198 comments

[ 3.0 ms ] story [ 263 ms ] thread
Well that's definitely strange. Why would the developer do such a thing when Dash is basically the best app of its kind out there?

Edit: To other commenters, why would Apple accuse the dev of faking reviews if it wasn't true? I don't see Apple getting anything out of it.

As one of the other commenters, I wasn't suggesting that Apple is purposefully accusing innocent developers as part of a nefarious plot; I was suggesting that they might be mistaken, and obliquely hinting that it would be nice if they'd respond to the controversy with actual proof, as the article title (apparently falsely?) claimed they had.

> I don't see Apple getting anything out of it.

Refusing to admit innocent error is a very understandable course of action. If, of course, that's what they're doing. From where I stand the entire situation is completely muddy, and I don't think the linked article clarifies anything.

Apple has often made mistakes in the removal of apps.

Usually they just apologise and put it back up. It would be very uncharacteristic to stubbornly refuse to acknowledge and rectify the mistake.

I was suggesting that they might be mistaken, and obliquely hinting that it would be nice if they'd respond to the controversy with actual proof

They'll never provide proof for the same reason that Google won't publicize the exact parameters behind search; it would provide bad actors with information on how to game their system.

>Well that's definitely strange. Why would the developer do such a thing when Dash is basically the best app of its kind out there?

Because few people care to check it out / buy it?

Being the "best of its kind", belonging to a popular app genre, and actually selling are three distinct things.

There's proof, but we're not going to link it because ... reasons. Why would they not include any proof that might exist?
Because they're in an arms race with review spammers, and telling the spammers how they were detected causes them to evolve new, undetected behaviors.

It might not be fair, but it's logical.

While Apple understandably may be very reluctant to disclose review validation / fraud detection methods, they could certainly show some trusted media figure -- Marco, some other popular ios developer, maybe even Gruber -- some detailed bit of proof and put this controversy to rest. If, indeed, they have any proof.
That would be pointless because these people would be accused of being shills who would always sing praises of Apple. There's no easy way to handle giving away the proof and having an expectation that it would indeed help Apple. Depending on the material, there could be nuances that could be interpreted out of context…the context being the entire chain of events and internal and external communications that took place.
I think a major reason is still probably customer confidentiality. They've got to play it on the defensive.
I suspect it's because that would reveal what signals their abuse detection system is looking at, making it easier for malicious actors to bypass those checks. It's very common with these types of systems to keep the details secret.

Unfortunately, it does create a frustrating situation when you're on the other end of a complaint.

The actual proof might be subtle statistical analysis on customer data, or something else difficult to present.
Because they don't want to set a precedent of going before the developer public as a jury they need to satisfy. Seriously, if I were Apple reading threads like this, I'd solve the PR problem by fixing the issue with Kapelli--which it sounds like they're doing by unlinking the accounts.

I would strenuously avoid making the HN community feel more entitled than it already does to all the technical details so it can be endlessly armchair litigated.

This is a very weird definition of "proof".

A much more accurate headline might be "Apple responds to Dash controversy by insisting they were right all along and refusing to provide proof."

Edit: The tone of the entire article rubs me the wrong way; it reads like a press release that nobody could be bothered to re-write.

> The integrity of the App Store is as important to Apple as it is to consumers.

Citation needed? Plus it immediately follows an unsubstantiated claim that Apple has been ignoring evidence of review manipulation for two years, so even if we take the article at face value...that doesn't sound like they think it's important?

> This is part of the reason we trust Apple and the App Store.

That's the most circular argument. "We trust Apple because they claim they're trustworthy!"

It seems like Apple was very reluctant to remove the account given the Dash is the sort of app they want people to make.

So I am not surprised they gave a lot of leeway to the developer.

Unfortunately The Loop isn't much of a news site, more of a controlled Apple leak blog. Dalrymple has gotten to the point of being a complete Apple shill.

Edit: Compare the tone of the Loop article to Daring Fireballs:

http://daringfireball.net/2016/10/apple_dash_controversy

Gruber takes a much more unbiased approach, supported well. The Loop article reads like a statement from the Principal read by your teacher.

