EC DMA Compliance Workshops

2 hours ago 2

At the beginning of summer, the European Commission held a series of “DMA 2025 compliance workshops” to let the public post questions to the “gatekeepers” as designed under the EU’s Digital Markets Act (DMA). Apple App Store, Google Play, Google Maps and Android are all designated as gatekeepers by the European Commission, and are therefore regulated to allow competition with them. These workshops touch on a range of different topics, from self-preferencing behaviour to app store management practices. I traveled to attend in person to represent the F-Droid community, and free software in general, in these proceedings. My travel expenses were covered by your donations to F-Droid, thanks to those who made it possible for me to be there!

Naturally, I was there to talk about app stores. There are two specific points where F-Droid really has been swaying the discussions: Apple claims their review process is the best. Google claims that they already comply with Digital Markets Act because they allow third party app stores and installing apps outside of Google Play.

F-Droid clearly demonstrates the shortcomings of Apple’s review process. For example, they never review source code, only the binaries. Ask any source code auditor and they will tell you, you have to review the source code to get a full picture. Also, their reviewers work for Apple, which has a monetary stake in the apps they are reviewing. Apple gets a large cut of the revenue from all app sales. That means that Apple sometimes lets apps that make them a lot of money bend the rules.

Google has built up a very different strategy for their gatekeeping since Android started out as an unknown competitor. Android promoted itself to developers and OEMs by being largely open source and relatively open. Indeed, that’s why I got involved in Android and dropped iOS back in 2008. Google has a strong track record of securing the platform, and has provided solid user experience design over the years. They lean on their reputation, and have a well documented track record of using security and UX concerns to steer users towards choosing Google over competitors. In terms of the DMA, this is known as self-preferencing. We can see clear examples of this with the Play Protect scare screens that many FOSS apps have been hit by. These have said there were security issues in F-Droid, yet they have never reported any of these to F-Droid (which is required under the rules of responsible disclosure). They did not even provide us any way to find out why they flagged our app. For all you developers who have also been affected, the European Commission wants to hear from you! There is a consultation open until September 24th, they are seeking feedback about how you have been affected. The most valuable feedback includes technical details and references to official documentation. Just getting your perspective out there in a blog post is also valuable. Please contact us to let us know about information you think might be relevant.

One thing that is clear from these proceedings is that Apple and Google are no longer driven by innovation or developing technology. The competition lawyers are in charge now. They have to defend those immense monopoly profits for their shareholders. It was quite amazing to see these polished competition lawyers from Apple and Alphabet/Google put on a friendly face while actually being quite disrespectful of the European Commission and the EU democracy it represents. Of course, they do it in a friendly, polished way. There was no rude language or insults. Instead, there was lots of dodging solid questions based on calculated ignorance. There were statements to the effect of “we don’t really care about these proceedings because we’re going to drag this out in the courts as much as possible.” Apple was for many years a company respected for design and technical innovation. Now they champion their $1 billion plus legal budget and “high-risk legal strategies”. This is not the behaviour of an innovative company, this is monopolist behaviour. You can see it in how Tim Cook, CEO of Apple, thinks about their lawyers:

I don’t want [the legal department] to stop pushing the envelope because that’s why legal is an important function in the company.

The Google representatives started out this process highlighting how they were open, already complying with key provisions, and wanting to work with Europeans to comply. I will give kudos to Google, they started out actually engaging with the requirements of the DMA and making real improvements that users want. For example, Google shipped its first data portability tools in 2022, when the DMA had just passed, and have been improving them since. Apple is just now finally doing something useful around data portability, rather than just wasting people’s time and threatening more lawsuits. And some, but not all, of these features might be available worldwide, rather than just in the EU. In this most recent showing, Google’s tone has shifted. Now that Google are also being held to account, they have started to take on a lot of the same contentiousness as Apple has approached the Digital Markets Act with. And they have become more brazen in their defence of their monopoly.

Google has recently announced a number of changes that increase their level of control over the Android ecosystem:

  • Google is no longer developing AOSP in the open at all anymore. They also withhold source code for a lot longer, making working with AOSP source code a lot harder for projects like CalyxOS and LineageOS.
  • They stopped releasing the device tree source for Pixel devices, so alternative Android versions now have to recreate those in order to run on Pixel devices.
  • They launched Android Developer Verification, which severely restricts installs outside of Google Play. All app developers need to pay a fee and submit info on themselves (actual legal IDs) with a list of their apps to Google for approval or the user won’t be able to install their apps anymore. Back in 2018, AOSP developers reached out to us about a feature that sounds very much like Android Developer Verification. We told them that if they shipped that, it would kill F-Droid and third party app stores. Looks like now, that might be part of why they are rolling this feature out. The 2018 version allowed users to control who approves the developers but there is no sign this current scheme will work with anything other than the Google controlled list.
  • Any developer or organization that wants to publish a mobile app now has to comply with either Apple’s or Google’s Terms of Service. That means two US companies now have a say in the apps that our governments make for their citizens, around the world.

