Apple Defends Google Against EU Proposal to Give AI Rivals Access to Services

Apple's Warning: Why Opening Google's AI to Rivals Could Risk Your Privacy and Security

In a surprising turn of events, Apple, a company often seen as a direct competitor to Google, has voiced strong concerns about new European Union (EU) proposals. These proposals aim to force Google to open its Android operating system to various competing Artificial Intelligence (AI) services. Apple argues that such a move, while seemingly promoting competition, could create severe risks for user privacy, security, and overall safety. This stance highlights a rare moment of alignment between tech giants against regulatory pressure, signaling deeper, shared worries about the practical implications of well-intended laws.

Understanding the EU's Digital Markets Act (DMA) and Its Ambitions

To fully grasp Apple's concerns, it's essential to understand the context: the EU's Digital Markets Act (DMA). This landmark legislation, enacted by the European Commission, is designed to ensure fair and open digital markets. Its primary goal is to prevent large online platforms, dubbed "gatekeepers," from abusing their powerful positions to stifle competition and innovation. Companies designated as gatekeepers, which include tech giants like Google and Apple, must adhere to a strict set of rules, known as "dos" and "don'ts," aimed at creating a more level playing field for smaller businesses and giving users more choice and control.

The DMA specifically targets several key areas where gatekeepers have traditionally held sway. These include app stores, search engines, social media platforms, web browsers, and operating systems. The core idea is to break down the walled gardens these companies have built, allowing third-party services to integrate more easily and offer alternative choices to consumers. For instance, under the DMA, gatekeepers might be required to allow users to easily uninstall pre-installed apps, choose alternative app stores, or switch to different default web browsers. The spirit of the law is to foster innovation, reduce dependency on a few dominant players, and ultimately benefit European consumers with greater variety and potentially lower prices.

The EU believes that by regulating these gatekeepers, it can prevent anti-competitive practices before they even happen, rather than intervening after harm has already occurred. This proactive approach distinguishes the DMA from traditional antitrust laws, which often respond to market abuses after they have become entrenched. The stakes are incredibly high, not just for the tech companies, but for the future of digital services in Europe and potentially around the world, as other regions often look to the EU's regulatory framework as a model.

The Specific Proposals for Android and AI Integration

Apple's latest submission to the EU, reported by Reuters, directly addresses draft measures aimed at helping Google comply with the DMA. These specific proposals focus on compelling Google to open up the Android ecosystem to competing AI services. Imagine a scenario where, instead of relying solely on Google Assistant or other built-in Google AI features, users could choose a third-party AI assistant to perform core functions on their Android devices. The proposals envision these competing AI services being able to "interact with Android apps to perform actions such as sending emails, ordering food, or sharing photos."

To elaborate, this means a user might be able to install an AI service developed by a small startup or another large tech company (let's call it "AI Assistant X"). Once installed, AI Assistant X would, in theory, be able to take commands like "send an email to John about the meeting," and instead of using Gmail's native AI or even Google Assistant, it would directly access the Gmail app's functions to compose and send that email. Similarly, if you asked it to "order my usual pizza from my favorite restaurant," AI Assistant X would need direct access to your preferred food delivery app to place the order on your behalf. Or, if you instructed it to "share these vacation photos with my family," it would need to access your gallery and then interact with a messaging app or cloud service.

This level of deep integration requires significant access to the operating system's core functionalities and the user's personal data. It goes beyond simply having an alternative app; it's about an alternative *intelligence* being able to orchestrate actions across multiple apps and access sensitive user information. While the intention is to foster competition and offer users more choice in their AI experiences, the practical implementation raises a myriad of complex questions about how this access would be managed, secured, and controlled.

Google itself has already voiced strong opposition to these plans. The search giant argues that these proposals, if implemented as drafted, would "undermine key privacy and security safeguards for European users." Google's argument stems from the inherent complexity and potential vulnerabilities of allowing external, potentially less vetted, AI systems such as this deep and privileged access to their meticulously designed and secured Android ecosystem. They contend that their current architecture has been built over years with user protection in mind, and forcing such drastic changes could inadvertently create backdoors or weaknesses that bad actors could exploit.

Apple's Unique Position and Shared Concerns

It might seem unusual for Apple to "defend" Google, given their long-standing rivalry in mobile operating systems, search, and various other tech sectors. However, Apple's involvement in this discussion is anything but altruistic; it's deeply rooted in its own experiences and future concerns regarding the DMA. Apple itself is a "gatekeeper" under the DMA and is already facing measures requiring it to open up its own ecosystem. This includes allowing alternative app stores and payment systems, changes that Apple has consistently argued introduce security risks and degrade the user experience on its iPhone, iPad, and Mac platforms.

