Entry and competition in mobile app stores

Entry by rival app stores on the two currently available mobile operating systems is an exciting potential benefit of the European Union’s Digital Markets Act (DMA). Apple and Google will need to share the technical specifications of their interfaces with developers and offer them the same functionalities they give to their own stores.

The DMA also allows developers to disintermediate the legacy stores entirely by mandating downloads from the web to handsets. These changes should stimulate price competition – resulting in fees falling from the current 30 percent – and competition in variety and features.

Privacy and security will be important issues, with the question of who is permitted to offer rival stores being critical. Good enforcement by the European Commission will be necessary to balance gatekeeper rules restricting dangerous services with the need for contestability.

The paper concludes with examples of rival app stores that can be expected to enter. Stores will differentiate through curation, such as stores for children, for those trying to reduce their carbon footprints or for those seeking to use public services in a particular country.

Some stores will innovate through alternative payment schemes – for example, a newspaper store that enables per-article pricing and pioneers innovative data-sharing policies. Lastly, developers such as Epic have long stated their desire to offer stores with innovative technology.

On 25 January 2024, Apple said it would introduce new rules for its Apple App Store in Europe, including charging lower rates for in-app purchases, adding new fee of €0.50 per app download and a method to authorise rival stores1.

These dramatic changes are in response to the European Union’s Digital Markets Act (Regulation (EU) 2022/1925), which opens up the possibility of increased innovation in app stores on mobile devices. But, as always, innovation and the attendant benefit to consumers will only happen if the regulation is enforced well.

Today, Apple’s App Store is the only app store for the iPhone. On Google Android handsets there is one mandatory app store, Google Play, and limited ability for others to enter2. The result is that more than 95 percent of Google Android downloads are through Google Play (Northern District of California, 2021a).

Because users typically single-home on a handset, the result is a duopoly mobile operating system market featuring monopoly app stores. These monopolies offer a one-size-fits-all curation and poor quality, with inaccurate search results, ads cluttering the experience and malware in the store.

Unlike app stores, stores that consumers patronise in both non-digital and other digital contexts are differentiated; they vary in business models, their curation is targeted to satisfy the needs of distinct groups, and/or they make different trade-offs between price and quality.

Furthermore, they must provide a good experience if they want to keep their consumers. The DMA increases contestability so that these beneficial aspects of competitive markets can apply to app stores.

Today, the gatekeeper app store is the only route by which a developer can reach a user of an iOS handset (the operating system used for mobile devices which are manufactured by iPhone), and almost the only route available to distribute to a Google Android handset.

Gatekeeper app stores set rules for developer access to the store; these include security requirements, functionality tests, rules concerning communication with end users and usage fees. These fees are paid by the app developer (business user) when it sells an app in the store or sells any digital content consumed through the app. This is distinct from a service purchased in the app but consumed outside, such as airline tickets. The advertised rate charged by both app stores is 30 percent of the revenue earned by the app developer.

The 30 percent level has no cost basis provided by either gatekeeper; legend has it that the 30 percent was chosen by Steve Jobs as the original commission Apple took on every $0.99 song it sold (passing on $0.72 to major labels and $0.62 to independent labels)3. Many business users – for example, Spotify – do not sell their content on mobile platforms because of the size of the fee4.

Recent market, regulatory and antitrust pressure on the 30 percent fee has caused both stores to create exceptions that can qualify developers to pay lower rates. During the pandemic, both gatekeepers lowered their fees to 15 percent on the first $1 million in revenues by a developer and this lower rate is also charged on subscriptions after the first year5.

Larger developers bargain with the gatekeepers, perhaps agreeing to distribute exclusivity through Google Play in exchange for reduced fees. It was revealed during the Epic versus Google trial that Spotify negotiated a 4 percent commission with the Google Play store to continue selling its content there6.

Both app stores will only distribute apps that have passed the platform’s app authorisation process. This process involves verifying that the app functions as advertised, does not contain illegal, defamatory, discriminatory, or other objectionable content, includes safeguards against users posting such content and adheres to data privacy and security guidelines7.

For example, the store will reject an app that uses proprietary APIs that reach far down into the operating system to gather private data8. Currently both mobile ecosystems spend considerable effort on the app approval process because a significant part of the value of the handset to users comes from the app ecosystem.

Apple requires developers to enrol in the Apple Developer Program to be able to publish an app. This membership costs $99 per membership year9. Google has a similar programme which costs $25 per year10.

In 2022, the Apple App Store rejected 1.7 million apps, which is 27 percent of the 6.1 million apps it reviewed11. Google similarly disallowed 1.43 million apps in 202212. Forty percent of Apple’s app rejections have to do with ‘completeness’ (bugs, broken links, incomplete information etc) but apps are also rejected for misleading users or for having unclear data access requests13. Developers whose apps are rejected may use an appeals process.

Apple’s team consists of 500 experts and review about 100,000 apps every week14. The review process at Google is considered less stringent than Apple’s and relies more on automation than human reviewers15. Google recently announced that it plans to increase investment in the automated approach and recently launched a new ‘real-time’ app scanning system to combat malicious sideloaded apps16.

