A much more accurate headline might be "Apple responds to Dash controversy by insisting they were right all along and refusing to provide proof."
Edit: The tone of the entire article rubs me the wrong way; it reads like a press release that nobody could be bothered to re-write.
> The integrity of the App Store is as important to Apple as it is to consumers.
Citation needed? Plus it immediately follows an unsubstantiated claim that Apple has been ignoring evidence of review manipulation for two years, so even if we take the article at face value...that doesn't sound like they think it's important?
> This is part of the reason we trust Apple and the App Store.
That's the most circular argument. "We trust Apple because they claim they're trustworthy!"
Unfortunately The Loop isn't much of a news site, more of a controlled Apple leak blog. Dalrymple has gotten to the point of being a complete Apple shill.
Edit:
Compare the tone of the Loop article to Daring Fireballs:
!!! it includes a recording of a phone call with Apple !!!
Edit: After listening to the first 2 minutes of the call, i can say with absolute confidence that Apple is straight-up blackmailing him. I would love to hear opinions on whether this is something that could be taken to court.
Listening to the recording it seems that they do want to get the account reinstated but want Kapeli to release a statement on why the account was deactivated.
Which after reading the post and listening to the recording on why Apple hit the account it seems fair after all this has gone public. (Kapeli set up an account for a relative using his CC, gave them some of his old hardware and it's that account that was caught in the review fraud. So in Apples system the two accounts were linked so when they nuked one account, the other went along with it.)
A Blog posting from Kapeli explaining the cause of the account ban and that he has worked with Apple to unlink the two accounts and resolve the situation.
> What Apple has done: on Friday they told me they’d reactivate my account if I’d make a blog post admitting some wrongdoing.
I didn't get from the call that he would have to admit and wrong doing, just explain what had happened and he got hit in the crossfire. Heck if I was in his boat I would end the blog post with "I would like to thank Apple and Phil for working with me to get this sorted and thanks to the community at large for helping to get this resolved." Not that they asked for a thank you but because I can see it from Apple's POV from Kapeli's recent Blog post.
It doesn't matter what he has to admit or not. The issue lies in this sentence:
> What Apple has done: on Friday they told me they’d reactivate my account if I’d make a blog post admitting some wrongdoing.
The "if" is the problem here. Had Apple said "we'll reinstate your account AND please make a blog post stating xyz" everything would be fine. Making it conditional on the post despite being their mistake is just reprehensible.
It wasn't their mistake, it was his mistake. You can't just register an account, then hand it off to someone else and not be at least partially responsible for what happens through that account.
If Apple didn't want to avoid the bad PR, they could just terminate their business relationship permanently, and they'd be in the right, even morally, since it was Kapeli who violated the trust.
It's unclear whether he registered it himself, but it doesn't matter, since according to the terms of service:
"You can choose from the payment methods presented during your membership purchase. If you are paying by credit card and enrolling as an individual, you must use your own credit card to complete your purchase. If you do not, your enrollment will be delayed and you will be asked for a copy of your government-issued photo identification."
At least he did not use the same name. The two accounts use different names, otherwise apple would mention it because it's a huge evidence that the accounts are linked :)
It says if you do not pay by credit card, we want your photo ID, or at least it's ambiguous.
Again, it's unclear under whose name the account really was registered, but if he went through the trouble of sending in photo ID, Kapeli would probably mention that as to further exonerate him of any mistakes.
They're be asking for photo id of the actual account holder, i.e. the relative, in lieu of id via CC account. And given that Apple was willing to reinstate his account, Kapeli is already exonerated.
Apple was willing to reinstate the account only under the condition that Kapeli admits there was a mistake on his part, so clearly that doesn't exonerate him from having signed up for an account for a third party under his identity. This is Apple's position and I would expect they have designed their terms so that this position holds up.
It sure sounds like Schiller's team screwed up here and should reinstate his account forthwith.
In short, Kapeli helped a relative open an account years ago but has otherwise been unassociated with that account. He technically shouldn't have used his credit card to help his relative, but this is Romania and it's just a nominal $99 fee, so he probably didn't think much of it. Apple's stance is they now look at them as "linked" accounts due to the use of his credit card and old devices, so they were justified in shutting down his account for fraudulent activity on the other one.
Problem is Apple never contacted Kapeli's account before shutting both of them down. They didn't do any extra due diligence for a top developer. Their notices only went to the other account, apparently, and Kapeli never had a chance to see them. He just woke up one day and his account was banned.
Now, that's just dumb. If the accounts are linked, why not notify both accounts?
Kapeli's an extremely well-respected app and has oodles of credibility. That alone should have triggered a deeper investigation before shutting him down. That fact that they know what happened here and still refuse to reinstate the account is shameful.
Logic. Apple called him and conceded that the reason they thought they were the same "entity" is simply because both used the same credit card number. If Kapeli wanted to be deceptive and create another account to commit a bunch of fraud on that appeared unassociated with him, he'd use another credit card, bundle ID, etc.
