The future of Google’s app store is at stake in a lawsuit by Fortnite publisher Epic Games. Epic sued Google in 2020 after a fight over in-app purchase fees, claiming the Android operating system’s Google Play store constituted an unlawful monopoly. It wants Google to make using third-party app stores, sideloaded apps, and non-Google payment processors easier — while Google says its demands would damage Android’s ability to offer a secure user experience and compete with Apple’s iOS.
The case has had a long road to court, arriving there long after a similar trial against Apple in 2021. Follow along with updates here.
- “The 90-day disclosure deadline or time limit is industry standard, yes.”
Kleidermacher, in an old deposition. After some discussion in a taskforce Google formed to discuss the issue, Google’s Edward Cunningham did indeed give Epic a 90-day disclosure deadline to fix it, according to an email we just saw in court from August 15th, 2018. Epic claims the bug was fixed on August 16th, one day later.
But in the taskforce’s meeting notes, Google decided to reveal the bug far earlier:
DECIDED: Ed to flip the bug on 8/24 at early morning LON time (just past the precise 8/23 4:12pm 7 day extension) then Shannon can tip people off on Fri 8am if nobody has picked it up organically.
They also discussed putting “three friendlies on it” (presumably three reporters or news outlets deemed “friendly” to Google) or passing the story to Lookout (presumably the mobile security company that often publicizes bug disclosures).
This all sounds shady on its face, but won’t Google just point out that the bug was fixed and the 90 days was no longer required? (In 2020, Google’s Project Zero team decided to start disclosing at 90 days regardless of fix status.)
- Why Google decided to plant the Fortnite bug story, it seems:
Part of a document labeled RAW MEETING NOTES:
DaveK: Users are at risk in several ways, many copycats, it’s just a mess; somebody (Google?) should be telling the world how bad this is. Can we say it? Or will Epic just refuse to work with us?
Sameer: Ultimately we want Samsung to stop this kind of stuff (enabling the FN installer), we want other developers to realize this is complicated and there’s a lot of ways to mess up, and as a result of those 2 we want FN to feel the pressure and make fixes, and we want the world to know that this is not safe to do this. We need to make it safe and have an aggressive future action for GPP. We need to lay down a case for the reasons why we have to do this. On Samsung - what is the best way to make them feel a tremendous amount of heat?
JamieK: I should hear back from ES this afternoon, his team is looking into it. A chance he may conclude that they think this is stupid and they should not be doing this - 50/50 chance. If they don’t, then we need to tell them about this and the additional vulnerabilities they are enabling.
DaveK is Android security head Dave Kleidermacher, Sameer is VP Sameer Samat, and JamieK is Google’s product manager in contact with Epic Games.
- “That would be a clever way for them to avoid the unknown sources friction entirely.”
Kleidermacher, in a August 2018 email about the “fake Fortnite” bug that Google planted a story about in the press.
It wasn’t long before a member of the Android security team suggested that perhaps Google should make this public:
“(A Project Zero style external bug would be the most fun!),” they wrote.
We’re now seeing notes from the internal meeting where Google discussed what to do about it.
- Epic just showed Google has the technical capability to whitelist “known” apps outside the Play Store.
One Googler wrote:
I would appreciate if we could whitelist the official Fortnite before launch. I don’t want to get in a situation where any of the automated scorers (or any human really) flags Fortnite accidentally. HR fallout would be severe
Kleidermacher says Google doesn’t take such things into account for Unknown Sources, though. Again, it’s an operating system level flag.
- Google admits it could theoretically review and digitally sign sideloaded apps so users could directly download them.
“That seems possible,” says Kleidermacher. Epic did not ask why Google has not done this — I humbly suspect the answer is that it would be quite an undertaking.
Now we’re talking about Google Play Protect, which automatically scans apps for malware. It’s recently been getting better at blocking malicious apps but didn’t block predatory loan apps and some knockoff apps in a TechCrunch test.
- The “dumpster fire.”
We’ve covered bad apps at The Verge for a while, particularly on the Apple side of things, and Epic is now casually suggesting that Google Play is no better than a direct app download from a website because Kleidermacher once called it a dumpster fire and, separately, said, “We’re not particularly good at keeping knockoffs off the store.”
I don’t know if Epic’s sticking the landing here with so few visceral examples of bad apps (we saw just two user reviews calling out a scam, and the title S-ON Sexual Therapy), but Kleidermacher did amusingly suggest that Google allows users to download the bad apps without warnings because of user consent.
“There is user consent in one place, there is not user consent in the other place,” he said.
Epic pounced — how could a user’s decision to download an app from a website not constitute consent? Kleidermacher suggested the consent comes as part of Unknown Sources: “You’d have to authorize the browser to install first.”