Developers now must also test their applications with a minimum of twenty people for at least two weeks before publication17. There are more security problems in Google’s store than there are in Apple’s18. For example, according to Kaspersky, an anti-virus software firm, there were 600 million malware downloads in 2023 on Android19.

While both Apple and Google claim they keep dangerous or illegal content out of their stores, it is interesting to observe that Apple has 1.8 million apps in its store while Google Play has 3.6 million, suggesting that some of the Google apps do not satisfy Apple’s criteria. To the writer’s knowledge there is no regulator that evaluates the quality and security of the gatekeeper app stores.

Because a monopoly app store is a bottleneck in getting services and content to single-homing end users, app stores are listed in the Digital Markets Act (DMA) as gatekeepers. The decision by the European Commission in September 2023 designated both Apple’s App Store and the Google Play Store as Core Platform Services that must comply with the rules in the Act.

The DMA contains at least seven rules that improve contestability and fairness in app stores. The profusion of rules designed to help app developers escape the control of the app store is notable. Many European-based app developers have been vocal about their lack of power relative to the American gatekeepers; the focus on app stores in the DMA may reflect this political economy. In addition to rules enabling entry of rival app stores, there are additional rules that permit apps to disintermediate app stores entirely.

Disintermediation occurs when the developer instructs the user to buy its content on the web through a browser but consumes that content on the handset. The ability for a developer to use a distribution route that is not the gatekeeper’s app store, such as sideloading, is also mandated.

These disintermediation options will be particularly attractive to developers if the regulations allowing entry and competition fail to generate competitive prices and quality in app stores. App developers may also want to use their right under the DMA to seek fair, reasonable and non-discriminatory (FRAND) terms from the monopoly store if entry of rivals fails to materialise.

The DMA approach to app stores thus feels a bit like a ‘belt and suspenders’ strategy. Below is an explanation of these seven rules, edited lightly to retain only the portions relevant for app stores.

In the DMA, the foundation of the entry right for rival app stores is Article 5(8) which prohibits tying between Core Platform Services.

“The gatekeeper shall not require business users or end users to subscribe to, or register with, any further core platform services… as a condition for being able to use, access, sign up for or registering with any of that gatekeeper’s core platform services…”

This prohibits the gatekeeper from requiring the use of the gatekeeper’s app store in order to use its operating system CPS.

The basic Article allowing the entry of rival app stores, permitting those stores to be a user’s default and permitting sideloading, is DMA Art. 6(4):

“The gatekeeper shall allow and technically enable the installation and effective use of third-party…software application stores…interoperating with…its operating system and allow those… software application stores to be accessed by means other than the relevant core platform services of that gatekeeper. The gatekeeper shall, where applicable, not prevent the downloaded third-party…software application stores from prompting end users to decide whether they want to set that downloaded…software application store as their default. The gatekeeper shall technically enable end users who decide to set that…software application store as their default to carry out that change easily.”

We see in the last sentence of Article 6(4) a nod towards dark patterns and the consumers who respond to them. The DMA repeatedly makes it clear that gatekeepers must comply in an effective way and not one that tries to preserve the status quo by tricking consumers.

It is one thing to mandate a store must be allowed, but another to ensure that the gatekeeper does not attempt to disadvantage those rival stores relative to its own. DMA Article 6(7) requires that rival stores have the same access and functionality as the gatekeeper’s own service and further specifies that a rival app store must get this access and functionality free of charge:

“The gatekeeper shall allow providers of services, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same hardware and software features accessed or controlled via the operating system as are available to services provided by the gatekeeper. Furthermore, the gatekeeper shall allow business users, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same operating system, hardware or software features as are available to, or used by, that gatekeeper when providing such services.”

It is prudent for gatekeepers to start engaging with entrants before the deadline so that the interface they offer in March functions correctly and has proportionate entry criteria

DMA Article 5(4) explicitly permits an app developer to disintermediate the app store:

“The gatekeeper shall allow business users, free of charge, to communicate and promote offers, including under different conditions, to end users acquired via its core platform service or through other channels and to conclude contracts with those end users, regardless of whether, for that purpose, they use the core platform services of the gatekeeper.”

To give a practical example, a social networking service could list its app in an app store where a user can discover it. Once opened, the app can say: ‘Subscriptions are available for €9.99 at our website by clicking on this link here. You are welcome to subscribe through the app store for €12.99. This higher price includes the 30 percent fee charged by the Apple/Google store’ (Sunderland et al 2020)20.

Under current rules, a developer is not permitted to provide information about lower prices or off-store purchase channels. The new rights would allow the social networking app in the example to pay no fees to the app store, though it would bear the cost of running its own website and processing payments there.

DMA Article 5(5) then explicitly permits the user who acquired the content for less outside the app store to consume it on the handset:

“The gatekeeper shall allow end users to access and use, through its [App Store], content, subscriptions, features or other items, by using the [app] of a business user, including where those end users acquired such items from the relevant business user without using the [App Store] of the gatekeeper.”

In Apple’s terminology this is known as a ‘reader app.’ Apps with significant brand recognition such as Netflix and Kindle have already been able to negotiate for and obtain a reader app. The DMA makes this facility universal. Continuing with the example above, the user who purchases outside the store for €9.99 can then download the social networking app, log in using the credentials established outside, then read and post content on the handset.