Of course, because no one committing fraud ever makes mistakes.
I have no idea if Popescu was really involved in the fraudulent activity or not. But dismissing it as too dumb to be possible is no better than dismissing the possibility of Apple making a detection mistake as too dumb to be possible.
I'm referring to your claim that he would have used a different credit card and ID as if this is obviously true. It's neither true nor obvious since he didn't realize by his own admission that the accounts were linked.
You're misunderstanding the entire point of my comment. I was specifically addressing the assertion that Popescu would have used a different card for the other account if he were trying to commit fraud: "If Kapeli wanted to be deceptive and create another account to commit a bunch of fraud on that appeared unassociated with him, he'd use another credit card, bundle ID, etc."
This claim is untrue. Per Popescu's blog, he didn't know using the same bank/CC info would link the accounts. So no, he likely wouldn't have used a different card. So the implication that because he didn't use a different card, he therefore wasn't trying to commit fraud is invalid.
The reference to Apple being dumb was merely for comparison.
I get what you're saying, but it still doesn't make sense. It is obvious that providing bank information will tie your identity to both accounts. That is utterly obvious. Ergo, by "linking" what he is referring to is being personally responsible for the behavior of the other person, even though they have a different name etc., not that Apple would be unable to see the common bank info.
> It is obvious that providing bank information will tie your identity to both accounts. That is utterly obvious.
It's clearly not obvious to Popescu per his own statement on the matter. Asserting repeatedly that it's obvious doesn't make it so.
> Ergo, by "linking" what he is referring to is being personally responsible for the behavior of the other person
This is a distinction without a difference. "Linking" the accounts is pointless unless it creates a meaningful relationship between them. The only reason to link accounts is to establish that they be somehow treated as a unit.
You are claiming that Popescu does not understand that handing his credit card info over to Apple for the other account, amongst other things, would reveal to Apple that he has a connection with it. That is an absurd claim.
Your evidence is his statement, which refers to a more specific technical use of the term "linking", namely responsibility for fraud as a combined "legal entity", the phrase that is used in the cited phone call. I will let the downvotes on your comment speak for themselves here.
I'm making the much more charitable claim that he didn't realize Apple would track the connection between the accounts. This is in line with both his actions and his statements. Your continued attempts to force your specific narrow interpretation onto his statement is absurd.
Your appeal to downvotes as some form of proof that your interpretation is correct is also absurd, partly because downvotes don't mean that much in general, but mostly because I have exactly one in total. So as with the rest of the thread your self-satisfaction seems rather unjustified.
I'd be willing to bet that Apple's call start with a statement that they are recording the call, that means you can record the call to because they know it's being recorded.
When a call starts with "this call may be recorded for quality assurance", I always say "thank you" to express my gratitude for them granting me explicit permission to record it.
"two-party consent" laws have been adopted in California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Montana, New Hampshire, Pennsylvania and Washington.
After listening to the entire thing, I can say that Kapeli sounds like a complete ignoramus.
He has registered an account using his credentials, the account was involved in fraudulent activity, that makes him responsible, as an individual. Why is Apple supposed to even care that he doesn't control the other account anymore? He's supposed to control the account, according to the terms of service he agreed to. If he doesn't control it and he doesn't want to be responsible, he has to close it.
Apple is giving him the opportunity to get back to having a business relationship, but he doesn't understand the problem. Apparently, neither do many of the other users on here. Apple has every right to terminate their business relationship,so how is it blackmail? It's more like a plea bargain...
Completely, 100% agree with galacticpony. This whole story sounds suspect and I'm falling square on Apple's side here. Kapeli set up a relative with a developer account AND that relative was involved in fraudulent activity that benefits Kapeli and/or damages his competitors? Either Kapeli is lying and did set up his relative to help him out with fraudulent reviews, or he was so negligible so as to risk damage to his status with Apple by hooking up an untrustworthy relative and then felt like he had every right to act indignant when Apple called him out on it AND gave him a chance to make it right?
This may be hard to relate to from a First World context, but Kapeli lives in Romania where only 27% of the population owns bank accounts yet alone credit cards.[1] In many parts of the world, financial products are shared by families, even extended families.
This does not completely absolve Kapeli, but the bigger problem here is that Kapeli is (was) a top developer on Apple's platform and had oodles of credibility. He deserved a better investigation than Apple gave him, and to at least have his own ("linked") account notified of the problem before getting banned.
No excuse, sorry, especially since it's not at all clear that he's not lying. I'm not saying he is but it can't be ruled out. Even giving him the benefit of the doubt, if it's true that he did innocently help out a relative and had absolutely no idea what that person was up to, then why not show some contrition and just get the problem resolved?
If I bring my cousin with me to a party at a friend's house and he trashes the place and gets into fights, you can sure bet I'm going to be apologizing like heck to the host, cleaning the place up, and trying to make things right. Would all people do that? Maybe not ... but don't go complaining that the host never invited you back if you didn't.
