Infrequently Noted

Alex Russell on browsers, standards, and the process of progress.

The Web Is An Antitrust Wedge


Updated:

This is part 16 of the series "Browser Choice Must Matter"

It's a day that ends in "y", which means The Verge is at it again: covering the regulatory tussle over mobile ecosystems without mentioning browsers, the web, or PWAs.

This long-established pattern is as frustrating as it is predictable. Silicon Valley's journalists fail readers by neglecting to connect the dots between the forces that kept desktop OSes open and the suppressive tactics the mobile duopolists1 deploy to prevent similar outcomes. And this despite connections handed to them on a platter by OWA and others. In 2026, the choice to cover app store regulation exclusively through the lens of steering and native app alt stores is a yawning blind spot.

Capable browsers, and the PWAs they support, hold the power to grow an ecosystem of applications that no gatekeeper can own or tax, based on standardised APIs that resist enclosure. Apple goes to extreme lengths to prevent the emergence of browser engine choice to obstruct the app store's most credible disruptor. But few outlets are connecting these dots for readers.

Cupertino is terrified of the web's potential, but you'll never read about it on the pages of Wired, MIT Tech Review, The Verge, or 404. Loyal readers remain uninformed, never clocking how regulators have acquiesced to the gatekeepers' stalling and misdirection. Only The Register and TNS understand what time it is, covering the essential points regularly:

These regulatory and journalistic failures are not victimless, circumscribing what technology can be for us all, both positive and negative.

In 2026, it should go without saying that billionaires at the helm of Big Tech firms cannot be trusted to do anything but cower and pirouette for Mad King Trump. The "good ones" have been proven feckless when presented with opportunities to defend democracy and decency. The rest are either actively fascist, fascism-curious, fascist-enabling, or so engrossed in tax dodging they haven't clocked the rule of law succumbing to attacks by their peers. Not that there's much hope they'd stand up for it; they've got theirs, Jack.

These are the masters of the universe demanding control over what happens on our most personal computers.

In an era when they still claimed to be changing the world for the better, the lies told to justify an invasive, unsafe ecosystem of native apps went down more easily. The duopolists provided shockingly deep hooks into our lives for native app developers while shielding them from adversarial interoperability. In exchange, they demanded control over distribution and taxed the pants off the gambli... — sorry, "casual games" — and privacy degrading social media apps that powered the growth of the native app ecosystem.

Accomplishing this feat required defeating threats from open technologies, because open systems allow users to assert their interests in the face of abusive and predatory software. If users had a vote where useful software could be acquired, or could use browsers for more of their needs, it wouldn't be possible to tax developers at such a high rate. The anti-privacy, anti-user agenda that Apple and Google draw excess profits from cannot survive open technology. This is reason enough for democracies to demand portable, standards-based software.

Democratic societies have wider interests too, and we see clearly that trusting Apple and Google with as much market power as they demand is a threat to those goals. The shocking ethical derelictions of the app stores provide yet more reasons to demand regulators legalise open technology.

Software and digital services benefit from network effects, creating acute winner-take-all dynamics in markets where countervailing forces are suppressed. Traditionally, those crosswinds for would-be monopolists have included over-the-top applications, Open Source software, adversarial interoperability, and end-user modulation through open platforms (e.g., ad-blocking browser extensions). Over time, these disciplining factors can break the hold of short-term monopolists, returning power to users and forcing abusive proprietors of services to do better by society or risk losing market share as moats dry up from the pressure.

The iOS and Android duopoly have rendered these recourses illegal and impractical, minting a small number of durable winners. The CEOs and founders of these colossuses are the new tech oligarchs, and their actions in recent years provide compelling arguments against both money in politics and the idea that there can be such a thing as a "good" billionaire.

The broligarchs have shown no compunction towards subverting the state for illegitimate private ends. Having corrupted American politics with torrid rivers of cash, news of their support for anti-democratic, authoritarian regimes around the world no longer surprises. Shocking evidence of this corruption is on display almost daily. Not content to curdle American governance, the broligarchs now demand others desist in enforcing their laws lest they dampen their accelerating profits.

This corrosive effect is only possible thanks to the intense concentrations of wealth enabled by perverted market structures. These twisted markets are themselves the result of decades of neo-liberal anti-antitrust groupthink. Contra Bork, the social contribution of robust antitrust enforcement isn't just lower prices. Reducing the power of private actors promotes stable institutions and honest dealing across a wide swath of society. Samuel Bagg frames the opportunities for antitrust enforcement similarly:

...many practices of constitutionalism are justified on similar grounds: i.e., that first-order constraints on the abuse of power can only be sustained through second-order limits on the concentration of power more generally. Where modern constitutionalism aims primarily to limit the concentration of public power, however, the anti-monopoly tradition follows earlier materialist forms of constitutionalism in viewing the concentration of private power as equally dangerous (Andrias 2015; Fishkin and Forbath 2014; Khan 2018). After all, problems of capture arise not from the existence of public power as such, but from its relationship to private interests.

— Samuel Ely Bagg,
"The Dispersion of Power, Chapter 6.1"

Tim Wu charts this history of antitrust thinking, noting that:

Back in the 1950s and 1960s, the anti-monopoly enforcers were of a different and much tougher mindset. They were closer in disposition to Theodore Roosevelt and tended to see the stakes of anti-monopoly as transcending mere economics and spilling into questions of democracy and political destiny. Influenced by the recent experience of the Second World War, American officials believed that fascism and corporate monopoly were linked. They feared that excessive corporate power would bleed into fascism or contribute to a communist uprising. Famed antitrust enforcer Thurman Arnold blamed German monopolies for helping Hitler rise to power.

