The state of mobile browsers
Introduction
Alex Moore, from Open Web Advocacy briefly mentions the organization's mission: promoting fair browser competition and web app parity across operating systems.
Open Web Advocacy's Mission
Alex elaborates on Open Web Advocacy, an Australian non-profit advocating for fair browser competition and feature parity between web and native apps. They achieve this by advising governments and regulators globally, collaborating with companies, and ensuring browsers and web apps benefit users across all operating systems.
The High Cost of Anti-Competitive Practices
Alex highlights the detrimental effects of anti-competitive behavior, stating it hinders browser and web app competition, costing consumers billions annually. He argues that web apps, if given fair competition, could significantly disrupt the dominance of native app stores and their high fees.
The Power and Potential of Web Apps
Alex underscores the impressive advancements in web app development, emphasizing their increasing capabilities and narrowing gap with native apps. He points out the inherent advantages of web apps, such as cross-platform compatibility and lower development costs, attracting significant investments from large companies.
Apple's Effective Ban on Third-Party Browsers
Alex identifies Apple's restrictive App Store policy (Rule 2.5.6) as the primary reason behind the limited success of web apps on mobile devices. This rule effectively prohibits third-party browsers on iOS, forcing them to use Apple's WebKit engine, thereby limiting web app functionality and stifling innovation.
Consequences of Apple's WebKit Restriction
Alex discusses the far-reaching consequences of Apple's WebKit restriction, emphasizing the lack of browser competition on iOS and its impact on web app development. Developers hesitate to implement features not supported by Safari, leading to a stagnation of web app capabilities and reinforcing Apple's dominance.
Regulators and Developers Voice Concerns
Alex cites reports from the UK's Competition and Market Authority (CMA) expressing concerns over Apple's WebKit restriction, highlighting its negative impact on competition and innovation. He connects this with the lack of features and bugs prevalent in Safari, emphasizing the need for Apple to address these issues.
Apple's Lack of Incentive to Improve Web Apps
Alex argues that Apple lacks a genuine incentive to enhance web app functionality, as it would threaten their lucrative App Store revenue. He believes Apple strategically maintains a balance where web apps are "good enough" to appease regulators but not competitive enough to challenge native apps.
The EU's Digital Markets Act (DMA)
Alex discusses the EU's DMA, which includes provisions to outlaw banning browser engines and promote competition in web app functionality. He describes the anticipation surrounding Apple's response to the DMA and how their initial reaction raised significant concerns within the web development community.
Apple's Attempt to Sabotage Web Apps
Alex details Apple's attempt to circumvent the DMA by removing web app functionality in an iOS beta, effectively turning them into bookmarks. He criticizes Apple's lack of transparency and communication regarding this change, highlighting the potential for significant damage to businesses and users reliant on web apps.
Community Mobilization and Apple's Reversal
Alex describes the collaborative effort by Open Web Advocacy, developers, and media to challenge Apple's decision. He highlights the impact of surveys, an open letter to Tim Cook, and engagement with regulators, which ultimately led to Apple reversing their decision to remove web app functionality.
Apple's Continued Resistance
Despite the victory, Alex notes that Apple remains resistant to allowing genuine browser competition. He criticizes their new browser API contract, deeming it excessively restrictive and designed to discourage third-party browsers from entering the iOS ecosystem.
Apple's Legal Tactics and Excuses
Alex touches upon Apple's aggressive legal strategies, citing their billion-dollar legal budget and willingness to push boundaries. He criticizes Apple's use of security as a justification for their actions, arguing that web apps are inherently secure and that Apple's claims lack evidence.
Demands for Apple and Global Efforts
Alex outlines Open Web Advocacy's demands for Apple, including allowing fair browser competition, revising their restrictive contract, and enabling developers to test outside the EU. He highlights ongoing investigations and regulatory efforts in the US, UK, Australia, and Japan aimed at curbing anti-competitive practices.
Call to Action for the Web Community
Alex concludes with a call to action for the web development community. He encourages sharing the organization's paper, providing feedback on web app challenges, and engaging with regulators to advocate for fair competition and a brighter future for web apps.