Why didn't they contact his "primary" account via its registered email address? They shut down two accounts but only contacted the first. The analogy would be better as I'm invited to a party and I bring my cousin. I leave after an hour. My cousin causes a bunch of damage to the host's place after I leave. Then two years later the host comes to my place of business and burns it to the ground and says I should've listened to the demands they made to my cousin over the last two years.
That is a bad analogy. This is case of mistaken identity, not a bad referral. Ask yourself, why are not giving this respected developer the benefit of the doubt?
A better analogy would be: You loaned your underage friend your ID 4 years ago and forgot about it. They proceeded to behave badly at a bar over a period of years without your knowledge. Then the bar owner confuses your identity based solely on that ID, despite your picture looking nothing like them and you being a well known and respected regular, and bans you without notice. Then they admit it wasn't you that trashed the place, but won't let you in until you state that the bar made no mistake in confusing you for that person.
This is also a bad analogy. The other account who is supposedly outside of the control of Kapeli, is involved in thousands of fraudulent ratings manipulations of Kapeli's apps. How likely is it that if the account were so totally out of Kapeli that this cousin would waste their time doing this? It's highly unlikely.
Not Kapeli's apps. There is no indication that there were fraudulent reviews of Dash, nor would it even make sense for there to be since it's so popular. Kapeli's own account was only used for Dash.
Please read and listen again. He did not register the account, nor use his credentials (if he had, apple's contact attempts would've reached him). He only paid for it, and donated hardware.
The bank account used is credentials and Apple considers both accounts to belong to (quote) "the same legal entity" based on that fact. This is the way Apple conducts business.
"This is the way Apple conducts business" is not a justification for conducting business that way.
Kapeli is in Romania where credit card ownership is less common, and the "legal entity link" we're talking about is just a nominal $99/fee and some older devices. Moreover, Apple is admitting they they see them as distinct accounts, only notified one of them, and completely ignored the fact that Kapeli's side of the linked accounts had high credibility.
It sounds like Apple is desperately trying to justify the not-very-smart algorithm of an automated "booter" program rather than giving Kapeli the respect and due diligence that he deserves as a top developer.
No. You can use a different bank account to get paid and use a different name for your developer account from credit card used. You can even use a prepaid credit card(But you have to provide ID). In this case, it's clear that the account names were different. Also it seems the bank accounts to get payment from apple were different(Otherwise they would mention it). And the only links were the credit card and some devices(only apple and the developer know how many devices and in some extent)
It is certainly knowable that the identity on the credit card is part of the verification process and that it must match his own. If the name he entered wasn't his own, the verification would likely have been denied:
https://discussions.apple.com/thread/6238222?tstart=0
That's why I'm suspicious as to which name he actually entered.
In this case, it seems the two accounts used different names otherwise they would mentioned it already because it's huge evidence that the accounts are linked.
In the U.S., you can add authorized users to your credit cards, and they typically send you new cards that just have a different name, but for which the rest of the information is identical (same number, same CVV code, same expiration).
At least this was the case with the cards issued for authorized users I added to my Citi Double credit card account.
So you could have a single card number with multiple valid names/users.
I think I'm much less invested in this than you two but I can say that it would strike me as very unusual to pay for someone else's account with Apple.
For example, Mithaldu, if an anonymous outsourcing party rendered you a service, than rather than wire them money or pay via paypal, would you be okay with paying for an apple account with them, with no further relationship, and you don't even know who they are? Probably not.
I think we can all agree that yes, he "should have" thought about this implication of trust.
From his response "helped a relative get started by paying for her Apple’s Developer Program Membership using my credit card. I also handed her test hard"
It was a relative, so I don't get your question's relevance to the situation.
sorry, I missed that part. I straight-up don't believe that their relative engaged in fraudulent activity related to Dash (such as leaving negative reviews of competitors) by complete coincidence and at arm's length. I didn't read all the information carefully though.
> I straight-up don't believe that their relative engaged in fraudulent activity related to Dash (such as leaving negative reviews of competitors) by complete coincidence and at arm's length
You might want to read the rest, the relative was boosting their own apps. Dash was not part of scenario just affected by the end result.
You missed the other discussion which mentions he's Romanian, and very few Romanians have their own banking services, and in fact share banking services among family members.
Last time I bought a dev account to the App Store I had to pay with a credit card in my name. My employer was willing to pay for it and would have preferred to pay on the company credit card but the App Store explicitly didn't allow 3rd party payment.
According to this, it's fine to use another person's CC as long as you provide govt id such that they can tie your account to a real person (and not the CC).
That's your interpretation of an ambiguous sentence. If your interpretation was correct, shouldn't the person you replied to have been informed of that possibility?
> He has registered an account using his credentials
Where are you getting that? In his blog posts, he only mentioned the common thing between the accounts were his credit card and old test devices he handed off - how do those qualify as "his credentials"? He explicitly mentioned he wasn't aware that his account and his alleged relatives account were linked until after his account was blocked.
You are right - he doesn't understand the problem - and neither do I. With the information that I have so far, it seems that Apple has set the bar for guilt too low, and the whole process is extremely opaque.