— Tim Wu,
"The Age of Extraction, Chapter 2: Platformization"

Like Wu and other Brandeisian thinkers, Bagg finds counterweights to these corrosive forces useful, both structurally and specifically:

Countervailing power is the natural complement to anti-monopoly. Both demands are set in motion by the insight that capture is most often perpetrated by certain hegemonic actors and groups — i.e., those with the most concentrated private power and organizational capacity — and that protecting the public interest thus entails special attention to those specific forces. Where anti-monopoly entails targeting their resources and organizational capacity directly, however, practices of countervailing power aim to support their opponents.

— Samuel Ely Bagg,
"The Dispersion of Power, Chapter 6.2"

The web is such a countervailing power, bringing with it a large ecosystem of developers and publishers that can jump-start mobile contestability. Real browsers and web apps present a potent, two-sided ecosystem competitor. Because browsers feature low switching-costs compared with replacing phones, and provide a standards-based, interoperable app platform, they carry maximum potential to disrupt the market-concentrating effects of app stores whose software catalogues are welded to specific OSes. These properties pose a credible threat to the smartphone duopoly's extractive, anti-competitive status quo. Indeed, we can expect real browser competition to finally make Apple and Google competitors. This can return economic surpluses to users and businesses, rather than the duopolist's shareholders.

A web liberated to compete has already demonstrated the power to align forces that erode gatekeepers' influence through competition between browsers and their engines. Interoperability and a grounding in royalty-free standards pairs with this competitive engine to expand the penumbra of capabilities that enable new entrants without simultaneously convincing all developers to build for a new OS.

Because browsers commoditise OS features, the competition between them — both internal to, and across the existing Android and iOS deployed base — grows a corpus of essential apps that any new entrant needs (the Bridge Strategy). Instead of forcing a new smartphone OS to convince every software house to build new apps for their new APIs (simultaneously), or to brave legal and technical threats as they implement Apple and Google's APIs wholesale, browsers and PWAs shrink the missing software gap tremendously. Should browsers make hay on iOS and Android the way the DMA's drafters hoped, new market entrants only need to port competent browsers (a much smaller lift) and fill in a greatly reduced app gap.

But even if a new competitor doesn't emerge thanks to the web, browsers discipline incumbents in-place by providing competition with their proprietary software ecosystem. When mobile OSes feature sustained browser competition, incumbents help expand the web's carrying capacity or risk marginalisation.

This dynamic played out in the 2000s and 2010s as Internet Explorer lost share to competitors thanks to Microsoft's under-funding. Firefox, Chrome, and Safari worked to expand the power of the web, pushing IE's once 90+% dominance to the curb while dramatically growing the list of tasks users turn to the web for. Eventually, Microsoft capitulated, switching to Chromium to regain compatibility with a dynamic, growing web that threatened to pass it by.

Proprietary incumbents prioritise user needs over their own extractive agendas when competition from open ecosystems is enabled by low switching costs.2 This paves the way for competitors, expanding the power and relevance of low-cost, interoperable technology with each competitive iteration. We have seen the web's wedge work against API enclosure on the desktop, with a large majority of all new desktop software being written first as web applications and only later (and optionally) wrapped in WebViews to deliver needs from a shrinking set of "last mile" capabilities that the web doesn't provide out of the box.

Such is the power of interoperability made manifest; it's far past time for the tech press and regulators to speak clearly about the anti-web game the duopolists are playing to prevent the web from breaking out.

Several points are plain to anyone engaged in mobile ecosystems. There are many sub-points to quibble about, and various parties talk their own books, but the broad strokes are accepted by all sides:3

A publicly contested (but privately conceded) corollary is that the web is not dominating mobile the way it does desktop because it has not been allowed to compete. From Apple explicitly suppressing competing browsers and breaking critical features OS-wide on the regular, to Google's history of discouraging internal teams from writing mobile web apps and denying competing browsers access to critical PWA features, the fix has been in for 15 years.

Apple and Google's anti-competitive policies keep web apps from threatening the foundations of their App Store revenues by forcing developers to build to the APIs that the incumbents control. This grounding in Apple and Google's proprietary APIs is the root of the duopolist's power. They use it in combination with threats and promotional inducements from their stores to enlist developers in promoting features of the hardware and services they monetise.

Open, interoperable, safe-by-default runtimes with standardised APIs threaten the foundations of this structure by breaking the duopolist's chokehold over software distribution. Browsers, and their core function of abstracting away the proprietary APIs of OS vendors, create a tax-free zone outside the grasp of the OS incumbents' mafioso App Store tactics. To ensure the web cannot threaten the API enclosure today's mobile ecosystems are founded on, browser competition must be suppressed and browsers themselves incapacitated.

That Apple has managed to pull this off is a scandal. But our tech press and commentariat do not cover the web as a true threat to App Stores. Instead, they fixate on alt stores as a mechanism to supplant gatekeeper control. This is a gift-in-kind to the duopolists. By failing to acknowledge the power of the web to disrupt entrenched OSes (as demonstrated by the past 20 years of desktop computing), the press are failing to communicate the stakes of regulatory failure to enable browser competition. This, in turn, excuses woolly regulators as they squander the ripest opportunity for reform in living memory.

The dream of the alt store is a mirage, or at least a distraction. Windows is able to sustain several successful native app distribution systems in addition to Microsoft's own (e.g., Steam and The Epic Games Store), but these systems are tied to specific verticals and the APIs desktop developers target are de facto open and stable. The incumbent's app stores have significantly larger scope and tie together a host of services that require critical mass to disrupt.

The web presents one of the only ecosystems with enough existing use and investment to plausibly re-create a substantial fraction of this ecosystem value without the cold-start problem. Other challengers face a daunting choice: focus on a less expansive vision by diverting into narrow app categories, or depend heavily on OS services and APIs. Either option reduces contestability and detracts from the potential for a successful, interoperable mobile software ecosystem.

