Introducing the Mobile Trilemma

Joshua Levine is the director of technology & statecraft at the Foundation for American Innovation.

In the roughly fifteen years since the iPhone's release, smartphones have rewired how people work, live, and play. These devices have changed how we interact and how we transact. While the devices and the experiences have evolved over time, innovation has been uneven, and at times muted. In the United States, the mobile operating system market is dominated by two players, Apple and Google, who differentiate themselves in the “openness” of their mobile platforms, meaning policy debates use a binary view of “open versus closed” to evaluate different offerings and the connected welfare effects.

A more useful framework, which we lay out here, is what we term the "mobile trilemma." The framework is adapted from Maurice Obstfeld and Alan Taylor's macroeconomic trilemma, which demonstrates the inherent tradeoffs economic policymakers face on three dimensions. Our approach applies this lesson to decisions within the mobile ecosystem on privacy, security and integration. We demonstrate how product design, soft-law standards, and hard-law regulations attempting to promote one corner of the trilemma will frequently fail to support, or more commonly detract from, the other corners.

The trilemma is intended to be a framework for understanding competition within the mobile ecosystem. Healthy competition should enable developers to differentiate their products and services by competing on any of the three dimensions, whether stronger privacy controls, stronger security assurances, or deeper integration. In our view, competitive churn is not in and of itself valuable, but rather that competition spurs a discovery process that disciplines gatekeepers, expands consumer choice, and drives innovation by adopting or adjusting product design with respect to one (or two) of these three dimensions.

The central risk of today’s mobile market is that a gatekeeper can exploit one corner of the trilemma as a shield or weapon, distorting competition in adjacent markets where it also competes. A platform could invoke "security" to block interoperable rivals, or "privacy" to impose selective frictions that raise rivals' costs with little tangible benefit to the consumer. The policy question, then, is whether governance choices make the tradeoff space meaningfully contestable for third parties without undermining user trust. We call this state of affairs "bounded openness."

Three components of the mobile ecosystem illustrate how the trilemma plays out in practice: browsers and browser engines, app stores, and application programming interfaces (APIs).

Browser engines: low-hanging fruit

Browser engines are an underappreciated chokepoint within the mobile ecosystem. The browser engine is as it sounds: the underlying technology that drives usability and functionality of a web browser. The market for mobile browser engines has three competitors: Apple’s WebKit, Google’s Chromium, and Mozilla’s Gecko.

On iOS, Apple's WebKit requirement means every browser is effectively a reskinned version of Safari, which significantly impedes product differentiation and restricts functionality. Apple also limits the capabilities of Home Screen web apps, which makes the web a weaker substitute for native apps and helps keep the App Store as the primary distribution channel for products and services. The result is that unlike on a desktop, where a user can download different browsers which differentiate themselves in areas such as the amount of data they share with third parties, or screen for malware, or enable customizable interfaces and plug-ins, users of iOS are basically using Safari no matter which browser their purport to choose.

Apple justifies these restrictions on privacy and security grounds, but the evidence is thin. When the European Union required Apple to allow third-party browser engines under the Digital Markets Act, there was practically no noticeable degradation of security on iOS devices. Safari and WebKit have actually taken significantly longer than competitors to integrate new protocols and features, some of which would enhance security and privacy for mobile users. Browsers are among the most heavily tested pieces of software because of their critical role in connecting users to the internet, and they are continuously sandboxed. The benefits of restricting browser choice on security grounds are therefore generally weaker than Apple's marketing suggests.

Apple's App Tracking Transparency framework illustrates how technical path dependency in the name of privacy can be wielded as a competitive weapon. By making cross-app tracking opt-in, ATT shifted integration away from open cross-app identifiers toward Apple-mediated attribution frameworks like SKAdNetwork, increasing developer dependence on Apple's APIs. Research on the European market found that app developers saw a 21 percent decrease in ad revenue as a result. France and Italy have both issued major antitrust fines focused on ATT's implementation. The net effect is a trade that reduces some data-exposure risk while tightening platform control over how the ecosystem interoperates.

Allowing third-party browser engines on iOS, while still enforcing OS-level security primitives and standards-driven requirements, would improve the competitive equilibrium with limited downside.

