronson, Your Cell Phone is So Money, CNN, (July 28, 2006),
cnn.com/2006/TECH/ptech/07/28/nfc.chip/index.html.
164
UK CMA Report, at 116.
165
See, e.g., Mozilla, Making PWAs work offline with Service workers, https://developer.mozilla.org/en-
US/docs/Web/Progressive_web_apps/Offline_Service_workers (last visited Aug. 29, 2022).
166
See, e.g., Comment from OWA, #149A, at 40 (“Lack of functionality in Safari is less critical where alternate
browsers are allowed.”).
167
See, e.g., Comment from Microsoft, #146, at 13 (“If Microsoft were free to offer a version of Edge on iOS that
relied upon Microsoft’s own browser engine, rather than Apple’s WebKit, it could make numerous innovations
available to iOS users based on technology it already provides on every other [operating system] where it is
available.”).
168
See Comment from OWA, #149A, at 5-6.
169
See, e.g., Comment from Public Knowledge, #127, at 2; Comment from OWA, #149B, at 16-17.

27
Technical Limitations
In addition to the dynamics described above, Apple and Google set in place a number of
technical and policy limitations, both with regards to other means of distributing apps and on the
apps themselves, that are described by some commenters as creating significant barriers to
competition. Some of these limitations, specifically mobile app store screening processes and
requirements that developers use first party in-app purchasing, among others, are highlighted
below. To be clear, this is not an exhaustive list, and some commenters argue that these
restrictions are beneficial to both users and developers. Further, while we are using the term
“technical limitations,” all of these items are the results of policy choices made by Apple and
Google to limit or prescribe access for certain functionality.

Mobile App Store Screening

Apple and Google maintain that they have screening procedures in place to ensure that apps
downloaded to iOS and Android devices are viable, meet certain criteria, and do not negatively
impact the end user’s device integrity and security. Apple and Google are the primary mobile
operating system developers and they argue that controlling access to the mobile app stores is
necessary for them to ensure the security of the operating system, and thereby the user’s device
as well as the user’s privacy. 170 In addition, they state that they ensure that apps function before
being offered to consumers through the mobile app stores. To this end, both the Apple and
Google mobile app stores have published requirements that developers must abide by in addition
to app review guidelines. For example, app developers must agree that the apps (as well as any
tools used to build and maintain an app) will be used in a way that protects user data. 171 In order
to ensure apps’ compliance with these policies, both Apple and Google review every app before
allowing them to be offered through their respective mobile app store.

Some commenters agree that there is a role for app review, both by Apple’s and Google’s mobile
app stores and potentially by third parties. For example, Public Knowledge notes that mobile app
stores can review and reject apps that might “engage in certain behaviors that it is hard to put a
stop to via technical means,” including potentially harmful apps, such as stalking apps. 172 These
policies can help create trusted marketplaces that developers and users depend on. 173 Nokia’s
2021 Threat Intelligence Report, which cites rising malware threats, states that “security of

170
See, e.g., Comment from Apple. #132, at 1, 7-10; Comment from Google, #140, at 2, 15, 18-19.
171
Apple App Review Guidelines 5.1.1, Apple Developer, https://developer.apple.com/app-
store/review/guidelines/#data-collection-and-storage (last visited Aug. 29, 2022); Comment from Google, #140, at
14. Apple and Google took action against SDKs built by data brokers that were selling user data (citing Android
developer answers page, and Byron Tau, Apple and Google to Stop X-Mode from Collecting Location Data From
Users’ Phones, Wall Street Journal (Dec. 9, 2020), https://www.wsj.com/articles/apple-and-google-to-stop-x-mode-
from-collecting-location-data-from-users-phones-11607549061.
172
Comment from Public Knowledge, #127, at 7. See also, id. at 6 (discussing how the mobile app stores are blamed
when they fail to prevent harmful apps or apps with fraudulent business models).
173
See, e.g., Comment from M. Sigman, #3; Comment from Jeremy Guthrie, #13; Comment from Reginald Smith,
#41.

28
official mobile app stores has improved significantly in recent years,” causing the mobile
infection rate to fall over two years. 174

However, other commenters challenge the efficacy and rationale behind Apple’s and Google’s
review of apps. Epic argues that operating the mobile app stores and maintaining operating
systems should be delinked, stating that security is ensured foremost by the operating system,
which controls how apps interact with each other, the hardware and the operating system. 175
Google explains that Android operates in a manner similar to a desktop and laptop operating
system where the system reminds the user to consider the risk of downloading, but ultimately
leaves matters in their hands. 176 Additionally, Apple’s laptop and desktop lines, which run on
MacOS, do not explicitly prohibit users from downloading programs or apps outside a mobile
app store, instead relying on the operating system and warning and confirmation screens given to
the user to protect the device and user data.

Apple’s Review Process

Apple says it reviews each line of an app’s code to screen for any potential harms to user data,
security, and safety before making it available to the public. Apple says it reviews approximately
100,000 submissions for apps or app updates each week, and takes about 1,000 calls a week to
help developers diagnose and cure issues. Apple claims that it rejects about 40% of the
submissions, many because of software glitches or bugs, or because they would compromise
users’ privacy or security. Apple says that most rejected apps ultimately make it into the mobile
app store. 177

Apple offers a highly curated mobile app store and many commenters expressed support for this
model. This curation can come with tradeoffs. As the Chamber of Progress noted in its
comments to NTIA, Apple users do not have access to the large number of “apps available in the
Play Store—most of which are free.” 178 However, the Chamber of Progress further points out
that this may not matter to users who “intentionally seek out Apple products for their security,
privacy, and content moderation practices.” 179 The International Center for Law and Economics
states that “[s]ome end-users and developers prefer more curated and ostensibly safer
ecosystems, while others are most concerned with the sheer quantity of options.” 180

Google’s Review Process

In 2021, Google says it prevented “1.2 million policy violating apps from” launching on the
Google Play Store, “banned 190,000 bad accounts, and closed around 500,000” inactive or

174
Nokia, Threat Intelligence Report 2021 at 5, 22 (2021), https://onestore.nokia.com/asset/210870.
175
Comment from Epic, #134, at 11-12.
176
Comment from Google, #140, at 19.
177
Comment from Apple, #132, at 9 (this comment was filed in May of 2022 and figures used in that might have
changed since then).
178
Comment from Chamber of Progress, #123, at 2.
179
Comment from Chamber of Progress, #123, at 4.
180
Comment from ICLE, #136, at 2.

29
abandoned developer accounts, according to the company. 181 Additionally, Google uses security
protection measures such as Google Play Protect, which scans “more than 125 billion apps each
day” for potentially harmful apps, network exploitation, phishing, and malware. 182

Critiques of the Mobile App Store Review – Transparency

While both Google and Apple explain the benefits of their app review processes and how many
apps they are able to review and approve or reject in a given time period, there is very little
publicly available information to enable independent assessment of the processes employed.
These are closed, proprietary processes and it is difficult for anyone to verify all of the
gatekeeper claims. As a general rule, app developers are provided little guidance as to why they
might have been rejected or why a similar app may have been approved. While Google and
Apple have their specific policies posted on their websites, each company can modify these at
any point. These changes can impact specific technical aspects of apps as well, such as access to
APIs. 183 Additionally, delays in the review process are also financially burdensome, which may
impact smaller developers disproportionately.