Because of these parallels, Apple states it has a "strong interest in the case." If the EU can successfully compel Google to open Android to third-party AI services in this manner, it sets a powerful precedent. Apple logically fears that similar mandates could eventually be imposed on its own operating systems – iOS, iPadOS, and macOS. Imagine if a third-party AI assistant could similarly access your iMessage conversations, Apple Mail, or even control your smart home devices through HomeKit. The potential impact on their tightly integrated and controlled ecosystem is enormous, and Apple views any measures that weaken platform security or user privacy on *any* major operating system as a threat to the entire industry, and ultimately, to their own business model and brand reputation for security.

In its formal submission, Apple did not mince words, stating that the draft measures "raise urgent and serious concerns." The company warned that if these proposals were to be confirmed and enacted, "they would create profound risks for user privacy, security, and safety as well as device integrity and performance." This comprehensive list of potential harms highlights Apple's belief that the regulatory approach, while perhaps well-intentioned, is overlooking fundamental technical and operational challenges that underpin the secure functioning of modern digital platforms. Their submission is essentially a plea for regulators to consider the deep technical implications before mandating widespread changes to core system architectures.

The Profound Risks: Privacy, Security, and Safety

Let's delve deeper into the "profound risks" Apple has identified. These aren't just minor inconveniences; they represent fundamental threats to how users interact with their devices and protect their most sensitive information. The integration of competing AI services, especially those with deep access to an operating system, opens up multiple vectors for potential harm.

User Privacy: A Pandora's Box

At the forefront of Apple's concerns is user privacy. Imagine a third-party AI service being granted access to your email history, your food delivery preferences, your contact list, and your photo library. This is not just access to *send* an email or *order* food; it implies the AI might need to *read* your emails to understand context, *learn* your eating habits, and *analyze* your photos to identify people or locations. Such broad access creates a "Pandora's Box" of privacy risks:

• Data Harvesting and Profiling: Less reputable or less secure third-party AI services could potentially collect vast amounts of sensitive user data, creating incredibly detailed profiles without the user's full awareness or clear consent. This data could then be used for targeted advertising, sold to other companies, or even fall into the wrong hands.
• Consent Fatigue and Ambiguity: Users might be overwhelmed with requests for permissions, making it difficult to understand exactly what data an AI service is accessing and how it's being used. The granularity of control might be lost, leading to unintended data sharing.
• Data Leakage: Even with the best intentions, storing and processing sensitive user data on multiple third-party servers increases the risk of data breaches. A vulnerability in one AI service's infrastructure could expose vast amounts of personal information, even if Google's own systems remain secure.
• Cross-Service Tracking: If different AI services can interact with various apps, they could potentially piece together a comprehensive picture of a user's digital life across disparate platforms, making anonymity and privacy much harder to maintain.

Security Vulnerabilities: Weakening the Shield

Beyond privacy, security is another major concern. Operating systems like Android and iOS are complex, meticulously engineered systems designed to protect against myriad threats. Introducing external AI services could inadvertently create new vulnerabilities:

• Malicious AI or Apps: What if a competing AI service is poorly coded, contains hidden malware, or is deliberately designed to exploit system weaknesses? Granting such an AI deep system access could give malicious actors a direct pathway to compromise the device, steal data, or even take control.
• Unvetted Code: Unlike tightly controlled app stores where every application undergoes a review process, the proposals imply a broader opening. If third-party AI services aren't subjected to the same rigorous security checks as Google's own components, they could introduce significant security gaps.
• System Instability: Poorly integrated AI could cause system crashes, reduce performance, or introduce bugs, making the device unreliable and frustrating to use. This isn't just an inconvenience; it can be a security risk if critical functions become unavailable.
• Supply Chain Attacks: Even a legitimate third-party AI service could be compromised during its development or deployment, allowing attackers to inject malicious code that then gains privileged access to millions of user devices.

