In early 2018, ProtonMail CEO Andy Yen received an ominous email from Apple’s App Store compliance team. It warned Yen that his company’s encrypted email service app was in breach of Apple’s rules and that it would have to add “In App Purchases” (IAPs) in order to remain on the App Store. For the last 2 years, ProtonMail had offered a premium paid email service through its web app, though it did not offer any of the paid service functionalities in its iPhone app. But Apple had stumbled upon a notice in the ProtonMail app that advertised ProtonMail’s paid web app service, which it argued breached Apple’s policies mandating that “the sale of digital goods and services within an app must use In-App Purchase.” Rather than fight, Yen decided to immediately comply. Said Yen: “They are judge, jury, and executioner on their platform, and you can take it or leave it… There’s nothing you can say to that.”
Building a Privacy Ecosystem
ProtonMail began as an invitation-only public beta in 2014, raising over $500,000 through a crowdfunding campaign on Indiegogo. In 2016, the company moved to a freemium business model. The company had since launched Proton Calendar, Proton Drive (file sharing and cloud storage) and Proton VPN. While each of these services could be accessed for free, there were various limitations for non-paying users (e.g., only 1GB storage and 150 emails per day for ProtonMail). Yen’s vision for ProtonMail was to create an entire “privacy ecosystem” of services to rival the dominant players: Google, Apple and Facebook. For Yen, “[t]he idea that to have an online existence, you have to sell your most intimate and sensitive and private information to tech giants, is fundamentally wrong and also morally incorrect.”
To its supporters, ProtonMail had not only found a way to make “privacy profitable,” it had done so in a way that was more scalable than “alternative models because [ProtonMail has not taken] the yearly fundraising that a lot of other companies do to scale.” By 2022, the company based 70 million accounts and 400 employees. With the exception of a $2m in financing from a nonprofit foundation and Charles River Ventures in 2015, the company had not received any other venture capital funding over the last 6 years and neither investor was still involved in the company.
Apple Steps In
Following Apple’s 2018 demand for ProtonMail to add IAPs, the company had to give Apple a 30% commission of each subscription through the App Store. To account for the commission, however, ProtonMail began charging customers 30% higher fees for subscription’s purchased through the ProtonMail iPhone app as opposed to subscriptions purchased on its website. Apple then warned the company to harmonize its pricing or risk having the app de-platformed. Then, when ProtonMail’s app was updated to notify its users that 30% of the subscription price went to Apple, “Apple threatened to remove the app and blocked all updates.”
In September 2020, Apple appeared to have buckled under increasing public pressure and regulatory scrutiny when it amended its App Store policies to exempt “free apps acting as a standalone companion to a paid web-based tool,” including “email services,” from the in-app purchase requirement. In theory, the App Store policy changes meant that ProtonMail could eliminate In-App Purchases from its iPhone app and allow all users to subscribe through its website, at a lower price. Yet, ProtonMail had not adjusted its policies because it remained fearful that Apple’s rules still prevented it from communicating with users about the policy change. Indeed, up to the time of writing this piece, the App Store guidelines prevented app developers from “calls to action for purchase outside the app.”
While Apple’s public battles with platforms such as Epic Games and Spotify had shone the spotlight on potentially anti-competitive practices, ProtonMail’s highlighted a different matter: whether App Store commissions might actually undermine Apple’s stated commitment to user privacy and data security. In 2021, Apple had updated its policies to bar apps from using third-party cookies to track user activity across apps, heralding its commitment to user privacy. But data showed that average In-App Purchase prices had risen nearly 40% in the last year as a result.
Are Competition and Privacy Linked?
Yen believed that the privacy and anti-trust issues were inextricably linked. Privacy-based businesses needed subscription-based business models to be profitable. Moreover, any mobile software solution had to be on the App Store, or else, “you’re not online.” But subscription-based businesses were charged 30% commissions by Google and Apple, which in Yen’s view made it “impossible” to compete with ad-based businesses. In essence, Google and Apple’s commissions were subsidizing ad-based businesses, and denying consumers the choice of privacy-based business models. Said Yen: “[I]f you don’t like Facebook’s privacy practices… [y]our alternative is TikTok, which is not any better.” Thus, increasing competition on the App Store and Play Store was critical to facilitating privacy: “if we solve the competition piece, we get privacy for free.”
For its part, Apple argued that its behavior was anything but anticompetitive, noting that it accounted for only 60 of the 1.7m apps on the App Store and that 85% of apps didn’t pay a commission, including an exemption for books, video and music apps. It also commissioned a study last year which found that its 30% commission is “similar in magnitude to the commission rates charged by many other app stores and digital content marketplaces.” Apple defended it’s so-called “gatekeeper” role, arguing that it ensured a better user experience by allowing Apple to vet apps for quality and security, noting that Google’s rival open ecosystem was “riddled with security holes.”