Introduction: Apple and Google's monopolistic behavior is hindering innovation in mobile app security, increasing long-term cyber risks for consumers. This is driven by two beliefs: attackers have an advantage over defenders, and monopolists suppress innovation to maintain the status quo. While Apple and Google currently manage security well, their approach is unlikely to sustain against evolving threats. Their closed ecosystems discourage cross-platform security initiatives, making it vital to address this behavior and explore alternative security approaches.

Illustrations of Monopolistic Behavior: Monopolies like Apple and Google restrict competition, reducing the drive for innovation. Examples include Apple's control over Spotify’s app revenues and its conflict with Epic Games. Such behavior can lead to increased prices and quality control issues, highlighting the need for competition to spur innovation and improve security.

Effect on Mobile App Security Vendors: Monopolistic practices harm cybersecurity by stifling startups and innovation. Unlike cloud security, where vendors like Palo Alto Networks thrive, mobile app security vendors struggle due to Apple's and Google's dominance. This centralization of security responsibility risks missing the benefits of open competition and innovation.

Case Study: Google Mobile Services: Google Mobile Services (GMS) locks in Android apps, disadvantaging external security vendors. Using non-GMS devices limits app availability and integration, exacerbating security challenges. The recent court ruling against Google's monopoly underscores the need for alternatives to foster innovation.

Alternatives to GMS: Alternatives to GMS, primarily from Chinese manufacturers like Transsion, Huawei, Xiaomi, and Oppo, illustrate the potential for non-GMS ecosystems. While geopolitical issues complicate these options, they highlight the need for diverse mobile app security approaches.

The Cyber Threat That Arises with Monopoly: Comparing mobile app security with cloud security demonstrates the risks of monopolistic control. Cloud security thrives on competition and innovation, while mobile app security suffers from Apple’s and Google’s dominance, making it vulnerable to sophisticated threats.

Recommendations for Mobile App Security: The report offers five recommendations:

1. Open ecosystems to third-party security vendors.
2. Financially incentivize developer-led security initiatives.
3. Adopt open standards for security evaluation.
4. Enhance the mobile app ecosystem through strategic partnerships and certifications.
5. Support alternative certified payment systems to reduce transaction costs and increase autonomy.

ABOUT TAG 

TAG is a trusted research and advisory company that provides insights and recommendations in  cybersecurity, artificial intelligence, and climate science to thousands of commercial solution providers  and Fortune 500 enterprises. Founded in 2016 and headquartered in New York City, TAG bucks the  trend of pay-for-play research by offering unbiased and in-depth guidance, market analysis, project  consulting, and personalized content—all from a practitioner perspective.