The Future of Web Apps
Alex reiterates the importance of fighting for a future where web apps can thrive. He emphasizes the inherent advantages of web apps – security, power, interoperability, openness, and cost-effectiveness – making them a compelling alternative to native apps.
thank you very much, John, for the really generous introduction, and, the, for the invitation to be here once again.
It's really been a great couple of days, not just the presentations, but talking to each of you individually in one on one chats, and hearing what you believe are the main issues that you're facing today with the web.
Now, so for those of you, I know John's just, brief in, intro, but for those of you who are not, familiar with us, I just want to do a little bit of a recap, talk to you about who we are, what we're about, and then I'll get into the more juicy stuff.
So Open Web Advocacy is a Australian non profit which has two main aims.
The first one is fair and effective browser competition on all operating systems.
And the second is feature parity between native apps and web apps.
And in short, we're here to ensure that browsers and web apps deliver for developers and consumers on every operating system.
So the way we do this is we go around the world providing detailed technical advice to governments and regulators everywhere, which essentially means we write lots of documents, respond to market studies, investigations, and we go to countless meetings and answer many hundreds of technical questions.
And we work with regulators in the EU, the UK, Japan, the United States, and of course Australia.
And we coordinate with countless companies and organizations, hopefully later your companies included, to protect the future of the web.
Now why is this important?
And simply put, anti competitive behavior is hampering both browser competition and web app competition and continues to cost consumers billions of dollars per year.
And that's not an exaggeration.
Were the web able to fairly and effectively compete with the native app stores, they wouldn't be able to, they wouldn't be able to demand a 30 percent cut of all third party software.
When you think about these gatekeepers, they do not get this cut via merit.
They get this cut simply by blocking every alternative meansof running third party software, including web apps.
Now, probably don't need to sell this to everyone in this room, because it's, preaching to the choir, but amazing apps are being built every year using the power of the web.
Now, everyone knows what the boundaries of what you can do are being pushed further and the gap between native and web is getting narrower.
And, so it's no wonder that, large companies are investing in the web.
Because the web has massive innate advantages that native doesn't.
So it's not surprising that all of your companies are investing in the web, and, I would actually say, if it wasn't for this anti competitive behavior, 90 percent of all of the apps on your mobile device would be indistinguishable, significantly cheaper, and often better than their native app counterparts.
Now, the question is, why aren't web apps dominant on mobile?
And the primary reason, there's more than one reason, but the primary, by a very large margin, is Apple has effectively banned all third party browsers from iOS.
And they've done this via Rule 2.
5.
6 of the App Store Guidelines, which says, Apps that browse the web must use the appropriate WebKit framework and WebKit JavaScript, whatever that means.
And this is a very innocuous rule, and quite clever, I might add, that actually enforces the entire content area of the browser, and the majority of functionality that's important to Web apps to be exclusively controlled by Apple.
And it makes all browsers on iOS basically reskinned versions of Safari.
And what this clause actually says is, throw away the browser you've already built, you've already spent 100, 000 plus hours building, and then build a new browser with, a thin user interface around, Safari, which we have total control over, and that you cannot modify.
And this in turn sets a ceiling on the functionality of all web apps, not just on iOS, but on Android as well.
Because developers aren't going to implement functionality that over, that half or over half their users cannot use.
And this has deprived web developers of the fundamental tools and stability that they need to compete with native apps.
And this is important.
Because it effectively means there is no browser competition on iOS.
Now, if Apple decides they aren't going to support a web API in Safari, it means iOS will never have that API.
And then for the majority of us developers, that API might as well not exist at all.
Because it's very hard to justify building major, major pieces of functionality, when over half of your users can't use it.
And, in many cases, this missing functionality is critical to the app.
And very conveniently for Apple, ensures that developers are then forced to build a native app instead.
They can then extract fees, and they get lock in, and they can tie developers to Apple's tools and technology.
And this makes it immensely hard, if not impossible, for web apps to effectively contest the native app ecosystems.
