Why Google and Apple Are Using Privacy to Fight New App Store Rules

If you follow tech policy news, you might have noticed a recurring argument from Google and Apple whenever regulators push them to open up their app stores: it will weaken security and privacy. That argument is at the center of their lobbying strategy against the European Union’s Digital Markets Act (DMA). The DMA requires companies like Apple and Google to allow third-party app stores and give users more default browser options. Both companies have publicly warned that such changes could expose users to malware, data theft, and weaker privacy controls.

It’s a serious claim, and not one to dismiss lightly. But it also happens to serve their business interests. Understanding how these arguments work—and what they mean for you—is useful if you want to make sense of the delays and compromises ahead.

What Happened

The DMA came into force in 2024, and regulators are now enforcing it. Google and Apple have until specific deadlines to comply with requirements that include letting users install apps from outside the official store, choose default browsers more freely, and allow app developers to use alternative payment systems.

Both companies have responded with proposals that regulators have so far found insufficient. In their public statements and behind-the-scenes lobbying, a consistent theme emerges: opening up the ecosystem will create new avenues for malware, phishing, and data harvesting. Google, for example, has argued that sideloading on Android could already be risky, and that further loosening under the DMA might undermine security protections. Apple has gone further, stating that allowing alternative app stores on iOS would introduce risks to privacy that the current system avoids.

These arguments are not new. They have been used for years in defense of the “walled garden” model. But with the DMA, they have become central to the companies’ lobbying efforts, both in Brussels and in other jurisdictions considering similar laws.

Why It Matters

The privacy and security arguments are plausible—and in some cases, genuine. Allowing apps from unknown sources does carry risks. A user who downloads a malicious app from an alternative store could indeed have their data compromised. Apple’s tightly controlled review process and sandboxing have made iOS relatively secure. Google’s Play Protect on Android is less restrictive but still offers some protection.

But these arguments also serve to delay competition and preserve the companies’ control over app distribution and the commissions they collect. There is a tension: the same privacy features that protect users also lock them into a single provider’s vision of what an app store should be.

For consumers, the practical effect is that they may not see real changes for years. Regulators are likely to negotiate compromises, such as requiring alternative app stores to go through some security review process or imposing liability on companies that allow dangerous apps. Meanwhile, the debate often obscures other privacy issues—like data collection by Google and Apple themselves—that are not part of the lobbying message.

So what should users actually take away? First, be skeptical of any argument that equates one company’s security model with overall user safety. Second, recognize that competition can drive better privacy features, not just worse ones. Finally, understand that delaying alternative app stores does not necessarily protect you; it just preserves the status quo.

What Readers Can Do

You don’t need to become a policy expert to stay informed. Here are a few practical steps:

  • Follow DMA enforcement updates. Regulators publish timelines and decisions. You can set a Google Alert for “Digital Markets Act enforcement” or follow tech policy journalists.
  • Check your device settings. Even without full DMA compliance, you may already be able to change default browsers or install apps from outside the store on Android. On iOS, changes are coming slowly, but keep an eye on Apple’s announcements.
  • Evaluate the trade-off yourself. If you value tight security and prefer not to have options, you might be fine with the current system. If you want more control over what apps you can install and who profits, push for competition.
  • Understand the lobbying. When you see a company claim that a regulation will “hurt privacy,” ask who benefits from the current setup. Often, the answer is the company itself.

Sources

This article is based on reporting from Tech Policy Press, which covered Google and Apple’s lobbying strategy in detail. For more, read the original article: “Google and Apple’s Anti-DMA Lobbying Strategy Goes All-in on Security and Privacy.” Additional context on DMA requirements can be found on the European Commission’s official website.