The UK’s Competition and Markets Authority wants Apple to allow rivals like Facebook to offer browsers on iPhone, but passes the buck on doing anything about it.
Back in November 2024, the Competition and Markets Authority (CMA) in the UK released a preliminary report saying that Apple blocks developers’ ability to offer innovation in the browser market. Apple responded by saying the CMA was giving too much weight to the self-interest arguments from its rivals.
Now the CMA has released its full report which chiefly ignores Apple’s position on browsing. The CMA’s original investigation was also into the area of cloud gaming, but the regulator says Apple’s recent rule changes have satisfied its concerns.
Apple has also changed its position on Progressive Web Apps, but in this case the CMA claims the company still blocks or limits them.
Overall, the CMA’s findings concentrate on Apple’s requirement for all third-party browsers to use WebKit — although that is no longer true within the EU. The CMA’s conclusion is that rival browsers should have access to the same technology as Apple creates for its Safari browser, and specifically that users are being denied the innovation those rivals would bring.
“Meta told us that it wants to build an in-app browser using its own browser engine on iOS that it could customise completely to create in-app browsing experiences,” says the report. “According to Meta, this would allow it to develop new features that could improve user experience, security and performance.”
A Meta browser within Facebook, however, would circumvent all of Apple’s privacy controls. These are the controls that when introduced in 2022, protect user privacy to such a degree that Facebook took a $10 billion revenue hit.
It’s particularly concerning that the CMA took this at face value because of what else the report says about browsing. “Whether they know it or not, consumers also access a significant amount of internet content through ‘in-app browsers’,” it says.
“While their presence is unknown to most consumers,” says the CMA, “browser engines largely determine how fast and smoothly a browser runs, the levels of privacy the user has and the degree of security from malicious attacks while doing so.”
So the CMA is conscious that browsers require security, and also that users will not necessarily know when an in-app browser circumvents Apple’s privacy rules and exposes their private data. But it still accepts the claim that Meta only wants to innovate for the benefit of its users.
The CMA also accepts Microsoft, Mozilla, and Vivaldi’s claims that they want to offer additional security and privacy features that WebKit blocks.
“We accept [Apple’s position] that the current restriction does reduce the risk of third-party browsers on iOS using outdated, vulnerable engines or implementing insecure new features,” says the report. “However, we consider that the risks could be managed in other ways which would not involve a complete ban on other browser engines as is currently the case, eg by Apple imposing minimum security standards on mobile browsers using browser engines other than WebKit.”
The CMA’s report does offer similar criticisms of Google, but references Apple roughly twice as much. (“Apple” is mentioned 87 times compared to 47 for “Google.” Then “iOS” gets 48 mentions while “Android” gets 26.)
So the report is chiefly focused on how Apple is allegedly blocking innovation, and consequently it has some forceful conclusions. But the CMA is also not going to do anything about this, at least not at present and not in the regulator’s current form.
What happens next?
Nothing happens next. According to the CMA’s own timetable, this final report on March 12, 2025, was to be followed by the statutory deadline of March 16, but no regulations will now be made at all.
This is because the CMA says that “we concluded that if implemented through the remedy-making powers available to us in this market investigation, there would be a number of significant risks to the effectiveness of these measures.”
The report does not say what those risks are. It says instead that while its investigation was ongoing, the CMA itself was granted new powers under the Digital Markets, Competition and Consumers Act 2024.
These are the new powers that allow the CMA “to designate firms as having ‘strategic market status’ (SMS)… and impose forward-looking requirements to guide [their] conduct.” These powers came into effect on January 1, 2025, and as part of that, the CMA is now investigating whether it can call Apple or Google an SMS firm.
So this report by the CMA has recommendations for what Apple should be forced to do, but is kicking that decision down the road.
The CMA is actually waiting on the CMA.
