How the EU’s Digital Markets Act Is Rewriting the Rules of App Store Power
Regulatory pressure on Big Tech has moved from theory to implementation. With the EU’s Digital Markets Act (DMA) now live, designated “gatekeepers” such as Apple, Google, Meta, Amazon, and Microsoft are being forced to change how they run app stores, mobile operating systems, and core platform services. Nowhere is this more visible than in the shake‑up of Apple’s App Store and Google Play on devices used by hundreds of millions of Europeans.
This article explains what the DMA is, how it is reshaping app stores and platform economics, what it means for developers and users, and why the outcome will influence global debates on antitrust, privacy, and the future of digital markets.
Mission Overview: What the Digital Markets Act Is Trying to Do
The DMA is an ex‑ante competition regulation: instead of waiting for antitrust cases to unfold over many years, it defines a set of rules that powerful platforms must follow from the outset. The central idea is to stop “gatekeepers” from unfairly leveraging their control over core platform services to disadvantage rivals or exploit business users and consumers.
To be designated as a gatekeeper, a company must meet quantitative thresholds in EU turnover, market capitalization, and user reach, and must operate a “core platform service” such as:
- Operating systems (e.g., iOS, Android, Windows)
- App stores and software marketplaces
- Online search engines and social networks
- Web browsers, virtual assistants, and online advertising platforms
Once designated, gatekeepers must comply with detailed obligations and prohibitions that go beyond traditional competition law remedies.
“With the Digital Markets Act, we are finally building the foundations for a fairer and more open digital space for everyone in the EU.” — Margrethe Vestager, Executive Vice‑President of the European Commission for A Europe Fit for the Digital Age
Key Obligations and Restrictions Under the DMA
The DMA sets out a list of “dos and don’ts” for gatekeepers. A few of the most consequential for app store and platform power include:
- Allowing alternative app stores and sideloading
Gatekeepers operating mobile operating systems like iOS and Android must permit:- Installation and use of third‑party app stores
- “Sideloading” of apps from the web or other sources, subject to proportionate security checks
- Smoother uninstallation of pre‑installed apps
- Opening up payment systems and billing choice
Platforms cannot force the exclusive use of their own in‑app payment systems. Developers must be allowed to:- Use alternative payment processors with different fee structures
- Inform users of cheaper prices available outside the app
- Link out to external websites for subscriptions and purchases
- Limits on self‑preferencing
Gatekeepers cannot unfairly preference their own apps or services in rankings, recommendations, or default settings compared to those of third‑party developers. - Data access and interoperability
Business users must gain better access to data generated by their interactions on the platform. Gatekeepers must also enable certain forms of interoperability, for example with messaging services or near‑field communication (NFC) for payments.
Non‑compliance is costly: the European Commission can impose fines of up to 10% of a company’s annual global turnover, rising to 20% for repeat violations, and in extreme cases may impose structural remedies.
Technology: How Apple and Google Are Re‑Engineering Their Ecosystems
For Apple and Google, the DMA is not a mere legal tweak. It requires deep technical changes to mobile operating systems, distribution infrastructure, payment flows, and security architectures.
Apple’s Response: Alternative App Marketplaces and New Fee Structures
Apple has historically maintained one of the tightest end‑to‑end control models: the only sanctioned way to install apps on iPhones has been through the App Store, and in‑app purchases must use Apple’s own billing system in most cases. Under the DMA, Apple has been forced to:
- Enable installation of alternative app marketplaces within the EU
- Allow certain forms of sideloading via notarized apps
- Permit alternative payment processors and external links to web‑based payment flows
At the same time, Apple has introduced new fee structures, including:
- Reduced or zero commission for some payment flows outside the App Store
- A Core Technology Fee per annual install above a certain threshold for high‑scale apps in the EU
- Complex eligibility criteria that incentivize some developers to stay with the classic App Store model
Apple argues that these changes preserve “the security, privacy, and user experience people expect from iPhone” while complying with the DMA — a claim many developers and regulators are now testing in practice.
Google’s Adjustments: Billing Choice and Third‑Party Distribution
Android already supported sideloading and third‑party stores like the Samsung Galaxy Store and Amazon Appstore. However, the DMA still forces Google to:
- Relax contractual and technical friction around third‑party app stores on Android in the EU
- Expand its User Choice Billing program, reducing or restructuring fees when developers use alternative payment processors
- Stop practices that might disadvantage apps distributed outside Google Play
Technical work involves re‑architecting APIs, installer flows, security prompts, and user consent dialogues to make these alternatives function smoothly without undermining core Android security controls like Play Protect.
Scientific Significance: Platform Power as a Socio‑Technical System
The DMA is not only a legal or business story; it is a socio‑technical experiment. For economists, computer scientists, and policy researchers, it offers a live case study in how rules embedded in software architectures shape markets and behavior at scale.
