Balancing security and contestability in the DMA: the case of app stores

The EU's Digital Markets Act will require certain large tech firms' ecosystems to become more open. The Act contains few exceptions – but law-makers did include special protections for undertakings providing operating systems, like Apple and Google, to protect security. This paper explores how the Commission should assess these measures. It argues that security is not a "trump card" to undermine the Act's objectives – instead, Apple and Google must balance security benefits of their measures against any limitations on contestability. Furthermore, the Act should continue to allow both firms to differentiate their products' approach to security. However, Apple's (and to a lesser extent Google's) security measures are likely to be heavily disputed. The Act does not give the Commission effective powers to efficiently resolve such disputes nor to force gatekeepers to change their approaches to security.