Antitrust lawsuit: Google’s app store risks becoming a malware cesspool
As Google faces mounting pressure from US courts to open its Android ecosystem to third-party competitors, experts warn the move could lead to data breaches and compromise consumer protections.
For over a decade, tech giant Google has consolidated all its services – books, games, apps, music, movies, and android market - under one platform named Google Play, enabling users to download them from that single window.
This marketplace platform is now facing an existential threat. Caught in an antitrust lawsuit, Google has been ordered by a US court to allow third-party app stores and payment systems to operate on its platform for the next three years.
Experts however argue that consumers will face news risks despite gaining more freedom if Google allowed third-party app stores onto its platform.
Alesia Zhuk, a legal researcher specialising in emerging technologies in Universitat Pompeu Fabra in Spain, tells TRT World that while this shift will grant users more options, it could compromise app security and privacy.
“Third-party app stores could introduce security vulnerabilities and may not have the same level of scrutiny,” Zhuk warns.
“Developers may now bypass Google's safeguards, increasing the risk of downloading malicious software or apps with weak privacy protections.”
Antitrust lawsuits
The order is part of broader scrutiny that began with the 2020 Google search case, when the US government accused Google of holding an “illegal monopoly” for the first time in a generation.
Donato’s order stems from a jury verdict last year, in which Epic Games Inc., the maker of Fortnite, won the lawsuit that Google unlawfully stifled competition through its control over app distribution and payments.
The injunction mandates that Google cannot block the use of alternative in-app payment methods and must permit users to install competing third-party Android app platforms or stores for three years.
The order also bars Google from paying device manufacturers to preinstall its app store and from sharing Play store revenue with other app distributors.
Donato stated that his injunction would take effect on November 1, allowing Google time to align its existing agreements and practices with the new requirements.
Meanwhile, antitrust cases against the company are ongoing across several states.
The DOJ (Department of Justice) has accused the company of using its other products, such as the Chrome browser and Android operating system, to funnel users to its search engine, where it makes money by selling adverts.
Google argued that the online advertising market remains competitive, referencing a Wall Street Journal report noting that more users are shifting to TikTok and Amazon for their searches.
In Washington, US District Judge Amit Mehta ruled on August 5 in favour of the US Justice Department, while a separate federal court case in Virginia, heard in September, argued that Google had illegally monopolised web search by spending billions to secure its position as the internet’s default search engine.
Google has strongly opposed both Mehta’s ruling as well as the Virginia court’s allegation, calling them “radical” and “sweeping,” arguing that they could “harm consumers, businesses, and developers.”
Concerns over ‘user safety’
Google Play store has long dominated the Android market. It has deployed a security check system like Play Protect, which automatically scans for malware, permitting Google to control app quality and privacy standards.
Barcelona-based legal tech expert Zhuk emphasises that if Google Play loses the court battle and opens up to new market players, the responsibility of managing security risks will shift to users, who will have to be more vigilant and rely on external data protection tools to filter out harmful apps.
"A well-known example is the Amazon Appstore, which offers legitimate apps but lacks the same extensive security checks as Google Play," says Zhuk.
Last week, Google’s vice president of regulatory affairs, Lee-Anne Mulholland, said the recommendations constitute "government overreach" and could result in higher prices for consumers.
Mulholland highlighted the privacy risks involved, stating that “forcing Google to share your search queries, clicks, and results with competitors risks your privacy and security. It’s widely recognised, including explicitly by the DOJ in its outline, that forcing the sharing of your searches with other companies could create major privacy and security risks.”
She further explained in the blog that search data shared with Google is often personal and sensitive, protected by the company’s security protocols.
If accessed by a different company without strong security practices, she warned, “bad actors could access them to identify you and your search history — as we’ve seen before.”
Zhuk, author of Cyberwarfare and the Rule of Law, acknowledged Google’s security concerns about rival payment systems, noting that “Google’s payment ecosystem is highly integrated, with strong encryption, fraud detection, and consumer protections in place.”
“We’ve seen instances in the past where smaller or newer payment platforms lacked sufficient safeguards, resulting in data breaches or fraud,” she says, referencing the example of Fortnite.
When the game bypassed the Play store's payment system in favour of its own payment system, it “initially raised concerns about whether users’ financial data would be adequately protected outside Google's infrastructure.”
Zhuk suggested that trusted platforms like PayPal or regional solutions such as Alipay could offer users more payment options without sacrificing security.
She cautioned, however, that “the safety of these alternatives will depend on their data protection measures,” adding that consumers are “more at risk when using lesser-known processors lacking transparency and support.”
Reflecting on the early days of Android, Zhuk drew parallels with a time when users downloaded apps from numerous sources, often encountering malware or privacy breaches.
“History could repeat itself if proper regulations aren’t enforced,” she added.
She also explained the ethical challenges that come with a fragmented app marketplace, such as the potential for deceptive ads and hidden subscription fees, pressing the need for collaborative efforts between governments, regulators, and the industry to create baseline standards for third-party app stores.
As noted by The Brookings Institution, “Neither the courts nor the Federal Trade Commission have the capacity to oversee such a radical potential restructuring of a tech giant, which would require ongoing behavioural monitoring”.
The fragmented oversight may make it difficult for regulators to prevent deceptive practices or malicious software from spreading in an increasingly open marketplace.
Google may soon have to loosen its centralised control over app distribution due to mounting pressure from the DOJ and ongoing court proceedings.
The DOJ is set to present a more detailed set of proposals by November 20, while Google will have until December 20 to submit its own proposed remedies.
If the DOJ proceeds with the proposed remedies and the judge approves them, it could mark one of the most significant regulatory actions in the history of big tech.
The next three years will reveal whether regulators, industry leaders, and developers can maintain user security while fostering competition and innovation across the digital marketplace.