While we received comments regarding transparency on both platforms, significantly more

commenters highlighted issues with Apple’s lack of transparency or due process in app rejection.
Microsoft calls it “shifting and discretionary,” 184 while Proton calls it “unpredictable and
discriminatory.” 185 The Coalition for App Fairness describes this as the “arbitrary application of
rules without adequate explanation” and argues that this “causes considerable uncertainty, costs,
and delays for app developers.” 186 One commenter alleges that “many large parties enjoy
‘sweetheart’ deals in lieu of lawsuits between similarly armed legal departments.” 187

Critiques of the Mobile App Store Review – Security

Mobile devices, particularly phones, hold information regarding a user’s contacts,

communications, and whereabouts, as well as apps that allow them to navigate the world, track
sensitive health information, search for potential partners, and pay for physical and digital goods
and services. Protecting this information from abuse, such as malware and fraud, is challenging.

In May 2022, the UK’s Department for Digital, Culture, Media & Sport issued material detailing
the prevalence of malicious and poorly developed apps. 188 Among other items, they summarized

181
Comment from Google, #140, at 19 (this comment was filed in May of 2022 and figures used in that might have
changed since then). See, e.g., Apps removed from the Google Play Store 2022, Statista,
https://www.statista.com/statistics/1329937/google-play-store-delisted-apps/.
182
Comment from Google, #140, at 19.
183
Comment from Forrester Research, #102, at 11-12.
184
Comment from Microsoft, #146, at 2.
185
Comment from Proton, #147, at 7.
186
Comment from CAF, #148, at 13.
187
Comment from OWA, #149A, at 45-46.
188
App security and privacy interventions, UK Department for Digital, Culture, Media & Sport (May 4, 2022),
https://www.gov.uk/government/consultations/app-security-and-privacy-interventions. See also, Code of practice
for app store operators and app developers, UK Department for Digital, Culture, Media & Sport (Dec. 9, 2022),

30
a review of the mobile app store ecosystem from December 2020 to March 2022, and found that
users of apps faced a variety of threats from malign or vulnerable apps, including the installation
of spyware, ransomware, cryptocurrency mining software, or apps to facilitate other scams;
problems they noted occurred across mobile app stores and sideloading to various degrees. 189
Ensuring the security of computing devices is a complex and constant challenge.

It is undoubtedly true that the review process does prevent a significant number of potentially
malicious apps from reaching end users. In 2021, for example, SpyFone, an app not approved by
the mainstream mobile app stores, but available otherwise, was the subject of FTC law
enforcement action for its surveillance of physical movements, phone use and online activity. 190
However, despite screening in mobile app stores, malware on mobile devices remains common
on both Android and Apple’s stores. While there is some debate over the relative security of both
platforms, 191 Android is the subject of more malware attacks. For example, Nokia’s 2020 Threat
Intelligence Report found that “26.6 percent of all malware infestations across all platforms”
were on Android mobile devices in 2020, compared to 1.7 percent on iPhones. 192 Assurances
from Apple and Google about the level of screening might induce consumers to drop their guard,
as commenters have noted. 193

Fraud is also not uncommon and it affects legitimate app developers. For example, app developer
KPAW, who sued, and later settled with, Apple for lost revenue regarding its FlickType app
(which offers an accessible keyboard for low-vision users), 194 had filed a comment with NTIA
contrasting its own challenges getting into Apple’s mobile app store with the fact that many
dubious apps are in that mobile app store and generate income for Apple. KPAW referred to
reports that the AmpMe music app generated over $13 million from in-app purchase

https://www.gov.uk/government/publications/code-of-practice-for-app-store-operators-and-app-developers/code-of-
practice-for-app-store-operators-and-app-developers.
189
Id. See also, Threat report on application stores, National Cyber Security Centre (May 4, 2022),
https://www.ncsc.gov.uk/report/threat-report-on-application-stores; How app development across various app stores
uses security and privacy, Apadmi (May 3, 2022), https://www.apadmi.com/insights/blog/how-app-development-
across-various-app-stores-uses-security-and-privacy/; Literature review on security and privacy policies in apps and
app stores, Department for Digital, Culture, Media & Sport (May 4, 2022),
https://www.gov.uk/government/consultations/app-security-and-privacy-interventions/literature-review-on-security-
and-privacy-policies-in-apps-and-app-stores.
190
Comment from Trusted Future, #128, at 6-7.
191
Sarvesh Mathi, Android Phones Might Be More Secure Than iPhones Now, One Zero, Medium (July 15, 2020)
(but noting also, “[W]hile it might look like Android is becoming safer than iOS, most of the new security features
are only present in the latest Android versions and smartphones, and most Android users don’t have the latest
versions of the software or the hardware”), https://onezero.medium.com/is-android-getting-safer-than-ios-
4a2ca6f359d3.
192
Comment from R Street, #116, at 3 (citing Nokia, Threat Intelligence Report 2020, at 8 (2020)
https://www.nokia.com/networks/portfolio/cyber-security/threat-intelligence-report-2020/).
193
See, e.g., Comment of Café Media, #124 (“Mobile app consumers are directly harmed by misrepresentations
about the state of mobile app security protections.”).
194
Mitchell Clark, Apple settles lawsuit over its App Store moderation and power, The Verge (Sept. 1, 2022),
https://www.theverge.com/2022/9/1/23333362/apple-app-store-lawsuit-flicktype-kosta-eleftheriou-scams; Sarah
Perez, An app developer’s lawsuit over rejections and scammers is allowed to proceed, judge rules, Tech Crunch
(Jan. 31, 2022), https://techcrunch.com/2022/01/31/an-app-developers-lawsuit-over-rejections-and-scammers-is-
allowed-to-proceed-judge-rules/.

31
subscription, while its mobile app store page is allegedly filled with fake reviews. 195 The
Coalition for App Fairness also states that Apple’s mobile app store is “rife with scams and
fraud” 196 because of a failure to adequately invest in mobile app store review and curation.
According to an article by The Washington Post, “nearly 2 percent of Apple’s top-grossing apps
on one day were scams—and they have cost people $48 million.” 197 Commenter Mastersoft
Mobile Solutions says it noticed more than 50 apps on the Apple’s mobile app store were “look-
alike” apps copying its own app, My Last Cigarette, and it contends that drastically reduced its
daily revenue received from the app. 198 Even after notifying Apple of these fake apps, in many
instances there seemed to be no action taken beyond developers being advised that they could
make their apps more visible than phony apps if they bought search advertising from the mobile
app stores. Google Play also has had significant and well reported issues with fraudulent apps. 199

Seemingly innocuous apps such as the fake Trezor app, which first marketed itself as an iPhone
file encryption tool, are approved by the mobile app stores and then might change themselves for
more malicious purposes, in this case a cryptocurrency scam app intended to steal users’ crypto
assets. 200 While these transformations are not permitted by the mobile app stores, the stores rely
on users to report instances of abuse. The counterfeit Trezor app had a 5-star rating in the Apple
mobile app store. Not only were users hurt by these apps, but the real Trezor company contends
that it has been notifying Apple and Google about these fake apps for years. 201

Commenters and experts say that it is possible to implement many of the security measures that
are typically associated with the mainstream mobile app stores without the use of a mobile app
store. One such measure, commenters suggest, is to consider requiring certain rules around code-
signing, which would provide the device and platform maintainer a method to verify computer
code and to prevent continued use of the app. 202 This would be particularly beneficial for apps
that are found to be harmful after they have already been launched to the public. Mozilla permits
add-ons for Firefox outside of Mozilla’s add-on platform, requires add-ons to be “signed,”

195
Comment from KPAW, #153, at 4, citing Oliver Haslam, Scam app AmpMe rakes in $13 million on the back of
thousands of fake reviews, iMore (Jan. 12, 2022), https://www.imore.com/scam-app-ampme-rakes-13-million-back-
thousands-fake-reviews; Sarah Perez, Music app AmpMe lowers pricing after accused of being an App Store
scammer, Tech Crunch (Jan. 12, 2022), https://techcrunch.com/2022/01/12/music-app-ampmelowers-pricing-after-
accused-of-being-an-app-store-scammer/.
196
Comment from CAF, #148, at 16.
197
Comment from CAF, #148, at 16 (citing Reed Albergotti and Chris Alcantara, Apple’s tightly controlled App
Store is teeming with scams, Washington Post (June 6, 2021),
https://www.washingtonpost.com/technology/2021/06/06/apple-app-store-scams-fraud/).
198
Comment from Mastersoft Mobile Solutions, #18.
199
See, e.g., Thomas Brewster, Google Play Warning: 200 Evil Android Apps Stole From 10 Million Phones, Forbes
(Sep. 29, 2021), https://www.forbes.com/sites/thomasbrewster/2021/09/29/google-play-warning-200-android-apps-
stole-millions-from-10-million-phones/?sh=4773202e1627.200 Reed Albergotti, He believed Apple’s App Store was
safe. Then a fake app stole his life savings in bitcoin, The Washington Post (Mar. 30, 2021),
https://www.washingtonpost.com/technology/2021/03/30/trezor-scam-bitcoin-1-million.
200
Reed Albergotti, He believed Apple’s App Store was safe. Then a fake app stole his life savings in bitcoin, The
Washington Post (Mar. 30, 2021), https://www.washingtonpost.com/technology/2021/03/30/trezor-scam-bitcoin-1-
million.
201
Id.
202
Tending the Garden, at 14.

32
enabling Mozilla to block any malicious or harmful extensions. 203 Once an extension is blocked,
it “is disabled in Firefox and users are not able to override the block.” 204

Critiques of the Mobile App Store Review – Commercial Data Collection

Several commenters complain that Apple’s mobile app store review process allows the company
to obtain sensitive commercial information of a potential competitor. For example, a gatekeeper
could use the data it has access to from the mobile app store to determine which products or
features to imitate. 205 Apple states that it does not use non-public data about developers’ apps to
compete with those developers in Apple’s mobile app store. 206 However, other commenters note
that the terms of Apple’s “Made for iPhone/iPad” (MFi) certification agreement “permit Apple
to (i) use any information submitted by licensees to develop its own competing products; and (ii)
terminate the agreement if the licensee brings intellectual property or patent infringement
proceedings against Apple.” 207 This is not a new accusation against Apple. The industry term
“Getting Sherlocked” was named for a late-1990s Apple search tool named Sherlock that had
many of the same functionalities as the earlier and now defunct Watson search tool. 208

Critiques of the Mobile App Store Review – Updates

Another key issue raised by commenters is that any app update, regardless of the reason, must be
approved by Apple or Google before it can go out to user devices. Given the number of apps
being reviewed by Apple and Google, the likelihood of these updates being delayed is
significant. This delay can leave users exposed to potential vulnerabilities despite developers’
best efforts to correct known issues. For example, Apple blocked app updates to “the ProtonMail
app, including essential security updates,” in 2018 because Proton had not included the Apple in-
app payment mechanisms, which was a significant engineering task to add and was not originally
required of apps to get into Apple’s mobile app store. 209

Delays in patching vulnerabilities are of great concern within the U.S. Government as well as to
security and consumer protection experts everywhere. 210 While software generally should be

203
Comment from Mozilla, #131, at 13.
204
Comment from Mozilla, #131, at 13-14.
205
See Comment from Public Knowledge, #127, at 2 (discussing companies that maintain platforms); see also, CAF,
#148, at 10-14.
206
Comment from Apple, #132, at 15.
207
Comment from CAF, #148, at 11 (citing UK Competition and Markets Authority, Mobile Ecosystems: Market
Study, Interim Report (Jan. 26, 2022)).
208
Comment from CAF, #148, Appendix, at 5; Reed Albergotti, How Apple uses its App Store to copy the best
ideas, Washington Post (Sep. 5, 2019), https://www.washingtonpost.com/technology/2019/09/05/how-apple-uses-
its-app-store-copy-best-ideas/; see Comment from KPAW, #153, at 2 (describing how its own product was
“Sherlocked” and citing Apple Strikes Again: Which Developers got ‘Sherlocked’ at WWDC, Apple Insider (June 8,
2021), https://appleinsider.com/articles/21/06/08/apple-striomment frokes-again-which-developers-got-sherlocked-
at-wwdc).
209
Comment from Proton, #147, at 3.
210
See, e.g., Federal Trade Commission, Mobile Security Updates: Understanding the Issues, at 22 (February 2018),
https://www.ftc.gov/system/files/documents/reports/mobile-security-updates-understanding-
issues/mobile_security_updates_understanding_the_issues_publication_final.pdf.

33
regularly updated and maintained, some apps may not require updates, such as some mobile app
games that their developers consider complete. However, Apple and Google announced that apps
that have not been updated in a specific period of time will be removed or unsearchable in their
respective app marketplace. 211 Commenters flag this situation as well, noting that “games that
are not regularly updated are… eventually… removed entirely.” 212

When Google and Apple update their respective operating systems (Android and iOS), this can
cause issues with app functionality. For native apps, iOS may experience fewer of these
challenges since Apple limits backward compatible devices (i.e., phones older than a certain
model cannot receive operating system updates). Since Android has more stakeholders within its
ecosystem, including carriers and device manufacturers, an operating system update must
account for different versions of the operating systems, device compatibility, and other
challenges. 213

In addition, unlike Apple, which tends to update its operating system as a whole, there are many
different versions of Google’s Android used across the wide array of Android devices. 214
Developers must maintain backwards compatible versions of their applications and often
multiple versions of one application.

In-App Purchasing

Third-party developers are subject to the mobile app store operators’ policies and technical
limitations for purchases that users make using an app obtained through the main mobile app
stores. First third-party developers that offer users in-app purchases are required to use that
operators’ own payment mechanisms. 215 This requirement can prohibit third-party developers
from directing users within apps to alternate payment methods, a prohibition typically known as
an anti-steering measure. 216 Apple and Google have enacted some exceptions to the requirement

211
Emma Roth, Apple App Store Appears to be Widely Removing Outdated Apps, The Verge (Apr. 23, 2022),
https://www.theverge.com/2022/4/23/23038870/apple-app-store-widely-remove-outdated-apps-developers; Ron
Amadeo, Google Will Soon Hide Neglected Apps in the Play Store, Ars Technica (Apr. 7, 2022),
https://arstechnica.com/gadgets/2022/04/google-will-soon-hide-neglected-apps-in-the-play-store/.
212
Comment from Microsoft, #146, at 6.
213
See Comment from Forrester Research, #102, at 19-20; Comment from Google, #140, at 23-24.
214
Comment from Match, #142, at 20-21. Although Android releases new versions, many Android users do not
update to the new system. In September of 2019, Verge reported that nearly 15% of Android phones globally were
still using a 2014 release of the Android operating system. Dieter Bohn, Google Can’t Fix the Android Update
Problem, The Verge (Sep. 4, 2019), https://www.theverge.com/2019/9/4/20847758/google-android-update-problem-
pie-q-treble-mainline.
215
See, e.g., App Store Review Guidelines, Apple Developer, (Apple App Store Guidelines), Section 3,
https://developer.apple.com/app-store/review/guidelines/#business, (last visited Aug. 26, 2022); Payments, Google
Play Console Help (Google Play Console Help), Payments, https://support.google.com/googleplay/android-
developer/answer/9858738 (last visited Aug. 29, 2022); see also Final House Report at 80-81.
216
See, e.g., Apple App Store Guidelines Section 3.1.1; Google Play Console Help, Section 4,
https://support.google.com/googleplay/android-developer/answer/9858738 (last visited Aug. 29, 2022). The UK
Competition and Markets Authority notes that the anti-steering provisions “in Apple’s case restrict developers from
referring within the app to other ways a user could pay for digital content, such as through a website and in Google’s
case prevent app developers from providing users, within an app, with a direct link to a webpage containing an
alternate payment method.” UK CMA Report, at 216 (internal citation omitted).

34
that developers use the operators’ own payment mechanisms or to their rules on directing
consumers to alternate payment mechanisms, including based on the type of app and developer.
For example, neither Google nor Apple permit the use of their in-app payment systems for the
purchase of physical goods, 217 so developers with businesses such as ride-sharing or consumer
goods do not have customers go through those mechanisms.

Mobile app store operators also charge fees (referred to as commissions or service fees), to
developers for their users’ in-app purchases and those fees can reach 30 percent per
transaction. 218 Apple and Google each contend that most third-party developers pay far less than
a 30 percent fee for user transactions and some pay no fee at all. 219 While there have been a
handful of reductions of commission or service fees to developers associated with in-app
payment purchases, the UK CMA study found that Apple’s and Google’s “average effective
rates of commission remain” between 25 and 30 percent in the UK. 220

Apple and Google generally claim that their payment policies have helped the mobile app
ecosystem thrive 221 and that they continue to work to find ways to tailor their payment
policies. 222 Apple and Google state that their payment policies are a way for them to recoup

217
Google Play Console Help, Payments Section 3; Apple App Store Guidelines Section 3.1.3. While Apple offers
several exceptions to its in-app purchase mechanism requirement, Apple’s anti-steering provision is inapplicable
only for “reader” apps (which Apple defines as “apps that provide one or more of the following content types—
magazines, newspapers, books, audio, music, or video – as the primary functionality of the app”) Apple App Store
Guidelines, Section 3.1.3; Distributing Reader Apps With a Link to Your Website, Apple Developer,
https://developer.apple.com/support/reader-apps/ (last visited Aug. 29, 2022).
218
Apple Announces App Store Small Business Program, Apple (Nov. 18, 2020),
https://www.apple.com/newsroom/2020/11/apple-announces-app-store-small-business-program (noting a “standard
commission rate of 30 percent”); Google Play Console Help, Service Fees,
https://support.google.com/googleplay/android-developer/answer/112622 (last visited Aug. 29, 2022) (service fee is
30 percent, unless enrolled in the 15 percent tier).
219
Apple notes that “[a]pps that pay a commission account for less than 20% of app on the App Store” and that “the
majority of developers who sell digital content on the App Store pay only 15 percent.” Comment from Apple, #132,
at 11-12. Apple also points to its relatively new Apple Store Small Business Program, under which developers
earning up to $1 million in a previous calendar year can qualify for a reduced 15 percent fee. See also, Apple
Announces App Store Small Business Program, Apple Newsroom (Nov. 18, 2020),
https://www.apple.com/au/newsroom/2020/11/apple-announces-app-store-small-business-program. Google notes
that “[i]n recent months, we moved away from one-size-fits-all pricing to a more tailored approach that accounts for
the variety of different business models across the app ecosystem. We reduced our service fees from 30% to 15% for
all developers on their first $1,000,000 of revenue, from 30% to 15% of revenue for developers in certain industries
that invest in product excellence while in the Play Media Experience program, and from 30% to 15% of revenue for
all subscription services.” Comment from Google, #140, at 9 (citations omitted). Google claims that “[b]ecause of
these reductions, 99% of developers qualify for a service fee of 15% or less, and 97% pay nothing at all.” Comment
from Google, #140, at 10.
220
UK CMA Report, at 272. The UK CMA report also notes that “[o]ther Android app stores . . . charge a similar
headline 30% commission rate.” Id. at 94.
221
See, e.g., Comment from Apple, #132, at 11-12; Kareem Ghanem, How to Sustain a Safe, Thriving App and
Game Ecosystem, Google, The Keyword (Dec. 10, 2021), https://blog.google/outreach-initiatives/public-
policy/how-sustain-safe-thriving-app-and-game-ecosystem/. One commenter argues that Apple’s in-app payment
system “cross-subsidizes” the delivery of services to approximately 80% of apps that are free and otherwise pay no
commission fees, essentially subsidizing the rest of that mobile app store and giving every developer (whether or not
they pay a commission fee) access to a high-quality payment system and Apple as a distributor. Comment from
ICLE, #136, at 8.
222
See, e.g., Comment from Apple, #132, at 11; Comment from Google, #140, at 9-10.

35
investments and maintain their support for the mobile app store, which helps deliver benefits to
developers and users. 223 The companies highlight the link between their payment policies to the
safety and security of consumers, 224 and push back against the notion that their fee collection
practices are outliers in relation to the practices of actors in the broader digital ecosystem. 225
Furthermore, given the services it provides beyond processing, Apple contends that comparisons
to lower fees for services provided by payment processors are inapposite. 226

However, commenters describe the mobile app store operators’ payment structures—or elements
thereof, such as anti-steering provisions or commission fees—as arbitrary and discriminatory, 227
unpredictable, 228 capricious, 229 and bearing no relation to the cost or value of the services the
mobile app store operators provide to developers. 230 One commenter argues that Apple’s
requirement that in-app purchases be made through its own payment system raises the switching
costs from one platform to another (i.e., from iOS to Android). 231 Other developers point out that
Apple’s and Google’s practices prevent the developer from offering competing in-app payment
solutions. 232 Through the “sensitive commercial data” Apple obtains as a result of in-app
payments, one commenter argues that Apple can “swiftly develop its own apps and enter the
services market, competing with app developers whose data played an instrumental role in
Apple’s ability to do so.” 233

Several developers detail their own experiences having to navigate through the mobile app store
operators’ payment structure requirements, including the impact that changes in Apple’s and
Google’s payment policies have had on their products (e.g., by being unable to introduce security
updates). 234 Others highlight the technical burden of having to apply a particular in-app payment
mechanism. 235 The impact of the fee structure arrangement is also prevalent for third-party
developers that directly compete with a mobile app store operator’s own apps, given that the
commission fees are charged only to third-party developers. For example, Spotify, which
describes itself as a direct competitor to Apple, states that the company initially resisted adoption
of Apple’s in-app purchase system, but only adopted it in mid-2014 “after Apple threatened to

223
Comment from Apple, #132, at 11; Enabling Alternative Billing Systems for Users in South Korea, Google
Developers (Nov. 4, 2021), https://developers-kr.googleblog.com/2021/11/enabling-alternative-billing-in-korea-
en.html.
224
See, e.g., Further updates on StoreKit External Entitlement for dating apps in the Netherlands storefront, Apple
Developer (June 10, 2022), https://developer.apple.com/news/?id=3bttqj0z&1654894572; Changes to Google Play's
billing requirements for developers serving users in South Korea, Google Play Console Help,
https://support.google.com/googleplay/android-developer/answer/11222040 (last visited Aug. 29, 2022). See also,
Comment from Taxpayers Protection Alliance, #138, at 1.
225
See, e.g., Comment from Apple, #132, at 11; Comment from Google, #140, at 5. See also Comment from R
Street Institute, #116, at 2. Compare with Comment from Spotify, #126, at 3 n.10.
226
Defendant’s Opening Statement, Epic Games, Inc. v. Apple Inc., No. C-20-5640 at 82 (N.D. Cal. May 3, 2021).
227
Comment from Epic Games, #134, at 5; see also, Comment from CAF, #148, at 7 n.25.
228
See Comment from CAF, #148, at 10; see also, Comment from Spotify, #126, at 3.
229
Comment from Basecamp, #118. at 2.
230
Comment from Match, #142, at 2.
231
Comment from CAF, #148, at 9; but see Comment from ACT | The App Association, #139, at 16-17.
232
Comment from Epic Games, #134, at 7; see also, Comment from Microsoft, #146, at 6-7.
233
Comment from CAF, #148, at 10.
234
See, e.g., Comment from Basecamp, #118, at 3. See Final House Report, at 311-12.
235
See, e.g., Comment from Microsoft, #146, at 6.

