Consolidation and Domination in Big Tech

Three stories in the news lately have got me thinking about how big tech companies interact with one another and with us. The first was the jury verdict for Epic in Epic Games v. Google, a landmark antitrust lawsuit. Second, the messaging app Beeper attempted to make Apple’s iMessage application available on other platforms. Third, Google began cracking down on users customizing Android devices.

Epic v. Google

Epic Games is a major video game developer responsible for (among many others) the hugely popular mobile game Fortnite. Apple’s App Store and Google’s Play Store are the two major mobile app stores, including for games like Fornite. Each takes a cut—up to 30%—of the money developers make from selling their apps and in-app purchases through the stores. Apple and Google also prohibit developers who distribute through their app stores from collecting payments except through the stores’ payment systems. So it’s difficult for developers to make money on Android or iOS without paying Google or Apple a substantial percentage of their profits.

Epic sued both Apple and Google, alleging that each company had an illegal monopoly over app transactions on its platform.

Defining the Market

One of the critical issues in any antitrust lawsuit is the market definition. Antitrust involves dominating a market, and it’s hard to tell whether someone is dominating the market unless you know specifically what the market is. So the plaintiff will usually argue for a narrow market definition—the smaller a market is, the easier it will be to show that one company is dominating it. The defendant will typically argue for a broader market with more players and where its share of that market is much smaller.

For example, suppose an online retailer sues Amazon, claiming that Amazon is an illegal monopoly. The retailer might argue that Amazon accounts for almost half of online retail in the United States. But Amazon would probably counter that it competes against all retailers around the world, not just online retail in the U.S. And Amazon says that it accounts for about 1% of all retail worldwide. The judge’s decision about which market is relevant would be crucial: it’s much easier to argue that Amazon dominates the market if it controls 50% of sales than if it controls only 1%.

Things played out similarly in the Epic’s lawsuit against Apple. Epic argued that the relevant market was the distribution of iOS apps. All iOS apps must be purchased through the App Store, so Apple controls 100% of that market. Apple argued that iOS apps are only a part of the (much) larger software market. The judge ruled that the relevant market was digital mobile gaming transactions and held that Apple’s conduct within that market did not amount to antitrust behavior.

The Epic v. Google lawsuit was tried by a jury rather than a judge. The jury found that the relevant market was Android app distribution. And that’s where things get interesting.

If the judge in Epic v. Apple had decided that the relevant market was iOS app distribution, Apple would have had total control of 100% of the relevant market because it’s (virtually) impossible to install apps on iOS devices except through Apple’s App Store. Payments for and within those apps must go through Apple’s payment system so Apple can take a cut.

That’s not true of Android, which is a much more open ecosystem. You can install apps from Google’s Play Store, and Android also allows anyone to create their own Android app store. Samsung, for example, runs its own for-profit app store. There are also open-source app stores like F-Droid and Aurora. You can side-load apps on Android, sort of like installing applications on your PC, without going through any app store at all. App and in-app purchases that don’t go through Google’s Play Store aren’t subject to its payment rules. Some Android devices don’t even support Google’s Play Store at all.

The Wrong Outcome

That Google lost while Apple won creates entirely the wrong incentives for big tech companies and platform developers.

The judge’s ruling in Epic v. Apple was mixed, but most commentators say it largely favored Apple. The jury verdict in Epic v. Google was almost a total win for Epic.¹

That’s the wrong outcome.

It’s not that Google should have won and Apple and should have lost. But Google operates a much more open mobile operating system and permits alternative app stores, while Apple runs an entirely closed ecosystem and prohibits installing any apps except through its own store. That Google lost while Apple (mostly) won creates entirely the wrong incentives for big tech companies and platform developers.

The lesson for big tech companies and platform developers is that you should lock down your platform as tightly as you can. Google’s (relatively) open ecosystem was no help. Indeed, the fact that “iOS app distribution” isn’t really a market at all—there are literally no players other than Apple—may have encouraged the court to define the market more broadly.

The bottom line is that if you can use technical means to dominate a market absolutely, you might be able to avoid antitrust liability. That’s the wrong outcome for this saga.