How is this a personal attack? It simply acknowledges that both of these websites are written by individuals. Would the substance of the comment be different had he simply used the website's names?
What is the appropriate phrasing, then? "This website is a surrogate for apple that posts their press releases without analysis?" I just don't see what the practical difference is: we're all adults, we know the point that's trying to be made.
I love apple products, have for 31 years but the guy is pretty biased towards Apple. He writes some interesting stuff but this article for instance is basically just repeating back whatever their PR flack said.
I have yet to work for a company where posting fake reviews on our applications wasn't the norm. Most users (myself included) can't be bothered to write a brand new review every time an app updates.
You know it's bad when Gruber's blog is being held up as a less biased alternative. He's been so soft on them lately on anything except the Watch, even then he's been pretty soft.
What I've done: 3-4 years ago I helped a relative get started by paying for her Apple's Developer Program Membership using my credit card. I also handded her test hardware that I no longer needed. From then on those accounts were linked in the eyes of Apple. Once that account was involved with review manipulation, my account was closed.
I was not aware my account was linked to another until Apple contacted me Friday, 2 days after closing my account. I was never notified of any kind of wrongdoing before my account was terminated.
Having dealt with nefarious characters in a pretty active community that was quick to defend their own members (even when they were being very naughty) I'll give my guess as to what's happened, basically assuming good faith in Apple, mainly to counter a lot of the questions here around "what if a competitor bought these..."
In cases where Apple is this certain (or seemingly certain) they usually have a smoking gun. That is, they have some kind of heuristic or action/event that is unquestionably tied to the developer. Perhaps a bunch of the positive reviews came from installs that used a developer freebie code, something only the developer could give out.
Also, smoking guns, when you're dealing with fraud and systems that people can manipulate, are the kind of thing you don't share with others.
I expect that Apple has seen _a lot_ of competitors trying to screw over other apps, and they would have exhausted that possibility before banning a popular app.
I think the difficult part is correctly attributing the behavior to the correct party.
My knee jerk reaction to this article, is that if I were nefarious and I wanted to get a competitor off the appstore, than I would game the review system on their behalf. I didn't look at it too closely, but I think part of it they said was also creating negative reviews for competitors.
Like you said, it depends on the smoking gun or the strength of evidence, but without knowing what criteria Apple uses I think it's difficult to say how prudent they might be.
I of course have no indication that another party is involved in this case, I just imagine that it could, along with any number of other scenarios. Without knowing what evidence or criteria apple uses to make this determination, it's impossible to say as an external observer.
Yep. I look at it this way: Apple has a team, or teams, dedicated to detecting and stopping fraudulent behavior. People on these teams are very smart and are likely using very sophisticated methods for detecting fraudulent behavior and attributing it, and they are very sensitive to false positives.
It's likely better to take no action than to take action, so when you take action, it is only when there is a very strong positive signal.
Again, I'm making assumptions because this is how the work I did went. There are a lot of things that can be done before dropping an app from the store entirely, and Apple is incentivized to keep the apps in the store – they get paid when people buy them, so removing them is a last straw.
I know of one very large company that paid for downloads and 5 star reviews for years; I doubt Apple would ever do more than ask pretty please. Given how far their rating has fallen recently they might have been asked to stop. But that's a long way from punishment.
"Because we see them as the same entity. If we have accounts that are enrolled in our programme using the same credit card, they are the SAME legal entity. They ARE the same..."
Yikes, because I often put contractor developer subscriptions and other incidental expenses on my company credit card to facilitate turnaround. Now it looks like I can get black banned if one of my contractors on the other side of the world goes rogue?!?
Yes. I'm not sure what the alternative would be. They let spammy app creators keep opening accounts indefinitely with no attempt to block them from repeat behavior?
I would refrain from using your credit card for others' accounts without serious consideration. I definitely wouldn't do this frivolously or for people you don't have a real trust relationship with.
Yes. That is not unreasonable. This is the same reasoning as when a shareholder or employee uses a company card for personal transactions or uses a personal card for corporate transactions, and pierces the corporate veil.
So if you want to get your competitor banned from the App store, just post lots of spammy positive reviews for their product? How would you defend your app against such an attack?
That was my first thought as well... Even if in this case it was actually Dash putting up fake reviews, this seems like a slightly dangerous precedent to set.
It would be a big risk, but one could potentially buy 'false flag' reviews - throw some negative reviews on your own product, and positive reviews on your biggest competitor - It would hurt yourself in the short-term, but could pay off if you can get the competitor banned. Again, super risky, probably stupid strategy... But with the state of the 'app' market, I wouldn't be surprised if people would try it.
While I don't know how their rating system or detection works, I imagine it would be harder than just posting spammy positive reviews. They would have to have solid evidence that you're doing it to your own app, or paying someone to do it on your behalf.
Genuinely curious: what are some heuristics that could be used to distinguish between fraudulent reviews paid for by the developer and those paid for by a malicious third party?
