Pluralistic: Web apps could de-monopolize mobile devices (13 Dec 2022)

Today's links

London's Canary Wharf, a high-rise business district that is home to the UK Competition and Markets Authority. The colours of the buildings have been inverted, and the sky has been filled with a Matrix 'waterfall' graphic. In the foreground is an ogrish giant, standing at a console, yanking on a lever in the shape of a golden dollar-sign. The console is emblazoned with the logos for Chrome and Safari. The ogre is disdainfully holding aloft a mobile phone. On the phone's screen is a Gilded Age editorial cartoon of a business-man with a dollar-sign for a head. The phone itself is limned with a greenish supernova of radiating light.

Web apps could de-monopolize mobile devices (permalink)

Mobile tech is a duopoly run by two companies – Google and Apple – with a combined market cap of $3.5 trillion. Each company uses a combination of tech, law, contract and market power to force sellers to do commerce via an app, and each one extracts a massive commission on all in-app sales – 15-30%!

This is bad for users and workers. Many companies' gross margins are less than 30%. In some categories, that means there's no competition. Take audiobooks: publishers wholesale their audiobooks to retailers at a 20% discount, so a retailer that sells its audiobooks through an app, paying a 30% commission, will lose money through every sale.

This is why the only convenient mobile audiobook stores are Apple Books (a front-end for Amazon's Audible) and Google Books: Apple doesn't have to pay the Apple tax, and Google doesn't have to pay the Google tax, and that means that Apple and Google can demand crippling discounts and preferential treatment from publishers and independent authors.

The app tax is a tax on the workers whose creative works are sold on mobile platforms, because creative workers have the least bargaining power in this monopolized supply-chain. Our publishers can squeeze us – and the editorial workers, narrators, and sound technicians who work on our books – to make up the difference.

Independent authors who sell directly on these platforms, meanwhile, have even less leverage and get even worse terms. Things aren't much better at the other end of the supply-chain, either: while firms prefer to wring concessions out of their workers and suppliers, they're not averse to raising prices on customers, providing that all the competitors do so as well.

Since every competitor is also selling through an app store and either paying a direct app tax or ceding margin to the mobile duopoly as a condition of selling in their in-house, pre-installed stores, they all have the same incentive to raise prices.

Economists call this the monopsony problem (or, since we're talking about two companies, a duopsony or oligopsony problem). That's an unwieldy and esoteric term, so Rebecca Giblin and I coined a much better one, and wrote a book about it: Chokepoint Capitalism:

Theoretically, there's a way to avoid the app store chokepoint: web apps. These are part of the HTML5 standard, and if a browser fully implements that standard, then developers can make a self-encapsulated "app" that's delivered in the browser, complete with an icon for your home screen, capable of doing anything an app store app can do.

A company that wants to sell stuff without paying the app tax could hypothetically deliver a web app that the user could download and install via their browser. This doesn't just avoid the app tax, it also overrides the app stores' editorial control, like Apple's decision to block privacy tools in China to aid in state surveillance.

But you can't have a web app without a web-app-compatible browser, and you can't get a web-app-compatible browser in Apple's App Store. The only browsers permitted in the App Store are those based on WebKit, the browser engine behind Safari. This means that every browser on Ios, from Firefox to Edge to Chrome, is just a reskinned version of Safari.

That's a problem, because Webkit suuuuuuucks. Without the discipline imposed by either regulation or competition, Apple has systematically underinvested in Webkit, so that major bugs remain unaddressed for years and years. Some of these bugs are functional – Webkit just doesn't act the way its documentation says it does – but others represent serious security vulnerabilities.

This is an important point: app store proponents say that denying users the right to choose where they get their apps and excluding competitors is necessary, the only practical way to prevent security risks to users. But while app stores can prevent the introduction of insecure or malicious code, they can also block the introduction of code that fixes defects in the manufacturer's own security.

Mobile companies don't want insecure code on their platforms, but they also don't want to erode their profits. An Iphone with a working VPN app is more secure than one that lacks that app, but if that Iphone is owned by a Chinese person, it endangers Apple's access to low-waged Chinese labor and 350 million affluent Chinese consumers.

Likewise, a third party might create a browser engine that corrects the security defects in Webkit, but if Apple allows users to install such a browser engine, they will lose the ability to extract billions through the app tax.

Companies never solely pursue their customers' interests. Instead, they seek an equilibrium that allocates as much value as possible to their shareholders. This allocation is limited by both competition (the fear that a bad service will drive customers to a rival) and regulation (the fear that a bad service will attract crushing fines).

The less competition and regulation a company faces, the more value it can take from its users and give to its shareholders. Here, mobile platforms have it easy: they don't have to worry about competition because of regulation. Laws like Section1201 of the Digital Millennium Copyright Act (DMCA) and Article 6 of the EU Copyright Directive (EUCD) make it illegal to jailbreak a phone to install third-party apps. Jay Freeman calls this "felony contempt of business model" – that is, the government will punish your competitors for trying to compete with you. Nice work if you can get it.

As the old joke goes, "if you wanted to get there, I wouldn't start from here." The rules that should promote better corporate conduct (through competition) instead encourage worse behavior, by putting companies in charge of who gets to compete with them, in the name of user safety.

Meanwhile, users are increasingly trapped inside walled gardens, because their media, apps, and data are locked up in mobile silos and switching to a rival means enduring the switching costs of leaving it all behind. Mobile companies claim to have built fortresses to keep bad guys out, but those high walls make fortresses into prisons that keep customers locked in.