And the regulators agree.
So this is the UK Competitions and Market Authority, and they stated in their report, as a result of the WebKit restriction, there is no competition in browser engines on iOS, and Apple effectively dictates the features that browsers on iOS can offer.
And Andrea Coscelli, who's the chief, who's the boss of the entire UK regulator, said, we all rely on browsers to use the internet on our phones, and the engines that make them work have a huge bearing on what we can see and do.
Right now, choice in this space is severely limited, and that has real impacts, preventing innovation and reducing competition from web apps.
And this lack of competition severely damages the web.
And we heard in Julian's talk yesterday that, a large number of features are missing, and most of those, you might have noticed, were missing in Safari.
And out of all of these features, the most critical and the one that Apple refuses to implement is install prompts for web apps, and it's not hard to understand why.
If web apps were easy to install, what do you need our native apps for?
Mobile Safari is very, buggy.
I don't know how many of you have had to, lose, we've personally lost hundreds and hundreds of hours over the last 10 years developing for Safari.
And in the 2020 Mozilla survey, which they really should run again, ignoring Internet Explorer, Safari was by miles the browser that caused developers the most problems.
And Apple has no incentive to fix this.
When a feature is missing or broken in iOS Safari, there aren't any panicked meetings in Apple about how to fix it.
This is because Apple is not scared of losing any market share.
Because there is no competition.
Developers need to adjust to Safari, not the other way around.
And, there was a bug, just for example, there was a bug that broke background audio, and essentially breaking any music app that you wanted to build for the web, and it was broken for two and a half years.
Can you imagine if native Spotify was broken for two and a half years?
It's insane.
And this particular bug, only got fixed once it started being brought up in US antitrust investigations.
Then you bet it got pretty, it got fixed pretty quick after that.
It's not actually in Apple's interest to make web apps viable.
The sweet spot is good enough to say to governments and regulators, Ah, look, there's an alternative.
But not so good that it remotely becomes a threat to their 25 billion a year App Store revenue.
And let's not forget, Apple also gets 20 billion from Google every year, which is 11 percent of Apple's profit.
Now imagine that, all that hardware, but 11 percent of their profit comes from Google, just for setting the default search engine inside Safari.
Alright, it's a crazy amount.
And these incentives to their shareholders are so powerful, Apple will never willingly enable browser competition, which means we, as the web community, need to fight for it.
The EU, after a lot of begging from us, and at the very last revision before the Act was finalized, explicitly outlawed the practice of banning engines in their, landmark Digital Markets Act, and their rationale for doing so was to allow third party browsers to compete in the provision of functionality, stability, speed, security, privacy of web software applications, aka web apps.
The DMA came into force in March the 7th of this year, and back at the beginning of the year, we were all on the edge of our seats, waiting how Apple was going to react to its new obligations.
Were they, were they going to announce something that just works, or were they going to be malicious and push back the threat of real competition?
And, oh wow, did we find out much earlier than we'd expected, a month before the DMA was even due to start.
And on February 2nd, one of our lovely volunteers in the EU messaged us and said, In the latest iOS beta, all web apps have been broken.
And converted into bookmarks.
So that meant, no full screen, all app data just got deleted.
It doesn't act like an app at all.
The, you get booted from sessions every seven days.
And, yeah, no more push notifications, cause they're gated behind in store.
Pretty devastating.
But, we're thinking, yeah, Safari's been breaking web apps and new versions of the software, I don't know, for the last decade.
Has to be a bug, right?
Not even Apple would be this ridiculous.
Not even Apple would be that malicious.
Regardless, we and many of others in the developer community were very concerned.
And we knew Apple only had four weeks to release this software, because the DMA compliance deadline was coming up.
We, had to start trying to get an answer out of Apple.
Because, maybe they were working on it, maybe it wasn't finished, who knows.
But they maintained complete radio silence.
There was no response on Twitter, no response on Mastodon, no reply to the bug ticket, nothing in the iOS or Safari release notes, and absolutely nothing in Apple's DMA compliance plan.