Browsers provide an alternative. Because they synchronise payment instruments, identity, and user preferences over the top of the OS, users experience reduced friction when transferring to the web versus a competing native ecosystem. And because most folks already invest a significant fraction of their digital lives with their browser, apps that run on the web are a more credible threat to the status quo than alt stores filled with native apps that must choose between rebuilding all of this from scratch or buttressing the lock-in of OS vendors.

Regulators facing choices about where to invest scarce resources should foreground browser engine choice and web apps because they create mass behind their agenda and bring a powerful, pre-existing ecosystem to bear. The alternative is playing whack-a-mole with gatekeepers over easily divide-and-conquered alt stores.4 Once browser-based apps can address the bulk of the market, the lift required to institute fair distribution terms in other verticals will be substantially reduced.

Instead of promulgating proprietary APIs, the web provides an answer to regulators' central problem: how to bootstrap an ecosystem of interoperable software?

Capable browsers are the proven answer. Unleashed by aggressive policy intervention a quarter century ago, the web has become the most abundant app store of all time. As the D.C. Circuit Court predicted in finding against Microsoft in 2001:

...were middleware to succeed, it would erode the applications barrier to entry. Because applications written for multiple operating systems could run on any operating system on which the middleware product was present with little, if any, porting, the operating system market would become competitive. Id. p p 29, 72.

But as the District Court found, middleware will not expose a sufficient number of APIs to erode the applications barrier to entry in the foreseeable future.

— US D.C. Circuit Court, Per Curiam,
"U.S. v. Microsoft Corp., 253 F.3d 34 (D.C. Cir. 2001)"

What the court failed to understand in 2001 was that Microsoft had already made the browser a complete platform. Even after Redmond disbanded the IE team after the 6.0 release, it would go on to midwife applications like Google Maps, GMail, and Google Docs; in its zeal to see off Netscape, Microsoft sowed the seeds of Win32's irrelevance. Firefox, Chrome, and (yes) Safari built on the momentum, unlocking adjacent possibilities that brought new categories into the web at a rapid clip. Today, design, CAD, software development, and scientific computing regularly happen in-browser and more than 70% of desktop "jobs to be done" are now handled on the web.

PWAs complete the story for the mobile era, unlocking participation in the tap-and-swipe ecosystem today's duopolists are working enclose through app stores. Just like a quarter century ago, the web is already the answer; we just need to clock it as such and legalise powerful browsers.

So-called alt stores are a less compelling solution because they hold less power to create competition with low switching costs. Instead of providing developers with standardised APIs, they continue to weave the duopolist's proprietary technologies and services into each app. This reduces app portability, increases developer costs, and implicitly helps to build a moat against new OS entrants. A hat-trick of lock-in.

Instead of settling for a world in which alternatively distributed apps must attempt to re-create the technical foundations of interoperability for themselves, regulators can win both interoperability and momentum for their efforts by unblocking real browser choice and PWAs enabled by it. Browser engine projects feature large teams whose entire job is to intermediate between OS-specific APIs and web apps, enabling developers to write to a single interoperable platform out of the box.

The opportunity to harness both a large ecosystem of developers used to building for an interoperable platform, and teams of C++/Rust engineers accustomed to competing to provide improvements to that interoperable platform should have rocketed the web to the forefront of every regulator's thinking. The new powers that the EU's DMA, the UK's DMCCA, and Japan's MSCA provide in theory need concrete enforcement actions to bring the duopolists to heel, and the web's advantages in efficiency of regulatory intervention, reduction in security risk, and pre-existing cross-OS interoperability are unparalleled.

It pains me deeply to acknowledge that the institutions handed new powers by the DMA, the DMCCA, and the MSCA are universally failing to prioritise the transformative power of browsers as they work to enforce the provisions of these laws. Instead of focusing fire on the lowest-risk, highest leverage intervention, regulators are being side-tracked and talked down from pursuing aggressive browser choice enforcement.

Consider Apple's opening offer to the EU. The DMA only allows gatekeepers to impose necessary and proportional security restrictions on competing browsers and their engines.

Regardless, Cupertino larded up its package of DMA deliverables with terms for building browsers that include clearly unlawful contractual obligations (pdf) having nothing to do with security. These restrictions levy costly and unworkable demands on the architecture of competitors' products. Alternative browser engines have long featured better security, performance, extensibility, and even privacy than Safari. Should they not be superior, the DMA provides a straightforward solution: competition, rather than legal arm-twisting.

In case procedural hurdles weren't enough disincentive, Apple also hobbled its browser SDK, omitting support for obviously in-scope features including the ability to handle in-app links, support web apps on the home screen, and disambiguate push notifications. It has built and shipped all of this for Safari, in some cases relatively recently, so it wasn't a case of forgetfulness. Brushed back from attempting to murder web apps on the eve of DMA enforcement, Apple simply chose to duck complying with the law by dressing up violation in umbrage and legalese.

Cupertino's design carefully omits the capabilities that would unlock direct competition with the app store, safe in the knowledge that so long as Safari is the only browser with access, it can keep the web hobbled and broken. This is a blatant affront to the DMA's plain meaning and legislative intent, and dovetails with extralegal attempts to apply maximum pressure on the EC to accept less than half a loaf.

Recall that Apple initially argued that it didn't have time to comply given a mere two-year run-up. It was enough time for all of Apple's competitors, but somehow not for the self-proclaimed titans of software from Cupertino.

That was two years ago.

Has the offer improved regarding these strategic omissions? Not one iota.

