Proton

It’s been roughly three months since the European Union’s Digital Markets Act (DMA), which aims to restore competition and fairness to the internet, came into effect for Big Tech monopolies. Since then, Google has done precisely nothing to comply with the law’s directive that it open up the Android operating system, used in an estimated 3.9 billion smartphones worldwide, to competition. If Apple’s proposal was a slap in the face, Google’s is a middle finger — both to the European Commission and to you.

In this article, we explore how Google’s “compliance” plan violates the DMA, which forbids gatekeepers’ bundling and tying practices.

This can seem like an abstract, maybe even unimportant issue for many people, but it has an unavoidable impact on our day-to-day lives and can be reduced to three points:

  • Google controls the Android operating system and uses it to monitor your every move, promote its products, and box out competitors on the world’s most popular smartphone.
  • This reduces your choices and prevents new, innovative, and more privacy-focused alternatives from challenging Google’s default apps, giving Google an unfair advantage. 
  • Google has only made efforts to appear like it’s complying with the DMA while changing nothing in substance, likely breaking European law in the process.

If the European Commission fails to act, Google will continue holding Android users hostage, ruining our best chance in years to make the internet a level playing field, effectively making the DMA a toothless piece of legislation.

The Google monopoly starts with identity

Google, for all its sophistication, is an advertising company. Its innovation was to track every person it could to gather their data, then use it to sell ads. At the core of Google’s surveillance strategy are Gmail and the Google Account. Your email address acts as your online identity, the passport that nearly every app and online account asks for when you create an account or log in. Controlling a person’s online identity has become Google’s ultimate goal. It realized that if it can control your online identity, it can effectively track you anywhere and everywhere online. 

Google has used all kinds of dirty tricks to trap people in its walled garden, but its most blatant and effective is Android. It forces you to sign in to your Android smartphone using a Google Account. This may seem innocent enough, but by doing so, it automatically signs you in to other Google apps and services pre-installed on your phone, giving it visibility over as many elements of your life as possible. 

By tying all its services together like this, Google self-preferences its apps, making them much easier to use on Android than competitors. Why bother subscribing to a more private cloud storage service if you’re already signed in to Google Drive and it’s a lot of work to change the default? 

This bundling of services gives Google immense power — over Android and you. It essentially lets Google peek over your shoulder the entire time you use an Android device, which represents over 70% of smartphones(новое окно). It also allows Google to stamp out competitors that might want to offer alternatives to its key apps. 

Google has been abusing its users and competitors for years with impunity, exactly the type of behavior that led to the passage of the DMA in the first place. The European Commission designated the Android operating system as a “core platform service” under the DMA to prevent these harmful practices. However, instead of trying to comply with the DMA, Google simply ignored it. 

Android forces you to use Google services

Google has designed the Android operating system to force you to use its other services. This practice is known as “tying and bundling”, and it’s now a prohibited practice for gatekeepers under the DMA. When you turn on your Android for the first time, it gives you three options:

  1. Sign in to your pre-existing Google Account.
  2. Create a new Google Account (and Gmail address) and sign in.
  3. Skip the login process altogether. You don’t need to sign in, but as we explain below, Google does its utmost to scare you if you don’t sign in. It also removes essential functionalities, turning your brand-new smartphone into a basic mobile phone, like a Nokia.

Google essentially holds your Android smartphone hostage, forcing you to have a Google Account before you can do anything. As soon as you log in to your Google Account, Android logs you in to the Play Store and other Google apps on the phone, allowing Google to sweep up your personal information.

Google also makes it impossible to log out of these apps alone. You either log in to your Google Account, the Play Store, and the other Google apps or log out of all of them, making it impossible to minimize Google’s data collection.

Google will contest this fact, saying anyone can set up an Android phone without a Google Account. However, we’d happily bet that 90% of people reading this blog post would struggle to do so. Unless you’re a particularly tech-savvy user who knows how to download an alternate app store, all you’ll be able to do with this smartphone is make phone calls and send text messages. Using Android without a Google Account is theoretically possible but, in practice, impossible.

And even if you are a tech-savvy user, your favorite apps might only be available in the Play Store. The alternate app stores that sometimes come pre-installed on certain devices, like the Samsung Galaxy store, generally offer a much inferior selection than the Google Play Store.

If you have an Android smartphone, regardless of whether it’s made by Google, Samsung, or OnePlus, you’re basically forced to have a Google Account, ensuring Google can always monitor what you’re doing on your phone.

Android uses dark patterns to push you to use Gmail and a Google identity

If you already have a Google Account (option one above), you likely created it using a Gmail email address, as Google hides the flow to create an account using a third-party email service. 

