Apple Vs The Law

A week ago today I had the pleasure of attending both the Apple and Google DMA compliance workshops in Brussels. More detailed articles on the questions and answers, technical and legal analysis etc will be published over at the OWA blog, where we've just done the first write-up on the Google part. Here though I'd like to focus more on my own experience and personal opinions, and how I feel about some of the gatekeepers' approach to the law...

Left to right: Roderick Gadellaa, John Ozbay and me (all representing OWA), outside the EC building on the morning of the Apple workshop. Alternatively, "The Chauffeur, The Piano Man, and The Hepcat."

If you haven't heard of it before, the DMA stands for the Digital Markets Act, an EU law which designates certains products as gatekeepers - based on end and business user count and importance, who need to interoperate with their competitors. So for example, an operating system which meets the criteria, such as iOS, Android or Windows, needs to provide equivalent access to software and hardware features to third-parties as they give to their own products. Gatekeepers can't self-preference, and so can't act anti-competitively. Some key examples for iOS would be allowing third-party browser engines and third-party app stores - two things they've outright banned until now, and for third-party devices like watches and earbuds to work as seamlessly as their own products. At the moment there's 7 companies with 25 different products designated as gatekeepers.

Onto the workshops: we started with Apple's first presentation on how they thought they'd complied with the DMA law. Most of the talk was used as a marketing opportunity, talking about how great Apple thought they were, and how unfair they thought it was that they have to comply with this law...

• “We’re an amazing company"
• “Apple is different to every other company out there”
• “Apple alone have to comply with these requests”
• "...unfortunately, it's impossible to do all the complex engineering to comply with the Commission's current interpretation of the DMA..."

You might've noticed Apple's use of "the Commission's current interpretation". This is a line they use rather a lot:

• “extreme interpretation of interoperability by the EU”
• "the commission has taken... extreme positions, that we hope can be tested as quickly as possible by the European courts”
• “we will not waver on our approach to the DMA”
• “defend our rights aggressively”

And I'll give them that - they certainly arrived guns blazing. In fact, they wouldn't stop talking even when Lucia, the workshop chair, told them they were quite overtime - reacting by sulking at her instead. By the time we got to the first Q&A, Apple's lawyers had already wasted half of our time. A lot of the language they used actually surprised me; I wasn't expecting them to act like best friends, but at times it was downright disrespectful to the other participants in the room. Google went for more or less the same approach the next day, but in a much more toned-down way. Both saying the law is too difficult and somehow, in their view, actually hurts consumers - and other businesses.

It's important to note that Apple have a rich history of being obstructive to any kind of regulation. They've challenged every one of their gatekeeper designations to date¹, two articles of the law itself, they delayed the UK CMA's investigation by a year on a technicality, and a recent US court injunction said that they chose “an anti-competitive option at every step” of its previous ruling, referring a senior exec for a criminal contempt investigation. It's also highly relevant to point out that these other gatekeepers have the money for this; both Apple and Google have twice as much revenue of the entire EU budget, and far more employees than the Commission². Every day wasted is another day of monopoly profits³, and so the small fines on the side are more than worth it.

Approaching the workshop from this lens then, it shouldn't come as a surprise that Apple and Google didn't answer a lot of the questions asked, either skipping over them or giving unhelpful generalisations. The format of having 3-5 questions asked at a time made this much easier, as one could more reasonably "forget" to give a detailed answer. The first section was on interoperability, processes and connected devices. Open Web Advocacy were mostly focused on the later browser section, but John and I asked a couple questions on Apple's process, specifically on why the absolute best tracker system they could come up with in ~6 months was a link to a static, once-a-week-updated PDF, hidden behind an Apple developer account. They assured us it was all that they could do in time to meet the EC's specification, ignoring the part asking why they didn't simply use GitHub or Bugzilla like in their other projects.

Next up was App Store, a very sought-after topic. Unfortunately Riley from the AltStore was unable to attend due to passport issues, which is a shame as he's one of the most knowledgeable people on it. We asked why Apple is so insistent on using human review for everything (even third-party iOS stores and apps) when their internal documents quite plainly show that they know it's near useless - “App Review is [like] bringing a plastic butter knife to a gun fight”. Apple said they're "not here to deny there's any problems", but that again, they do it better than anyone else.. and that "Open Web Advocacy is getting a good run at it today". We replied saying that there's a lot of scam apps on the App Store, and that there isn't an easy report scam button. We should have clarified that the relevant button only shows after installing an app, as well as being located at the bottom of the page - a text link saying "report a problem". Gary⁴ from Apple did a quick search, and replied with what sounded like, and hallucinated like, a Gen AI answer: "it's on every single product page for every single app that's available on the App Store, very prominently". Apple's Kyle followed up by saying that "I guess OWA get to talk to Spotify then" - more on this later.

