App-Store States: Platforms as Quasi-Governments

In the museum of code there is a wing where the labels feel like laws. Merchants line up with packages and petitions, and somewhere deep inside the glass, an algorithm arranges who may be seen, which is a form of sovereignty.

In the museum of code there is a wing where the labels feel like laws. What looks, at first, like a storefront turns out to be a state without elections: taxes collected as commissions, passports issued as identities, statutes promulgated as policy updates, police in the form of trust-and-safety teams, courts as appeal portals, and treaties as compliance letters sent to Brussels or Brasília. Merchants line up with packages and petitions, and somewhere deep inside the glass, an algorithm arranges who may be seen, which is a form of sovereignty.

This essay treats platforms as administrative states—not metaphorically, but operationally. We will map their constitutional texts, their agencies, their fiscal systems, their courts, and the peculiar politics by which decree is called Developer Guidelines and taxation is called revenue share. Then we will propose instruments a civilized jurisdiction would recognize: notices, ledgers, appeals, sunset clauses, rights of export, and, above all, receipts. No indignation. Blueprints.

I. The State Behind the Glass

All modern platforms—mobile app stores, game consoles, cloud marketplaces, enterprise extensions, even creator portals—share a seven-part anatomy:

Borders: distribution gates (submission portals, notarization, signing) and quarantine zones (enterprise channels, test flights). These are the immigration desks.
Identity: developer accounts, signing certificates, device IDs, user logins. These are passports and resident permits.
Taxation: commissions on in-app transactions, mandatory billing rails, listing fees—typically double-digit "tolls" calibrated by category and scale. This is fiscal policy by another name.
Statutes: the Developer Agreement (basic law), supplementary policy guides (administrative code), SDK and API terms (technical code), and privacy labels (disclosure law).
Police: automated scans, human review, fraud detection, child-safety filters, and emergency takedown powers. These are ministries of interior.
Courts: complaint queues, appeal tickets, escalation paths to ombuds or regulators, and occasionally arbitration. These are tribunals without wigs.
Legislature: policy updates, blog posts, and "we've made changes to our terms" emails—amendments without roll call.

Call them App-Store States. Their sovereignty is practical, not mythic: if your livelihood depends on crossing the border, you will treat a guideline like law and a reviewer like an officer.

II. The Constitution of Platforms

Every state has a constitution. Platforms have several, layered like vellum:

The Master Agreement: defines jurisdiction, termination, indemnities, audit rights, remedy limits. It is the basic law most merchants accept by clicking I Agree—a ritual more binding than it looks.
Submission Guidelines: hundreds of clauses mapping what counts as duplicative, deceptive, adult, political, or "not the user experience we envision." These are the administrative rules with escape hatches named at our discretion.
SDK Licenses: technical statutes with teeth: how you collect identifiers, what you may cache, which APIs require declarations or pre-clearance. Violations are often strict-liability crimes.
Policy Bulletins: emergency decrees issued after scandal or press heat—an app type is banned, a tracking practice forbidden, a category repriced. They are amendments by blog.
Transparency Pages: quasi-constitutional promises about review times, appeal structures, or small-business discounts. These are bills of rights with ellipses.

A constitutional lawyer would blanch at the retroactivity: new rules often apply to old binaries; deprecations truncate product plans; "clarifications" behave like ex post laws. Yet merchants tolerate this because the border is singular and the market is inland.

III. Fiscal Policy Without Parliaments

Commissions are taxes by function. The platform taxes the act of selling digital goods, access, or attention, often between 15% and 30%, sometimes with step-downs or carve-outs. The argument that this is merely a private fee misses the point: when a gate is the only path to buyers, the fee is a tax regardless of ownership.

The fiscal mechanics matter:

Base: transactions processed through platform billing; in some regimes, even links to external purchase flows are restricted—anti-steering rules that read like customs law.
Progressivity: small-developer tiers lower the headline rate, but thresholds and category exceptions create cliff effects that behave like sudden marginal tax spikes.
Earmarks: there are few. Unlike public taxes, commissions seldom come with a budget for ecosystem goods (security audits, standards, ombuds). Revenue disappears into consolidated glass.
Incidence: where does the tax land? In categories with inelastic demand (education, telehealth, reading), the incidence lands on users or on reduced service scope. In games or media, it funds pricing theater (gem packs, bundles) to disguise the toll's bite.