And no one could get an answer out of anyone on the Safari team.
So with this huge level of uncertainty, we started reaching out to reporters and companies in the EU who would be directly affected, and we started going to multiple regulators to flag this as a it's a potential enormous issue, although we weren't 100 percent confident what was going on.
After two weeks of this, we finally emailed Apple's policy team, relevant Safari WebKit team members, and Apple's legal team in charge of DMA compliance.
And we explained, we generated extensive media coverage condemning the move.
It was not required and not allowed by the DMA.
That their lack of communication was concerning.
That it was going to break thousands of web apps, harming millions of consumers.
And that we'd heard directly from businesses, quite a few businesses, that they were going to go bankrupt if they went, if it went ahead.
We had people message us saying, I'm going to have to fire all of my employees.
But, within a week of this coming out.
And the final thing we wrote in the email, we said we require a reply within 48 hours.
It won't surprise any of you that we didn't get a reply within 48 hours.
But, they did respond to the update.
With an update to their website exactly 13 hours later.
And in it, they explain that the DMA would force them to share web app installation with third party browsers, using their own engines, and in order to avoid this, they had to remove the feature entirely.
They regretted the harm that this would do to developers and users in the EU.
And they fell back on all the old excuses here.
Security, privacy, alleged low utilization of web apps via Safari, and the fact they only, had 1.5 years to prepare for the Digital Markets Act.
For us, this was a start.
We'd, force Apple to admit it, something they almost never do.
But it also meant that removing web apps was planned.
The decision not to let anyone know and keep it out of the release notes was deliberate.
And I challenge you all to think of another event in the entire history of the web where such a large, critically important feature has been removed from a major browser at almost zero notice.
It was truly unbelievable behavior.
And this breaks the web's equivalent of the Hippocratic Oath.
Don't break existing websites, and certainly not with zero notice.
And Apple's plan would have in fact sabotaged web apps globally, for all operating systems, because there's not a single business who would be willing to use a technology if they thought they were going to get the rug pulled out of them, or might get the rug pulled out of them at some point in the future.
And no investor would be willing to put their money on the line for web apps, if they thought Apple might one day remove them.
We and our big team of volunteers sprung into action.
We produced and conducted two surveys to gather hard data on the amount of damage Apple was about to inflict.
And at this point we'd already used up two weeks, because, that took two weeks to get the, the admission out of Apple.
And the response we got to the surveys was huge.
And even we were surprised by the number of responses we got.
The apps ranged from five users, to millions of users.
And a vast number of these apps were for really important stuff like healthcare, education, government, industry.
There was even one web app that was used for managing a factory, like a massive factory.
And so it was very clear that the harm would not be trivial.
People would lose healthcare data, it would wreak havoc on businesses that relied on the web, and just make life really hard for a lot of people.
And we even spoke to one company who said, they had frontline war journalists in Ukraine who were going to lose all of their work, all of their photos and documents.
So we reached out to media and the issue got significant coverage and we, even on the very pro Apple forums, Apple's actions were not well received and the anti competitive nature was clear to even the, the most diehard Apple fans.
Our next, action was we wrote a letter, we wrote and published an open letter to Tim Cook, asking him not to go ahead with Apple's plan to sabotage the web.
And we got an astonishing 4,811, individuals, 500 organizations to sign the letter, in just a few days, included two European MPs, Karen Melchior, Patrick Breyer, and lots of significant EU companies, including Mastodon, and a huge number of software developers in their personal capacity, who work for Swiss Life, Toshiba, W3C, Mozilla, Google, Microsoft, Vivaldi, BBC, Financial Times, Red Hat, Oracle, Amazon, Wikimedia, Verso, Netlify, Shopify, Spotify, Airbnb, Berlin University Arts, Open State Foundation, Cloudfair, Meta, Chase, Squarespace, Reddit, Atlassian, Mersk, PayPal, Salesforce, Block, Adobe, eBay, Zynga, Booking.com, and ThoughtWorks, and many other developers from over a hundred count, countries.
Finally, we met with many regulators who were watching the situation unfold in real time.