User Safety: Broader Implications

While often intertwined with security, "safety" can encompass broader implications, especially concerning the unpredictable nature of AI:

• Misinformation and Manipulation: An AI with deep system access could potentially generate or spread misinformation through messaging apps, alter search results, or even manipulate user perceptions by filtering information based on unknown biases.
• Control of Critical Functions: As AI capabilities grow, they might gain control over smart home devices, vehicle systems, or even health monitoring apps. An unpredictable or compromised AI in such a role could pose direct physical safety risks.
• Erosion of Trust: If users lose trust in the security and privacy of their devices due to these integrations, it could significantly impact the adoption of new technologies and create a general sense of unease in the digital world.

Furthermore, Apple highlights concerns about "device integrity and performance." This means that badly designed or overly resource-intensive third-party AI could drain battery life, slow down the phone, or cause apps to crash, severely degrading the user experience and potentially shortening the lifespan of the device. For a company like Apple, which prides itself on the seamless performance and longevity of its hardware and software, these are critical points.

The Unique Challenges Posed by Rapidly Evolving AI Systems

Apple specifically took aim at the "rapidly evolving state of AI" as a particular source of concern, arguing that risks are "especially acute in the context of rapidly evolving AI systems whose capabilities, behaviours, and threat vectors remain unpredictable." This point is crucial because AI isn't just another piece of software; it's a dynamic, learning entity that presents unique challenges.

Traditional software is largely static. Its functions are defined by its code, and its behavior is generally predictable. AI, especially advanced machine learning models, is different. These systems are designed to learn and adapt, often in ways that even their creators cannot fully foresee. Their "capabilities" can expand over time as they process more data, their "behaviors" can shift and change, and new "threat vectors" (ways in which they can be exploited or cause harm) can emerge unexpectedly.

For example, an AI service that initially seems benign might, through continuous learning, develop the ability to infer highly sensitive information from seemingly innocuous data. Or, an AI trained on specific datasets might exhibit biases that lead to discriminatory outcomes. Even more concerning, a malicious actor might be able to "poison" the AI's training data, subtly altering its behavior to serve nefarious purposes, without the system's developers even realizing it. This unpredictability makes it incredibly difficult to audit, monitor, and secure these systems in the long term, especially when they are granted deep access to an operating system.

The concept of "black box" AI is also relevant here. Many advanced AI models are so complex that it's challenging even for experts to understand precisely *why* they make certain decisions or produce particular outputs. If regulators mandate the integration of such systems, how can they ensure accountability or diagnose problems when they arise? This lack of transparency adds another layer of risk to the privacy and security landscape, making it difficult to trace the source of a data breach or explain why an AI made a harmful decision.

Critique of the EU's Technical Expertise

Perhaps one of the most pointed criticisms in Apple's submission targets the European Commission's technical expertise in drawing up these proposals. Apple stated that the Commission is "substituting judgments made by Google's engineers for its own judgment based on less than three months of work." This remark highlights a fundamental tension between regulatory ambition and the practical realities of software engineering and cybersecurity.

Operating systems like Android are the culmination of decades of research and development, involving thousands of highly specialized engineers. Every line of code, every system architecture decision, and every security protocol is the result of countless hours of planning, testing, and iteration, often with a deep understanding of potential vulnerabilities and user behavior. Google's engineers, like Apple's, are intimately familiar with the intricate dependencies within their respective ecosystems and the delicate balance required to maintain security, privacy, and performance.

Apple's argument suggests that the EU, with its broad regulatory mandate and comparatively limited technical insight into the specific nuances of Android's internal workings, is making sweeping decisions that could have unforeseen and detrimental consequences. To paraphrase, they're saying it's like a legislative body trying to redesign the engine of a complex car based on a general understanding of how cars work, rather than consulting the engineers who built it over many years. The "less than three months of work" critique emphasizes the perceived haste and lack of deep technical engagement in formulating proposals that could fundamentally alter the security posture of a platform used by billions.

Furthermore, Apple suggested that the only discernible goal of the draft measures is "open and unfettered access." While openness and competition are laudable goals of the DMA, Apple implies that this pursuit might be happening without sufficient consideration for the practical trade-offs. "Unfettered access" to critical system components and user data, without robust safeguards and a deep understanding of potential abuses, could lead to a less secure, less private, and ultimately less performant user experience. This suggests that the regulatory body might be prioritizing an abstract principle of openness over the concrete technical challenges and user protection mechanisms that tech companies have spent years developing.

Apple's Broader History with the Digital Markets Act

Apple's strong reaction to these specific proposals for Google is not an isolated incident; it's part of a longer, often contentious history with EU regulators over the Digital Markets Act itself. Apple has been a vocal critic of the DMA since its inception, viewing it as an overly intrusive and potentially harmful piece of legislation that undermines its business model and the security philosophy of its ecosystem.