If you don’t already have a Google Account, you’ll need to set one up before you can sign in to your Android smartphone (option two). In this instance, Android essentially requires you to get a Gmail account. This is a blatant violation of the DMA. Unless you previously found the hidden option and created a Google Account using a different email address on a separate device, the only way to continue is to create a Gmail account, which is exactly what Google intended. 

Google has used this fact to argue that a Gmail email address isn’t required to have a Google Account. However, in today’s mobile-first world, Androids are often people’s first device, in practice making Gmail their only option. 

Gmail is essentially required to use the Google Play Store

After you set up your Android with a Google Account, you’ll need to get apps on it (besides the Google apps that Google pre-installs and makes the default), which means you must use an app store. To no one’s surprise, Google pre-installs the Google Play Store and makes it the default. And Google Play, of course, requires a Google Account to use, even though there is no technical reason for this. 

Google knows that thanks to the power of default settings, roughly 95% of people will use Google Play exclusively. It also knows that in today’s mobile-first world, many people will set up their Google Account when they set up their Android. And because Google illegally ties your Google Account to Gmail, Google Play essentially forces everyone with an Android to get Gmail if they want to download non-Google apps. 

The result is that even if you have somehow heard of Proton Mail and use it (despite Google’s market manipulation and constant self-preferencing of search results to suppress alternatives), you are, for all intents and purposes, required to get a Gmail account to download Proton Mail onto your Android device

There can be no notion of fair competition when an abusive monopoly can force people to sign up for its services before it allows them to download a competitor’s. 

If you want to remove your information from Google’s reach, you can deGoogle your life for just $1. We explain how — and why — to start leaving Google.

Remedies exist – but Google has yet to enact them

Google claims it has made concessions to comply with the DMA, pointing to the choice screens it’s adding to let people choose which web browser and search engine they use on their Android phone (instead of just pre-installing Google Search and Google Chrome and making them the default). However, this intentionally misses the point. If Google is allowed to continue making a Google Account (and, by extension, Gmail) a precondition of using an Android phone and the Play Store, it’s already won.

Fortunately, there are simple and bulletproof remedies on Android that the European Commission can enact — should it choose to fight for them. They include:

  1. When setting up an Android for the first time, Google must make the option to create a Google Account with an outside email address as visible as the Gmail option. 
  2. When setting up an Android for the first time, Google must allow users to easily choose a different email service. If users choose an alternative email service, Google must allow the Android device to automatically download that service’s app. This way, anyone whose first device is an Android can create a Google Account without being forced to use Gmail. They can use an email address from an alternative email provider if they don’t want Google to own their online identity.
  3. Make it possible to use the Google Play Store without a Google Account without losing functionality, as Google Play is the gatekeeper to other apps.

These small adjustments would allow users to take back control of their online identities and lead to a mobile ecosystem where true competition is possible. 

The European Commission must act

Unfortunately, Google knows that if it gives up these unfair requirements on Android, it will miss out on collecting data, meaning it will have less information to use to sell ads and, thus, less revenue. Google appears to have calculated that fighting the European Commission over a plan that blatantly doesn’t comply with the DMA is less costly than giving up its current data collection regime.

As a result, the European Commission must now choose between enforcing democratically passed European law or setting the precedent that Big Tech multinational corporations can willfully ignore EU laws with no consequences. For this reason, if the European Commission wants the DMA to achieve its goals, it must force Google to allow Europeans to take back control of their online identities.

Статьи по теме

The cover image for a Proton Pass blog comparing SAML and OAuth as protocols for business protection
en
SAML and OAuth help your workers access your network securely, but what's the difference? Here's what you need to know.
Proton Lifetime Fundraiser 7th edition
en
  • Новости Proton
Learn how to join our 2024 Lifetime Account Charity Fundraiser, your chance to win our most exclusive plan and fight for a better internet.
The cover image for a Proton Pass blog about zero trust security showing a dial marked 'zero trust' turned all the way to the right
en
  • Для бизнеса
Cybersecurity for businesses is harder than ever: find out how zero trust security can prevent data breaches within your business.
How to protect your inbox from an email extractor
en
  • Советы о конфиденциальности
Learn how an email extractor works, why your email address is valuable, how to protect your inbox, and what to do if your email address is exposed.
How to whitelist an email address and keep important messages in your inbox
en
  • Советы о конфиденциальности
Find out what email whitelisting is, why it’s useful, how to whitelist email addresses on different platforms, and how Proton Mail can help.
The cover image for Proton blog about cyberthreats businesses will face in 2025, showing a webpage, a mask, and an error message hanging on a fishing hook
en
  • Для бизнеса
Thousands of businesses of all sizes were impacted by cybercrime in 2024. Here are the top cybersecurity threats we expect companies to face in 2025—and how Proton Pass can protect your business.