Now we get to the browser section. Apple were clearly uncomfortable with this part, having had previous experience with us at these workshops, and having no technical responses to our criticisms and suggestions. First up, Roderick asked about Apple's absurd requirement that anyone who wants to ship their own browser engine has to release it as a new app, and so re-acquire all their users. Mike from CODE (Coalition for Open Digital Ecosystems - 13 members including Google, Opera, Qualcomm, Meta) asked why Apple doesn't provide a system prompt to switch default browsers, and why they've placed so many onerous contractual requirements around launching an alternative engine. Apple started trying to deflect here, saying the topic is only supposed to be on choice screens and defaults, but that "many of you with the same group have traveled very far to have this conversation" so they would, oh-so-generously, answer the question.. by saying that "for whatever reason, they've chosen not to [bring their engines to iOS"], claiming that "everything is in place to ship here in the EU today", and repeating that "there's a lot of OWA people here in the room. So well done on that". Now, despite Apple's comment, CODE does not have anything to do with OWA, although when it comes to browsers we do happen to want a lot of the same things. OWA talks to browser vendors of course, but we don't represent them. We represent the interests of the open web and web apps - which need good browser competition and browsers on iOS to reach their full potential. Apple also here made a comment while answering DuckDuckGo - "you had a question... or maybe it was OWA". They seemed to have two strategies in confronting the browser questions, one being to try and avoid talking about anything difficult like engines, web apps, etc, and the second to try and lump everybody who's asking questions into the same, over-represented, group, as a concerted, competitor-lead effort to gain "free access" to their OS.

At this point, Lucia from the EC had to intervene, saying that "to the extent there is no 6(3) questions which will be taken by priority, it's okay to ask questions which are other questions related to browsers. So I think that's totally okay given the name of the session". John then brought up the age restrictions issue - something we did discover via the choice screen, as it breaks it entirely. The TLDR is users with "Age Restrictions" parental controls (11-15% of EU users) can only use Safari. All browsers - including Safari - get a 17+ rating on iOS. Which makes no sense, as the separate "Web Content Restrictions" manages all web content on iOS. Apple know this - iOS makes an unique exception for Safari, allowing it to be used despite age restrictions, and doesn't similarly restrict apps using in-app browsers, such as social media. My impression was that other people in the room really understood the problem, nodding along to themselves and looking slightly taken aback by the obvious self-preferencing. I followed up asking Apple why they don't allow web developers outside the EU to test 3rd party browser engines on iOS, bringing up their own point that EU iOS will "experience unique vulnerabilities and bugs", and so it's crucial that all web devs serving EU users can test the browser engines currently unique to it, to not put them and their users at a disadvantage compared to Safari. Before my question though I gave a reply to the Apple representative who'd implied in the App Store section that we have some kind of hidden connection to Spotify:

"I'd like to quickly clear up my connections to this. Because I think, Kyle, you were suggesting that I'm a front for Spotify, or that OWA is. That's what I heard. I'm just a student. I volunteer because I truly believe in the open web. I don't get paid. I don't receive any compensation. I paid for myself to be here because I want to be. And the organisation does not receive any money [from them] either. It's just donations."

In response Kyle said:

"I don't think I referenced that you were getting funding from Spotify. I don't know where you're getting funding from. My reference is more to the CODE representative who does get a lot of funding from Google and Meta, Qualcomm and Spotify and others. But not yourself. I understand that. And I actually really -- Hold on. So just so we're clear, I really respect the way that your team has approached this. I don't question your motives. I don't question your funding... We've read your papers. We've read your advocacy... I am not in any way disparaging where you're coming from. I understand you're a well-meaning person who believes that he understands how to best design our operating system."

As a side note, CODE does not get funding from Spotify, I think Kyle was getting confused with the Coalition for App Fairness, an attending group which prominently includes Spotify, Epic Games, and Match group amongst its members.

Now, to my surprise, Apple actually gave somewhat acceptable answers to the technical questions. To my testing one:

"I think we've been discussing it with Mozilla and Google also and the Commission. I would expect to see some updates there."

And to age restrictions:

"that is an area that we will be looking at, and are looking at, I'm happy to say on that"

Knowing Apple's history with these things, their words are anything but a promise. But at the same time, they're a whole lot better than entirely avoiding the question - or an outright no. And we, and I hope the Commission, other browser vendors and web developers, will do everything we can to hold them to this, and get all the many issues fixed so that other browsers and web apps can compete fairly on iOS.