36
remove Spotify’s app from the App Store if it did not.” 236 According to Spotify, the company
had to raise its monthly subscription fee as a result of the 30 percent commission fee charged for
all sign ups, while Apple, which launched Apple Music in June 2015, was able to charge what
Spotify calls a “pre-Apple ‘tax’ price.” 237 Spotify stopped accepting in-app purchases in iOS
altogether in 2016. 238 In 2022, Spotify and Google announced a partnership that would permit
Spotify to identify an additional billing system on its app distributed via the Google Play Store—
a self-described exploration pilot program. 239

Apple’s and Google’s mobile app store payment policies, alongside other practices involving the
operation of their mobile app stores, have come under scrutiny in several jurisdictions. In some
instances, private actors have initiated legal proceedings against mobile app store operators over
their practices (e.g., the Epic Games lawsuit against Apple for federal and state law antitrust
violations, noted elsewhere in this report). Other challenges to the operators’ policies and
business models have come from legislative or regulatory bodies. Legal actions—whether
through the court systems or otherwise—have led to some material alteration of the mobile app
store operators’ policies. 240

Other Limitations

Commenters raise a range of other technical and policy limitations applicable to the mobile app
ecosystem and how these interweave with key societal interests, including safety, privacy, and
security. Below are a few additional issues discussed by commenters or otherwise relevant to
considerations about competition in the mobile app ecosystem. Specifically, commenters note
the restrictions placed on access to hardware such as NFC and location tracking functionality,
access to private APIs, privacy considerations, and the specific restrictions on cloud streaming
services such as those used for gaming.

Near Field Communication

236
Comment from Spotify, #126, at 3.
237
Comment from Spotify, #126, at 3.
238
Comment from Spotify, #126, at 3.
239
Spotify and Google Announce User Choice Billing, Spotify For the Record (Mar. 23, 2022),
https://newsroom.spotify.com/2022-03-23/spotify-and-google-announce-user-choice-billing/; Sameer Samat,
Exploring User Choice Billing with First Innovation Partner Spotify, Android Developers Blog (Mar. 23, 2022),
https://android-developers.googleblog.com/2022/03/user-choice-billing.html; and Paul Feng, Continuing our
Commitment to User Choice Billing, Android Developers Blog (Nov. 10, 2022) (regarding first test implementation
of the “user choice billing” pilot for Spotify subscribers in “select countries,” including plans to expand that to the
United States). See also Comment from Google, #140, at 10. See also Comment from Google, #140, at 10.
240
For example, the UK CMA report notes that following enforcement action by Japan’s Fair Trade Commission,
Apple changed to its rules for “reader” apps and began to allow an in-app link to an external website for account
creation and management. See UK CMA Report, at 216 n.541; and Japan Fair Trade Commission Closes App Store
Investigation, Apple Newsroom (Sep. 1, 2021), https://www.apple.com/newsroom/2021/09/japan-fair-trade-
commission-closes-app-store-investigation/. See also ACM: Apple Changes Unfair Conditions, Allows Alternative
Payments Methods in Dating Apps, Authority for Consumers and Markets (Netherlands)(June 11, 2022),
https://www.acm.nl/en/publications/acm-apple-changes-unfair-conditions-allows-alternative-payments-methods-
dating-apps.

37
There have been concerns voiced about the limited access Apple provides developers to utilize
the Near Field Communication technology integrated into its mobile devices. NFC is a
standards-based short-range wireless technology that enables devices in close proximity to one
another to communicate. 241 Perhaps one of the most well-known applications for NFC is
contactless payments. For example, in iOS, a user can upload payment information to the Apple
Wallet application to create a virtual form of a credit card, which can then be utilized by the
Apple Pay application to complete contactless payments. 242

While virtual wallets are not unique to Apple, Apple limits the ability of third-party developers
to fully access the necessary NFC framework to create a competing wallet application on the iOS
platform. As the UK government explained in its mobile ecosystems report, while Apple does
provide developers limited access to the NFC chip’s ability to read and write, it prohibits
developers from using such NFC functionality for payment services, 243 and does not provide
access to “card emulation.” 244 Without access to card emulation developers may only utilize the
NFC chip through Apple Wallet, not through their own apps. In practice, this means that while a
payment company may enable its credit card to be used through Apple Wallet for purchases, it
cannot develop its own standalone app to do so. Apple has positioned itself as the incumbent
virtual wallet app on iOS and device users are stuck with no other choices for competing
applications on the Apple ecosystem, although other choices could offer features that better suit
users’ preferences.

Apple justifies its refusal to permit third party access to card emulation for security reasons.
Unlike Android, which stores payment credentials in the cloud utilizing a process called “Host
Card Emulation” (HCE), Apple stores this sensitive information in tokenized form on the device
in a physical chip called the “Secure Element.” 245 When a user purchases an item using Apple
Wallet, the payment terminal communicates directly with the Secure Element over NFC to
obtain the user’s payment credentials via a token. 246 Apple states that its process offers greater
security and privacy to users and that in order to allow competing virtual wallets on iOS, it
would be forced to grant third parties access to its Secure Element or implement the use of HCE,
which it currently does not support, and that by so doing it would jeopardize the security of

241
Nearfield Communication Dot Org, Website, http://nearfieldcommunication.org (last visited July 28, 2022)
(“Contactless communication allows a user to wave the smartphone over a NFC compatible device to send
information without needing to touch the devices together or go through multiple steps setting up a connection.”).
242
Once the user has uploaded payment information to the Apple Wallet, the user can complete contactless
payments by simply hovering the iPhone over an NFC-integrated payment terminal (which will cause Apple Wallet
to display on the screen), selecting the virtual card with which he or she wishes to pay, and then completing the
transaction by verifying his or her identity (either through facial recognition, fingerprint recognition, or by entering a
passcode).
243
See Core NFC, Apple Developer, https://developer.apple.com/documentation/corenfc.
244
See UK CMA Report, at 187-88.
245
See Lucian Armasu, ‘Host Card Emulation’ Vs ‘Secure Element’: Which Is More Secure?, Tom’s Hardware
(Mar. 23, 2015), https://www.tomshardware.com/news/host-card-emulation-secure-element,28804.html (note also
that Apple converts credit card information into a token so that such information is not actually stored in the Secure
Element).
246
Apple Platform Security, “How Apple Pay keeps users’ purchases protected,”
https://support.apple.com/guide/security/how-apple-pay-keeps-users-purchases-protected-seccb53a35f0/web (last
visited July 28, 2022).

