For most of the past decade, mobile game studios accepted a simple reality: Apple and Google each take 30% of in-app purchase revenue, and there was no compliant alternative. The landscape has shifted. A combination of the EU Digital Markets Act, the 2021 Epic v. Apple antitrust ruling, and subsequent court orders have opened a real — if narrow — path for studios to accept direct payments outside the app store for certain purchase types. The path is real; the compliance and technical requirements are non-trivial.
This piece covers what the regulatory changes actually permit, what they don't, the technical setup required to run a mobile web shop, and the payment and compliance infrastructure you need before you process your first transaction. The opportunity is genuine. The studios that have captured it quickly are the ones who got the compliance setup right before they built the storefront.
What the Regulatory Changes Actually Allow
The EU Digital Markets Act (DMA), effective March 2024 for designated gatekeepers including Apple and Google, creates obligations under Articles 5(4) and 6(12) that require these platforms to allow app developers to direct users to external purchase options and to "steer" users toward alternative payment methods. In practice, this means EU users of apps on designated gatekeeper platforms must be permitted to see links or buttons directing them to a web-based purchase option.
In the United States, the Epic v. Apple ruling and subsequent injunction orders have resulted in Apple's "External Purchase Links" entitlement, which allows US-based iOS apps to include a single link to an external website for digital purchases. This is a narrowly scoped entitlement — it does not allow in-app payment processing, only a link out to a web page. As of early 2026, Apple charges a 27% commission on purchases made through external links by users who were originally acquired through the App Store, which significantly changes the economics of the direct sales path for US iOS.
Google Play's alternative billing program, which has been available in some markets, allows qualifying apps to offer an alternative payment system alongside Google Play Billing, with Google charging a reduced service fee (typically 4% less than the standard rate) for transactions processed outside their system. Availability and terms vary by market.
The Economics: When Does a Web Shop Actually Make Sense
The web shop route only makes economic sense when the savings from reduced store commissions exceed the operational costs of running your own payment infrastructure. The math varies significantly by market and platform.
In the EU under DMA, if Apple's commission for external purchases settles at a lower rate than the standard 30% (the ongoing regulatory negotiations are unresolved as of this writing), the economics can work for high-ARPU titles. For a game with $20 average basket size, a 15-percentage-point commission reduction saves $3.00 per transaction — meaningful at volume.
In the US iOS market under the current 27% external purchase commission, the savings versus standard 30% are 3 percentage points. At $20 average basket, that's $0.60 per transaction. When you factor in the cost of running your own payment processing (PSP fees typically 2.9% + $0.30 = ~$0.88 on a $20 transaction), the web shop path is actually more expensive than the App Store on a per-transaction basis in the US iOS market under the current Apple terms. The US web shop opportunity currently makes more sense for high-value purchases above $50–$80 where the percentage savings become substantial.
We're not saying the web shop is always the right choice — the economics depend heavily on your average order value, your geographic distribution, and the specific commission terms you're operating under. Run the math for your actual transaction distribution before building the infrastructure.
Technical Architecture: The Web Shop Stack
A mobile game web shop is a mobile-optimized web page (not a native app, since that would still fall under app store distribution rules) that allows players to purchase digital goods, which are then delivered to their account within your game. The key technical components are:
Player authentication bridging. When a player taps your external purchase link from within the game, they land on your web shop as an anonymous browser user. You need to authenticate them as the same player who is logged in to the game. The standard approach is to generate a short-lived, single-use authentication token in your game client, pass it as a URL parameter on the outbound link, and have your web shop verify the token against your player auth system before displaying the store. Never use a persistent session cookie as the link parameter — it's a security risk if the URL is copied and shared.
Hosted payment processing. Your web shop payment form must use a hosted solution — Stripe Checkout, Braintree hosted fields, or similar — that keeps cardholder data off your web server. This is both a PCI-DSS scope requirement and a practical engineering decision. Building your own payment form handling is months of work and ongoing compliance maintenance. A hosted solution is an afternoon of integration.
Purchase confirmation and game delivery webhook. After payment is confirmed, your payment processor fires a webhook to your backend. Your backend marks the purchase as completed and either pushes a notification to the game client (if the player is still in-session) or queues the delivery for the next session. The delivery mechanism depends on how your game manages inventory — typically a server-to-server call to your game's item delivery API using the player ID associated with the purchase.