Something which was very hypocritical of Apple is that, despite making a lot of noise about some of their competitors being in the room, and insisting on all questions having a person and organisation, there were a lot of people attending who were paid to be there by Apple. Last year the EC did an investigation into this after the workshop, found there were a lot of hidden links, and so said that this year everybody had to disclose if a gatekeeper or other relevant party funded them. Unfortunately though it wasn't always enforced. The most notable example of a pro-Apple group was the App Association. The chair/founder did disclose that he was (majority) funded by Apple (who "molds policies", according to Bloomberg and former employees), but the other two members in the room did not. As well as that, one of them introduced themselves as being from the "ACT Association", an acronym which isn't obviously related to the App Association. According to the association, and unlike the aforementioned groups, Apple (and Meta, Microsoft, etc) are only "sponsors", not members, and so are not as prominently listed on their site.

Throughout the workshop we suggested various times that if Apple really are having a hard time with their self-imposed problem of figuring out how to effectively georestrict third-party browsers and stores to the EU, they could much more easily just allow it worldwide. It's a unique, bizarre, Apple-only restriction, and I suspect it'll go down in history as the only example of an operating system with third-party apps that goes out of its way to prohibit third-party browser engines. Heck, this works fine on my watch and my TV - it's something so unheard of that it bears repeating a lot. Apple's response to this was always to say "Apple's focus is on ensuring that it complies with the law in each jurisdiction. What we will not do is take the law in one jurisdiction and export it to another". I'm not sure where the bit about exporting laws came from, but it didn't address the question. There's a deeper layer to this however: Apple know that for this kind of regulation to be successful, it needs to be easy to replicate in other places. If there's one set of browser APIs and contractual requirements in the EU, but a separate one in the UK, another in the US, a different one in India, etc, etc, it becomes all but impossible to ship an engine. Maybe the biggest vendors in the biggest markets will manage it, but it'll be a horrible experience that'll seriously frustrate them, web devs, and their users. To be successful, we need to get the same terms to apply in all jurisdictions, so that a vendor can simply ship their browser to every country who've outlawed Apple's anti-competitive practices. Apple have made it very clear here that if not, they will go right to the limits of the law (and beyond) to stop it happening.

John managed to get another couple questions in before the round finished, one asking if and when PWAs will run in third-party browser engines instead of only Safari, and why installing web apps is so difficult on iOS - with Apple repeatedly trying to make it even harder. The answers were handwaving:

"We have nothing to announce in terms of what we will do if and when a third--party browser engine comes to iOS"

Which surely cannot be legal. The fact that Apple is making it supremely difficult to ship a browser engine does not mean that they can entirely put off supporting interoperability with web apps until someone manages to.

"I do think they're going to have to operate slightly differently to make sure that users are not unintentionally installing something from the web that they simply don't understand."

Unintentionally installing something from the app store is all good though, because App Store review absolutely ensures that nothing could go wrong, that there's no scam apps, and more than makes up for the web's "orders of magnitude" stronger sandboxing, more stringent permissions model, and better phishing prevention. And so, web apps logically require a convoluted 4-step process including "share" and "add to homescreen" to locate the install button, meaning that all but the most technical users can't find it.

(Hopefully you've noted the sarcasm)

After this the day was quite relaxed. Kyle left before the last session, I guess he'd had enough, and many others in the room did as well. Kush from Mozilla asked about choice screen testing but didn't receive much of an answer, and John brought up data portability, how Apple Photos doesn't do proper photo export - except with Google Photos, and how it doesn't allow users to choose which cloud provider they want to store their data with. Afterwards we went for post-workshop drinks and food, which was great fun. It was lovely to meet lots of like-minded people and organisations, to talk about their problems and work, and to get to know Brussels a lot better. While we travel a long way for a very short amount of time on the mic, there's a lot of other opportunities throughout the events to talk to other participants who come from all sorts of backgrounds, and I would definitely recommend the experience for anyone who gets a chance - although preferably not having been paid by a gatekeeper/stakeholder to pedal their talking points. I also enjoyed the Google workshop as well. OWA wasn't as involved with that as Apple are generally the most problematic party, but we and Mozilla brought up the choice screen hotseat problem (something that Apple have already implemented), which unfortunately was all we had time for with the strict schedule that day.

As a final thought, I called this article "Apple Vs The Law" primarily in reference to the rule of law, about how it should be applied equally and fairly against all, no matter the size and influence of your company. I think some of these gatekeepers - above all Apple, do a lot to undermine this process, in some places genuinely damaging trust in democracy. Going out of their way to paint the DMA law and the EU as overstepping and extreme hurts its reputation, as does the invented rhetoric about it being the "great risk to privacy ever imposed to government" (China?), or that they're "acting without experts in the field". Similarly for the number of covertly funded and supported lobbying groups that they bring to regulators all around the world. And the constant pressure from the US administration to not enforce the DMA - helped in no small part by these gatekeepers. These money-driven practices, which in many ways mirror the propaganda typically produced by authoritarian regimes like Russia - seriously hurt all democracies that they come in to touch with, and is a kind of behaviour that should make Apple, and any other group involved, ashamed of themselves.