Indeed, Apple is now lying to our faces; from its latest DMA compliance report (emphasis added):

(45) For the purposes of allowing alternative web browser engines to interoperate with iOS and iPadOS, Apple makes a suite of functionalities available so that browser apps and apps providing in-app browsing using alternative browser engines can be installed and run on iOS and iPadOS in the EU. Apple provides authorized developers access to technologies within the system that enable critical functionality and help developers leverage high-performance modern browser engines. These technologies include Just-in-Time compilation (which provides performance benefits by helping browsers to quickly and efficiently render JavaScript content), multiprocess support, and more. Third-party browser apps using third-party web browser engines can support and run web apps.

— Apple, March 7, 2026 (pdf),
"DMA Compliance Report Summary, Page 201, Section V."

This misleading text suggests that Apple has provided APIs to competitors to support these core use-cases through their own engines; it manifestly has not.

Faced with such strategic flouting of these the law, one might assume regulators with a sense of their own prerogatives and legislative intent might respond with overwhelming force.

Instead, the DMA team at the EU have moved haltingly as Apple plays for time through processes the EC forced Cupertino to create after previous bouts of transparent gamesmanship (pdf). Clear, unambiguously in-scope requests from competitors languish while the Commission settles for tweaks that cannot change the balance of power. Far from fulfilling the law's legislative intent, contemporary DMA enforcement appears unable to prioritize action that will unleash the tools of revolution from action on necessary-but-insufficient nips and tucks.

Rather than treating Apple's belligerent, maximalist strategy as a joined-up attack aimed to deny oxygen to the most effective competing ecosystem, the DMA's enforcement group has ratified Apple's redrawn boundaries through studious inaction. Like Sykes and Picot with a ruler, Apple has drawn lines that favour its interests above all else, and authorities that could countermand its declarations are notable only by their absence. The perspective from Brussels seems to be that these questions are now simply competing claims by equally mucky mud wrestlers, rather than galling non-compliance and an affront to the point of the DMA.

Rather than bearing down on structural issues, regulators appear immersed in dense debates with the scofflaw's counsel over inconsequential details. Even in the areas that it is levying fines, the EC is not challenging the structure of Apple's power. This is tantamount to settling for minor tweaks on the status quo. If the DMA was designed to redress the problems it enumerates, this is failure by the EC's own yardstick. We're entering year three of DMA enforcement, and meaningful change is not obviously closer. Why not?

To hear the regulator's apologists tell it, they're concerned with litigation. Litigation! As though Apple wouldn't sue regardless.

No amount of punch-pulling or case-buttressing will prevent Cupertino from rolling out its shockingly large army of lawyers. Apple already spends more on lawyers every year than the fines the EU is proposing!

This is the same company that used lawyerly nonsense to hold up the UK CMA's investigation for nine months, implausibly arguing the regulator hadn't brought the boom down fast enough on its own bad behaviour, and therefore couldn't do so later. It was never a serious argument, but when dressed up in enough £1000/hr legalese, Apple's calculated attempt to create delay paid massive dividends. Nine months of regulatory delay is worth many billions to Cupertino.

Apple is conducting a maximalist campaign against the very concept of the rule of law when its profits are at risk, and having paid off a deeply corrupt US administration, the intensity and reach of that campaign is only increasing. All of this should create a deep, abiding suspicion of Cupertino's motives, removing the benefit of the doubt wherever it claims contestability is a reality on iOS. No self-respecting regulator can take anything Apple's lawyers say at face value in 2026. But there's only a price for duplicity when those with authority recognise the pattern and apply suspicion, rather than deference.

Regulators (not to mention the press) are well within their rights to take on board Apple's misrepresentations, astro-turfing, and serial non-compliance when calculating how aggressively to act. Instead, the EU's DMA team, the UK's CMA, and Japan's regulators are falling for the same shenanigans over and over; treating each encounter as a blank slate, happy to pretend a disquieting history of belligerent non-compliance is immaterial to arguments offered today.

This is both a tactical error and a strategic blunder.

At a tactical level, extending deference to each new pile of misdirections allows Cupertino to play for time; when you're the incumbent, delay is winning, and regulators that do not demand prompt changes weaken their own future hand. Strategically, failure to demand changes right bloody now in the face of material non-compliance denies the regulator the benefit of even a weak fleet in being effect. And declining to demand immediate change in areas most likely to create the deepest, most generative effects grants Apple ongoing regulatory relief in the form of reduced structural competition.

Of course it harms EU businesses that they cannot target a platform across mobile OSes, and that EU businesses instead have to bear high ongoing development and servicing costs to participate in proprietary app stores. It is obviously negligence on the part of newly empowered regulators to allow Apple's gerrymandering attempts. Cupertino has worked to draw constrictive borders around browsers for the last several years; demarcations that just happen to exclude capabilities that would make mobile computing truly contestable.

Since regulators and the tech press are not connecting the dots from first principles, desktop computing analogues, legal precedent, or the lengths Cupertino has gone to prevent the web from breaking out, it must be repeated:

Browsers are app stores.

If we want effective alternatives to the gatekeeper's app shops, nothing will be more effective than unleashing real competition from the web. Browsers are stores filled with a priori interoperable software and with low friction installation thanks to PWAs! And they feature incredible security! Protections so strong that you don't even have to hang a "beware of dog" sign out front.

Should we collectively accept this premise and expand our understanding of software contestation to include the web as a viable alternative in the app store story, what would that mean? The duopolists are working overtime to silo the discussion to their preferred proprietary technologies, why? Is that worthy of investigation and discussion?

For regulators, this perspective is a treasure map. Enabling true browser competition unlocks both internal and cross-OS competitive forces, unleashing firms with an interest in interoperability on both sides of the browser market. But for regulators to get credit for converting on this incredible opportunity, their constituents will need to hear about it. And on that front, we've got a lot of work to do.