Beeper v. Apple

Beeper is an all-in-one messaging app whose goal is to combine all of your many messaging services into a single app. For about three years, its primary app has supported numerous protocols, including iMessage, but its iMessage implementation was clunky and required you to either have an iPhone (to message from your phone number) or message from your iCloud email. In December 2023, Beeper launched Beeper Mini, an Android app promising seamless integration with iMessage.²

Beeper Mini quickly gained thousands of users. Beeper hoped that its app design made it extremely difficult for Apple to shut it down without serious consequences for iMessage’s general usability. No such luck. Within a few days, Apple found a way to block Beeper Mini’s access to iMessage.

For the next week or so, Beeper and Apple engaged in a cat-and-mouse game where Beeper kept finding ways to access iMessage and Apple kept shutting them down. Until Beeper finally gave up, making Beeper Mini very complex to use, and usable only if you could log in on an Apple device you owned or borrowed.

This opened a heated debate about whether Apple was in the right to shut off Beeper’s access to the iMessage service. Apple’s defenders, perhaps most the most vociferous of which was John Gruber who writes the extremely popular Apple fan blog Daring Fireball, claimed that there was no problem with Apple shutting Beeper out of iMessage. Their arguments basically boiled down to: iMessage is a service Apple created and that Apple pays to maintain, so Apple can do whatever it wants (Gruber’s analogy to airport lounges is bizarre and totally unpersuasive).

That’s true, so far as it goes—iMessage is Apple’s service. And if Apple had built a messaging app that fairly and directly competes with other messaging apps like WhatsApp, Telegram, and Signal, that probably would have been the end of the story. No one would have used that app; iMessage would just have been a mediocre messaging app crippled because it could only reach half your friends.

The problem is that Apple built its Messages app to use both SMS—the open protocols that are the default for sending text messages around the world—and iMessage, Apple’s proprietary messaging service. It’s not obvious to users which service they’re using, and by invisibly routing messages between the two services in the same app, Apple underhandedly hooked a large percentage of Americans on iMessage without many of them even realizing it.

Apple’s Messages app is the default messaging app for iPhones, and you can’t change it. So whenever you go to send a text message to a contact’s phone number, your iPhone forces you to use Apple’s messaging app. And perhaps more importantly, Apple’s Messages app is the only app that can send and receive SMS messages. (That’s not true on Android—on Android third-party apps can send and receive SMS messages, you can pick your default messaging app, and many manufacturers replace the default app with one of their own. This returns to our earlier theme: Android is a much more open ecosystem than iOS.)

When you use Apple’s messaging app to contact only iOS devices, the app routes messages through iMessage. But if you send a text message to any non-Apple device, or include any non-Apple device in a group message, the whole conversation falls back to SMS, a much worse experience with low-quality images and videos and limited features. This all happens within the same app. All users really notice is that their experience messaging fellow iOS users is much better than when they include any non-Apple device.

It would be one thing if Apple had built iMessage as a standalone app for messaging among iOS users and had to compete with other SMS clients. The result would have been a mediocre messaging app competing with much better counterparts like Signal, Telegram, and WhatsApp (and probably some fantastic third-party apps incorporating SMS that never got built because Apple didn’t let developers make them). But instead Apple bundled iMessage into an open network that was already widely used and snuck its own proprietary system into the app it forced to use if you ever wanted to send a text message.

This is almost a uniquely American problem. Text messaging via SMS became ubiquitous in the U.S. before the introduction of the smartphone. Carriers moved quickly to offer unlimited (or at least sufficient) SMS messaging on their plans. That didn’t happen in most of the rest of the world. SMS messaging was limited and expensive, so when smartphones with data plans were introduced, most people used other messaging serivces, like WhatsApp. Apple’s attempts to force people into iMessage didn’t work in those countries because people didn’t really want to send SMS messages to one another. They used other apps instead. iPhones are also relatively much less popular outside the United States, so it’s much less likely that an international group chat will be composed solely of Apple devices.

This all might seem like a silly debate. Who cares what messaging you’re using, really? It sucks that Apple is degrading the messaging experience for anyone (including iOS users) who chats with non-iOS users. But green-bubble shaming is a real thing. I’ve been excluded from group chats because I have an Android device. I’m an adult; I can deal with it (and most of my friends’ group chats are on Telegram anyway).³ But I can imagine being a teenager, when exclusion can be really devastating. Having a non-Apple device might mean missing out on inside jokes or important events. And when you’re a teenager, that’s a very serious thing. Apple’s response to people missing important family interactions due to iMessage is totally unsympathetic. They just want people to buy more iPhones.