And just to explain to them what the, what Apple was doing and just how profound the damage would be.
And shortly after we published the letter, the Financial Times announced the EU Commission had opened an investigation into the, into the incident.
Then, with just 48 hours left, Before iOS 17.
4 was about to get released and break everything, Apple, under intense media, developer, and legal pressure, backed down.
And in a statement they published on their website, they reversed the decision.
Now this was dangerously close.
We genuinely believe Apple's plan was they were going to sneak this change in.
With no release notes, no announcement, and then they would release iOS to the public.
All the web apps would EU break, and they'd go, Ah, the DMA made us do it.
It's been in beta for a month.
No one noticed.
No one really uses web apps.
And obviously, we're incredibly grateful to everyone who basically worked around the clock for a month to help us turn this around.
WebApp's safe.
Kinda.
DMA came into force on the 7th of March this year.
And it's been three months now.
We got new browsers in the EU, right?
Yeah, not really.
Even backing down, Apple made it very clear in their announcement they're not gonna let third party browsers compete in providing web apps speed, stability, privacy, security.
And they made this statement in direct defiance of the DMA.
They then, on their website, created a new browser API contract with terms that are so insane, I could literally spend all day talking to you about them.
Mozilla stated that Apple were making it as painful as possible to provide competitive alternatives to Safari on iOS.
So far, we have exactly zero browsers using their own engine, obviously excluding Safari, that have been shipped to iOS, and without significant intervention from the EU, this isn't going to change.
Now, some good context, Apple's got a legal budget of a billion dollars per year, and they adopt an exceptionally aggressive stance.
And if you want to understand Apple's approach to legal.
It's one of my favorite quotes, so I'll have to say it again.
Bruce Sewell is Apple's former general counsel, discusses in talk to law students where he says, work out how to get closer to a particular risk, but be prepared to manage it if it goes nuclear.
Steer the ship as close as you can to that line, because that's where the competitive advantage occurs.
Apple had to pay a big fine.
Tim's reaction was, that's the right choice.
Don't let that scare you.
I don't want you to stop pushing the envelope.
That, that sums up the attitude.
What's so bad about Apple's browser API contract?
Now, there's some, interesting clauses in the contract, and these are just the best ones.
There are lots.
These are the best ones.
It's geolocked to the eco, the EU.
You must publish a separate browser, a complete separate app, and lose all your existing customers.
You're banned from using WebKit.
For anything.
Apple can break or remove any API at any time with no notice.
Apple can reject your browser for any reason at sole discretion.
The browser inventor agrees to follow all rules in Apple materials.
And which Apple can change at any time.
And they might be incomplete.
Inaccurate or unavailable.
And Apple Materials is this delightfully vague and Orwellian phrase which means all documentation referenced from the contract and all documents that those reference cascading and spidering around or as I like to call it, star dot Apple dot com forward slash star.
And if you break any rule in Apple Materials, again, who knows what that means, Apple can permanently remove every single app your company distributes on every Apple platform, including macOS, and none of this is a joke.
This is actually in the contract that Apple has published.
And finally, in practice, they are actually banning testing of any of the browsers, browser vendors and developers outside of the EU.
So essentially what they want is they want all these browser vendors, to relocate their iOS development teams to the EU.
And additionally, there's no, there's going to be no way currently, that we can test our apps on using these new EU browsers.
This is not a company that's trying to comply in good faith.
Now, Apple's primary excuse with security doesn't actually work that well with browsers and web apps.
So they try to claim this to the UK regulator that WebKit has better security than Blink or Gecko.
And when they, when the regulator pressed them for evidence, they couldn't find any.
And browsers actually have incredible security, because they just have to.
And even Apple agrees that the security of the web's, much better than the security of native apps.
And to quote Apple, WebKit's sandbox profile on iOS is orders of magnitude higher than More stringent than the sandbox for native iOS apps.
What do we want Apple to do?