38
information stored on its devices. 247

It is important to note that, in addition to contactless payments, NFC technology may also be
used for apps with other purposes, including education, gaming, health care, identification,
travel, and many others. 248 As such, without greater access to the NFC chip, developers will
continue to be limited at Apple’s discretion and users will continue to be locked into Apple’s
preloaded applications. Consumers and developers might retain their choice between ecosystems,
where factors such as limited NFC chip uses may sway some to consider alternatives.
Additionally, to the extent that such limitations matter substantively to consumers and
developers, limitations placed on NFC use may open the door to additional entrants to the
market.

Access to Location Tracking

The Coalition for App Fairness expresses concerns about Apple’s self-preferencing location
tracking options available to it vis-à-vis third-party developers. 249 Specially, the Coalition writes
that Apple modified iOS to make it more difficult for third-party apps to request and obtain
permission from consumers to track their location when the apps are not being used, whereas
Apple turns on location tracking at all times by default and makes it complicated for users to opt
out. 250

ACT | The App Association argues that the issue of location tracking cannot be viewed solely in
terms of competition, but rather what is best for consumers, which involves considerations of
privacy. 251 The group states that “privacy controls at the platform level” help resolve perceived
privacy concerns by “making it easier to set collection rules for all or specific apps” and that
discussions about making it easier to provide location data implicates “privacy by design.” 252
Public Knowledge contends that Apple’s change in policy was both a “beneficial move that
benefits user privacy, and even national security,” and an exercise in “self-preferencing.” 253 At
the same time, the organization cautions against a policy that would require platforms “to grant
third-party apps the same level of hardware access that the operating [system] itself has[,]” as
that would “likely be harmful to user security and ease of use, with minimal benefit to
competition beyond alternative approaches.” 254 Instead, it suggests, “the best policy solution”
would be to “develop an API that allows other apps or services to make use of location
information in the same privacy-preserving way that Apple does.” 255

247
See UK CMA Report, at 191-92.
248
Simon Hill, What is NFC? Here’s everything you need to know, digitaltrends, (Sept. 10, 2021),
https://www.digitaltrends.com/mobile/what-is-nfc/.
249
Comment from CAF, #148, at 15.
250
Id.
251
Comment from ACT | The App Association, #130, at 12.
252
Id. at 12-13.
253
Comment from Public Knowledge, #127, at 8.
254
Id. at 9.
255
Id. at 8.

39
Access to Private APIs

Among Apple’s restrictions on third-party apps is a general prohibition from calling a class of
private APIs. 256 These private APIs provide for access to certain operating systems and device-
level features, as well as potentially sensitive user and device information. 257 To enforce these
prohibitions, Apple does not conduct random code audits; instead, apps and updates submitted to
its mobile app store are rejected for violation of this rule. 258 Thus, if an app violating this rule is
able to pass the mobile app store review (such as through obfuscation of the code making one or
more private API calls), it is still admitted to Apple’s mobile app store and available for
installation on iOS devices. 259 Further, Apple’s own apps–some of which may compete directly
with third-party apps–are not subject to private API restrictions. 260 That said, the restrictions
have been defended on the grounds that private APIs allow deep access to sensitive user and
device information, and that app developers could (and have) abused this privilege. 261

Other Protections Affecting Privacy Interests

In addition to the privacy-related issues discussed throughout the report, one issue that several
commenters raised is Apple’s App Tracking Transparency (ATT) framework. Under ATT, apps
must obtain users’ consent “before tracking users across other companies’ apps and websites.” 262
Apple describes this initiative (along with others) as giving consumers the option to “choose
maximum privacy protections and control of their information.” 263 Apple also argues that the
effective implementation of ATT is connected to Apple’s ability to require it for all apps in
Apple’s mobile app store. 264

Meta argues that ATT “degrades the free, ad-supported app ecosystem by impairing developers’
ability to personalize ads and to measure ads’ effectiveness” while exempting “Apple’s own apps

256
Apple DPLA, Section 3.3.1: “Applications may only use Documented APIs in the manner prescribed by Apple
and must not use or call any private APIs.” (last visited Aug. 29, 2022), https://developer.apple.com/support/terms/.
Note that there are some exceptions granted.
257
See, e.g., Michael Mimoso, Private APIs have been accessed in contravention of Apple rules to allow for more
persistent and invasive tracking of users, Threat Post (Oct. 19. 2015), https://threatpost.com/apple-to-remove-256-
ios-apps-using-private-apis-collecting-personal-data/115098/.
258
See, e.g., Apple Inc.’s Supplemental Excerpts of Record Index Volume at 26, Epic Games, Inc. v. Apple, Inc.,
21-16506 (Written Direct Testimony of Aviel D. Rubin) (9th Circuit March 22, 2022).
259
See, e.g., Mike Isaac, Uber Used Private API to Access iPhone Serial Number (April 24, 2017),
https://mjtsai.com/blog/2017/04/24/uber-used-private-api-to-access-iphone-serial-number/.
260
See, e.g., “…[F]rom iOS 4.3 until iOS 8, third-party developers had to rely on the UI WebView API to render
web pages in iOS apps, while Apple gave its own apps access to a private, faster API tied to its JIT-enabled Nitro
JavaScript engine. During this time, Google’s mobile version of Chrome for iOS could not compete with Apple’s
mobile version of Safari in terms of speed.” Apple frees a few private APIs, makes them public, The Register, June
13, 2017, https://www.theregister.com/2017/06/13/apple_inches_toward_openness/.
261
See, e.g., George K., On Apple’s Ecosystem, (blog post) (August 21, 2020), https://teapowered.dev/posts/apple-
and-epic/; see, generally, Apple Inc.’s Supplemental Excerpts of Record Index Volume, Epic Games, Inc. v. Apple,
Inc., 21-16506 (9th Circuit March 22, 2022).
262
Comment from Apple, #132, at 6-7, 10.
263
Id., at 6; see also, Comment from Trusted Future, #128, at 3.
264
Comment from Apple, #132, at 10; see also Comment from Trusted Future, #128, at 3.

40
and services from its requirements.” 265 Meta, which is one company reported to be significantly
impacted by the implementation, lists multiple complaints about ATT and concludes that
Apple’s move to ATT “has unsurprisingly benefited Apple while harming businesses, app
developers, and consumers….” 266 Meta also complains that companies with users who have not
opted in to “tracking” have to rely on an ad services API (SKAdNetwork) that has several
significant disadvantages compared to the Apple Ads Attribution API for customers of Apple’s
ad services. 267 Meta claims that ATT in the long run will increase switching costs from Apple to
non-Apple mobile devices. 268

OWA notes that the Apple-Meta dispute over ATT is illustrative of the major advantages that
advertisers have in using native apps compared to the web in targeting ads at specific users, as
well as the potential value to advertisers tracking capabilities present in the mobile ecosystem. 269
Apple also limits third-party apps’ integration with other Apple devices and services and restricts
developers’ ability to track user metrics. 270

Gaming/Cloud Streaming Apps

Restrictions on third-party mobile app stores affect not only potentially competing mobile app
stores, but also specialty mobile app stores, such as those run by Epic Games and Microsoft.
Microsoft’s Xbox Game Pass app allows a user to browse and play games in a curated catalog
maintained by Microsoft, much like Netflix or Paramount+ allow users to stream shows and
films from their ever-evolving catalogs. However, unlike movie or music-streaming apps, Game
Pass offer games by third-party developers, some of which are included for free with a
subscription, and some of which can be purchased by the user for an additional fee. 271 In Apple’s
case, cloud games in the Xbox Game Pass catalog must be developed and submitted as native,
standalone apps. 272 Apple justifies this policy on the basis that each game should have its own
mobile app store product page and user ratings so it will appear in charts and search. 273