- “When that warning comes up and says that this is an unknown source, Google does know who Microsoft and Adobe are, correct?”
Epic is pointing out that though Google does create risk assessments of different developers on the Play Store, it chose (Epic’s words) not to use those systems to assess app downloads from websites.
“We have risk measurements for developers on the Play Store,” says Kleidermacher. (They’re explained here.)
“Generally speaking, the operating system views internet downloads as coming from an unknown source,” he said later.
- Android’s “Project Cake.”
Well, this wasn’t on my bingo card: Google’s VP of Android security once proposed “Project Cake,” a plan where there would be two classes of Android apps — a smaller number of “more curated” thoroughly vetted apps, representing as much as 90 percent of the downloads on the store, and a second set that would be less curated and vetted and might warn users about risk.
It never happened. “My proposal has not launched in that form,” says Kleidermacher.
Epic attorney Yonatan Even seems to be trying to suggest it was the genesis of the Unknown Sources idea that adds friction when users sideload apps — but hasn’t yet made a firm link.
- We are back with Dave Kleidermacher, VP of engineering for android security and privacy at Google.
It’s time to dig into the security argument. But Epic gets to dig into it first.
Is Google justified in charging its fees because it protects Android users?
Before the break, we saw Google present an internal slide that included the phrase: “75% of Android Owners say Google Play is a safe place to get apps even while less than half are aware of Google Play Protect.”
- Google made sure the jury didn’t miss the Apple logo.
We’re going on lunch, but Google’s final question before Rasanen was dismissed was a pointed one — she was asked to tell the court what she saw on the final slide Epic showed.
It was a presentation titled “What we worry about.” She said: “There’s an Apple logo on that phone.”
Epic had previously pointed out that several of Google’s presentations about competition made no mention of Apple.
- “I’m not clear on what form a partner’s agreement not to agitate needs to take to get us comfortable with a policy announcement.”
Partners agreed “not to agitate”? That seems wild if true — it’s the language in an email from former Google Play boss Jamie Rosenberg, though he wasn’t asked about it Monday on the stand, and we didn’t really get to the heart of it now that Epic is questioning Rasanen again.
Epic, by the way, did not miss that paragraph about the “world of pain.” Hueston made sure the jury saw it and heard it.
- Google showed its phones were viewed as increasingly less secure in June 2020.
An “Android Brand Health Report” showed a “concerning trend for security,” with a declining number of people reporting they thought Android phones were secure: from 74 percent in March to 70 percent in June.
“Which store is a safe place to get apps?” Android declined from 78 percent to 75 percent, while iOS went up from 80 percent to 84 percent in three months. I wonder if Google had anything related to security around that time that made the news?
- Google says it was concerned if even 6 percent of Android owners switched — because we’re talking billions.
Rasanen points out that because Android has over 3 billion phones “out there in the world,” 6 percent of switchers represents “huge numbers of people.”
“6 percent may seem like a small number, but out of 3 billion...” she does the math, seemingly instantly, and says it’s 180 million people potentially switching.
On the giant spreadsheet we saw earlier, Google points out a different number than Epic did: nearly 14 percent of Android users switch to iOS in the United States specifically, according to Google’s internal estimates.
- Google is making app store agitators like Match look greedy.
Part of an internal Google email about how to handle developers worried Google Play Billing was making it too easy for users to cancel subscriptions:
he seems to be upset that we’re allowing our users to easily manager their subs vs. being locked into their product, which is not putting their users first.
Another Googler replied:
this is actually incredibly important to our business to respect user intent. We believes it yields better long term outcomes for developers as well when they allow their users choice when it comes to their products, even if that is leaving.
Here is part of that same 2018 email that Google did not try to highlight for the jury, for obvious reasons:
lastly, we then compute a 30% rev share on top of these numbers and we’re looking at a world of pain
- The jury seems bored.
It’s been tough to get a read on the jury so far in this case, but I think it’s fair to say many of them don’t find Google Play Billing exceptions very riveting.
One yawned. I saw another looking down at his hands. Some were looking around the room, etc. Maybe they’re just hungry. We’re 23 minutes away from lunch.
The jurors have typically been extremely attentive. This is the first time in seven days I’ve noticed otherwise.
- “We did not think having an app and a website was the same as buying a piece of content somewhere else and bringing it to the service.”
Google Play biz dev and developer partner Kirsten Rasanen, explaining how Google built some of its language around mandated Google Play Billing for in-app purchases and what did count as an exception. (Physical goods, for example.)
She claims fairness was another reason: it was a firm rule because Google didn’t want to disadvantage smaller developers.
There was also a suggestion that security was a reason, that Google wanted to be responsible since it was effectively selling the apps, but I don’t follow how that logic applies to mandating GPB. Maybe I missed it.
