The battle over application stores has been raging for a while now, and I personally use the legal battle between Epic Games and Apple as a starting point. The original grievance from Epic was that they weren’t allowed to use any other payment system than Apple’s in their iOS version of Fortnite, meaning that Apple was automatically getting a 30% cut out of all of Epic’s revenue in Fortnite. The same was happening on the Android platform, which Epic also challenged. In both cases, Epic won in court setting a useful legal precedent.

The European Union took independent action through its Digital Market Act (DMA), which addresses the problem of “gatekeepers”: companies that are so big and powerful that they effectively in a position to decide who can access a particular market, and damage fair competition. In practice, that means mostly the Big Techs. Among other things, the DMA prohibits gatekeepers from imposing the use of a particular payment system, or a particular application store on mobile platforms.

Needless to say, Google and Apple have been pushing back pretty hard on this. In particular, Google is now trying to keep its platform locked down by introducting a “developer verification” mandating that all app developers be registered with Google, no matter which application store they use. The reasoning is the usual security oriented-narrative: it’s “an extra layer of security that deters bad actors”. Looking closer, it looks like malicious compliance with the DMA: Google will leave the possibility of having multiple application stores, but will stay in control of which app can effectively run on Android by technical means. It also creates unacceptable conditions for alternative application stores, like F-Droid. The “developer verification” system will apparently also block the ability to perform “side-loading”, meaning the direct distribution of an app outside any store. Much more detail on this can be found at keepandroidopen.org/, which is a community-driven effort to push back against Google’s plan, and on F-Droid’s post on “side-loading”.

Taking a step back, all of this highlights the lack of sovereignty over the mobile platforms. Regardless of the legal situation, Google and Apple have the technical means to block any application they don’t want on their platforms. That can include government-issued apps, potentially blocking access to services whose control only belong to that government, and also citizen-created apps like ICEBlock, meant to protect the population against state violence. In the case of ICEBlock, both Apple and Google apparently took it off their application stores after some discussion with US officials (see the EFF press release). You could argue that the US government requiring some apps be taken down in their own country is legitimate, but that same power could be exercised in any country in the world where Android and iOS are widely used: in practice, close to everywhere.

So what are the options? Since it looks like legal means are becoming more and more insufficient given the geopolitical situation, we need technical alternatives. Fortunately, there are already a few. They come with a lot of caveats, but already provide meaningful choices.

In terms of software, we have at least:

  • e/OS and LineageOS: both derived from the open source Android version, similar in term of security and features.
  • GrapheneOS: also derived from Android, with a very strong focus on security. Created as a more secure and private alternative to Google’s Android. Ironically, runs only on Google’s Pixel phones because they are - according to the project - the only ones that enable a high-enough level of hardware security.
  • Sailfish OS: an non-Android phone operating system, made for the Jolla phones. Has its own set of non-Android apps, and a compatibility layer to enable running Android apps.
  • Ubuntu touch: Ubuntu Linux on mobile devices. Completely disconnected from the Android ecosystem.

All of these are working projects which can be used for daily life. None uses Google’s infrastructure: the phone is free from telemetry and from the risk of not being able to run an app because Google said no. There are still obstacles to having those phones used by most people: the network effect of the Android/iOS ecosystems, the difficulty of finding usable hardware, but the direction is the right one. You can help by purchasing one of those phones - which will also support alternative manufacturers - and using it as much as you can. When you hit an essential app that refuses to work, tell the developer - for example, your bank - and ask them to fix it.

The free software ecosystem hasn’t yet really hit the phone market. Time to start!