App stores: a sharper set of tradeoffs

The tradeoffs for app stores are sharper. App distribution is shaped by a natural oligopoly dynamic: high fixed costs, two-sided network effects, and the tight coupling of operating systems to app stores make meaningful entry difficult. Apple maintains its equilibrium through restrictions on third-party stores, mandated use of its payments provider, and terms of service that prohibit "steering" customers to alternatives. Google’s Android operating system does allow users to access third-party stores, but similarly uses payments and terms of service to funnel users into its first-party offerings.

The argument for the status quo is strongest along privacy and security. Enterprise telemetry shows that Android devices encounter on-device malware at higher rates than iOS devices, and compromise indicators like rooting are more common on Android than jailbreaking is on iOS. But Google's experience also demonstrates that nominal openness can coexist with anticompetitive foreclosure. In Epic Games v. Google, a jury found that Google unlawfully maintained monopoly power in Android app distribution and in-app billing through technical restrictions and contractual incentives that preserved Play's default position. The Ninth Circuit affirmed in July 2025. Allowing sideloading in theory does not automatically create contestability if the default store and default billing rails remain structurally privileged.

Alternative distribution cannot be evaluated as a simple binary. Distribution and hosting of millions of applications necessitates a stack of different responsibilities and capabilities such as: installation, updates, payments, identity, refunds, parental controls, dispute resolution, and trust signaling. Bundled together, the structure and function of these components determine whether users and developers can realistically rely on a channel outside the incumbent store. The policy goal for the distribution of mobile apps should not be "more stores" as an end in itself, but rather: baseline integrity that follows the app regardless of channel; functional parity in the distribution plumbing; payment choice paired with minimum viable consumer protections; and non-pretextual enforcement of privacy and security rules. Lenient restrictions for first-party operators and strict rules for rivals create a market asymmetry which leads to a degraded experience for consumers and developers alike, but eschewing such control altogether would introduce unacceptable privacy and security tradeoffs. In a mature mobile ecosystem, competition should operate inside the guardrails of security and privacy, not be smothered by them.

APIs: A Delicate Dance

If browsers and app stores are the front doors of the ecosystem, APIs are the internal hallways. Often invisible to users, they determine where people can go, what they can do, and which firms can compete on equal footing. Because Apple and Google sit at the chokepoints where APIs meet hardware and the OS, they effectively act as regulators of interoperability—they write the rules, enforce the rules, and can rewrite the rules whenever they wish.

Encouragingly, both platforms already provide architectural primitives that point toward bounded openness. Apple's PHPickerViewController and Android's Photo Picker let users grant an app access to selected images rather than an entire library. Password managers operate as first-class participants through Android's Autofill framework and iOS Password AutoFill, with the OS mediating credential access. These designs show that integration does not require bulk data access.

Where API restrictions intersect with high-value use cases, however, the competition stakes rise sharply. Tap-to-Pay required European Commission intervention in July 2024 to make Apple's NFC commitments legally binding. The Commission's approach did not assume that "open NFC" means "unsafe NFC"; it treated interoperability as a competition issue while still taking security seriously. Connected devices, messaging, and push notifications raise similar questions. When a platform controls the APIs that determine whether third-party watches, earbuds, or messaging services work seamlessly, it controls whether rivals compete on user experience or are relegated to degraded "compatibility modes."

The right approach is open capabilities, not open-ended data flows. Functional parity should apply where competition depends on it. Risk-tiered access should govern higher-stakes interfaces such as background sensors and payments. Privacy-preserving design, system mediation, fine-grained permissions, data minimization, should be the default. And security tooling should not quietly encode distribution monopolies. In the context of APIs, bounded openness means that changes attempting to enhance integration and competition must be paired with deliberate technical constraints—system mediation, least-privilege permissions, verification, and auditable access—so that interoperability does not become a synonym for unbounded access.

A coherent policy posture

The Mobile Trilemma of privacy, security, and integration helps clarify so many seemingly simple fixes to induce more competition in the mobile ecosystem end up producing unintended consequences. It is not just that tradeoffs exist; it is that platform governance choices can make some tradeoffs contestable for rivals while reserving others for the gatekeeper by design. The central question for policymakers is therefore not “open versus closed,” but whether the rules of the ecosystem allow firms to compete on privacy, security, and integration on reasonably equal terms without letting any one axis become a pretext for foreclosure.

The next wave of personal computing and the services that ride on top these platforms is cresting. AI assistants, AR/VR, and brain-computer interfaces are here, and for the time being interact within the existing mobile computing ecosystem. The mobile trilemma is a framework for evaluating the state of competition today, yes, but can also advance a logic for how to think about what comes next.