Hopefully this will all become moot once Apple implements support for RCS, an open replacement for SMS that offers a substantially better chat experience. Apple-to-Apple communications will still be forced into iMessage, but the contrast with chats involving non-Apple devices should be much less noticeable.

Google v. Android Modders

One of Android’s attractions has long been its customizability. Among the first things I did after getting my first smartphone (a Motorola Atrix 4g) was install CyanogenMod, a customized version of the open-source Android operating system. Unfortuantely, Google and Android device manufacturers have moved consistently to lock down Android and prevent their users from modifying it. It’s difficult or impossible to root or install custom firmware on most Android devices these days, though Google’s Pixel line and a handful of other manfacturers still allow it.

Even those manufacturers, though, are increasing the cost for users who modify or root their devices. “Rooting” an Android device is a process that gives the user full access to all parts of the system, including those that the manufacturer keeps protected. This allows you to do things like block ads and modify settings that are typically out of the user’s reach. One reason for this crackdown is pressure from app developers for services like banks, who don’t want their apps to run on modified devices, supposedly for security reasons.⁴ Google Pay and Samsung Pay, for example, won’t work if they detect that your device has been rooted or modified. A big part of this effort is Google’s Play Integrity API, which allows app developers to check whether the device has been modified.

When Google began these efforts to detect modified Android devices, modders came up with a number of different solutions, one of which was a software plugin that intercepted the relevant API requests and modified them to tell Google that the device was unmodified, even when it had been modified. Google regularly developed more and more sophisticated techniques for detecting modified phones. For more recent devices, it became impossible to lie to Google’s API to tell it the device was unmodified.

But the game didn’t end there. Modders figured out that you could still lie to Google about what kind of device you had. So if you lied to Google to tell it you had an older device that didn’t support the more sophisticated detection, the Play Integrity API would fall back to the older version that could still be spoofed. This involved finding a bunch of system information about the older phone you pretended to have, including the “fingerprint,” a set of data about the device, including manufacturer, model, and software version. A few developers created software solutions that gave Google the fingerprint for an older phone, causing Google to fall back to the older detection mode, and allowing the phone to claim that it remained unmodified.

The tricky part was that the fingerprint had to be for a certain type of device: a device that had been certified by Google, but released with a certain Android version and subsequently upgraded to another. You also had to find a fingerprint for an operating system released during a specific date range. Newer or older devices usually wouldn’t work, and some devices that seemed to meet those requirements didn’t work, either.

Google got wind of this situation and started imposing countermeasures. The most popular of these Play Integrity-fooling software solutions were downloaded by thousands of users, and each of those users were sending the same bogus fingerprint to Google. This alerted Google to the workaround, and Google started detecting when these very popular fingerprints were being sent from other devices. So the developers of the workarounds would release a new version with a new fingerpint. That might work for a week or so, and then Google would detect and block that new fingerprint as well.

At the same time, a minority of users were searching for and finding their own device fingerprints rather than using the ones distributed widely in the community. Most of those users reported that their fingerprints continued to verify. This technique took a little extra work, enough that most people couldn’t or wouldn’t do it.

This caused a rift in the modder community. Some argued that the mod developers should stop including fingerprints with their software because they kept alerting Google to one of the finite number of device fingerprints that could be used for the workaround. The levels of paranoia and hysteria on popular Android modding forums and Telegram chats were pretty impressive—people feared that Google employees were tracking the source code for the workaround so they could block the fingerprints it used. They also specualted that Google employees were spying on their threads or chats, so they urged people not to share working fingerprints.

Stop posting you are leading Google to this thread 😳

Edit: you are posting again, please stop, Google is watching even more now. 😳

Soon Google was blocking the distributed fingerprints within a matter of days or hours. Eventually, the community-distributed software stopped bundling working fingerprints altogether and relied on users to identify and supply fingerprints they found themselves. The result was a sort of detente: it seemed that the smaller number of users attempting to fool the Play Integrity API was acceptable to Google, and so long as thousands of users didn’t all rely on the same fingerprint, Google mostly stopped imposing new countermeasures.

That’s a complicated explanation of a situation where it might seem the stakes are very low. Does it really matter whether you can root an Android device, or whether, when you do, some of your apps stop working?

But this is another example of what happens as big tech companies grow more powerful. We continuously and inexorably lose control over the devices we own and the ways we use those devices to interact with the world.