Cross-platform receipt management. If a player can make purchases both through the app store and your web shop, you need a unified purchase history that spans both channels. Web shop purchases should produce receipts that are stored in your player record alongside app store receipts, accessible from the same transaction history UI that shows IAP purchases.
What Apple's App Store Guidelines Still Require
Even with the DMA and US injunction-driven entitlements, Apple's App Store guidelines impose specific restrictions on external purchase links. Under the current External Purchase Links entitlement for the US, apps may only include a single link to an external website, the link must go directly to the purchase page (not to a home page that requires navigation to find the store), and the link must be in a static location in the app — you cannot present it in interstitial or promotional contexts designed to divert users from App Store IAP.
Apple's guidelines (App Store Review Guideline §3.1.3) explicitly prohibit "comparative messaging" — you cannot display text like "30% cheaper than buying in-app" or equivalent copy that frames the web shop as a cost-saving alternative. The link must be factual and functional, not promotional.
EU DMA compliance under Article 6(12) is more permissive on the steering and comparative messaging front, but Apple and Google are still interpreting implementation details through their own policy frameworks. The regulatory landscape is still being litigated and enforcement is uneven across markets. Studios operating in both US and EU should maintain separate link and copy implementations for each market rather than applying the most permissive standard globally.
Compliance Setup Before You Launch
Before you process your first web shop transaction, several compliance elements need to be in place:
Payment terms and refund policy. Your web shop needs clear, accessible terms of sale and a refund policy. Unlike app store purchases (where the platform's policies govern), your direct purchases are governed by your own terms. For EU customers, the EU Consumer Rights Directive requires a 14-day right of withdrawal for digital goods unless the customer explicitly consents to immediate delivery and waives the withdrawal right at checkout. Your checkout flow must capture this consent.
VAT handling for EU transactions. Direct sales to EU consumers trigger VAT obligations regardless of where your studio is based. The EU One-Stop Shop (OSS) scheme allows non-EU businesses to register once and remit VAT for all EU member state sales through a single filing. If you're not already registered for EU VAT, you need to be before you go live in EU markets. The liability for uncollected VAT on digital services sold to EU consumers is real and retroactive.
Age verification for purchase-gated content. If your web shop sells content with age restrictions — loot boxes are age-gated in several EU jurisdictions, including Belgium and the Netherlands where certain mechanics are heavily regulated — you need age verification at checkout, not just a checkbox. Belgium's Gaming Commission enforcement has extended to digital goods; a web shop is not exempted simply because it's not a native app.
PCI-DSS scope review. As covered in a separate piece, running your own web shop checkout brings PCI scope that app-store-only payment did not. Using a hosted payment solution keeps your scope at SAQ A-EP minimum. Document this review before launch — your acquiring bank may ask for it.
Linq Games is not a bank or money transmitter. For web shop payment processing, we partner with regulated institutions and provide the currency delivery infrastructure — the platform credit, the wallet update, the game delivery webhook. You use your preferred PSP for card processing; Linq handles the game economy layer downstream.
The Player Experience Requirements
Beyond regulatory compliance, the web shop player experience has to clear a higher bar than app store IAP to achieve reasonable conversion rates. Players are accustomed to the low-friction one-tap purchase flow inside the app. Asking them to navigate to a browser, authenticate, enter payment details, and wait for delivery is a meaningfully higher friction path. The web shops that convert well are the ones that reduce every point of friction aggressively: deep-link directly into the web shop (no intermediate steps), pre-authenticate via the token bridge, support Apple Pay and Google Pay for instant payment (dramatically reduces form entry friction), and confirm delivery within the game session if the player is still active.
The studios that have run web shops successfully tend to use them for high-value purchases — season pass bundles, limited-time founder packs, annual subscription offers — where the player is already in a considered purchase mindset rather than impulse-buying. The web shop as a channel for $0.99 transactions is unlikely to convert at rates that justify the operational overhead. The web shop as a channel for $19.99–$49.99 high-value bundles with a meaningful price advantage over app store pricing (where the market terms allow it) is a different calculation.
The regulatory opening for direct mobile payments is real and it's growing. The studios positioned to capture it are the ones who do the compliance setup before they build the storefront, not after their first transaction is disputed.