We get plenty of TopGear-but-for-phones and "CEO said a thing" coverage, but very little coverage of the way access to APIs shapes our digital lives. Most outlets still treat access like it's a real beat, depriving them of the distance necessary to contextualise the duopolists' actions in a frame their PR staff dislike. The closer a publication gets to the mainstream, the worse the distortion seems to get.

Few tech outlets, including irreverent youtubers, seem to recognise that the web is the single biggest threat to mobile app stores, opting instead to cover minor news of alt stores tremors like The Big One. This misleads readers about the stakes and distorts the incentives of regulators.

Reporting that borrows the narrative frame the duopolists prefer enlists otherwise excellent outlets as allies of the billionaire class. Too many reporters uncritically accept that app stores are how we must think about mobile software, regurgitating this narrative through stories filed in a browser on their laptops. Apple, Google, and the handful of "winners" the app stores bless profit massively from centralisation. Reporters and editors further the goals of the broligarchs by failing to reframe mobile competition in a more historically grounded light.

Perhaps regulators will find their way without the help of a thoughtful, tenacious tech press; stranger things have happened. But judging by The Verge, Wired, and the FT, they're going to need all the luck in the world.

FOOTNOTES

  1. Understood through the lens of price segregation, we can see that there is no real competition between Android and iOS. For more than a decade, the mobile market has presented a pantomime of competition, wherein all wealthy users buy iPhones and everyone else buys Androids, while OEMs not named Apple continue to send low-volume "halo" Android devices to reviewers to keep up the appearance that they are somehow a challenge to Apple's dominance of the high-margin premium and ultra-premium market segments.

    Apple and Google preside over stable co-monopolies, separated like oil and water by point-of-sale device pricing. Both understand the other will not challenge the market's segmentation, buttressed by incompatible proprietary software and services ecosystems.

    For Apple, this assurance comes from the financial model for its entire enterprise. Apple does not enter lines of business where it cannot guarantee at least 30% net margin. This is a stable property of Apple's behaviour that market analysts now rely on. Any deviation from trend would not enhance Apple's market value as it expanded its market sized, but would paradoxically discount its shares by reducing traders' ability to understand Cupertino’s imputed future profits per share.

    Google, for its part, doesn't understand the profitability bear trap Apple finds itself in, and fears Cupertino might release a low-margin iOS device, wiping out what little profit remains in the Android ecosystem. The Android and Pixel teams yearn to see and Android-based "iPhone Killer". For similarly structural reasons, they never will.

    The Pixel brand cannot succeed because the firm will never allocate enough capital to make vertically integrate and generate scale for sales. This leaves it — along with the rest of Android ODMs — without sufficient leverage and integration discipline to produce devices with similar quality, longevity, and post-sale monetisation upside. Because Android OEMs lack the same low-SKU-count concentration of buying and production scale, profits never materialise for a promising device. Apple might only have 20% of the market, but it pours that entire volume into a small number of custom high-volume orders. From CPUs to screens to custom connectors, Cupertino always buys in extreme volume.

    Android OEMs, meanwhile, split their purchasing across hundreds of SKUs, and most have smaller war chests than Google and worse prospects for vertical integration. As long as Qualcomm has everyone over the barrel (and they do), it will never be possible for an Android OEM to break the structure of the duopoly. Android is therefore destined to define low-margin devices. Knowing this drags all Android participants away from post-sale quality improvements that might allow the ecosystem to aspire to better. This sucks for OEMs and ODMs, but the volume of the business makes the structure stable, and for some, comfortable.

  2. It's no coincidence that Apple's basic stance towards browser competition is that you can have a better mobile browser, you just need to buy a different phone, suffer the loss of all of your Apple-ecosystem services and data, and worry about the availability of important apps.

    High and uncertain switching costs are core to Cupertino's suppression of browser competition, and it's bewildering that neither the tech press nor regulators seem to have clocked the gambit for what it is.

  3. There are, of course, multiple ways to speak about these undisputed facts, and native app partisans are particularly practised at their variant of three-card monty.

    When pressed, some begin reciting a list of missing PWA capabilities. This is offered as a reason to prefer native apps, and a reason why web apps are "not serious".

    If handed evidence that open, interoperable versions of these features are not available because of Apple's suppression, they will claim that it is not safe for browsers to offer them. This is often couched as evidence of Cupertino's far-reaching wisdom.

    Evidence that Apple's alternate — authoritarian control over APIs and software distribution — has not been particularly safe is usually dismissed out of hand. Point out that most energy invested in APIs over the past decade has worked to attenuate their power to the position browsers begin the bidding, and native app partisans reframe this work as proof of the necessity of gatekeepers, rather than evidence of their frequent fallibility.

    There are also generally digressions into privacy, where native app fans seem unable to understand that it was the duopolists that provided unfettered access to shocking amounts of invasive data to native apps by default. Despite performative curbs, this situation largely persists, facilitated by the gatekeepers. The idea that we should trust them now, when they are the same unrepentant players that took shockingly little care when handing unrestricted APIs to tech's worst actors, is generally parried with "but Facebook bad!". Kayfabe is treated as serious drama. The deeper complicity is not engaged, and this line of inquiry is generally fruitless. Many wear the brand of phone in their pocket like a jersey for their favourite team, not a complex business with many incentives and cross-pressures.

    These counterparties are also generally unfamiliar with the ads ecosystem and how the native duopolists created a "snoopers gap" that generated pressure for ad-funded apps to push users away from more privacy-respective, adblock-enabling browsers, and towards less mediated and transparent native app alternatives. The reality that those prompts were not the result of an intrinsic positive technology difference is not seriously entertained.