For instance, the company challenged the regulation in court in October 2025, seeking to overturn its designation as a "gatekeeper" or at least mitigate some of its more stringent requirements. This legal battle highlights Apple's deep disagreement with the core tenets of the DMA as applied to its platforms. Just the month before, in September 2025, Apple urged regulators to scrap it entirely, a remarkably strong stance from a major corporation against a significant regulatory framework.

Apple's arguments against the DMA generally center on two main points: security vulnerabilities and worsened user experience. They have consistently claimed that mandates like allowing third-party app stores (sideloading) or alternative payment systems on iOS could introduce malware, expose users to phishing scams, and diminish the integrated, secure, and intuitive experience that Apple customers expect. They argue that their "walled garden" approach, while restrictive, is precisely what allows them to maintain high standards of privacy and security, and that dismantling these walls would inevitably lead to a less secure environment for users.

The EU, however, has remained steadfast in its commitment to the DMA. In response to Apple's challenges and lobbying efforts, the European Commission stated emphatically in September 2025 that it had no intention of repealing the law. This firm position underscores the EU's resolve to push forward with its digital market reforms, regardless of the objections from powerful tech companies. They believe the benefits of increased competition and user choice outweigh the concerns raised by the gatekeepers, and they are prepared to enforce the new rules.

The Regulatory Process and Future Outlook

The specific proposals for Android and AI integration that Apple is currently criticizing were part of a public feedback period that ran from April 27 to May 13, 2026. During this time, interested parties, including tech companies, consumer groups, and industry associations, submitted their comments and concerns to the European Commission. This public consultation is a standard part of the EU's legislative process, allowing for diverse perspectives to be heard before final decisions are made.

The European Commission has stated that it will "carefully assess all submissions" and may "adjust the proposed measures as a result." This suggests that while they are committed to the DMA's principles, there is still room for refinement and modification based on the technical arguments and practical concerns raised by stakeholders like Apple and Google. However, there is a clear deadline for this process: the Commission's final decision must be adopted within six months of the opening of the specification proceedings, giving a firm deadline of July 27, 2026.

This timeline indicates that significant changes to how AI services will interact with Android in Europe could be mandated relatively soon. The stakes are high for all involved: for Google, which will have to implement these potentially complex and risky changes; for Apple, which is closely watching for precedents that could affect its own platforms; for other AI developers, who stand to gain new avenues for market access; and most importantly, for European users, whose privacy, security, and digital experience hang in the balance.

It's also worth noting that the EU separately concluded in May 2026 that the DMA has had a positive impact overall, setting aside Apple's lobbying for the regulation to be revised. This general endorsement of the DMA's effectiveness, despite ongoing critiques from gatekeepers, signals the EU's confidence in its regulatory framework. It suggests that while specific implementation details might be tweaked, the overarching direction of increased openness and competition in digital markets is unlikely to change.

Conclusion: The Balancing Act Between Openness and Security

The unusual alliance between Apple and Google in criticizing the EU's AI proposals for Android highlights a critical and ongoing tension in the digital world: the delicate balance between fostering openness and competition, and maintaining robust user privacy, security, and safety. While regulators aim to democratize access and empower smaller players, tech giants argue that the complexities of modern operating systems and rapidly evolving technologies like AI require a more cautious, technically informed approach.

Apple's strong warning about "profound risks" to privacy, security, safety, and device performance underscores the belief that simply mandating "unfettered access" without a deep understanding of the underlying technical architecture and potential vulnerabilities could lead to unintended and severe consequences. The unpredictability of AI systems further complicates this equation, introducing new layers of risk that traditional software engineering principles might not fully address.

As the July 27, 2026, deadline approaches, the European Commission faces the challenging task of weighing these serious concerns against its core objective of promoting competition and user choice under the Digital Markets Act. The outcome of this debate will not only shape the future of AI integration on Android devices in Europe but will also set a significant precedent for how global regulators approach the complex interplay between innovation, competition, and user protection in an increasingly AI-driven world. The tech industry and consumers worldwide will be watching closely to see if a truly open yet secure digital ecosystem can indeed be achieved.

Tags: Europe, European Commission, European Union, Google, Reuters

This article, "Apple Defends Google Against EU Proposal to Give AI Rivals Access to Services" first appeared on MacRumors.com

Discuss this article in our forums



from MacRumors
-via DynaSage