Executive Summary
The “mobile trilemma” is a framework for understanding competition in smartphones. Privacy, security, and integration are all valuable, but efforts to prioritize one dimension often constrain the others. The trilemma is not just a design problem; it is also a problem for competition in the mobile ecosystem. When platform owners control the rules and the technical interfaces, they can reserve the “best” combination of privacy, security, and seamless user experience for themselves, while pushing rivals into inferior tradeoffs. The policy challenge, then, is not simply “open versus closed,” but whether governance choices make the tradeoff space meaningfully contestable for third parties without undermining user trust.
In the browser context, mobile browser engines are a major (and underappreciated) chokepoint. On iOS, Apple’s WebKit requirement means every browser is effectively a Safari variant, limiting meaningful differentiation, especially as new, AI-enabled browsers emerge. This constraint harms innovation and can even blunt privacy and security competition because rivals cannot implement distinct features. It suggests that allowing third-party browser engines on iOS while still enforcing operating-system-level security primitives and standards-driven requirements would improve the competitive equilibrium with limited downside. The European experience under the Digital Markets Act offers further evidence that engine choice need not collapse security.
The tradeoffs for app stores are sharper. App distribution is shaped by a natural oligopoly dynamic: high fixed costs, network effects, and the tight coupling of operating systems to app stores make meaningful entry difficult. While concerns about self-preferencing and restrictive payment rules are valid, opening distribution channels (third-party stores, sideloading, alternative payments) can expand fraud and malware risk if done naïvely. Rather than treating “more stores” as an end in itself, policymakers should consider guardrails that preserve real consumer protections while preventing app store rules from becoming a tool for foreclosure in adjacent markets where the platform owner also competes.
Then there is the most complex frontier: device and platform application programming interfaces (APIs). APIs act like the mobile ecosystem’s internal infrastructure, determining what third-party apps can do, what data they can access, and whether they can match first-party experiences. “Mandatory interoperability” is not a binary switch; it must be structured so that openness means access to capabilities, not unlimited data extraction. An approach that relies on “bounded openness”—system-mediated permissions, least-privilege access, auditable controls, and clear criteria for higher-risk interfaces (such as payments and background sensor access)—can expand competitive integration while maintaining privacy and security.
These domains can be synthesized into a coherent policy posture. Competition should operate inside stable guardrails, not at the discretion of a gatekeeper. In browsers, opening the engine layer is a relatively straightforward pro-competition move with standards-based safety backstops. In app stores, the priority should be baseline integrity that follows the app, functional parity in the distribution “plumbing,” payment choice with minimum consumer protections, and non-pretextual enforcement of privacy and security rules. And at the API layer, durable competition requires interoperable pathways that enable rivals to compete on user experience without turning interoperability into unbounded access. Overall, this framework conceives of success as increased consumer welfare—broadly defined by choice, innovation, and trust—rather than “openness” as a value unto itself.