Maybe I'm missing something, but it seems practically impossible to distinguish between the two unless there was a royal screw up somewhere along the line.
I think apple is pretty savvy to this sort of attack. They only banned him after there were thousands of fake reviews (supporting his app, and harming others) AND an account that was tied to his (same device ids and credit card) was involved.
As one of the other commenters, I wasn't suggesting that Apple is purposefully accusing innocent developers as part of a nefarious plot; I was suggesting that they might be mistaken, and obliquely hinting that it would be nice if they'd respond to the controversy with actual proof, as the article title (apparently falsely?) claimed they had.
> I don't see Apple getting anything out of it.
Refusing to admit innocent error is a very understandable course of action. If, of course, that's what they're doing. From where I stand the entire situation is completely muddy, and I don't think the linked article clarifies anything.
I was suggesting that they might be mistaken, and obliquely hinting that it would be nice if they'd respond to the controversy with actual proof
They'll never provide proof for the same reason that Google won't publicize the exact parameters behind search; it would provide bad actors with information on how to game their system.
The guy has already admitted that the fraudulent account is from his "relative" who uses the same credit card and same test devices. It seems like Apple gave him a lot of leeway due him actually making a good app and being public.
While I'd like to give him the benefit of the doubt, the overwhelming most likely case is he was doing exactly what Apple thought he was doing. At the very least, he should take some responsibility for the fact he's paying for someones account who is actively trying to harm his competitors.
Apple probably could've avoided a lot of this mess by not overtly banning his account, but doing the except opposite of what his manipulations intended and make the app almost impossible to find.
This whole story just comes off as a bunch of bruised egos too proud to get out of their own way.
They both agree in principle that DASH should be reinstated, and clearly it being reinstated is in both sides best interests.
Why Does Apple NEED an acknowledgment that they didn't do anything wrong? What difference would it make?
Why can't Kapeli just acknowledge that he was associated with a bad actor in Apple's system.
I get the idea of integrity, but I get the idea of self-preservation a little more...Especially when reality is subjective and your perspective might not be the only sincerely held belief.
I will never understand the people too principled to just SAY SORRY even if you believe you are in the right. Are you so principled that you can't even acknowledge the existence of a potential conflicting view point, at least enough to admit you might be wrong, when its clearly in your best interest to just own up, and move on...even if you aren't sincere in your apology!
Edit: I can maybe understand a prisoner refusing to admit to a crime they didn't commit to a parole board despite contrition being a key to getting released...but at some point of serving a life sentence, you have to kick into self preservation mode and just admit to wrongdoing, and spend your free years atoning for your lie.
> Why Does Apple NEED an acknowledgment that they didn't do anything wrong? What difference would it make?
I get what you're saying, but if Apples gets hammered with bad publicity every time their anti-fraud team does the right thing, they're going to stop doing the right thing.
Especially as this case is going to be cited for years to come, it's important apple has something to point to and say: "We didn't just arbitrarily ban the account, it was involved in manipulating our reviews"
>"We didn't just arbitrarily ban the account, it was involved in manipulating our reviews"
>anti-fraud team does the right thing
That's not what happened though. What happened is that Apple has their internal tools to link fraudulent accounts, to keep out bad actors, and this "good" account got caught in that web. You can just as easily argue that he didn't actually do anything wrong. After all, if he did Apple wouldn't even consider reinstating him. The fact that Apple linked the accounts internally doesn't actually point to any guilt or wrongdoing...It could even be pointed to Apple's policies arbitrarily hurting the little guy.
I can see both sides very clearly and I can see a middle ground very clearly. The only thing stopping this from being resolved is "bruised egos" on both sides.
But what if the developer did do something wrong and the account is not so "good" as the developer is trying to make it out to be. There's too much that stinks about it:
1. Opened up a developer account for a relative 4 years ago. Relative. Yeah, ok. And 4 years ago... don't credit cards usually expire before then?
2. The same devices were being used on both accounts. While the info isn't available, I'm sure Apple can know if these same devices were still in active use by both accounts.
3. Dash isn't the problem. Too many people seem fixated on the notion of why the developer needed to do review manipulation on Dash when that's not at all the problem. It's the other apps on the other account that were the subject of App Store review manipulation. These apps contained descriptions that contained the developer's own email address in it: http://appshopper.com/search/?searchdev=603546869&sort=name&...
I do agree that he could totally be lying...but that doesn't seem to be Apples belief or they wouldn't reinstate him.
Also, if he really was guilty, why would he poke the bear after apple agreed to reinstate him...why not apologize and get off scott free.
It appears to me like both sides agreed to a set of facts and now its just a matter of setting the record straight. No one seems to want to admit fault and they are being childish about that since its in both of their interests to do so.
I think when you sign-up, and the only ID they get is your credit card, it's pretty obvious that the account will be linked to you.
From the call, it appears that Apple only wanted a clarification in that direction, i. e. "I should not have given my drunk little brother the car keys".