The fix is not to abolish taxation but to legislate it: publish a budget, specify what public goods the toll buys (security bounties, review capacity, fraud restitution), and accept audit—what any city demands of its treasury.

IV. Due Process for Glass

A liberal state is judged by process—not only by outcomes. Platforms run courts of a sort: your app is rejected, you appeal, evidence is submitted (screenshots, sandbox clips), a second reviewer rules. Yet the elements of due process are thin:

Notice: rejections cite a rule number and a sentence; the test used ("we attempted purchase with account X under condition Y") is rarely described, so reproduction is guesswork.
Hearing: there is no oral argument, only tickets; emergency calls exist, but the ladder is uncertain.
Record: "we have reviewed your appeal and our decision stands." Precedent is scarce; reversals vanish into silence.
Time: review-time distributions are not published as service obligations; tail events are existential for launches, yet invisible to the ledger.
Remedy: reinstatement is binary; restitution for erroneous takedowns is rare; safe harbors for good-faith compliance are informal.

If this were a ministry, we would insist on a Platform Administrative Procedure Act: clear notice of tests, publication of review-time histograms, written reasons that cite facts, reversible error standards, ombuds with independence, and diff logs for rules (old vs new). A court that says only Denied is revenue-collecting code, not justice.

V. Identity as Citizenship

User login is a passport; developer accounts are civic identities; device and app signing are visas. To be de-platformed is banishment. To lose a developer cert is civil death for your software.

Freedom therefore depends on:

Portability: users' purchases and subscriptions must be portable across channels; developers must be able to export entitlements if policy requires migration—citizens may move without losing property.
Separation of Powers: an identity provider that is also the marketplace and the payment rail concentrates veto power; the state equivalent is a single ministry controlling passports, courts, and tax office. We invented separation for a reason.
Appeal Rights: identity closure triggers due process; data export for users and developers is mandatory within days, not months.
Interoperability: "Sign in with X" is a treaty between states; it must come with non-retaliation clauses and API stability covenants so that a developer is not trapped in a citizenship that can be revoked at whim.

VI. The Politics of Ranking

Visibility is representation. Platforms conduct elections every hour in the form of search results, featured lists, and recommendation carousels. The gerrymander is algorithmic: editorial boosts for "quality," trust scores that shade into policy preferences, ad slots that buy adjacency to legitimacy.

A republic of glass publishes:

Rank Stability: variance of position for an app over time, adjusted for updates and news. Extremes hint at policy overrides or pay-to-play edges.
Conflict Disclosures: when the state competes with its merchants (first-party apps), self-preferencing must be reported like a conflict of interest—with a presumption of scrutiny.
Paid/Organic Separation: ad units must be labeled and measured; "organic" must mean something auditable.
Appealable Demotions: a path to contest algorithmic downgrades with evidence (crash rates, reviews, response times), not just hope.

Ranking is a constitution in motion; it deserves daylight.

VII. Comparative Law: When the Empire Meets a Continent

Some continents have passed laws that treat the largest platforms as gatekeepers with special duties: neutrality in ranking, alternative billing, sideloading pathways, data portability. The point here is not to praise the continent or condemn the empire; it is to notice that treaty is a category in platform governance. A platform that operates across jurisdictions must run split-brain policy—one set of rights in one region, another elsewhere—or must uplift everyone to the highest common denominator.

Either way, policy diff logs become constitutional artifacts: what changed, for whom, on what date, with what measured effect. A civilized state keeps such ledgers; platforms must too.