Clear wins for the Digital Markets Act

Looking back at two years of DMA enforcement, there are some clear wins:

  • Android improved their APIs for app stores, like making background updates possible without requiring elevated privileges.
  • Both Apple and Google put in a lot of effort to work on data portability.
  • DMA enforcement gives us a new tool to push back on invalid “scare screens” like we have seen with Play Protect.
  • There are actually a couple non-Apple apps stores available for iOS now.
  • Apple reversed its ban on Progressive Web Apps.

How was the whole thing being gamed?

Unfortunately, that’s not the whole story. The Big Tech firms are pushing hard to game these proceedings in their favour. They have massive piles of cash to work with from all those years of massive monopoly profits. I went to Brussels as a volunteer to attend the workshops for Apple and Alphabet because of my over 10 years of experience working on app stores and 30 years of free software work. There were people from Mozilla, EDRi, microG, FSFE, BEUC, CalyxOS and Open Web Advocacy. It was also nice to see DuckDuckGo, Vivaldi and some other companies there, backing the European Commission’s work.

Then there were a number of organizations said to be representing small and medium size developers who receive funding from Google and Apple. Unsurprisingly, they have positive feedback about Google and Apple, and the Google and Apple lawyers were happy to talk to them in the coffee breaks. When I approached, I was offered an email address to reach out to rather than any kind of answer to my questions, or even any further discussion. There was clearly some astroturfing going on there. I had one extended comical conversation with a guy there who loved jumping in the talk about how great Apple and Google are. I asked him why he came. He said he was just interested. I asked whether he worked on app developments, he said he didn’t, but worked in recycling. Out of curiosity, I asked whether he thought the recycling business was in any related to the DMA. He started acting dodgy and said no. I kept asking friendly questions around how he financed his DMA work, and the dodges just kept on getting funnier and funnier. It was also quite funny to see how Google’s lawyers chatted amongst themselves and did not listen when getting questions from those kinds of organizations. It was like they knew their people, so they would not have anything to actually respond to.

Massimo Albarello, the CTO of what seems to be yet another surveillance capitalism startup (data mining CTO 🧐 + monetization CEO 🤑 = ???), gave a tech demo on behalf of Google. This was yet another action from Google that seemed aimed just to waste everyone’s time and avoid answering questions from the public. Another such moment is when the Google lawyers played a video demo of their data portability features with a painfully cheesy AI-generated narration.

Apple and Google had only very highly paid competition lawyers there to answer questions. It seemed like any good question that referenced something vaguely technical, like “GMS”, was waved aside with calculated ignorance. Google talked about how they had thousands of developers working on the DMA compliance and about how hard it is to hire good developers. If that is actually important to them, they should stop disrespecting the developers like those in our ecosystem, who have helped make mobile devices what they are today.

The Google and Apple lawyers seemed to share the tactic of just running out the time as much as possible. They went overtime on their presentations, which were largely marketing speech and fluffy statements. They gave long winded answers which adeptly avoided actually answering the questions that were posed. “Malicious compliance” seems to be the Big Tech game plan here.

It is important to point out that the DMA is popular in Europe. Hundreds of academics just posted an open letter asking the European Union to stand up to Big Tech and enforce laws like the DMA. And many countries around the world are closely following the DMA and even working on similar laws themselves. If you also want to see the Digital Markets Act succeed, then your contributions are needed! There are many ways to contribute.

  • I’d love to see more people digging into Big Tech’s responses and calling out their bad behaviour. 🤔 The full videos of the workshops are online for Apple, Alphabet and the rest. Have at it! 😃

  • If you have technical knowledge of apps, installation, app stores, signing systems, etc. then your feedback can provide key rebuttals to Big Tech’s often erroneous claims. For example, early on, Apple was claiming that encrypting apps was necessary to ensure their integrity. Signing does that, encrypting hides things. The FOSS contributors were keen to help the European Commission understand that, leading Apple to drop that whole line of argumentation with a bit of egg on their face. Submit your comments too!

  • With more donations, we would be able to pay developers to actually dig into the whole process, and provide detailed technical feedback to the European Commission. Their job of enforcing the Digital Markets Act needs this kind of hard factual evidence and that requires skilled developers spending quality time digging in. So far, the free software developers have participated in the process on their own time on a voluntary basis, so we have only had limited time to spend.

The Digital Markets Act clearly has to power to change our mobile ecosystems in positive ways. We fully support it, and do what we can to help it succeed. We can have real choice. With your help, our chances are much better. Let’s do this!

Read Entire Article
  1. Homepage
  2. Technology
  3. EC DMA Compliance Workshops

Related

Ask HN: Walled garden dwellers: What keeps you there?

Ask HN: Walled garden dwellers: What keeps you there?

12 minutes ago 0
Dark patterns killed my wife's Windows 11 installation

Dark patterns killed my wife's Windows 11 installation

12 minutes ago 0
Show HN: Bffgen – A Go CLI to generate secure Back end-for-Front end APIs

Show HN: Bffgen – A Go CLI to generate secure Back end-for-F...

14 minutes ago 0
Hostinger Web Hosting