They're not reacting from a "bruised ego", since a professional PR team doesn't get emotional in that sense.
They feel that the initial accusations have created actual damage for Apple's image, and they want him to stop the pitchfork-wielding mob.
I dont know who is dealing with this on Apples side...but its a mistake to think brands, executives, employees and even PR agencies dont get emotional and react from a bruised ego.
I bet the PR costs exceed the actual damage in this case. If they were really afraid of damage, they wouldnt come out swinging, they would simply apologize for banning the account and the public would forgive them instantly.
Both sides are acting against their own interests IMO.
> That's not what happened though. What happened is that Apple has their internal tools to link fraudulent accounts, to keep out bad actors, and this "good" account got caught in that web.
Imagine a family account at the bank. Husband is committing fraud, bank closes the account to stop fraud and 'good' wife cannot use her credit card anymore.
EDIT: afaik, other account also used the same identifier for their apps. Apple sees that there is a person/company who has fraudulent activity in one of it's accounts and bans that person/company. Simple as that.
Listening to the recording, the whole thing was basically over. Apple just wanted him to explain what happened and then they'd reinstate him, i. e. "I registered an account for someone else and when that account was involved in faking reviews, it was still tied to my credit card & name."
They only wanted this because he chose to get everyone riled up about the perceived injustice, and it's causing Apple a PR headache. It could have been avoided if he had chosen to resolve this in private, or at least went with a bit more ambiguity instead of indignation.
...But I really don't get why this didn't end with the phone call. Write a post, be done with it. Instead, he's trying to escalate it further, breaking California law by publishing the phone call and making it basically impossible for Apple to accommodate him. Considering this is his livelihood, this post is a tragic mistake.
Funny thing is that everyone seems to have agreed on a story... "My cousin did it". It seems quite natural that when that account is used for spam, it comes back to him. considering his credit card was the only ID that had been verified.
In telling the other side of the story, the Dash developer published his (apparently secret) recording of a 7-minute long telephone call he had with a person at Apple who purports to be speaking on behalf of Phil Schiller.[1]
Leaving aside whatever inferences might be drawn from the fact that the developer saw fit to record and publish the recording in the first place, here's a brief summary of what was said:
- There was at least one other developer account "linked" to the Dash developer account. In this context, "linked" means that the accounts "shared the same details": they were enrolled in the Apple Developer Program "with the same credit card number", and "used the same test devices".
- Apple says that at least one of those other developer accounts "definitely had fraudulent activity": "It was not your direct account but it was a linked account." Warnings about fraudulent activity were sent to the linked account. No warnings were sent to the Dash account.
- The Dash developer asked: "Why didn't you notify me beforehand though, and let me know that an account that's linked to mine is doing fraudulent activity, so I can do something about it?" The answer is "because they were linked"; "we see them as the same entity". "If we have accounts that have enrolled in our program using the same credit card, they are the same legal entity; they are the same." So Apple believed they had notified the Dash developer because Apple believed the same person was behind the linked accounts. (Prudence would dictate notifying all accounts at risk of termination; we'll see what happens in future.)
- Apple's position is that no mistakes were made. The Dash developer account was linked to an account with fraudulent activity based on the facts known to Apple.
- The Dash developer says (in his blog post) that he "helped a relative get started by paying for her Apple's Developer Program Membership using my credit card" and "handed her test hardware that I no longer needed".
- Apple says they are "working with" the Dash developer to "unlink the accounts", which (I speculate) may involve some attempt to verify the Dash developer's claim that the linked account was used only by a relative and not by him. If the accounts are unlinked, there would be no reason for the Dash account to remain closed.
In one part of the conversation, they mentioned that the accounts used the same bank account(Not only credit card). I assume it means the bank account that the developers is get paid with. That's even more convincing that accounts were linked.
Note that you can use "arbitrary" bank accounts to get paid with(Source: I'm an apple developer.)
Also The apple guy said it uses same test devices. As usual the devil is in details, it's important if they still uses the same devices and in what extent.
If both developer accounts were using the same bank account to receive Apple's payments, and that bank account was owned by the Dash developer, then I think it's entirely reasonable on Apple's part to conclude that the same developer was effectively in control of both accounts. And it would also imply that the Dash developer was effectively profiting from the fradulent activity occurring in the other account.
Reviews require purchase, though. So for paid apps, it's much harder to do as a third party because you'll pay full price, whereas the developer gets back 70% of what they pay.
Although I have no idea how you'd create dozens of accounts with independent payment methods without it becoming suspicious. I guess you can use gift cards anonymously but that's almost certain to trigger even the most basic anomaly detection.
You're assuming that Apple has no process to distinguish between intentional fraudulent reviews coming from the developer in question, and random fraudulent reviews from others. But that assumption is not supported by any facts.
There is no evidence it isn't this either. Detecting fake reviews is easy, detecting the source (probably a click farm) is probably pretty easy too but getting to the bottom of who hired the click farm would be extremely difficult. You'd probably need assistance from law enforcement or a court, probably in a developing country, to get that information from the click farm operators.