265
Comment from Meta, #145, at 4, 7-13.. Meta notes that ATT covers “broad categories of data[,]” including
“displaying targeted ads ‘based on user data collected from apps and websites owned by other companies,’ sharing
email lists or other identifiers with a third-party ad network that uses that information to retarget, and ‘[p]lacing a
third-party SDK in your app that combines user data from your app with user data from other developers’ apps to
target advertising or measure advertising efficiency, even if you don’t use the SDK for these purposes.” Id. at 7
(citing User Privacy and Data Use, Apple Developer, https://developer.apple.com/app-store/user-privacy-and-data-
use/).
266
Comment from Meta, #145, at 11-13. For more information, see, Daniel Newman, Apple, Meta and the $10
Billion Impact Of Privacy Changes, Forbes, (Feb 10, 2022),
https://www.forbes.com/sites/danielnewman/2022/02/10/apple-meta-and-the-ten-billion-dollar-impact-of-privacy-
changes/?sh=411a1fc272ae; see also Kif Leswing, Facebook says Apple iOS privacy change will result in $10
billion revenue hit this year, (Feb. 2, 2022) https://www.cnbc.com/2022/02/02/facebook-says-apple-ios-privacy-
change-will-cost-10-billion-this-year.html.
267
See Comment from Meta, #145, at 10; see also Patrick McGee, Small businesses count cost of Apple’s privacy
changes | Financial Times (Aug, 9, 2022), https://www.ft.com/content/1959b06d-0a6e-4c37-9528-476f83626a86.
268
Id., at 13.
269
Comment from OWA, #149A, at 33.
270
Comment from KPAW, #153, at 7; Comment from Spotify, #126, at 3.
271
See generally, Justin Diaz, Xbox Game Pass Ultimate: Everything You Need to Know, Android Headlines (June
24, 2022), https://www.androidheadlines.com/what-is-xbox-game-pass-ultimate-everything-you-need-to-know.html.
272
Apple App Store Guidelines, Section 4.9.1.
273
Id.

41
Microsoft compares this to other media-streaming apps: “[I]t would be as if each movie or TV
show available in Netflix were required to have a separate app.” 274 It claims that restructuring its
Xbox Game Pass mobile app store would require extensive redevelopment, publication and
maintenance of the more than 350 games in the Game Pass catalog—an undertaking that would
inevitably result in substantial economic inefficiencies. 275 Additionally, while Apple has
effectively prohibited the Xbox Game Pass catalog and the Epic Games store as apps on iOS, it
publishes its own gaming-subscription app on iOS, Apple Arcade. Apple Arcade claims “200+
games with more added all the time,” and is priced as a single subscription, similar in format to
Epic and Microsoft’s competing offerings. 276

274
Comment from Microsoft, #146, at 4.
275
Xbox Game Pass listed more than 350 games available for cloud gaming as of January 2023. Xbox Game Pass
Games, Microsoft, https://www.xbox.com/en-US/xbox-game-pass/games (last visited Jan. 17, 2023).
276
Apple Arcade, Apple, www.apple.com/apple-arcade (last visited Jan. 17, 2023).

42
Recommendations for Increasing Competition and Innovation

Consumers and the economy in general are best served when there is a level playing field for
companies to compete. This fosters innovation and allows the competitive process to select
winners. That said, the need for security is obvious and pressing, and it is clear that maintaining
acceptable levels of security on mobile devices operating systems is not a small or simple task.
The question is, as it has always been, how best to allow for openness at the same times as
addressing these concerns.
Our commentators have offered many potential steps forward, including both fixes for specific
problems and, also, larger reforms. 277 We offer the policy proposals below with the goals of
creating the fair and level playing field in the mobile app ecosystem.

Measures to Support Antitrust Enforcement in App Markets

Antitrust laws combat anticompetitive conduct and serve as an essential tool in the mobile app
ecosystem. For example, as noted above, the Department of Justice and State Attorneys General
are currently engaged in multiple high-profile lawsuits concerning app distribution practices and
are active in the support of private litigation related to competition in the mobile app
ecosystem. 278
Unfortunately, the resources available to the U.S. antitrust agencies have not kept pace with the
challenges they face. During just the last decade, U.S. economic output increased by nearly half,
yet total appropriations for DOJ’s Antitrust Division and the FTC had been essentially flat—and
decreased in real terms, while the agencies need to bring complex cases in this area against some
of the best-resourced companies in the world. 279 Because antitrust enforcement is essential for
ensuring competition in the mobile app ecosystem, it is important that these agencies receive an
adequate increase in resources on an ongoing basis to support their work. 280 The Consolidated

277
See Comment from Mozilla at 13-14. Mozilla argues for the feasibility of a hybrid approach to review of third-
party apps or add-ons, wherein apps are subject to both a “limited amount of automated pre-publication review,” as
well as targeted post-publication review.” Further, third-party add-ons to Mozilla products may be distributed either
through listing at Addons.Mozilla.Org (AMO) (after a thorough pre-publication review of privacy, security, content,
and transparency characteristics); or distributed outside AMO, in which case they must be (a) signed by Mozilla to
help prove lack of tampering or malicious purpose and (b) subject to periodic post-publication manual review
278
See Final House Report, at 323, 330-337. In the context of investigating competition in digital markets, the
Subcommittee on Antitrust, Commercial and Administrative Law recommends in the House Final Report that
Congress consider items such as “establishing nondiscrimination rules to ensure fair competition and promote
innovation online” (at 323), “introducing due process protections for individuals and businesses dependent on the
dominant platforms” (at 330), and strengthening antitrust laws (at 330-37).
279
See, e.g., Department of Justice, Appropriation Figures for the Antitrust Division,
https://www.justice.gov/atr/appropriation-figures-antitrust-division (last visited Aug. 29, 2022); Federal Trade
Commission, FTC Appropriation and Full-Time Equivalent (FTE) History, https://www.ftc.gov/about-ftc/bureaus-
offices/office-executive-director/financial-management-office/ftc-appropriation (last visited Aug. 29, 2022).
280
Department Views Letters on S. 2992, the American Innovation and Choice Online Act, and H.R. 3816, the
American Innovation and Choice Online Act (March 2022), at 2,
https://www.justice.gov/ola/page/file/1488736/download

43
Appropriations Act of 2023 provided a combined total of $655 million to the DOJ Antitrust
Division and the FTC and included the Merger Filing Fees Modernization Act, which will make
merger filing fees “fairer and better targeted,” and increase fees for the largest and most complex
merger reviews. 281

Measures to Create a Level Playing Field for Third Party Apps and Mobile App
Stores

As this report has made clear, a number of barriers hinder the viability of alternative distribution
mechanisms, and ultimately limit competition in these markets. In addition to enforcement of the
antitrust laws, we recommend measures to accomplish the following:

Limit Pre-installed, Default Options and Anticompetitive Self-Preferencing

Congress should enact laws and relevant agencies should consider measures (such as
rulemaking) designed to limit or prohibit discrimination and anticompetitive conduct as a
complement to, and clarification of, existing antitrust authority. 282 Because of the way in which
mobile app defaults, preinstallation, and similar methods by which the platform preferences its
own apps pose barriers to app competition and innovation, specific measures aimed at limiting
such conduct should reduce the unfair advantages garnered from such practices. Any such
measures should consider and enable legitimate platform actions and rules that are reasonable in
order to protect user privacy, security, and safety. These measures should do the following:
1) Allow users to set third party apps or mobile app stores as defaults, and to delete or hide
pre-installed apps;

2) Prevent a platform from using confidential business data it has required from any third-
party app to then support the offering of its own competing app on that platform; and

3) Prevent a platform from “self-preferencing” its own apps in an anticompetitive manner.