- By the way, my colleague wrote about switching costs:
I did it recently, and it did take a while to get my phone set up just the way I liked, but I had the essentials ready to go on Android (coming from iPhone) pretty fast. Same was true when I switched the other way in 2018.
- It’s Google’s turn: time to show its developer relations were fair after all.
Google is starting its cross-examination by being the friend Epic wasn’t. Rasanen explains that her job was to work with developers not only to “help adopt our products and features and hear their feedback” but to make sure “we can understand the developer’s perspective.” To make sure they were being heard, she says.
- A massive spreadsheet has a “grand total”: 92.9 percent of Android users who got new phones were expected to stay on Android.
Epic asked if that was true, and Rasanen said yes, that’s what the spreadsheet shows.
Presenting her with all the numbers, Epic attorney Hueston asks: “The studies we’ve seen show that people buy phones for reasons that are primarily other than the App Store, right?”
She waffles. He presents a new slide titled “Top reasons for smartphone purchase,” a list with maybe a dozen reasons including these top four:
I liked the smartphone brand
My prior smartphone stopped working or slowed down
The price of the smartphone was afffordable
It was a good deal
“Nowhere in that list is the app store identified as a reason for purchasing the smartphone, right?” asks Hueston.
She answers: “The app store, no.”
- 94 percent of iPhone owners with an Apple Watch weren’t considering Android for their next phone, Google found.
If they had an iPhone, iPad, and Apple TV, according to Google’s survey, 98 percent of them weren’t considering a switch.
I didn’t catch when this survey was from as we paged around quite a bit, but Epic showed us internal Google studies from both 2021 and 2020 to make its larger switching costs argument.
- Why are switching costs important? They cut at Google’s argument that it’s competing with the iPhone.
“While owners may consider the other OS, the intent to use another OS is incredibly low, potentially driven by high switching costs and/or loyalty to their existing OS,” reads part of an internal Google study from June 2020.
We’re getting a whirlwind tour of several studies now — depending on the date, they suggest that just 9 percent, 12 percent, or as low as 6 percent of surveyed Android users would switch. (Even fewer iOS users were switching to Android, they suggested, at 9 percent, 12 percent, and 6 percent, respectively.)
One study did show that “roughly one-fifth of iOS and Android are considering another operating system for their next purchase,” but Epic has already somewhat defused that counterargument:
“And you’ll agree with me that people say they’re considering lots of things they don’t end up doing, right?” asked Epic’s lawyer.
“Yes, I agree with that,” laughed Rasanen.
- “Reasons people don’t switch.”
This is Epic’s argument, not an old Google document, as laid out for the jury in a “demonstrative” slide:
Time: people keep their phones 2.8 years on average
Switching phones = switching ecosystems
It feels a lot like learning a foreign language
Transfer and set up involves an average of 40 steps and 9 hours
There is no one place for help
A successful transfer of data does not equal a successful switch
Phone spec inequality
Users are attached to key features
Users’ technical acumen
Committed to other devices in the ecosystem.
So far, Rasanen has only been able to argue with “time.” “There are reasons people don’t switch, but time isn’t a reason in and of itself,” she said.
- Epic is building an argument around switching costs — that switching from Android to iPhone is too hard.
And it’s relying partially on an old internal Google study, prepared by Rasanen, if I heard correctly. Here’s the executive summary:
Switching phones = switching ecosystems
You not only have to learn how to use a new OS, but completely new platforms around it.
It feels a lot like learning a foreign language.
From iOS to Android; from App Store to Play Store; from iTunes to Play Music / Google Music / etc; from iOS coreApps to infinite choices.
It really IS NOT as easy as 1, 2, 3.
Transfer and set up involves an average of 40 steps and can take as long as 9 hours if you use the cloud.
There is no ONE place for help.
It needs to be clear and easy to find the right switching resources. We have 4 websites currently.
A successful transfer of data does not equal a successful switch.
Switching happens in 3 phases. Prep work, data transfer, and then adapting to the new phone.
It’s an individual experience.
Because what’s on our phone is unique to us, the process and what works/does not work is is also individual.
- “I don’t know if ensuring fairness was part of my job. I never thought of it that way.’
Epic is not being a good friend back to Rasanen, though. It just pulled up an old deposition where she seemed to admit she wasn’t actually “in the developer’s corner” the way a Google developer-facing presentation portrayed.
Today, she says, “I would disagree with the characterization that I didn’t want to have a fair developer ecosystem.” But after seeing her old deposition, she clarifies, “My job wasn’t to ensure fairness.” She says it was to help developers create great apps and make sure they follow Google’s policies.
She’s in a corner, that’s for sure — the one Epic just painted her into.