I would think its pretty easy to hire a click farm to blatantly post fake reviews to the app store. The worse the click farm is at covering their tracks the better if you're trying to get a competitor banned by Apple.
Dash was a popular app among developers who use Apple products I doubt the fake reviews would be needed. I wouldn't be surprised at all if this was caused by a third party.
Without some direct information from Apple, it's perfectly valid to wonder if they were manipulated in some way. There aren't any facts available to us that point in one direction or the other.
Sigh. Apple comes off very poorly when you listen to that audio recording. The rep on the phone seems clueless that he is possibly causing more damage with this posture than would've happened had they just explained their side of the story and re-enabled the account.
Apple should have just told us that the account was linked to a fraudulent account so they were correct to pull the plug quickly to prevent add'l harm, and that on further review it was clear that the relationship between the accounts was not as close as the facts initially suggested. That would seem entirely reasonable to me.
That said, by not notifying both accounts it seems that problems like this are totally foreseeable. It also suggests that if a malicious actor was able to get a developer's credit card he would have a fair shot at getting an app delisted.
The root problem in this controversy, in my opinion, is that iOS offers no other way to install third party applications outside the appstore for the general public. If a blackmailing attacker hits your app with fraudulent reviews on purpose you have nowhere to go with your app. If you could at least host the .ipa for installation on your own web page, such tactics wouldn't necessarily turn into a death sentence, just a loss of access to an effective sales channel (the app store)
I'm willing to give Apple the benefit of the doubt here, because they are unlikely to release information as specific as this to the press unless it's been checked and vetted, even if they don't release the proof to the public. And without the proof, it's really their word against the developer's. Does Apple have a bad reputation when it comes to this kind of thing? If not, why are people so strongly on the developer's side?
So, now we have a "He Said; She Said" situation. Who do we trust? Apple? They've made mistakes before, and need to protect their integrity. The Dash developer? It's in his best interests to paint himself in the best light.
What's worse, by coming out, the Dash developer has forced Apple into a defensive position, ensuring that Dash will never appear on iOS again. Dash has now lost revenue and exposure opportunities, and Apple's consumers are reminded once again that they don't have the right to control their devices.
Both sides want to come out of this looking good, and right now neither side does.
Dash developer caught up in an errant fraud check? Eh, it happens. At least this is Apple; were it Google, the developer would be right proper fucked (then again, his post made it to HN, so he might have gotten some special attention).
However, making that resolution conditional on the developer making Apple look good in a blog post? That feels pretty scummy here again to me.
The error seems innocent enough to me (though the party line of "we can't tell you why you were shut down" is the worst way to interact with your developers), but the conditional resolution is not making Apple look good.
While Apple understandably may be very reluctant to disclose review validation / fraud detection methods, they could certainly show some trusted media figure -- Marco, some other popular ios developer, maybe even Gruber -- some detailed bit of proof and put this controversy to rest. If, indeed, they have any proof.
That would be pointless because these people would be accused of being shills who would always sing praises of Apple. There's no easy way to handle giving away the proof and having an expectation that it would indeed help Apple. Depending on the material, there could be nuances that could be interpreted out of context…the context being the entire chain of events and internal and external communications that took place.
I suspect it's because that would reveal what signals their abuse detection system is looking at, making it easier for malicious actors to bypass those checks. It's very common with these types of systems to keep the details secret.
Unfortunately, it does create a frustrating situation when you're on the other end of a complaint.
Because they don't want to set a precedent of going before the developer public as a jury they need to satisfy. Seriously, if I were Apple reading threads like this, I'd solve the PR problem by fixing the issue with Kapelli--which it sounds like they're doing by unlinking the accounts.
I would strenuously avoid making the HN community feel more entitled than it already does to all the technical details so it can be endlessly armchair litigated.
What I dont understand is that if Apple are so vigilant in removing false reviews, and if they're so sensitive to fraudulent reviews (as I wish they would be), why is it that seemingly everywhere I look it is full of them.
(click on "All versions"). You'll see there's HUNDREDS of fake reviews, all giving it 5 stars, and in all cases it is the only review that account has ever made.
That would be wonderful. Do you have any evidence that this is the case?
I mean, we are talking about the same company that just a few years back subjected all iPhone developers to such a strict NDA that they were technically not allowed to discuss a WWDC panel they were watching with the person sitting next to them.
People do this thing with research papers ("the researchers were stupid and didn't think of <insert obvious thing here>") -- so they wouldn't think twice (pun intended) about doing it with a new story.
What question is that? I'm apparently not smart enough to come up with a question that would enable me to distinguish between reviews from agents paid by competitors versus those paid by the original developer.
Edit: Seriously, what question can I ask? This sounds like a fun brainteaser, like the one where half of the people on an island are liars and half are truth-tellers, and the explorer has to figure out which fork in the road leads to the village. If there's an answer, I'd genuinely like to hear it. Downvoting me is just a way to shrug your shoulders and admit your bluff has been called.