This could include mechanisms used by app users to find apps, such as search or other
forms of ranking functionality as well as, more broadly, platforms discriminating
between their apps and similar apps.

281
Consolidated Appropriations Act, 2023, H.R.2617 (increasing antitrust enforcement funding for the FTC and
DOJ from the over 2022 budget), https://www.congress.gov/bill/117th-congress/house-bill/2617/text; and Statement
of Administration Policy H.R. 3843 – Merger Filing Fee Modernization Act of 2022, Executive Office of the
President, Office of Management and Budget (Sept. 27 2022), https://www.whitehouse.gov/wp-
content/uploads/2022/09/H.R.-3843-SAP.pdf. See also Office of Management and Budget, Budget of the U.S.
Government Fiscal Year 2023, at 16 https://www.whitehouse.gov/wp-content/uploads/2022/03/budget_fy2023.pdf.
282
See, e.g., Department Views Letters on S. 2992, the American Innovation and Choice Online Act, and H.R. 3816,
the American Innovation and Choice Online Act, Department of Justice, at 2,
https://www.justice.gov/ola/page/file/1488736/download.

44
In addition, Congress and relevant agencies should consider pursuing measures that might
require further study, such as:

1) Whether “choice screens” introduce more competition options for consumers, or only the
perception of choice; and

2) Whether to address, through rulemaking or statute, barriers created by preinstallation and

default app agreements between carriers, device manufacturers, and both Apple and
Google.

Limit or Prohibit Anticompetitive Restrictions and Conditions on Sideloading,

Alternative Mobile App Stores, Browsers, and Web Apps.

While retaining appropriate latitude for legitimate privacy, security, and safety measures,
Congress should enact laws and relevant agencies should consider measures (such as
rulemaking) designed to open up distribution of lawful apps, by prohibiting anticompetitive
restrictions or barriers to the direct downloading of applications. These measures would be aimed
at:
1) Guaranteeing that platforms allow, or provide, a readily accessible means for users to
download and install third-party apps or mobile app stores, including through means
other than the Google Play Store and Apple’s mobile app store, while allowing for
reasonable privacy, security and safety precautions (e.g., to prevent malicious software
from being installed unintentionally); and

2) Getting platforms to allow installation and full functionality of third-party web browsers.
To allow web browsers to be competitive, as discussed above, the platforms would need
to allow installation and full functionality of the third-party web browsers. This would
require platforms to permit third-party browsers a comparable level of integration with
device and operating system functionality. As with other measures, it would be important
to construct this to allow platform providers to implement reasonable restrictions in order
to protect user privacy, security, and safety.

Address Limits on In-App Purchasing

Limitations on in-app purchasing is a barrier, which tends to favor if not require the use of Apple
or Google’s payment services. As discussed in this report, commenters raised this as a concern,
and these limits are a focus of international regulatory scrutiny. We recommend development of
measures that would explicitly bar platform owners from items such as these below. As other

45
jurisdictions have found, the solutions to some of these problems are complicated to implement
and require a variety of considerations. 283 Examples of potential items to bar include:

1) Requirements that developers of apps use an in-app payment system owned or controlled
by the platform and requiring fees for use as a condition of being distributed on a mobile
app store or accessible on an operating system;

2) Prohibitions on developers notifying users that they can make purchases directly from the
developers on their website; and

3) More generally, conditioning access to the platform or preferred status on the purchase or
use of other products or services that are not part of or intrinsic to the platform itself.

Improve Transparency and Fairness for App Developers in the Mobile App Store
Screening and Review Processes

The current mobile app store screening systems create barriers to entry for developers. While app
screening can play a beneficial role in ensuring that apps are safe, functional, lawful, and secure,
in practice these mechanisms are often used in ways that create unnecessary hurdles to
competition.

1) In particular, as the need to protect privacy has been the stated rationale behind some
Google and Apple policies that implicate app competition, Congress should enact
comprehensive federal privacy protections, as previously called for by this
Administration and the President, to provide basic, across-the-board protections. 284

2) Congress should require the app review process in existing mobile app stores to provide
greater transparency and accountability for developers and other stakeholders.

Encourage Tools and Standards to Increase Interoperability and Reduce Developer Costs

Commenters noted that one barrier developers face is the lack of interoperability between the
two platforms, and the costs associated with developing for both the Apple and Google
ecosystems. The Administration could consider actions that encourage tools and standards that
reduce these burdens.

283
See, e.g., Kate Park, South Korean content providers raise service fees in the wake of Google’s in-app payment
policy, TechCrunch (June 2, 2022), https://techcrunch.com/2022/06/02/south-korean-content-providers-raise-
service-fees-in-the-wake-of-googles-in-app-payment-policy/.
284
See Readout of White House Listening Session on Tech Platform Accountability, The White House (Sept. 8,
2022) https://www.whitehouse.gov/briefing-room/statements-releases/2022/09/08/readout-of-white-house-listening-
session-on-tech-platform-accountability/

46
Additional Considerations

Finally, several other areas might benefit from further inquiry and analysis.

1) One area in particular that made it difficult for NTIA and other entities to study this area
is the reluctance of developers to come forward for fear of reprisal. This has been a
problem for many of the reports created for the White House Competition Council. We
recommend further study of ways for developers to raise issues of unfairness in the
platforms without fear of reprisal, in addition to other measures to increase app
competition and more choice for developers.

2) We recommend further study of, and adoption of, best practices regarding specific
aspects of sideloading. For example, this could include study of general applicability of
the alternative control measures used to allow enterprise use and developer testing
outside of the mobile app stores and the use of signing.

3) We recommend further study of other areas of interest, such as technical limitations—

from update requirements to billing issues—imposed upon gaming and streaming app
subscriptions.

4) We recommend further study of the role of accessibility in the development of app, and
whether there are barriers presented by the current ecosystem to accessing apps and to
apps that facilitate accessibility.

47
Conclusion
It is clear—from government investigations to app studies to press exposés—that the mobile app
ecosystem, which is at its best an incubator for innovation and open competition, would benefit
from policies that help create a level playing field and remove. This report has described a
number of key policy issues currently impeding the creation of a more robust and competitive
mobile app ecosystem, most notably the limited viability of alternative means of app
distribution and the additional technical limitations imposed by Apple and Google on app
developers for their mobile devices. These barriers are due to decisions made by Apple and
Google that are woven into the mobile app stores, the operating systems, and a variety of
technical and policy limitations.
As described in our report, developers face significant hurdles to get a chance to compete for
users in the ecosystem, and these hurdles are due to corporate choices rather than technical
necessities. Even large companies such as Spotify and Microsoft list myriad obstacles that they
themselves face in order to offer their services on mobile devices. Developers described having
difficult and unpredictable experience in mobile app stores. While Apple and Google provide
reasons why some measures might be in place, such as the benefits to users in increased security
and privacy protections, and to developers in terms of access to markets and development tools,
many commenters challenge the technical necessities of these choices and question whether
other models could provide similar if not greater benefit. And in some areas, such as in-app
payments, it is unclear how the current system benefits anyone other than Apple and Google.
Given the growing importance of this ecosystem to our economy and the day-to-day lives of
people in the United States, and the hurdles noted in this report created by the current model,
Congress and relevant agencies should pursue measures described above to open the ecosystem
to greater competition, innovation, and potential benefits for users and developers.

48