Platform Economics and Network Effects
App stores exhibit strong two‑sided network effects: more users attract more developers, and more developers attract more users. Control over these bottleneck platforms gives gatekeepers considerable leverage over pricing, access, and innovation.
- Switching costs lock users and developers into dominant ecosystems.
- Default settings and pre‑installation bias usage toward first‑party apps.
- Data advantages allow platforms to optimize recommendations and ads in ways rivals cannot match.
Nobel laureate Jean Tirole and economist Jean‑Charles Rochet characterized platforms as “regulators” of their own ecosystems, with pricing and access rules that can have pro‑ or anti‑competitive effects depending on design.
Security, Privacy, and Human‑Computer Interaction
Regulatory requirements like the DMA intersect with security engineering and human‑computer interaction (HCI). More open distribution channels increase theoretical attack surfaces, but they also force platforms to innovate in:
- Permission systems and runtime prompts
- Reputation and notarization mechanisms for apps and app stores
- Behavioral nudging to help users make safer choices
The outcome will inform broader debates on how to balance competition, security, and privacy in digital infrastructure—from mobile devices to emerging fields like XR platforms and connected cars.
Milestones: How We Got Here and What’s Next
The DMA did not emerge in a vacuum. It builds on a decade of competition cases and political debates around Big Tech power.
Key Historical Milestones
- Early EU Antitrust Cases
Cases against Microsoft (for bundling Internet Explorer and Windows Media Player) and later against Google (for search bias and Android bundling) highlighted structural issues with platform dominance but took many years to resolve. - High‑Profile Developer Disputes
Lawsuits and public disputes involving companies like Epic Games, Spotify, and Match Group drew attention to app store fees and anti‑steering rules, galvanizing developer communities and policymakers. - Legislative Momentum
Between 2020 and 2022, the EU debated and adopted both the DMA and the Digital Services Act (DSA), establishing a comprehensive framework for competition and online content governance. - Gatekeeper Designations and Compliance Deadlines
In 2023–2024, the European Commission formally designated several gatekeepers and set deadlines for compliance. Apple, Google, and others began shipping major OS and policy updates in response.
Over the next few years, expect iterative enforcement, court challenges, and refinements. Each Commission decision and court ruling will clarify the boundaries of acceptable platform behavior.
Developers in the Spotlight: Power, Choice, and Complexity
Among the most vocal stakeholders are app developers—from solo indie creators to global platforms. On forums such as Hacker News, developer subreddits, and specialized blogs, debates are intense.
Potential Developer Benefits
- Lower effective fees via third‑party billing or alternative app stores
- More negotiation leverage with Apple and Google
- Ability to experiment with different subscription models and pricing tiers
- Less risk of sudden de‑listing for apps that conflict with first‑party business interests
New Frictions and Risks
- Need to manage multiple compliance regimes (different rules for EU vs. rest of world)
- Marketing and discovery challenges in less centralized ecosystems
- Increased burden for security, fraud detection, and customer support when billing is handled outside default platform systems
“The DMA gives us options, but it doesn’t magically solve distribution. You still have to earn user trust, handle payments securely, and make your app discoverable in a much noisier environment.” — Composite view from independent developers posting on Hacker News and iOS/Android dev forums
Consumer Impact: More Choice, More Responsibility
For everyday users, DMA‑driven changes may surface gradually as new prompts, settings, and options appear on their devices. The main impacts can be summarized as:
- Increased choice
Users may install alternative app stores (e.g., gaming‑focused, enterprise‑focused, or privacy‑centric stores) and access apps that previously could not or would not comply with App Store or Google Play rules. - Potentially lower prices
More competition in payments and distribution may translate into discounted subscriptions, multi‑platform bundles, or loyalty programs outside platform billing. - More complex decision‑making
Users will have to interpret new trust signals: is this app store safe? Is this payment page legitimate? Security UX will be critical. - Greater transparency
The DMA also dovetails with broader EU efforts on notices, consent mechanisms, and data access, which could make platform practices more understandable.
Security researchers warn that poorly designed prompts or inconsistent security messaging could create openings for social engineering and phishing, even if underlying technical protections remain strong.
Global Ripples: Will the DMA Model Spread?
The DMA is being closely watched in the United States, the United Kingdom, South Korea, Japan, India, and other jurisdictions where regulators are exploring similar interventions.
- United States
The U.S. Department of Justice and Federal Trade Commission continue to pursue antitrust cases involving app store rules and self‑preferencing, while legislative proposals like the (stalled) Open App Markets Act reflect similar concerns. - United Kingdom
The UK’s Digital Markets Unit is developing a tailored regime for firms with Strategic Market Status, including potential app store remedies. - South Korea
Already requires app store operators to permit alternative in‑app payment systems, setting an early precedent now echoed by the DMA.