No, you have to have an account that your competitor opened with their own credit card and gave to you, and then you publish an app for that account and buy fraudulent reviews for it.
The account that the fraud happened on, and all the other accounts that appear 'linked' will be closed.
The issue was with the account he gave to his relative, which Apple probably assumed was his account because it used the same credit card and test devices registered to both accounts.
"No, you have to have an account that your competitor opened with their own credit card and gave to you, and then you publish an app for that account and buy fraudulent reviews for it."
implying that this is the only way Apple would consider fraudulent positive reviews to be developer's fault? Unlikely.
California doesn't care: https://en.wikipedia.org/wiki/Telephone_recording_laws#One-p...) "he California Supreme Court ruled in 2006 that if a caller in a one-party state records a conversation with someone in California, that one-party state caller is subject to the stricter of the laws and must have consent from all callers (cf. Kearney v. Salomon Smith Barney Inc., 39 Cal. 4th 95[38]). "
But it does make it less relevant at least practically.
On another note, I tried to find out where he lives, but it's nowhere to be found on the website. I really prefer business websites that give me at least a full name and a city. I don't even know why – I'm not planning to write/stop by/sue – it just feels shady.
(whois data is similarly anonymous – I'm starting to see Apple's point of view)
I know this doesn't treat the totality of what you're saying but in the past (and I assume it to be the case here) if you paid for the app on the app store it'll be available for download even if it's delisted. This was the case with the game Edge when they got targeted by a trademark troll for their name.
I believe the app stays available in the Purchases section like you said if the developer "unpublishes" the app, but not if the account or app is "terminated" by Apple.
In addition to Dash (which I'm not able to locate in my Purchases tab), I've noticed this to be the case with apps that violate Apple's rules, like those hidden proxies or emulators that have sprung up over the years and were later removed by Apple.
Why won't they admit their system was flawed? They may be right in considering accounts funded with the same payment source as linked accounts, but they never notified both accounts about the impending closure.
What Apple has done: on Friday they told me they’d reactivate my account if I’d make a blog post admitting some wrongdoing. I told them I can’t do that, because I did nothing wrong. On Saturday they told me that they are fine with me writing the truth about what happened, and that if I did that, my account would be restored. Saturday night I sent a blog post draft to Apple and have since waited for their approval.
Tonight Apple decided to accuse me of manipulating the App Store in public via a spokesperson.
That makes me wonder about what the heck happened?
Can anyone who bought Dash confirm or deny that you can still access it from the "purchased" tab in the app store? This used to be the behavior for paid apps that were delisted† and I assume it still is.
† I remember it happening for the game Edge when it was taken down due to trademark trolling. It was later reinstated.
> Almost 1,000 fraudulent reviews were detected across two accounts and 25 apps for this developer so we removed their apps and accounts from the App Store
Sounds damning. Was this a paid app? How many downloads did it have?
The amount of power Companies like Apple, Google, Facebook and others have to completely destroy and make businesses, makes me wonder if there should be some internet arbitration court to at least let people present their case to a third party. I get the companies would never want to give up this power and I get that every country has their own court system and laws...
This is more a middle ground, for people caught in the cross hairs to present their case. Maybe like WIPO arbitration for trademark domains.
Meta: at times like this Apple is hurt by its policy of doing zero Developer Relations.
If there was somebody - anybody - in Apple who spoke with a voice developers trusted, right now they could be explaining what in hell's going on. Having Apple Marketing leak something to somebody who leaks it to Gruber, who then reports it as hearsay, is a damned shoddy substitute.
I'm not familiar with this site, so this might be ignorant, but it seems strange. Bad copy on a wordpress site. At first is looks pretty official, but none of the "according to Apple" or "Apparently" quotes are cited or linked. Did Apple release a statement or press release about this? At the end it just says "it seems to me...". Who is this guy? Do we have a better source for this news?
This is Jim Dalrymple's site (I might have the spelling wrong). He is well-known among Apple bloggers to be well connected to Apple people. I've seen sites like MacRumors use a "Yep." confirmation from Dalrymple as evidence of a rumor, so I guess folks have some reason to believe he's connected.
so was he migrating his account from type to another in an attempt to disrupt the investigation? Perhaps as a means to break connections between accounts , apps, and such?
This may sound stupid, and I am not by any means saying this is what happened here, but would it be possible for someone to maliciously buy fake reviews for a competitor app? What would happen in this scenario?
A much more accurate headline might be "Apple responds to Dash controversy by insisting they were right all along and refusing to provide proof."
Edit: The tone of the entire article rubs me the wrong way; it reads like a press release that nobody could be bothered to re-write.
> The integrity of the App Store is as important to Apple as it is to consumers.
Citation needed? Plus it immediately follows an unsubstantiated claim that Apple has been ignoring evidence of review manipulation for two years, so even if we take the article at face value...that doesn't sound like they think it's important?
> This is part of the reason we trust Apple and the App Store.
That's the most circular argument. "We trust Apple because they claim they're trustworthy!"