    The web has a long track record of protecting users more effectively on both privacy and security than native API monocultures, and providing extension points to allow users to further shield themselves without waiting on beneficent App Store proprietors. Should that reality make a dent, the next conversational shuffle turns to browsers not already having won the field. This is couched either as evidence of some ineffable technical inferiority on the web's part or a claim for why it wouldn't be possible for a transition to start now; never mind that both Windows and macOS made similar turns on a similar time scale. It is never accepted as evidence of active suppression of the web by the gatekeepers.

    Which brings us back to the start of the game.

    Having played many pointless rounds with folks who, on the surface, seemed open to discussing the issue, I can only recommend checking to see what sort of phone your counterparty carries before wading in. iOS partisans are particularly attached to the idea that Apple knows best. It is often counterproductive to engage, no matter how loudly they claim to support the web.

    One of the benefits of being locked in the privilege bubble, after all, is freedom from introspection. Wealth's blanket soothes the anxieties of the status-seeking mind, and supporting the nonsensical positions by those with higher status is imagined to be a harmless bit of in-group signalling.

  4. It didn't take a genius to predict that a successful alt store would prod the duopolists to make life inhospitable for developers trying to straddle open ecosystems where they are available and gatekeeper options where they aren't. The unpredictable element was that Apple played those cards before a store even got going in earnest.

Naked Power

Apple and Google's mobile duopoly is held together with chewing gum, twine, and moral vacuity.


Updated:

This is part 15 of the 16-part series "Browser Choice Must Matter"

Twitter's descent into a gutter of the lowest order has been wrenching:

Elon Musk’s Grok and the Mass Undressing Scandal Elon Musk’s Grok and the Mass Undressing Scandal

As I draft this, a week later, it appears pressure from civil society, investigations by regulators, and outright bans on multiple continents have forced Musk to back down to an uncertain degree.

As this scandal roiled, Twitter's apps have been continuously available in Google's Play and Apple's App Store, marking new lows in moral cowardice and non-enforcement of the duopolist's own policies.

Now we sit on tenterhooks, wondering if the worst has actually passed. What outrage the will the valley's billionaire man-children unleash next? Meanwhile, we brace for this episode to embolden censorious authoritarians keen to suppress a free press and legitimate speech they dislike.

This is the backdrop to Elizabeth Lopatto's must-read denunciation in The Verge:

It is genuinely unbelievable to me that I wasted hours of my actual life on a court case where Apple explained it needed total control of its App Store to protect its users. Total control of the App Store was Apple’s main argument against antitrust enforcement: The company insisted that its monopolistic control of what users could install on their phones was essential to create a walled garden where it could protect children from unsafe content.

Ha! Ha ha ha!!

— Elizabeth Lopatto,
"Tim Cook and Sundar Pichai are cowards, The Verge"

Failure to react to the “everything app” going all-in on abuse of women and girls for weeks reveals the illegitimacy of their mobile monopolies1; anyone pretending otherwise is a fool or a dupe.

We don't need to guess why they sat on their hands.

Acting against Musk's abusive apps might put Apple and Google out of favour with an erratic, power-tripping administration which in turn could impact short-term business prospects. Their stated principles are incompatible with maximizing shareholder value under competitive authoritarianism.

Recall that both firms lent their monopolies on software distribution to ICE, citing the implausible claim that federal agents are a “vulnerable group.” The undressing scandal is the same choice in relief.

Facilitating the unthinkable at the behest of administration allies pays homage to power through obscenity. If they offend Musk…who knows what could happen? So maybe let it play out; let others take the heat. Surely somebody will do something. The internal monologue of the quisling scarcely needs exposition.

And so abuse at scale was amplified through their channels, against their own policies, for weeks.

The duopolist's justifications for monarchical app stores have always been bullshit, top to bottom, stem to stern.

App stores are not sui generis; they're just programs that install other programs, and "apps" are whatever the OS says they are.

As Cory Doctorow observed:

Apps interact with law in precisely the way that web-pages don't. “An app is just a web-page wrapped in enough IP to make it a crime to defend yourself against corporate predation”

It sure looks like Apple and Google failed to protect women and girls in order to preserve the rents they extract from the ecosystems these IP wrappers give them control over.

Gatekeepers like to point out that the wrapper comes with treats — business-critical capabilities and services that OS vendors lock behind proprietary APIs — but this is misdirection.

Web apps could provide safe, privacy-enhancing versions of every capability they currently reserve to native apps, and the duopolists know it. In an earlier era, open platforms chewed up proprietary features and spat out interoperable standards to cover the most useful 80% of that ground safely. Along the way, they published under open licences, dropping the price of commodity features to near-zero. This reduced lock-in for both developers and users which, in turn, forced incumbents to innovate.

Today's gatekeepers are desperate to keep that from happening again. It would upset the entire rentier model.

That's why Apple has worked furiously to keep APIs away from browsers through legal wrangling and subversion of standards. Cryptography and lawyers have also been enlisted to keep other programs-that-install-programs out and a safe, powerful open web at bay. Without those shields, we'd see the deeper failures clearly.

Consider the justifications Apple and its merry band of astroturfers trot out like clockwork to delay browser choice. Cupertino argues it must exclusively control browsers and software distribution to:

Now we see clearly that protection on the last point comes not from the stores, but from civil society and governments. This provides a template: each justification is an admission; misdirection to cover culpability.

Let's take it from the top.

Stores don't ensure security, runtimes do.

Operating systems and browsers — the platforms that sandbox code and mediate permissions — protect users to the extent they're designed to; app stores are just overwrought “beware of dog“ signs meant to scare off easily intimidated ne'er-do-wells. It's no surprise that whenever app stores are trusted with the role, a trail of harrowing failure follows.