Whether other regions mirror or diverge from the DMA will determine how fragmented global app distribution rules become—and how much complexity developers must manage across markets.
Challenges: Enforcement, Loopholes, and Unintended Consequences
Implementation is proving far more complex than passing the law. Three categories of challenges are already emerging.
1. Interpretation and Edge Cases
Gatekeepers and regulators frequently disagree on what counts as genuine compliance versus superficial changes that preserve existing power asymmetries. For example:
- Are new platform fees “fair and reasonable,” or simply re‑packaged commissions?
- When does a security measure become a de‑facto barrier to alternative app stores?
- How should default options and consent screens be designed to avoid “dark patterns”?
2. Security vs. Openness
Apple in particular emphasizes that too much openness could weaken privacy and security. Critics respond that:
- Security can be maintained through code signing, notarization, sandboxing, and behavioral analysis, even with multiple app distribution channels.
- Centralized control is not the only way to achieve robust security; diversity can enhance resilience.
3. Compliance Burden for Smaller Players
While the DMA targets large gatekeepers, smaller developers, startups, and even alternative app store operators may face higher compliance and legal complexity when operating in the EU, particularly around:
- Data protection (GDPR) and content rules (DSA)
- Payment security and anti‑money‑laundering requirements
- Consumer protection and transparency obligations
Practical Tools and Resources for Developers and Policy Watchers
For teams building or distributing apps in the EU, staying informed is critical. The following types of resources can help:
- Official documentation
The European Commission’s DMA portal and Q&A pages, along with Apple’s and Google’s EU‑specific developer documentation. - Technical and policy analysis
Outlets like The Verge, Wired, TechCrunch, and The Next Web are publishing ongoing explainers and expert interviews. - Policy and law podcasts / YouTube channels
Channels like Lawfare and technology‑law podcasts frequently host discussions on EU tech regulation, DMA enforcement, and comparative regimes.
For developers who want to dive deeper into platform economics and digital regulation, classic references include books and lecture series on two‑sided markets, competition in digital platforms, and information security engineering.
Hardware and testing setups can also matter. For instance, if you are building and testing apps across multiple devices and OS versions, a reliable test phone or tablet is essential. Many developers use mid‑range hardware like the Google Pixel 7 to test DMA‑related changes on Android, while continuing to rely on separate EU‑region iPhones for iOS behavior.
Conclusion: Rebalancing Platform Power Without Breaking the Ecosystem
The EU’s DMA marks a decisive shift away from “wait‑and‑see” enforcement toward proactive rule‑setting in digital markets. By opening app stores, loosening billing constraints, and curbing self‑preferencing, the EU hopes to unlock competition and innovation while reducing the ability of a handful of companies to unilaterally dictate terms.
Whether this experiment succeeds will depend on several factors:
- How assertively regulators enforce the rules and close loopholes
- How responsibly Apple, Google, and others implement changes without weaponizing UX or security narratives
- How effectively developers, security experts, and consumer advocates surface real‑world impacts—positive and negative
The stakes are high: app stores are no longer niche technical infrastructures but core gateways to digital life—from finance and health to entertainment and education. The way we govern them will shape not only markets, but also the distribution of power, privacy, and opportunity in the digital age.
Additional Considerations and Future Research Directions
For researchers and practitioners interested in contributing to this evolving field, several open questions are especially promising:
- Empirical measurement of DMA impact
How do fees, app prices, developer revenues, and consumer choice metrics change over time in the EU versus similar non‑EU markets? - Security outcomes in a multi‑store world
Do malware rates or successful phishing incidents increase, decrease, or simply shift in character under more open distribution rules? - User experience and dark patterns
How can regulators and designers distinguish between helpful security prompts and manipulative friction that nudges users back to incumbent choices? - Interoperability and cross‑platform services
Will messaging, identity, and payment interoperability mandated by laws like the DMA give rise to genuinely new classes of cross‑platform services?
Answering these questions will require collaboration between computer scientists, economists, legal scholars, HCI experts, and industry practitioners—making the DMA not just a regulatory milestone, but also a catalyst for interdisciplinary research.
References / Sources
- European Commission – Digital Markets Act
- Official Journal of the European Union – Regulation (EU) 2022/1925 (DMA)
- The Verge – App Store and DMA Coverage
- Wired – Antitrust and Big Tech Features
- TechCrunch – Digital Markets Act Tag
- The Next Web – DMA Articles
- Geradin & Katsifis – Gatekeepers, Interoperability and the DMA (SSRN)
- U.S. Federal Trade Commission – Technology Enforcement Updates