A major complaint from app developers has been the 30 percent commission charge by both Apple and Google for distribution through the app store. This commission has been enforced and automatically collected by requiring the use of the store’s payment system and not one belonging to the app or some other third party. DMA Article 5(7) ends this tie and allows the developer to disintermediate the payment service:

“The gatekeeper shall not require…business users to use…a payment service, or technical services that support the provision of payment services, such as payment systems for in-app purchases, of that [app store] in the context of services provided by the [app developer] using that gatekeeper’s [app store].”

The ability to use a different payment processing function could be an equilibrium choice or it could be a useful outside option for bargaining. The efficient choice for a developer will depend on the cost of running rival stores as well as the ability for users to discover apps in those stores. The law allows for a choice between selling on the web, distributing through a rival app store that collects payments under competitive terms, or staying in the gatekeeper’s app store.

The law also requires that a developer be able to get onto the handset without going through the gatekeeper app store. Today this is known as sideloading. A user navigates to a web page using their browser and then clicks to download and install the app on their handset.

Sideloading is not possible on iOS devices but is enabled on Google Android. The Google procedure, however, comes with a long series of alerts and checks warning the user of the danger of installing an unauthorised app on the handset. DMA Article 6(4) states that app stores must

“allow those software applications or software application stores to be accessed by means other than the relevant core platform services of that gatekeeper.”

This rule is not specific as to what the alternative route must be and therefore some choice to the gatekeeper. As noted above, Google permits sideloading already. If Apple does not want to allow sideloading because of the security risk, it will have to develop an alternative.

If rival app stores were pre-installed on iOS, this would provide means other than the gatekeeper store for business users to get on to the mobile operating system.

Lastly, DMA Article 6(12) mandates that app stores must set FRAND terms for access and prices:

“The gatekeeper shall apply fair, reasonable, and non-discriminatory general conditions of access for business users to its software application stores listed in the designation decision.”

This is the fallback for a developer who faces the kind of tactic that Apple used in the Dutch case when the company allowed developers to use rival payment functions (likely costing very little) but then raised the developer’s costs again by imposing a new 27 percent fee on developer revenue21.

The result of the all the antitrust enforcement and commitments was therefore a negligible change in the 30 percent fee paid by developers. The Netherlands Authority for Consumers and Markets is now pursuing an excessive pricing case under Dutch competition law which may possibly be superseded by 6(12) of the DMA in March 2024.

In this section, I provide some suggestions of possible app stores that would have an attractive business proposition and therefore an incentive to enter. The value of some rival app stores will be in curation.

Today’s app stores have millions of apps, but most of them are apps in which any given user is not interested. An app store that contained a curated set of apps based on a user’s interests might be attractive. A store could attract users with a curated set of apps geared around a community interested in functionality, located in a geography, or otherwise having specialised demand.

Any niche content that is sufficiently attractive to users could be successful as there is no need to build network effects at the store level; rather, the store rides on the two-sided network effects already created by the CPS. Recall that under the DMA, a user must be able to have more than one app store on a handset.

Consequently, there are no barriers to setting a niche app store as the default and installing the Apple or Google app store in addition for more mainstream or generic content. A second way in which a rival app store can add value is through lower fees and more creative ways of handling payments. A third strategy is through more creative use of technology.

I will take the above categories in turn and provide some hypothetical examples of app stores that might be demanded by developers and/or users. I will use the names of real corporations to fix ideas, but stress that I have not asked these corporations if they are working on any such projects.

A ‘Green Store’ could contain apps that help users lower their carbon footprint. There might be no payment innovation in such a store at all, but rather its value proposition would lie in curation. The best apps for navigating public transit would be included.

The store would evaluate the electric scooters available for rent in many cities across Europe and include the one with the greenest profile in the store. The food delivery service with the lowest carbon footprint and the coffee shop with the best recycling record could obtain more customers by participating in the review process of the store.

Restaurants, banks and other brick and mortar options could be similarly evaluated, as could digital businesses. All advertising in participating apps could be required to be carbon neutral22.

An obvious candidate for an alternative app store is one set up by a parent for a child’s device. A parent might want a store that has age-appropriate content that is very carefully chosen by a certain brand – for example, Disney. The store could include Disney content as well as other apps geared for children.

If the child downloaded an app from the Disney store by themselves, parents would not worry that it could be harmful or inappropriate. A parent might well want to remove all other app stores from the handset the child uses, so it is critical that the handset works without the gatekeeper’s store.

A Disney store might want to experiment with payment models that allow a parent to buy ‘points’ to give to their child which the child could spend on content in the store, for example.

A government could establish a store that contains all the apps available for interacting with government authorities in that country. There might be federal, state and municipal apps for managing pensions, property taxes and parking tickets to name a few.

A citizen of Belgium does not want to sort through millions of apps to find the ones useful for him or her. A citizen could more easily discover useful digital services by browsing the Belgian government app store. Perhaps by entering a home address, relevant apps for a user’s state and city could be surfaced or could market themselves to the relevant users.