This unearths the lie behind the obfuscation: iOS and Android didn't create stores to deliver unheard of security — iOS 1.0 did that by forbidding unsafe native code, replacing it with a better web2 — the gatekeepers built app stores because their OSes were and are insecure platforms for native apps. When mobile apps were web apps, the presumption of safety reigned. Alas.

Retreating from safety dovetailed with retreats from safe, open, interoperable computing in other ways. It's no coincidence that Apple backed away from adding capabilities to the web at the same moment it realised it could tax native apps extortionately.

App stores are Marketing's answer to a brand-promise problem: what to do about a hole below the water line that Product and Engineering aren't just failing to patch, but are enthusiastically expanding instead?

The whole facade of the duopolist's power hinges on the false claim that stores create security. Without the need to paper over the disaster of carelessly dispensed power tools, none of the rest of the services the stores provide could be justified; certainly not at the ruinous prices they demand.

More recent, chest-thumping pronouncements need to be evaluated in the same light. These aren't heroic explorers of new frontiers, they're embarrassed students bluffing book reports for tomes they didn't read.

Instead of protecting us, app stores reward platform vendors for security failure and foster centralising, anti-Open Source ecosystems. Open societies cannot abide closed platforms that assert ownership of this much of our lives, particularly not when claims of security are based on misrepresentations.

In the narrow conception, the app stores are feckless. Taking a wider view, they're complicit. Enabling, even.

Under a strict definition of “fraud," the track record of app stores is abysmal. Take just one recent example: while loudly proclaiming to protect users from scams, Apple simultaneously facilitated wide-scale app impersonation at the launch of Sora. This failure isn't a one-off, either. Bald-faced imposters are a long-running problem for stores that pretend to both users and developers that they protect from exactly these sorts of scams.

For its part, Google routinely facilitates shocking amounts of ad fraud via Play. Stores also failed to catch clearly fraudulent fronts for sanctioned Russian banks. This is just the tip of the proverbial iceberg.

If we widen the aperture to let in adjacent classes of user abuse, the situation looks immeasurably worse.

Apple's policies purport to disallow use of the ultra-low-friction IAP systems for gambling:

5.3.3 Apps may not use in-app purchase to purchase credit or currency for use in conjunction with real money gaming of any kind.

This text is lawyered to sound like a curb on gambling addiction's worst effects. In reality, it's designed to facilitate the predatory “gambling lite” systems Apple and Google gleefully promote.

For most of the mobile duopoly's existence, the primary revenue driver has been the problematic, gambling-adjacent behaviour of “digital whales” in so-called “casual games.”

And don't imagine the wilfully predatory behaviour is limited to adults. By allowing “bait apps” — even after previous FTC settlements that should have forbidden them — the app stores have shown us the duopolist's true colours. Serial disregard for the financial health of users is literally baked into their model.

This is the rotten core of mobile app stores. Understood in POSIWID terms, they exist to tax casinos that exploit gambling addictions of vulnerable users.

App stores safeguard privacy the way packs of wolves safeguard flocks of sheep.

The only appropriate response to the two-faced, duplicitous claims by Apple and Google towards privacy in recent years is incandescent rage.

I've covered before how Apple's posturing against Facebook is nothing but kayfabe and how Cupertino's privacy arguments regarding alternative browsers are steaming piles of illogical nonsense.

In reality, our privacy problems have been multiplied by Apple and Google.

It was the duopolists that created APIs for persistent background access to your contacts, calendar, location, radios, battery levels, and much else besides. It was the duopolists that then turned around and claimed credit for incrementally curbing the worst abuses of the APIs they themselves handed out like candy. Remember, they added these easily-tracked features knowing full well they would be abused.

How do we know they knew better? Both exposed shocking amounts of information about users to all comers after building browsers that protected from these very risks. Both had past form building web APIs that expanded platform power more thoughtfully. Caution was thrown to the wind by the very folks that now demand credit for remediating tiny patches of the superfund sites they created.

It was the duopolists who handed those APIs to native apps from shady publishers like Facebook with less-than-thoughtful controls. And it was these very companies that failed to police even their mildest policies.

And these same trillion-dollar market-cap firms simultaneously declined to do the one thing that had a chance to dramatically improve privacy: using their incredible lobbying capacity to forcefully call for privacy regulations worth a damn. Instead, they prefer a market structure where they can posture against each other over problems they jointly exacerbate.

And they have got away with it. Their press and product shops are keenly aware reporters don't understand privacy deeply enough to call their bluff, and that so-called privacy experts will clap as loudly for symbolic gestures as for fundamental change.

Humiliatingly for the fourth estate, Cupertino and Mountain View's self-issued privacy participation prizes were never questioned. Indeed, credulous journalists continue to shower them with praise for steps away from the very worst excesses best measured in angstroms.

Recently, Apple have been allowed to take credit for foisting responsibility onto users while Google has faced no sustained questioning for just giving up, having never launched anything at all to structurally curb Android abuses.

Cynics might be inclined to think this was very much the point.

These monopolies on apps-that-install-apps exist to squash competition, not to preserve privacy. Apple's not working furiously to deny iOS users alternative browsers because they might track users, they're misleading anyone who will listen because the web might provide an alternative that doesn't.

You know what the easiest way to get an app is? Clicking a link.

Apple literally pioneered this model with iOS 1.0, only to walk away from it a year later when it chose to carelessly expose overpowered, unsafe-by-default APIs with the hurried introduction of native apps. Throwing away privacy and security made software harder to build and distribute, too, but deposited power over developers with OS gatekeepers. Over time, the power to tax those developers became addictive.

