We Don’t Have to Sacrifice User Safety and Convenience to Make App Stores CompetitiveMarch 15, 2019
App stores, such as Google Play and Apple’s App Store, have been good for consumers and independent developers in a number of ways. When they work well, they provide consumers with a convenient way to find and buy software that is safe and functional. I remember when my non-technical friends would never install software on their PCs, assuming that it was all a scam or malware of some kind. Now these same people can confidently install, use, and uninstall apps without fearing that it will ruin their devices or steal their personal information. Again, this is when things are working right. There are always bad actors to be vigilant against, and different app store curators do their jobs more and less well.
At the same time, app stores can create problems, particularly competition issues. What if the only way to get software on a device is through an app store — and the owner of the app store disallows the app you’ve made, or the app you want to install? What if you’re an independent developer and you want to compete with the store owner but fear you’ll be discriminated against? What if the rules of the store (e.g., a requirement to use an in-app purchase system that charges a 30 percent fee) makes your business model impossible?
Elizabeth Warren’s presidential campaign has put forward a proposal whereby large tech companies (and she has made it clear that Apple is very much included) that operate a marketplace, like an app store, would not be permitted to compete on that store themselves. Given the preliminary nature of this proposal, it’s not clear if this would apply to apps on the smartphone platform itself as well (that is, preinstalled apps that are not hosted on any app store at all), the use of app stores to deliver software updates, and other matters. And it’s worth noting that the Supreme Court is currently deliberating a case that could affect whether Apple’s app store is seen more as a marketplace that sells apps on behalf of developers, or as a software retailer in its own right.
But, those details don’t necessarily matter at this stage. The proposal brings the issue of the possible anti-competitive effects of Apple controlling an app store, and competing with developers on its app store, front and center. Additionally, just this week, Spotify filed a competition complaint against Apple with the European Commission, and a recent controversy about the seemingly arcane issue of enterprise developer certificates also highlights these issues. They both involve Apple–which is more controlling of its app store, which has pluses and minuses–but the underlying issues are more general. This post will review these examples before discussing some proposed solutions to the issues they raise, and the more general competition problems that arise when an app store or platform owner competes with independent developers.
The enterprise certificate scandal.
Apple allows businesses to distribute apps to their employees without them going through the app store by using an “enterprise certificate.” A few weeks ago, it was discovered that some large companies (Facebook and Google, but the practice is widespread) were using this system to deploy apps outside their companies to ordinary users. The apps in question were specifically designed to monitor users’ phone usage for market research purposes, and would not be allowed on the App Store.
Note that Virtual Private Networks — VPNs — are allowed on the App Store, and they can increase user privacy in many circumstances. But, by design, they can see unencrypted network traffic and all network connections. Apple therefore allows privacy-enhancing but not privacy-violating VPNs in its app store, and the only way Apple can tell the difference is through careful review, since the two functions are technically quite similar. On top of that, the enterprise app system installs a “root certificate” on users’ phones, which even allows encrypted traffic to be monitored, by permitting the enterprise developer to pretend to be someone else. (This is not unsandboxed “root access” to a phone, as apps that are “sideloaded” with enterprise certificates are still limited by the operating system, but it is still quite invasive.)
While it was good to see Apple take steps to protect user privacy in this instance, the episode raises questions about the amount of control it has over what software users can install on their devices. Additionally, its method of dealing with this issue temporarily disabled all of Facebook and Google’s internal apps, even those used for innocuous things like beta testing or scheduling transportation for employees. One can both be glad that Apple was able to protect user privacy in this instance, while also wondering if the tools at Apple’s disposal might give it too much power in general.
Spotify has argued for a long time that Apple’s practices around its app store — in particular, its requirement that if media subscription apps like Spotify offer in-app payment or subscription options, that they use Apple’s in-app purchase infrastructure, which gives Apple a 30 percent cut off the top (for subscriptions, 15 percent after one year) — are unfair. These rules mean that Apple-owned media apps have a built-in, significant cost advantage over rival apps, and that some media business models are not possible at all on the app store. Spotify recently filed a complaint with the European Commission over this and related issues. Apple has responded here.
Apple does not have such requirements for physical goods or services, meaning that consumers can purchase items using the Amazon app, or order a ride from Lyft, using whatever payment system the app developer chooses. Apple also allows people to access content they have purchased outside of the app (e.g., ebooks or a video streaming subscription, or a Spotify subscription) within iOS apps, but apps are not allowed to link people to, or promote those other alternatives.
Google, like Apple, requires that apps use its in-app purchase system for app features (say, unlocking extra game levels, or extra brushes in a painting app). But it treats media content, like music subscriptions or ebook purchases, the same as the purchase of physical goods and does not require the use of its payment infrastructure. Apple is unique in this particular restriction, and many of Spotify’s other complaints are related to it (for example, that Apple rejects app updates it feels violate this rule).
What to do about it?
One of the challenges of tech policy is that tech platforms, products, and services — despite many similarities — are quite different from each other, and specific policies or practices that make sense for one might not make sense for another. Certainly, broad principles (such as due process) may be generally applicable. But here I want to suggest some specific policies that would benefit users by promoting competition without sacrificing the security and convenience that app stores can provide, while at the same time protecting companies from some antitrust complaints. Of course, I’m not suggesting that antitrust law in the US or even the EU requires any of these specific practices or that by themselves they ensure that companies are fully compliant with antitrust law, either. Additionally, while I believe that companies with dominant app stores should follow these practices, different solutions may be required for different kinds of platform.