Security in the store might be determined by the government of Belgium and then some apps might be able to share citizen’s data between them (with permission). Naturally the government does not want to lose tax revenue by paying a distributor any significant percentage of revenues collected in the store, so the freedom to choose and manage a payment processor is critical to success.

Presently, both app stores charge online gaming companies 30 percent of in-app purchases. Games like Candy Crush, Fortnite and Roblox are free to play but charge for additional levels, powers, better odds, or access to loot boxes. The app store keeps 30 percent of the payments users make as they play.

A Steam gaming app store could offer popular games while charging developers only 10 percent of in-app purchases, or even less if competition drives down those fees.

The app store need not have any more capabilities than incumbent app stores to attract developers, rather, it is the lower fee that causes developers to want to distribute (perhaps exclusively) through such a channel.

Once enough popular content is available in a gaming store, such a store becomes a good place for an entering developer to distribute. A company, like Valve which already has a gaming store (Steam) for PCs, could distribute the games of others as well as develop its own gaming apps for the mobile market.

A developer with niche content may not be able to induce customers to transact on a web page; a rival store could provide a frictionless distribution process at low cost. The certainty of having access to consumers at a lower cost will incentivise innovation by both app stores and apps.

A company with enough existing games may be able to attract users to a proprietary app store that contains only its own content. King Games (maker of Candy Crush, now owned by Microsoft) owns many popular mobile games. A King app store would allow the company to stop paying 30 percent of its revenue to gatekeepers and instead use that money to build and run its own store and cross-promote its own games within that store.

Games with sufficiently well-known brand names and large installed bases will help business users migrate end users away from legacy app stores to these new options.

An association of newspapers could run a cooperative news store that contained the individual apps of each newspaper. Users could subscribe to one or more publications and pay through the store, which could be run as efficiently as possible so that the newspapers keep close to all the revenue rather than only 70 percent.

The store would establish data policies with consumers that permit more interaction between the subscriber and the newspaper, something that is often restricted in gatekeeper app stores23. Such a store could offer alternative revenue models such as ‘per article pricing’ using the method of payment the user has registered with the store.

Today when clicking on a link to an interesting article and finding that the newspaper is behind a paywall, a user can either buy an annual subscription, or not read the article at all. This likely results in lost sales from casual readers who do not want to accumulate many expensive subscriptions.

However, such a user might be perfectly happy to pay a small amount like 30 cents to access that single article of interest. With technologies already in use, a store could allow participating newspapers to offer micropayments for access to individual articles. This business model would allow newspapers to increase their revenues and the reach of their brands, while staying in control of their customer relationships.

The American Express card could run a store for its card holders that offers useful apps for rich people and those who travel frequently. The American Express card would be the payment method for all purchases in the store. The store would carefully curate apps to appeal to AmEx users who might be particularly interested in new innovations, luxury versions of products and services, apps geared towards events like tennis tournaments, and so forth.

Apps that want to promote their services to card holders in exchange for discounts or special offers would be selected by the store, and those purchases would take place through the American Express card lodged with the store.

Automakers might want app stores that contain both apps they market to the drivers of their vehicles, but also apps that help drivers use and maintain their vehicles. Data sharing within the store might be appropriate for safety reasons. Some apps in the store might need to connect to the vehicle and therefore have special technical characteristics.

Up until now, this article has distinguished between apps and app stores, but it may be better to think about any individual software service as lying somewhere on a continuum between them. For example, a game like Minecraft might start out as an app, but could be developed to allow users who design new tools or costumes to sell them to other users within the game.

Such a game could create a marketplace within it where gamers can buy new experiences within the game – a bit like mini games – thus making a small gaming store within the original app.

Epic Games wants to have its own app store through which it can both avoid the 30 percent fee charged by the Apple and Google stores and have more control over technology. It plans to develop the Metaverse, a virtual world that is the vision of Epic’s CEO Tim Sweeney. His idea of the metaverse is fundamentally different from the present gaming environment24.

Today, users engage in disconnected entertainment experiences such as Fortnite (which is operated by Epic), Metaverse (Meta) and Roblox (a gaming platform). In the future, Sweeney wants to replace proprietary technology with open standards, file formats and networking protocols so that all systems can interoperate and the user experience becomes seamless. Service providers, like Epic and Roblox would negotiate terms with operators to ensure they have direct consumer relationships25.

Epic brought monopolisation cases against both the Google and Apple stores in the United States in an effort to break their control and obtain the right to launch an app store26. Epic lost the case against Apple in 2021; nine out of ten of its claims were dismissed27.

Led by Utah, 36 states filed a lawsuit in 2021 alleging that (1) Google imposes technical barriers that limit third-party developers from distributing apps outside the app store and (2) requires developers to use Google Billing as a payment’s processor28 (Google Billing forces app developers to pay up to 30 percent of their revenues to Google).

Private Section 2 cases in the United States often settle because it is more profitable for all parties to share the monopoly profit than it is to give a substantial share of that profit to consumers by competing. It is therefore not surprising to learn that small developers and Google reached a settlement where Google would put $90 million in a fund for developers that earned less than $2 million from 2016-2129.

