With last week’s lawsuit, the Department of Justice has joined the chorus of voices that have risen in opposition to Apple’s poor treatment of users and developers. In its complaint, the DOJ accuses Apple of neutralizing “competitive threats by imposing a series of shapeshifting rules and restrictions in its App Store guidelines and developer agreements that [allow it] to extract higher fees, thwart innovation, offer a less secure or degraded user experience, and throttle competitive alternatives.” 

In its response to the lawsuit, Apple fell back on the same argument it has used for more than a decade: that user privacy and security require the company to have total control over its ecosystem. This argument is unfounded. As policymakers, courts, and individual Apple users alike strive to counteract Big Tech’s anti-competitive tendencies, they should recognize that protecting user privacy and security is much more feasible than many corporations claim, and that openness, privacy, and security are not incompatible values.     

All of the major tech companies have become restrictionist institutions. But Apple is the progenitor of the ecosystem lock-in business model. In the 1980s and 1990s, as Microsoft and Apple were competing for the burgeoning market for personal computers and operating systems (OS), Apple built a heavily centralized and controlled ecosystem. Microsoft went in the opposite direction and bet on openness, allowing third parties to easily build and deploy applications on their Windows OS. 

When it introduced the iPhone in 2007, Apple made the decision to only allow users to download applications through an app store that it controlled. While such a closed ecosystem allowed Apple to tailor its user experience to be sleek and accessible, it also insulated the company from competition. Apple’s first-mover advantage as the inventor of the touchscreen smartphone, combined with the company’s cutthroat tactics, has given it a dominant market share in the United States and disproportionate capture of mobile market revenue, even as Google’s open source Android OS has usurped Apple globally. Apple’s closed nature has also protected it from facing the same legal and regulatory scrutiny that more open ecosystems such as Android have faced.  

Third-party app developers—the people and companies that make all of the apps which make the iPhone so useful—protest that Apple’s app store policies are overly restrictive and opaque. Developers complain they are subjected to an unpredictable approval process, arbitrary changes to terms of service, minimal due process, and, in some instances, being locked out of the market by Apple’s default settings. Meanwhile, developers are also prevented from guiding users to purchase subscriptions or digital goods outside of the App Store. 

These accusations are the impetus for the DOJ’s recent suit against Apple, but EU regulators were quicker to strike than the DOJ. Fully adopted in July of 2022, the EU’s Digital Markets Act (DMA) is targeted squarely at large tech companies—dubbed “gatekeepers”—and the ways that they use their market position to create “imbalances in bargaining power” that result in “unfair practices and conditions” for business and users. Among a laundry list of requirements that includes bans of self-preferencing and data portability requirements, the DMA requires gatekeepers to allow third-party software to be downloaded—the very thing Apple has repeatedly claimed is impossible.

From Meta to Google to TikTok, none of the major tech companies are exempted from scrutiny and regulation as “gatekeepers” under the DMA. But Apple was especially targeted and has been dragged kicking and screaming into quasi-compliance with the DMA. The most significant change Apple has implemented to date came when the most recent software update allowed EU users to begin using third-party app stores and third-party payment processors.  

In lobbying against the DMA, Tim Cook argued that opening up iOS “would not be in the best interest of users.” He even went so far as to claim that the company’s fight to maintain total control over its ecosystem is “one of the most essential battles of our time.” In its plans for DMA compliance, Apple warned that these changes would “open new avenues for malware, fraud and scams, illicit and harmful content, and other privacy and security threats.” Despite such strong language, the iOS ecosystem has not been destroyed by DMA-imposed openness. Europeans’ Apple devices remain private and secure. 

One could argue that this is because Apple engineers, in the face of regulation, performed a miracle and secured their ecosystem in spite of its newfound openness. Yet, as Harvard professor and privacy and cybersecurity expert Bruce Schneier observed in 2022, Apple’s “claims about risks to privacy and security are both false and disingenuous, and motivated by their own self interest and not the public interest.” There is not an inherent tradeoff between privacy, security, and openness. Both closed and open ecosystems are subject to cybersecurity vulnerabilities and openness can actually improve both privacy and security. The reality is far from the disastrous tradeoff that Apple has been asserting. 

Apple itself clearly understands this. Internal documents from previous litigation show that the company once considered allowing third party software to be easily and freely downloaded but decided against it, not because it wanted to protect the privacy and security of its users, but because openness would cut into their bottom line. Nevertheless, Apple continues to rely on the bogeyman of privacy and security concerns because fear mongering is an effective political tactic.  

In order to have a good-faith discussion about the merits of public policies, we must first be honest about what is within the art of the possible. In the face of a potentially existential lawsuit, and regardless of what has happened in the EU, Apple continues to argue that in order to “protect people’s privacy and security, and create a magical experience for our users” the company needs a closed ecosystem. As the U.S. moves forward with litigation and legislative proposals to promote openness, we should be wary of apocalyptic claims about privacy and security and understand that shifting the architecture of digital platforms is more possible than companies like Apple would have us believe.