VIII. Sectors That Feel the Tax as Law

Some kinds of software collide with the state's assumptions:

Telehealth & Education: regulated services with privacy duties; billing through platform rails can clash with insurer rules or school budgets. The platform's tax becomes a license fee on care or a tuition surcharge.
Reading & News: catalogs and subscriptions assembled outside the store; anti-steering rules forbid or penalize links to purchase elsewhere; the result is silence as policy: users cannot be told how to buy legally beyond the gate.
Cloud Gaming & Emulation: definitions of "app vs stream vs browser" become jurisdictional fights; state borders harden along API seams; latency becomes law.
Finance & Wallets: identity, KYC, AML—platform policy meets statute; who carries the risk? The answer changes by week; merchants learn to live by rumor of risk.

A material republic would distinguish market power over distribution (where neutrality is owed) from legitimate safety (where duty is owed), and would write rules that treat life-and-safety software as public-interest utilities with tailored tolls and fast lanes—audited, not arbitrary.

IX. The Ombuds That Doesn't Yet Exist

Every healthy state grows an independent ombuds—a small office with authority to investigate complaints, demand records, and publish reports. Platforms could fund an ombuds at a fixed share of commissions, chosen by a council elected by major developer cohorts and consumer groups, with protection from retaliation. The ombuds would:

Audit review consistency and publish reversal rates by category.
Random-sample takedowns for civil-liberties review (speech, access).
Track policy volatility (number and scope of changes per quarter).
Maintain a case reporter—anonymized precedents for future guidance.

The ombuds is not a regulator in exile; it is a mirror with teeth.

X. A Procedural Charter (Draft for Comment)

Let's sketch a Platform Charter—not a manifesto, a checklist.

Notice & Comment: Major policy changes (scope, fees, identity rules) require 60-day notice and a public comment window. Emergency powers sunset in 90 days unless ratified.
Diff Logs: Every guideline and SDK rule keeps an official redline history. No silent edits.
Deprecation Windows: API removals and behavioral changes come with minimum lead times (e.g., 12 months) and LTS channels, barring critical security defects.
Billing Choice: Above a threshold, developers can offer alternative processing with parity access (no retaliation in ranking), and clear user disclosures.
Data Portability: Users can export purchases and subscriptions; developers can export entitlements. Upon banishment, both exports are due within seven days.
Appeals with Record: Rejections come with test steps and evidence snapshots; appeals include independent review. Reversal metrics are published.
Non-Discrimination: First-party apps obey the same entitlements, API privileges, and ranking rules as third parties or must disclose and justify divergence.
Security Earmark: A published share of commission revenue funds bug bounties, malware labs, and fraud restitution—in plain budgets.
Small-Merchant Floor: A simple, automatic tier for small sellers with stable rates and zero-cliff thresholds.
Ombuds: Independent oversight with subpoena-like information rights inside the platform boundary, reporting publicly each quarter.

This is boring, which is a feature. States are boring on purpose so that people can do interesting things inside them.

XI. The Emergency Temptation

States love emergencies; they extend discretion. Platforms face genuine crises: exploit kits, child endangerment, extortion apps, nation-state intrusions, swarms of fraud. In crisis, discretion must spike. But emergency powers deserve sunset and review. Tag every emergency guideline with an expiry date and a required post-mortem: what was blocked, how many false positives, how many appeals, what permanent rule (if any) emerged.

Without this, the exceptional becomes the ordinary, and the charter decays by weekly blog post.

XII. Federalism of Glass

Most developers inhabit many states at once: mobile stores, web ad markets, creator platforms, console stores, cloud marketplaces. Each state taxes, polices, and ranks. The result is fiscal federalism without treaties: duplicated reviews, divergent privacy labels, inconsistent age-ratings, antiphonal bugs (allowed here, banned there).

The remedy is dull: standards. Cross-platform vocabularies for privacy disclosures, content ratings, and threat tagging; a single schema for security attestations; mutual recognition for common checks (cryptographic signing, static analysis). Standards do not abolish sovereignty; they abolish tedium and error—the two taxes that never appear on a dashboard.