Likewise, Match Group, a former Google partner, also announced a last-minute settlement30. Google will take 11 percent of Match’s subscription revenue and 26 percent of its in-app purchase revenue on transactions using Match’s own payment systems or Match will owe Google its standard 15 and 30 percent fees for transactions that use Google’s in-app purchase system.

The similarity of these headline numbers to the standard Google terms (given the cost of running a payment system) suggests Match did not gain from the settlement. But if Google wanted to establish a new ‘benchmark’ for other developers, a settlement that does not change Google’s effective fees combined with additional confidential consideration for Match would be the right choice.

Epic did not settle because the CEO sought the ability to run his own store that would control both payment and technology; a financial payout from Google would not have satisfied this goal31. That left Epic as the sole developer in the case, which it won in December 202332 (however, there is a risk that the jury’s decision is overturned entirely by an appellate court or the Supreme Court when Google appeals).

Google also settled with all 50 US state AGs for $700 million and remedies that are reportedly like those agreed to by Match, namely User Choice Billing and a somewhat easier sideloading process33. The option for a rival app store to enter on Google Android both the United States and Europe might increase the response to the DMA.

The strategies above assume that users trust the entering app store to follow all relevant laws and regulations concerning privacy, security, safety of data and so forth. However, if the app store market is opened up by the DMA, it seems likely that some untrustworthy store operators could try to take advantage of the rules to enter and exploit consumers at either a technical or commercial level.

The law contains provisions allowing the gatekeeper to safeguard against the first of these risks by taking steps that are strictly necessary and proportional to safeguard the integrity of the operating system:

“The gatekeeper shall not be prevented from taking, to the extent that they are strictly necessary and proportionate, measures to ensure that third-party software applications or software application stores do not endanger the integrity of the hardware or operating system provided by the gatekeeper, provided that such measures are duly justified by the gatekeeper.”

The text of DMA Article 6(4) places the burden on the gatekeeper to both show the measures are strictly necessary and proportionate and to ‘duly justify’ them to the regulator. These requirements are critical to establishing contestability because a gatekeeper could easily make claims such as ‘all entrants endanger the integrity of the operating system’ and the like. Without limits on this strategy, security claims would be an effective way to block competition.

Apple and Google will have to establish a procedure for certifying that the app stores that connect to their CPS’s satisfy European safety and privacy standards34. These gatekeepers may affirmatively want to authorise rival app stores to keep their users safe.

On the other hand, gatekeepers may prefer not to authorise rival app stores because users will be more likely to stay with incumbent stores if entrants seem unsafe. If users are afraid to use rival app stores, gatekeepers will benefit. By contrast, strict entry criteria can allay those fears and promote entry.

For this reason, effective compliance may require that gatekeepers create a list of proportionate criteria, including minimum security requirements, that an entering store must meet, as envisioned in DMA Art. 6(4). Then the gatekeeper could carry out the review, making sure to use a process that is transparent and unbiased. The fee the gatekeeper charges must of course be reasonable and cost based.

An alternative approach could be to outsource the review process to approved third parties. Outsourcing is particularly attractive if the entering store has proprietary features it would like to keep confidential as it competes with the gatekeeper’s store.

The gatekeeper could select third party consulting or accounting firms with the requisite skills to carry out all or part of the authorisation process according to the criteria established by the gatekeepers. Multiple businesses offering the authorisation process would assure rival app stores of cost-based pricing and lack of bias.

Authorisation should not just include technical and security criteria but also review the suitability of corporation itself to have access to end users; entrants should have appropriate governance, financial stability, transparency of ownership, ability to compensate users in case of breach and so forth.

Apps will still need to be approved in the normal way by the gatekeeper. Gatekeepers will have to show that their app approval process is unbiased and cost-based, or this step could be abused in a way that reduces contestability and fairness both in the app market and in the app store market.

Indeed, the existing app review process is critical for the easy entry of stores specialising in curation. If an entering store simply organises and surfaces the apps its group of users wants while continuing to use the gatekeeper’s payment system, there is no technological change caused by such a store.

Because the apps in the rival store have been approved by the gatekeeper and continue to pay the gatekeeper, it is hard to imagine a principled objection by the gatekeeper to any element of this strategy; it simply improves the user experience for those users that choose to download the store.

Some apps will choose to be exclusive to one app store because it has favourable terms or provides a strategic partnership. It seems inconsistent with the goals of contestability and fairness for gatekeeper stores to require exclusivity from third-party apps exactly because the most popular apps could help rival stores gain traction with users.

The DMA does not directly prohibit other popular apps of the gatekeepers themselves, eg. Gmail, from being exclusively distributed through the gatekeeper’s store. It is not clear to me how the DMA will affect the distribution of apps that are themselves Core Platform Services, for example YouTube and Google Maps.

However, if many apps choose an exclusive distribution strategy, this increases the likelihood that users will want multiple app stores on their handset. Multihoming will become common.

User multihoming raises the question of search costs for users trying to find a particular app. If a user opens her default store to search for a particular app and the store does not have it, can the store let her know which stores do carry that app?

Such a functionality clearly improves the user experience. But more importantly, it strengthens entrants’ ability to be an attractive default store. If a user must carry out a separate search in each store to find the app she is interested in, she will begin in the store with the greatest number of apps, which is likely to be the legacy store.