The broad strokes are allow third party browsers to compete on iOS, rewrite their ridiculous contract so that's only strictly necessary, proportionate, and justified security measures, allow browser vendors to test outside of the EU, allow developers serving EU customers to test outside the EU.
And allow 3rd party browsers to compete in the provision of Web app functionality.
And we do support the reasonable, necessary, and justified security measures.
What we don't support is security theater, being used as a weapon to crush competition.
And the US Department of Justice agrees, basically saying, in their complaint, said, in the end, Apple deploys privacy and security justifications as an elastic shield that can stretch or contract to serve Apple's financial and business interests.
So as of right now, we are publishing our full 118 page paper on Apple's compliance and how we allege that they are in violation of the DMA.
And this paper's been developed over many months in heavy consultation with industry.
And right now you can visit the, the whole paper by visiting the URL.
And while you're reading it, if you've got any, because everyone here's, a developer, or most of you are.
If you've got any thoughts, or feedback, or anything you think is missing, we'd love to hear from you.
And we can do a version 1.1, 1.2, that'd be great.
So that's, EU, so what about the rest of the world?
So first, the US has opened an investigation into Apple for antitrust violations, and their case focuses on middleware.
Such as browsers, that's to facilitate more competition and interoperability.
And we expect that case is going to take about three to five years.
The UK has just, passed a bill, the, DMCC, which has granted their regulator new powers to tackle the check giants.
And the UK has extensively covered browsers and web apps in, their, in their regulatory reports.
So I imagine that's going to be very high up on their list, to fix now that they actually have the powers to do Australia is now crafting new laws.
You can read about it in their digital platform services inquiry, in report number five.
And they'll be opening for comment, really soon.
And it's essentially a mash up between, digital market, the EU's Digital Markets Act and the UK's Digital Markets Unit.
But when they do open for comment, it's going to be really important to get all of your support, because there's one thing if just, we're up there saying one thing, it's totally different if we suddenly have all these Australian companies going, yeah, We need this.
We need web competition.
We need web app competition.
And in just the last week, Japan passed a law, which we, we helped consult on.
Not the law, but the, we helped, with the, regulatory agency.
And that was, they banned, prohibiting browser engines.
And they require equivalent access to APIs subject to reasonable restrictions.
And it comes into We need your help, which is read and share our paper, tell us what, tell us what if you think there are things missing from web apps and that stop web apps being competitive with native apps.
We need to hear what those items are.
If you, work for an organization, then your organization's like yeah, we've got to, we've got to build a native app instead.
We've got to know what those reasons are, so that in the web community we can work on actually fixing those issues.
And then maybe, your particular app is only viable native now.
But if we start working on it, maybe we can make it a , web apps equally viable or significantly better than native apps in just a few years.
Yeah, follow us on social media.
Like I said, when the time comes, help us contact regulators and have your voice heard.
And we also need, we also, if you've got spare time, we also have a lot of engineering work we need to get done.
To, to push the message and please donate your time or if you, or make a donation.
So Apple is fighting against the tide here.
It's a single win for consumers and businesses in one of these regulatory jurisdictions can be replicated jurisdiction by jurisdiction.
So, we need, we just need to get it good somewhere on the planet, and then we can go around to the other regulators and go, just copy what they did, and everything's gonna be good.
That's why Apple's resorting to increasingly silly games, and, but we need to keep pushing.
Until they're forced to allow competition globally.
Once these anti competitive barriers are removed, web apps can thrive on mobile.
Web apps are secure.
They're protected by the sandbox of the browser.
They're powerful.
They're powered by a vast array of exciting APIs, many of which we've heard about over the last couple of days.
They're interoperable.
You don't have to write one for iOS, then another one for Android, and, I don't know, do a third one for desktop.
You just write one code base that works on everything.
It's open.
You don't have to write proprietary code that locks you into a particular ecosystem or be bullied by a particular gatekeeper, or have to waste enormous amounts of time on pointless app store review.
And it's rent free.
You don't have to share your money or revenue with the gatekeepers and you get to have a direct relationship between you and your users.
The future is bright and the future is web apps.
Let's make it happen.
Thank you very much.
