Can EPIC’s Tim Sweeney single handedly Break the Monopoly?

By Ted Miracco

In the ongoing legal battle between Epic Games, Google, and Samsung, the focus on monopolistic practices within the mobile app ecosystem is intensifying. Epic’s lawsuit highlights a critical issue that extends beyond gaming—how Google and Samsung maintain a stranglehold over mobile app distribution. This is not just a matter of antitrust law but also one of innovation, privacy, and security in mobile app development.

Breaking the Monopoly: The Need for Alternative App Distribution Channels

The Epic Games lawsuit reveals how Google and Samsung are restricting competition by limiting alternative app distribution channels outside of the Google Play Store and Samsung's Galaxy Store. Samsung’s Auto Blocker feature, for instance, actively discourages users from downloading apps from independent sources. This not only limits consumer choice but also stifles competition, elevating app prices due to high commissions—up to 30%—charged by these monopolies.

Developers need secure and cost-effective distribution channels that are free from Google and Samsung's restrictive ecosystems. A viable alternative should prioritize security, privacy, and transparency, enabling app developers to distribute apps independently without sacrificing safety or being subjected to excessive commission fees and spyware. Integrating Runtime Application Self-Protection (RASP) and app attestation into these alternative channels offers developers the ability to secure their apps from tampering and ensure they are being used as intended.

However, security does not stop there. The industry must embrace more robust standards that extend beyond RASP and attestation, such as notarization, open standards like OWASP MASVS, and legislative efforts to open up the app ecosystem.

Why Independent Channels Matter

1. Innovation and Competition: When a few players control app distribution, innovation suffers. Open distribution channels foster competition and encourage the development of innovative technologies, such as advanced app notarization and cross-platform security solutions. Notarization involves verifying and authenticating apps before they are distributed, ensuring they are free from malware and comply with stringent security protocols. When combined with standards like OWASP's Mobile Application Security Verification Standard (MASVS), developers can implement transparent, consistent security benchmarks that aren’t confined to the opaque rules imposed by Apple or Google.
2. Privacy and Security: Samsung and Google claim to protect users with their security systems, but these are often riddled with privacy concerns, such as Samsung’s Auto Blocker, which some argue is more about maintaining control than keeping users safe. Independent app distribution channels need to focus on real security—free from the spyware that often accompanies big tech products—while protecting users’ data and privacy by default. This could be achieved through RASP, attestation, and notarization, ensuring that apps are not only safe but also transparent about their security measures.
3. Cost-Effective Distribution: The 30% commission charged by both Google and Apple on app sales and in-app purchases is a burden on developers and drives up costs for consumers. By fostering independent app stores, developers can avoid these excessive fees and provide more affordable apps. An alternative app store would support open standards like OWASP MASVS and app notarization, guaranteeing security while maintaining affordability. Such an ecosystem would allow developers to thrive without being trapped by monopolistic pricing.

Implementing Secure, Independent Distribution Channels

For alternative app stores and distribution channels to succeed, they must be secure, affordable, and compliant with industry standards. Here's how to achieve that:

• RASP, App Attestation, and Notarization: Security technologies like RASP and app attestation are essential in protecting apps from tampering and unauthorized use. Adding notarization further enhances security by ensuring that apps are verified and vetted before distribution, preventing the spread of malware and ensuring compliance with established security protocols.
• OWASP MASVS and Open Standards: Rather than relying on the proprietary, often opaque security standards set by Apple or Google, independent app stores should adopt open, transparent security standards like the OWASP Mobile Application Security Verification Standard (MASVS). MASVS provides a clear, accessible benchmark for app security, ensuring consistency and trust across platforms without being beholden to a single company’s guidelines.
• Legislative Support: Governments around the world are beginning to recognize the importance of opening the mobile app ecosystem to independent stores. The EU Digital Markets Act, UK Digital Markets, Competition and Consumer (DMCC) Bill, and new laws in Japan are designed to break the stranglehold that companies like Google and Apple have over app distribution. While these laws are still in their early stages and haven’t yet fully succeeded in forcing open competition, they are essential steps in the right direction. By mandating access to third-party app stores and preventing anti-competitive practices, these laws can help establish a more open and secure mobile app marketplace.

The Path Forward

To create a thriving, competitive, and secure app ecosystem, it’s crucial to encourage the development of alternative app distribution models. These models should combine the best security practices—RASP, attestation, notarization, and open standards like OWASP MASVS—with a focus on affordability and privacy.

The ongoing monopolistic practices of Google, Samsung, and Apple are not just about stifling competition; they also increase consumer risk by creating a monoculture in app security. Allowing alternative app stores, supported by transparent, cross-platform security standards, would introduce more innovative security solutions, reduce costs, and ultimately provide greater security for consumers. With the backing of legislation like the EU Digital Markets Act and UK DMCC Bill, this transformation is not only possible but increasingly likely.

By opening the mobile ecosystem to independent stores, developers can regain control over their products, consumers can enjoy more choices at lower prices, and the entire app ecosystem can benefit from enhanced security standards that are free from the grip of monopolistic gatekeepers.

Subscribe to Approov's newsletter

?