Once the user is in the legacy store, if she does not find the app she is looking for, she will likely be offered a substitute which she may choose and download because of both choice architecture and search costs. The original app that she was searching for then loses that sale. This pattern of behaviour will make it much harder for entrant stores to attract developers and therefore users.

If, by contrast, the entrant store can inform a user of the existence of a searched app in a different store, that entrant store becomes an attractive ‘first port of call.’ This functionality requires app stores to share the data on which apps they distribute at what prices in a public manner, just as video streaming services do in the US35.

Note that the entering app store cannot sell the app it does not distribute, nor otherwise benefit from the listings of other stores. Indeed, a listing is likely to send the user away, and therefore benefits stores that share their data and distribute many apps.

A universal search functionality therefore benefits everyone: users, entering stores, developers, and large legacy stores. While mandating universal search in a setting in which consumers multihome may seem obvious, it has been controversial in the past – for example, in the airline industry.

Big airlines have refused to push out their flight schedules to metasearch sites such as Kayak and Flight Penguin while doing so for limo services and other complements36. This was the case even though the metasearch sites did not sell any tickets or charge the airline any fees, but simply linked users to the airline’s own site to buy the ticket.

Reducing user search costs is not typically a profitable strategy for a provider with market power. Gatekeeper stores may therefore claim some combination of lost ad revenue, trademark infringement, or breach of existing agreements as reasons not to share listing data.

The Commission may have to affirmatively approve the sharing of store data and/or suggest that withholding it could be a competition violation. Additionally, to maintain this functionality as the market develops and entrant stores grow, sharing app lists could be required to obtain annual authorisation for a rival store, as well as be a requirement for legacy stores37.

The distribution of rival app stores is an interesting problem. How will users obtain such a store? One option is that gatekeepers are required to offer a ‘store of stores’ in which they distribute authorised rival app stores.

Another is that those approved rival stores are located within the legacy app store where they can be easily found by users alongside apps. A third is that rival stores are sideloaded from the web. The first two options require the gatekeeper to include authorised entrants in reaching customers, which is against its financial interests.

The third puts the most hurdles in the path of the entrant, but also requires more technical work from the gatekeeper to maintain security while permitting entry, as is required.

Many of the stores we expect to see entering at first will specialise in curation only, meaning that they will only be distributing apps that are already approved by each gatekeeper. Such stores are particularly safe from a technological point of view.

Moreover, they also comply with the privacy and content policies of each gatekeeper (eg. no pornography). Because such stores are just bundles of approved apps that do not harm the gatekeeper’s reputation in these ways, it may be sensible to require the gatekeeper to distribute that kind of rival store in its gatekeeper store, or in its ‘store of stores’ if it chooses to create one.

Such rivals will then be easily discoverable by users and can be downloaded without any friction. The same may be true for stores that change only the payment method they use, but otherwise simply curate a group of approved apps. This strategy also raises no difficult issues for the gatekeeper.

An approach that existing developers may use is to update a popular flagship app already distributed in the legacy app store. The new app could take advantage of the elimination of gag and anti-steering rules to guide consumers to additional apps outside the legacy store. The flagship app will explain, promote and steer a consumer to an offer that is available through a link outside the legacy app store.

The offer would be attractive in some way – lower prices or greater benefit – which would cause the user to click to obtain the update to the app. For example, a user could open their favourite gaming app and see a link to a version of the app that offers more powers, free features, or extra points.

When the user clicks on the offer, they are taken to the web where they download a new version of the app. This app would contain within it the ability to surface and obtain other games and to accept payment – the critical functionalities of a store.

In other words, there is no fixed boundary between an app and a store, but rather a progression of functionality. Rival stores may start out as new versions of a gaming app with an alternative payment system. This strategy provides access to the installed base of the popular app and reduces user friction. The app can then grow over time to offer more games inside itself, marketplaces and social functionalities as business users learn what works and what users want.

In this narrative, the path from a single app to a store is a continuous one, rather than a discrete jump. Such a path would enable the rival app store to continue to distribute its app in the legacy store and allow the millions of users in that store to easily discover it. But users who then upgrade gain the advantages of competition because of the better offers and functionality they can now choose within that store.

Apps that do something technologically innovative raise more difficult distribution issues because they may not fit the policies of the existing legacy app store and therefore cannot be discovered by users on that channel. These rivals may have to use the alternative channels the law provides. Apple has argued that allowing sideloading raises security concerns (Apple, 2021).

It is worth noting that platforms have overcome the technology dimension of this problem in the past. Both the macOS and Windows allow users to purchase apps from many sources38. Sweeney points out that “it’s the operating system kernel that provides the security” by preventing apps from accessing data and services they aren’t allowed to access39.

But sideloaded apps might also violate the content standards of the gatekeeper which come in two types. A gatekeeper’s aesthetic standard (eg. a game called ‘COVID’) serves as a dimension of differentiation and is likely not a concern in a sideloaded game or store.

Other store standards, such as the prohibition of illegal gambling or apps selling counterfeit goods could be part of the rival store authorisation rules because such rules protect end consumers from danger. Rival stores would require authorisation to operate on the gatekeeper regardless of the channel through which they were distributed.