A more secure and privacy preserving model is still possible but the duopolists continue to suppress it. I can't speak out of school about all the ways Android and Play mirrored Apple's underhanded tactics to suppress PWAs, but suffice to say it was a lot.

Industrial-scale suppression of safe, privacy-respecting platforms has been packaged up in florid terms as an advantage for developers. Except developers hate mobile app stores. But you don't have to take my word for it.

Given the choice, developers would do exactly what the gatekeepers do when constructing billing, distribution, and marketing systems: shop around in an open market, based on standards-oriented technologies, and select the best fit for their needs.

This is exactly the model that gave rise to the web and to web search. Discovery for web apps isn't impossible without omnipotent app stores; it isn't even hard. If we can build search engines for web pages, we can also highlight sites that are installable. None of this is magic, and none of it requires a 30% take from the developer's budget.

For the sake of completeness, we should stipulate that an end to app stores would not meaningfully change the content moderation landscape.

We now have a powerful example of this counterfactual thanks to the Twitter/Grok episode. There is no safety to be lost when we replace the gatekeeper's stores with a powerful, open, interoperable web. Mobile app store proprietors stand for nothing but profit and can be counted on only to defend their take. Good riddance.

Before the 2024 US elections, tech titans were well-enough advised to know which way the winds were blowing. But that did not stir them to defend truth, the rule-of-law, or even the employees that enabled their success. Instead, they hurried to capitulate. Today they sponsor coup-excusers, pay vigs, grovel to people they surely loathe, and fund the literal destruction of America's institutions.

This month's failure to stand up for basic decency is just another link in that chain.

Having narrowed the running to two choices, mobile's masters always ask us to consider governing our phones through the authoritarian frame of "who should rule?"

But these aren't our only choices. As Popper retorts, the better question is "How can we so organize political institutions that bad or incompetent rulers can be prevented from doing too much damage?"

This isn't purely a political question, but applies to all of society's power structures. The callous indifference of the app store's billionaire managers (1, 2) when faced with an even moderately difficult call tells us that they cannot be trusted; this was the test, and the mobile overlords failed by their own terms.3

What's left for the rest of us to take on is how we dismantle the mechanisms our misplaced trust helped them build. This will not be easy, and an insightful commenter at The Verge restates the core problem:

This is true and fantastic reporting and why we need to pay for The Verge.

But, it begs the question, what do we do?

Do we opt out of the tech of the modern world to protest? Commitment to values isn’t what we talk about, it’s what we are willing to give up. A key problem is that we don’t have any real competition vs Apple or Google as platforms if we want to exist in the modern world or even have this conversation.

You can’t (easily) read this or participate from a Kobo or Lightphone. Anyone have any suggestions?

I dropped off Twitter and Meta, but I’m running out of options.

— Anonymous commenter,
"Tim Cook and Sundar Pichai are cowards, The Verge, Comments"

We aren't going to get anywhere by throwing our iPhones and Androids into the sea.

Credible, incremental steps that remove power from the gatekeepers are now demanded, and as I have previewed throughout this piece, the open web is that next step. It has all the properties we need to attenuate misgiven power: no single vendor control, based in standards, multiple OSS implementations, and most of all, portability.

The web is an abstraction that holds the power to liberate our computing in-situ, removing superfluous gatekeepers from the loop an increasing fraction of the time. As use of the web grows, so do the prospects for alternatives OSes and hardware ecosystems. They know this, and that's why they're trying to keep the web from winning.

Moving our computing to browsers and web apps won't protect us from Musk, but neither will Apple or Google.4 Now that we know that, we can at least start to claw back at the corrosive power of monopolists in our pockets by building for a future that doesn't depend exclusively on them.

FOOTNOTES

  1. Some folks like to continue to pretend that the mobile duopoly still includes any serious competition for either player. I assume those people are paid to review phones for a living.

    As I outlined in this year's instalment of the Performance Inequality Gap series, the mobile market is actually two distinct markets: iOS for the rich, and Android for the rest. The average price for iPhones is hovering nearly $1K, while the average Android costs $300 new, unlocked. There is no functional competition between these ecosystems, and though they'll never admit it, that's a situation the duopolists are more than comfortable in, even if they don't particularly love it.

  2. ChromeOS introduced the same safe-by-default model to desktop computing several years later. In both cases it was necessary to aggressively expand the web platform's capabilities to support the sorts of applications that users and developers needed, and in both cases that effort was successful. But both Apple (and to a lesser extent, Google) backed away from that strategy when it became clear that fundamentally unsafe, wickedly overpowered platforms were a hit with developers of viral apps. What followed has been 15+ years of papering over the inherent flaws in the model and shifting blame for the mobile platform maker's own predictable (and predicted) failure to keep users safe.

  3. If it always falls to civil society and regulators to protect women and girls from Elon Musk and his Trumpian alliance, what is the point of Tim and Sundar? Of Play and the App Store?

    And if their policies are just fig leaves to justify rent extraction, why should any regulator listen to anything they say?

    These questions should be hair-on-fire in the capitols of still-functioning democracies.

  4. It is not the most offensive thing about this episode by a country mile, but I am driven to distraction by how unbelievably stupid Apple and Google have become.

    Did Tim and Sundar really think that, having sniffed weakness once, Trumpist shake downs would pass them over the next time a pro quo could be extracted for the quid?

    Did they not understand that by participating in oligarchy they signed on to authoritarianism?

    Did they really fail to calculate that capitulation didn't lower their risks, only centralised them?

    This was all predictable. You don't have to look as far as Russia to understand that autocrats grant temporary loans of state power towards undemocratic ends to create leverage for themselves, not the borrower. And whatever the price, autocrats never stay bought.

    Everyone but the smartest people in the room knew that domination is a ladder, and now we're all paying the price.

Previously