XIII. Measurement (So We Don't Tell Stories)

A serious state keeps score. A platform that claims fairness publishes:

Review-Time Distribution: median, p90, p99 per category; targets and misses.
Rejection Taxonomy: counts by rule, reversal rate by rule, time-to-reversal.
Policy Volatility Index: weighted sum of changes; emergency vs ordinary ratio.
Rank Transparency: share of traffic from paid vs organic, stability bands.
Commission Incidence Studies: independent audits of who pays (consumer vs merchant) by category.
Developer Churn: annual exit rate segmented by size and region; reasons coded and published.
Security Outcomes: malware incidents per million installs, time-to-takedown, restitution paid.

These are not PR. They are thermostats.

XIV. The Merchant's Manual (For Life Under Glass)

Until charters arrive, a practical catechism:

Design for Audits: build internal scripts to reproduce review tests; log flows with toggles that show compliance states. A reviewer cannot argue with a reproducer.
Feature Flags by Jurisdiction: expect policy split-brain; ship toggles for billing, identity, content in advance.
Build Exports Now: user data and entitlements; one day you will need to migrate; future-you will thank past-you for a clean export.
Policy Watch: treat platform blogs as legislative gazettes; diff them; subscribe an engineer and a lawyer; pre-register how you will respond to each policy class.
Coalitions: join or found developer associations; lone merchants are hearings without microphones.

XV. Objections, Answered Without Slogans

"It's a private garden; our rules, our rates." Gardens with single gates become towns; towns accrue duties—notice, neutrality where market power meets public reliance, minimal rights of exit. Duties grow with dependence.

"We need discretion to keep users safe." Grant emergency powers with sunset, after-action reports, and audited error rates. Safety grows when discretion is measured.

"Transparency reveals our anti-fraud playbook." Publish aggregates, not signatures. Police publish crime statistics without handing out master keys.

"Alternative billing breaks the security model." Then define it narrowly with security attestations, liability splits, and revocation paths. Security is a design problem, not a mantra.

"This will slow innovation." Predictability is fertilizer. Developers invest more when the ground stops moving unexpectedly. The fastest systems in the world run on protocols, not surprises.

XVI. Minimal Program (One Year)

If you can only do a little, do these:

Diff Logs & Review Metrics: public redlines for policy; published review-time histograms and reversal rates.
Appeals with Record: reasons that include test steps; independent second-look; quarterly case reporter.
Deprecation Covenant: minimum 12-month notice for non-security removals; LTS channels.
Data & Entitlement Portability: seven-day export SLA for users and developers on termination or migration.
Ombuds: fund and seat it; empower it to audit and publish.

These five turn a store into a state you can live in.

XVII. The Ethics of Power Without Ballots

Platforms claim neutrality; they curate. They claim speed; they govern. They claim privacy; they extract. These are not hypocrisies so much as contradictions born of scale. The cure is not nationalization or naive libertarianism. It is administrative law tailored to glass: boring, procedural, relentless. The dignity of a merchant under law is not to always win, but to know the rules, contest the errors, and leave with their property intact when the state says no.

XVIII. Epilogue: The Passport Office at the Edge of the Future

At the edge of a city there stands a building of glass. Inside, clerks review packages that contain music, games, textbooks, clinics, maps, jokes, and small tools that hold someone's day together. On the wall hangs a calendar of policy updates; every few weeks the calendar changes and the room tilts, and merchants learn a new way to hold their balance. Some call this innovation. Some call it weather. A few, who have lived under many kinds of law, call it government.

If we are wise, we will not demand that the clerks become saints or that the building become a cathedral. We will ask for what decent states have learned to give: advance notice, clear reasons, the chance to argue, the right to leave with dignity, and a ledger we can add up without guessing. We will ask that a portion of the tax be spent on the commons it claims to defend. We will write a charter and, when the next crisis arrives, we will let the clerks act fast and later explain themselves with facts.

Sovereignty is not a crown; it is a habit. The platforms have acquired the habit of statehood. They must therefore acquire the manners. Then the glass will be less a mirror and more a window, and beyond it we will see, not a rumor of power, but a republic of software where builders can plan, users can trust, and rules are a scaffold rather than a storm.