The fact that app stores will pay no fee for interoperability with the software functionality of the core platform service (CPS) requires discussion (DMA Art. 6(7)). The topic of optimal access fees has a long literature in regulatory economics (eg. Laffont and Tirole, 1993). The benefit of optimal access fees is that they create the right levels of investment and innovation on both sides (Tirole and Bisceglia, 2023).

The DMA recitals indicate that the European Parliament found a lack of innovation on the side of the gatekeeper despite the large rents flowing to gatekeepers. Therefore, one purpose of the DMA is to rebalance rents to provide returns to investment and innovation on the business users’ side where innovative potential may be unrealised40.

This argument may explain the European Parliament’s choice to mandate access at no charge in so many places in the DMA. Moreover, to the extent the European Parliament feels the corporations in question violated the antitrust laws to obtain their market power, it may not be equitable to then permit them to collect yet more profit from business users.

In addition, a fee of zero is much easier to administer and enforce than many different fees over which the parties litigate for years. If Apple or Google charge fees to rival apps, such business will have higher accounting costs than Apple’s or Google’s versions of those businesses41 and would therefore be less viable when competing against them. This harms both contestability and fairness.

The same holds true for app stores. Because the outside option for the business user (disintermediation of the app store) is so good, an entering app store that pays extra fees to the gatekeeper on top of its own costs may not be competitive in the marketplace, whereas an app store whose fees are driven only by the costs of running the store will be.

New app store entrants are entitled to operate using these business models beginning in March 2024 when Core Platform Services must comply with the DMA. An entering app store that wants to attract consumers in March must get ready beforehand. It must build its software, work out its value proposition to users and develop a business model. The first requires engagement with the gatekeeper mobile operating systems.

Business users must receive from the gatekeepers all the technical specifications needed for an app store to interoperate with the operating system. Business users will also want to know what security checks the gatekeeper plans on performing, which will involve corporate processes such as insurance and governance of the security of data and review of the underlying code.

Gatekeepers will need to establish clear timetables for app store reviews. If gatekeepers are unprepared or unwilling to disclose this information to app store entrants before March 2024, then entry will necessarily occur later, thereby delaying the benefits of contestability and fairness to both business and end users.

Moreover, if there is any problem with a gatekeeper’s plan such that a competent rival store is not able to exercise its rights in March of 2024, then that gatekeeper will have failed to comply with the DMA and the Commission may open compliance proceedings. Significant fines could result, or, in the case of multiple infractions, structural remedies such as divestiture of the app store could be imposed.

For this reason, it is prudent for gatekeepers to start engaging with entrants before the deadline so that the interface they offer in March functions correctly and has proportionate entry criteria.

It is also possible that the surplus unlocked by allowing app stores to enter, differentiate and innovate is sufficiently large that gatekeepers decide it is more profitable to benefit from this new world rather than fight it. Such a calculation might be more likely if gatekeepers face regulatory or legal requirements in more than one jurisdiction.

For example, litigation in the US may require Google to make significant changes to the way it treats rival app stores. There are surely economies of scope to running one app store interface that is compliant in all jurisdictions.

Apple’s revenue primarily comes from non-app store sources such as the sale of hardware; the company’s hardware and services will be more valuable if users can discover and use more innovative apps in the Apple ecosystem.

If both gatekeepers determine that making rival app stores work well is, all things considered, the most profitable strategy, then they will have a reason to comply. The regulator’s role would become easier in this setting, though technological choices would no doubt remain contentious.

In either case, effective enforcement by the European Commission will be critical to the existence and functioning of rival app stores and the timing of their entry.


1. See Apple press release of 25 January 2024, ‘Apple announces changes to iOS, Safari, and the App Store in the European Union’.

2. Google permits rival app stores to be installed on its devices, but they have inferior technical capabilities, Google pays developers not to use them and they cannot serve as a user’s default or main app store because the code inside Google Play is broadly needed for app functionality. See Epic Games v. Google, Northern District of California (2021a).

3. Jack Nicas, ‘How Apple’s 30% App Store Cut Became a Boon and a Headache’, New York Times, 18 November 2020.

4. Oliver Darcy, ‘Spotify is going to war with Apple after the App Store rejected its big new feature’, CNN Business, 1 November 2020.

5. Sarah Perez, ‘Apple dropping App Store fees to 15% for small businesses with under $1 million in revenues’,, 19 November 2020; Chaim Gartenberg, ‘Google will reduce Play Store cut to 15 percent for a developer’s first $1M in annual revenue’, The Verge, 16 March 2021.

6. Sean Hollister, ‘Epic CEO Tim Sweeney: the post-trial interview’, The Verge, 12 December 2023.

7. See Apple Support, ‘App Store Review Guidelines’.

8. See Apple Support, ‘2022 App Store Transparency Report’.

9. See Apple Support, ‘Choosing a Membership’.

10. See Play Console Help, ‘How to get started with Play Console’.

11. See Apple Update of 16 May 2023, ‘App Store stopped more than $2 billion in fraudulent transactions in 2022’.

12. Google Security Blog, ‘How we fought bad apps and bad actors in 2022’, 27 April 2023.

13. See Apple Support, ‘App Store Review Guidelines’.

14. See

15. Sarah Perez, ‘Google Play tightens up rules for Android app developers to require testing, increased app review’,, 9 November 2023.