But anything that can't go on forever will eventually stop. The manifest unfairness and insecurity of the regulation-backed walled garden model has attracted the interest of new trustbusters, competition regulators from China to the EU to the USA to the UK.

The UK plays a key role here. The country's Competitions and Markets Authority boasts the largest workforce of technical experts of any competition regulator in the world: the CMA's Digital Markets Unit has 50+ full-time engineers, which allows it to produce the most detailed, most insightful market investigations of any nation's competition regulators.

(Don't get too excited, though: in keeping with the UK's abysmal standard of government competence, Parliament has yet to pass the long-overdue secondary legislation that would give the DMU its own enforcement powers. Ugh.)

Last June, the CMA proposed a market investigation into cloud gaming and mobile browsers (gaming is the largest source of app store revenue and cloud gaming is a way to avoid the app tax, so it's a closely related issue):

There were many significant submissions over this proposal, including comments that EFF legal intern Shashank Sirivolu and I drafted:

Many commenters (including EFF) proposed that the CMA should intervene to improve the state of browser engines competition on Ios and Android (Android allows multiple browser engines, but doesn't give them the same hardware access that Chrome and its Blink engine enjoy).

This argument seems to have landed for the CMA. Today, they announced that they would go ahead with a full-fledged market study into mobile browsers and cloud gaming:

The most obvious outcome of this study would be an order forcing the mobile vendors to open up to full-featured, alternative browser engines. This is a compromise solution, between forcing open app stores onto the platforms – which would mean forcing Apple to allow sideloading and policing Google's use of contracts to limit third-party stores – and doing nothing.

A browser engine mandate is less satisfying than open app stores, but it is also more achievable, and easier to monitor and enforce. With Android, Google proved that you don't have to use hardware locks to prevent third-party app stores – you can use a hard-to-detect web of contracts and incentives to create an app store monopoly that's nearly as airtight as Apple's.

But policing whether a platform permits rival, full-featured browser engines – ones that enable web apps and cloud gaming without paying the app tax – is much easier. Also easier: developing objective standards for evaluating whether a browser engine is secure and robust. Open Web Advocacy's criteria are a great starting point:

The CMA announcement is welcome, but has some gaps. It under-emphasises the importance of hardware access (for web apps to compete with native apps, they need full hardware access), and could leave new browser engines at the mercy of the existing review teams that review all the other apps in the app store (who reject rival browser engines out of hand).

Meanwhile, while I was writing this article, Mark Gurman published a jaw-dropping scoop in Bloomberg: Apple will open its Ios platform to rival app stores by 2024, in order to comply with the EU's Digital Markets Act (DMA):

I'm still absorbing this news, but I think this complements the CMA browser engine work, rather than rendering it redundant. Alternative app stores don't necessarily mean alternative browser engines. Apple says it will have security standards for alternative app stores, and these standards could well include a ban on browser engines. At a minimum, it's clear that different levels of scrutiny need to be applied to apps, app stores, and browser engines, as each one poses different threats and opportunities.

Hey look at this (permalink)

This day in history (permalink)

#15yrsago HOWTO defeat the shoe-scanner at Heathrow

#10yrsago City buses across America now covertly recording passengers’ conversations

#10yrsago Literacy privilege, or, why grammar nazis are dicks


#5yrsago Net Neutrality is only complicated because monopolists are paying to introduce doubt

#5yrsago Mirai’s creators plead guilty, reveal that they created a DDoS superweapon to get a competitive edge in the Minecraft server industry

#5yrsago Climate change has created massive blooms of ecologically disruptive jellyfish, but luckily they’re delicious

#5yrsago Gawker alumni are crowdfunding to outbid Peter Thiel for control of Gawker’s assets

#5yrsago Group behind voter ID, stand your ground, ag-gag, private prison, anti-muni-wifi, and killing Obamacare now planning rules for jailing pipeline protesters

#5yrsago 12 Michigan cops, looking for a 40-year-old white woman, draw guns on 11 year old black girl and put her in cuffs

#5yrsago Journalists receive forged lawsuit docs hoaxing a nonexistent sexual harassment suit against Chuck Schumer

Colophon (permalink)

Today's top sources:

Currently writing:

  • The Bezzle, a Martin Hench noir thriller novel about the prison-tech industry. FIRST DRAFT COMPLETE, WAITING FOR EDITORIAL REVIEW

  • Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. (92849 words total) – ON PAUSE

  • A Little Brother short story about DIY insulin PLANNING

  • The Bezzle, a Martin Hench noir thriller novel about the prison-tech industry. FIRST DRAFT COMPLETE, WAITING FOR EDITORIAL REVIEW

  • The Internet Con: How to Seize the Means of Computation, a nonfiction book about interoperability for Verso. FIRST DRAFT COMPLETE, WAITING FOR EDITORIAL REVIEW

  • Vigilant, Little Brother short story about remote invigilation. FIRST DRAFT COMPLETE, WAITING FOR EXPERT REVIEW

  • Moral Hazard, a short story for MIT Tech Review's 12 Tomorrows. FIRST DRAFT COMPLETE, ACCEPTED FOR PUBLICATION

  • Spill, a Little Brother short story about pipeline protests. FINAL DRAFT COMPLETE

  • A post-GND utopian novel, "The Lost Cause." FINISHED

  • A cyberpunk noir thriller novel, "Red Team Blues." FINISHED

Currently reading: Analogia by George Dyson.

Latest podcast: Daddy-Daughter Podcast, 2022 Edition

Upcoming appearances:

Recent appearances:

Latest books:

Upcoming books:

  • Red Team Blues: "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books, April 2023

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

(Latest Medium column: "Plato Would Ban Ad-Blockers: He was a dick"

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla