The regulation and power of app stores is gaining increasing interests from regulators. This interested has been particularly spurred by Apple’s recent introduction of the App Tracking Transparency framework, which gives end-users more control over unwanted advertising-relating data collection, but also increases the price of targeted online ads on iOS (thereby potentially raising the prices of advertised products).
Since I have been doing much research into app ecosystems in my PhD at Oxford, I teamed up with my colleagues Reuben Binns and Nigel Shadbolt to submit evidence to the UK Competition and Markets authority in February 2022. This evidence has now been made public. The regulator has also published its final report on competition within the app ecosystem.
Our key recommendations were:
- Ensure that app developers are not (implicitly or explicitly) nudged into violating basic provisions of UK data protection law, particularly the need to seek consent before engaging in third-party tracking. This could include standards for regulatory conformance (e.g. clarifying the responsibility of those companies developing tracking technologies, and requiring them to provide simple and compliant implementation guidance to app developers), and should ultimately aim to build a mobile ecosystem that facilitates compliance by default.
- Empower researchers to conduct app research, by enabling ways in which researchers can more easily analyse encrypted iOS apps, download apps at scale, and analyse encrypted network traffic of apps on Android.
- Enable researchers to analyse concerns around underlying technologies of the mobile ecosystem, including the use of data relating to individuals and other advertising companies in Apple’s SKAdNetwork.
- Lower barriers to entry and innovation. Encourage the use of cross-platform technologies in app development (such as open web technologies), ensure that Windows and Linux users can develop apps for iOS (currently only macOS users), and lower the barrier to entry into the App Store (currently an annual 99 USD fee applies).
- Ensure that gatekeepers do not self-preference, particularly with regards to ad attribution or in the definition of tracking in the Apple ecosystem, and the distribution of adblocking technologies on Android and in Google Chrome.
- Scrutinise Google’s current ban of in-app tracking blockers, including Disconnect.me, to give consumers more choice over how apps use their data and to tackle widespread infringements of data protection law (particularly the need to seek user consent prior to tracking, as well as proportionality, data minimisation and purpose limitation) within apps.
- Consider requiring smartphone OS’s and app store operators to enable third-party mobile app extension functionality to spur innovation in mobile apps and reduce harms within them, similar to the approach taken with extensions in desktop browsers and mobile Safari starting with iOS 15, while ensuring safety of consumers using such extensions through the existing app store review processes.
- Ensure that the review of apps on the app stores and the policies underlying this process are fair and transparent, for example through regular mandatory disclosures about this enforcement (including with regards to privacy and data protection). Such disclosures would be a minimally invasive but realistic intervention, and have been suggested by a variety of researchers from different backgrounds.
- Consider separating key functions within the governance of mobile ecosystems to reduce conflicts of interests, such as privacy management to avoid self-preferencing as regards data collection and protect consumers against excesses and monopolisation of such data collection, and promoting more research into this area.
For more details, consider studying our report.