16. Zack Whittaker and Jagmeen Singh, ‘Android’s new real-time app scanning aims to combat malicious sideloaded apps’,, 4 November 2023.

17. Android Developers Blog, ‘Ensuring high-quality apps on Google Play’, 9 November 2023.

18. Matthew Humphries, ‘Google Play Store Is Main Distributor of Malicious Apps, Study Reveals’, PCMag, 12 November 2020.

19. Alanna Titterington, ‘Google Play malware clocks up more than 600 million downloads in 2023’, Kapersky Daily, 9 November 2023.

20. See also Ashley Gold, ‘Spotify previews new EU app with App Store bypass’, Axios, 24 January 2024.

21. John Porter, ‘Apple proposes 27 percent commission in Dutch app store dispute’, The Verge, 4 February 2022.

22. See

23. See Apple Support, ‘About privacy information on the App Store and the choices you have to control your data’; EU notice of antitrust proceedings in case AT.40716 – Apple – App Store Practices, initiated 16 June 2020.

24. Patrick McGee, ‘Tim Sweeney: Epic will fight Apple and Google to keep the metaverse open’, Financial Times, 26 May 2022.

25. Alex Heath, ‘Epic Games CEO Tim Sweeney thinks ‘every politician should fear’ Apple’s power’, The Verge, 8 December 2022.

26. Epic Games v. Google, No. 3:20-cv-05671 (Northern District of California, 2021a); Epic Games, Inc. v. Apple Inc., 4:20-cv-05640-YGR (N.D. Cal.).

27. Epic Games, Inc. v. Apple Inc., No. 20-cv-5640 (N.D.Cal.), judgment entered 10 September 2021; Epic Games, Inc. v. Apple Inc., Nos. 21-16506, 21-16695 (9th Cir.), judgment entered 24 April 2023.

28. Utah et al v. Google, No. 3:21-cv-05227 (Northern District of California, 2021b).

29. Reuters, ‘Google to pay $90 million to settle legal fight with app developers’, 1 July 2022. 

30. Jay Peters, ‘Match drops out of Google Play antitrust showdown’, The Verge, 31 October 2023.  

31. Sean Hollister, ‘Epic CEO Tim Sweeney: the post-trial interview’, The Verge, 12 December 2023.

32. See Epic Games press release of 11 December 2023, ‘Epic v Google Trial Verdict, a Win for All Developers’.

33. Sean Hollister, ‘Google to pay $700 million and make tiny app store changes to settle with 50 states’, The Verge, 19 December 2023.

34. Perhaps gatekeepers can ask the Commission to further specify that process under DMA Article 8(2).

35. Streaming service Roku, for example, has a universal search functionality that provides a list of which streaming services distribute a particular film, for example, under which type of subscription, or for what price if it is a pay-per-view offer.

36. Jack Nicas, ‘Travel Websites Allege Delta Air Lines Is Shutting Them Out’, Wall Street Journal, 20 May 2015.

37. Recital 47 of the EU Database Directive (Directive 96/9/EC): “protection by the sui generis right must not be afforded in such a way as to facilitate abuses of a dominant position, in particular as regards the creation and distribution of new products and services which have an intellectual, documentary, technical, economic or commercial added value; … the provisions of this Directive are without prejudice to the application of Community or national competition rules”.; Ben Amunwa, ‘Do no harm: ECJ finds in favour of meta-search engines in ‘database right’ dispute’, Law, mostly, undated.

38. Chance Miller, ‘Apple’s head of security speaks out against iPhone app sideloading in new interview’,, 18 November 2023.

39. Sean Hollister, ‘Epic CEO Tim Sweeney: the post-trial interview’, The Verge, 12 December 2023.

40. Teh and Wright (2023) demonstrated that in the context of competitive platforms where business users (sellers) mutlihome and users single home, welfare outcomes are not optimal and are particularly harmful to the business users.

41. Unless the subdivisions of the gatekeepers are required to include opportunity costs in their internal cost accounting and managerial decisions to fully reflect those net profits.


Apple (2021) Building a Trusted Ecosystem for Millions of Apps, A threat analysis of sideloading, October.

Laffont, J-J and J Tirole (2023) A Theory of Regulation and Procurement, MIT Press.

Northern District of California (2021a) ‘Epic Games, Inc., v. Google’.

Northern District of California (2021b) ‘State of Utah and others v. Google.’

Sunderland, J, F Herrera, S Esteves, I Godlovitch, L Wiewiorra, S Taş … A Renda (2020) Digital Markets Act, Impact Assessment support study, Annexes, European Commission, Directorate-General for Communications Networks, Content and Technology.

Teh, T-H and J Wright (2023) ‘Competitive Bottlenecks and Platform Spillovers’, mimeo.

Tirole, J and M Bisceglia (2023) ‘Fair Gatekeeping in Digital Ecosystems’, TSE Working Papers 1452, Toulouse School of Economics.

This article is based on Bruegel Working Paper 03/2024.