Apple doesn’t allow “sideloading” — that is, installing apps on a device without going through the app store — at all on its iOS devices. (The exceptions are enterprise certificates, mentioned above, and developers can install apps that they have compiled themselves using Xcode on a Mac.) Sideloading also implies that users can install third-party app stores, which are just apps that install other apps — neither Apple nor Google, for example, allow third-party app stores in their own app stores at all. Devices running Android do allow sideloading, though the feature is off by default. (Android users may be interested in installing F-Droid, which provides access to an extensive catalog of free and open source software.) However, Google’s solution is to allow users to install unsigned apps — which means there is no way to remotely disable sideloaded apps that turn out to be malicious. Apple’s Mac platform, however, points to a better approach than either iOS or Android currently follows — users should be able to sideload apps, but it should be significantly easier to sideloaded apps that are cryptographically signed by developers.
The signing requirement does not mean that signed apps get the same level of vetting as app store apps, but it does mean that malicious apps can be remotely disabled if they become known. App signing, like an app store, is still a centralized point of control, which still might create problems. To avoid this, there should be some provision for users to install unsigned apps, but this can be a more technically complicated process with more scary warnings, and unsigned apps could perhaps run in a more restrictive sandbox (for example, with fewer background processing privileges, no ability to install other apps, and no ability to gain access to a user’s location data, contacts, and calendars). Another approach would be to allow multiple entities to issue developer certificates instead of just the platform owner.
To be clear, sideloading (like web apps) simply creates a release valve of sorts — it does not by itself solve every competition issue with app stores. But it does ensure that no single company is an unavoidable gatekeeper for what apps a user might put on her phone. Apple has (often) been criticized for being overly censorious with its app store, disallowing content on controversial topics and “protecting” people from PG-13 content, even as it has music, video, and bookstores with much more hard-hitting material. In some respects, Apple should just chill out a little and allow people who are 18 and older to access content that makes some people squeamish. But sideloading and alternate app stores would allow Apple to curate its app store as it sees fit without putting an insurmountable barrier in front of customers and developers.
Apple has also been accused of somewhat more political (or at least, lobbying-based) censorship. Last year, Apple initially rejected an application designed to detect net neutrality violations on the grounds that it offered “no benefit to users.” This apparently political judgment raises grave concerns about maintaining a robust marketplace of ideas and potential problems of corporate censorship. Here again, sideloading would allow users to decide for themselves about the potential benefits of detecting potential net neutrality violations while allowing Apple to distance itself from any message or service it considered too controversial.
Eliminate in-app purchase rules for non-app content.
In-app purchase rules for app store-hosted apps make sense for app content — otherwise, many paid apps on the app store would simply convert to “free” apps that have to be unlocked with a credit card, taking away some of the convenience for users of having a single method for buying apps while also removing an incentive for the app store to continue operating.
But that rationale doesn’t apply to things besides actual app features and functions. In particular, it shouldn’t be necessary for apps to pay a hefty 30 percent fee for things like Spotify or Netflix subscriptions, or digital comics and books. Sellers that are forced to use the in-app purchase system for content of this kind either have to charge app store customers more than customers who buy through other means, or disable purchasing features within their apps entirely. Both alternatives are bad for users. If Apple doesn’t require that developers use the in-app purchase system for physical books, it shouldn’t require it for ebooks and other digital content, either.
Nondiscrimination with respect to third-party apps.
Finally, no matter what happens with app store policies, the fact remains that apps that are preinstalled on devices have a significant advantage over competing and alternative apps. At times it may be appropriate to limit what apps a device maker or platform owner can preinstall, to protect the competitive process. But it makes sense that some basic apps should be preinstalled on a device–for example, a browser, an app store, and a messaging app.Here, a nondiscrimination rule seems to be the most appropriate. Devices should allow third-party apps to have the same functionality as first-party apps, users should be able to set them as the default, and users should be able to uninstall or hide most pre-installed apps, as well. (Certain apps, such as the phone app that allows 911 calls, should not be able to be uninstalled!)
Accomplishing all this might be tricky; the reason that some first-party apps have capabilities that third-party apps don’t is that they are using unpublished APIs that might change at a moment’s notice (meaning that third parties should not depend on them), or system integrations that could cause security or performance problems if used incorrectly. The APIs that are made available to outside developers are typically more stable and secure, and they don’t usually change without advance notice to developers. Thus, while the other proposals in this post might cost an app store owner some lost revenue but would otherwise be straightforward to implement, this one would take some work. At the same time, asking Apple to implement these policies for iOS is not asking it to do much more than it has done on the Mac for decades, and the benefits to consumers and competition would be significant. These costs would be a fair price to pay for a company with such a dominant market position.
It’s about balance.
The gatekeeper and competition issues caused by app stores aren’t going away. At the same time, solutions to them should seek to maintain the convenience, security, and privacy benefits of software that is at least somewhat screened, since we’ve learned from experience that allowing any app, from anywhere, to have unfettered access to a user’s computer or other device is not good, either. No one wants smartphones to become like the virus and “toolbar”-infested Windows 98 family computers of the past. Security and openness may need to be balanced, but neither needs to come at the sacrifice of another.
About John Bergmayer
John Bergmayer is Legal Director at Public Knowledge, specializing in telecommunications, media, internet, and intellectual property issues. He advocates for the public interest before courts and policymakers, and works to make sure that all stakeholders -- including ordinary citizens, artists, and technological innovators -- have a say in shaping emerging digital policies.