I'd like to think we can keep personal attacks like this off of HN without some sort of substantiation.
How is this a personal attack? It simply acknowledges that both of these websites are written by individuals. Would the substance of the comment be different had he simply used the website's names?
Calling someone a shill is a personal attack.
What is the appropriate phrasing, then? "This website is a surrogate for apple that posts their press releases without analysis?" I just don't see what the practical difference is: we're all adults, we know the point that's trying to be made.
Translation: he likes Apple products and is open about it, whereas I don't.
I love apple products, have for 31 years but the guy is pretty biased towards Apple. He writes some interesting stuff but this article for instance is basically just repeating back whatever their PR flack said.
And what if he believes it?

I have little reason to doubt that Dash really posted lots of fake reviews. It's not like Apple goes and accuses people of that all the time...

> And what if he believes it?

So what if he does? I believe it. That doesn't mean that Apple has provided any actual proof, and only a blinkered shill would claim they had.

I have yet to work for a company where posting fake reviews on our applications wasn't the norm. Most users (myself included) can't be bothered to write a brand new review every time an app updates.
And I've yet to not give up a product if I spot fake reviews -- and it's not that hard either...
I seem to remember him slamming Apple Music for weeks on end. Is that how paid shills behave nowadays?
(comment deleted)
Nope, I'm a huge Apple guy, just don't care for The Loop at all.
(comment deleted)
And here's Kapeli's explanation of what happened:

https://blog.kapeli.com/dash-and-apple-my-side-of-the-story

!!! it includes a recording of a phone call with Apple !!!

Edit: After listening to the first 2 minutes of the call, i can say with absolute confidence that Apple is straight-up blackmailing him. I would love to hear opinions on whether this is something that could be taken to court.

Here's the HN submission of the link: https://news.ycombinator.com/item?id=12680597

wiretapping apple? yeah, good move.
Call recording != wire tapping. Not that Apple will take kindly to it either way...
Call recording is not illegal in every state.
I believe it is in California without their permission, not 100% sure.
I'd be willing to bet that Apple's call start with a statement that they are recording the call, that means you can record the call to because they know it's being recorded.
When a call starts with "this call may be recorded for quality assurance", I always say "thank you" to express my gratitude for them granting me explicit permission to record it.
"two-party consent" laws have been adopted in California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Montana, New Hampshire, Pennsylvania and Washington.
Listening to the recording it seems that they do want to get the account reinstated but want Kapeli to release a statement on why the account was deactivated.

Which after reading the post and listening to the recording on why Apple hit the account it seems fair after all this has gone public. (Kapeli set up an account for a relative using his CC, gave them some of his old hardware and it's that account that was caught in the review fraud. So in Apples system the two accounts were linked so when they nuked one account, the other went along with it.)

A Blog posting from Kapeli explaining the cause of the account ban and that he has worked with Apple to unlink the two accounts and resolve the situation.

> What Apple has done: on Friday they told me they’d reactivate my account if I’d make a blog post admitting some wrongdoing.

I didn't get from the call that he would have to admit and wrong doing, just explain what had happened and he got hit in the crossfire. Heck if I was in his boat I would end the blog post with "I would like to thank Apple and Phil for working with me to get this sorted and thanks to the community at large for helping to get this resolved." Not that they asked for a thank you but because I can see it from Apple's POV from Kapeli's recent Blog post.

It doesn't matter what he has to admit or not. The issue lies in this sentence:

> What Apple has done: on Friday they told me they’d reactivate my account if I’d make a blog post admitting some wrongdoing.

The "if" is the problem here. Had Apple said "we'll reinstate your account AND please make a blog post stating xyz" everything would be fine. Making it conditional on the post despite being their mistake is just reprehensible.

It wasn't their mistake, it was his mistake. You can't just register an account, then hand it off to someone else and not be at least partially responsible for what happens through that account.

If Apple didn't want to avoid the bad PR, they could just terminate their business relationship permanently, and they'd be in the right, even morally, since it was Kapeli who violated the trust.

As i told you on your other post: He didn't register it. He only paid for the initial fee and donated hardware.
It's unclear whether he registered it himself, but it doesn't matter, since according to the terms of service:

"You can choose from the payment methods presented during your membership purchase. If you are paying by credit card and enrolling as an individual, you must use your own credit card to complete your purchase. If you do not, your enrollment will be delayed and you will be asked for a copy of your government-issued photo identification."

https://developer.apple.com/support/purchase-activation/

That only says "if you use another's card we also want your photo id". It does not say "the card's holder will be responsible for your actions".
It says if you do not pay by credit card, we want your photo ID, or at least it's ambiguous.

Again, it's unclear under whose name the account really was registered, but if he went through the trouble of sending in photo ID, Kapeli would probably mention that as to further exonerate him of any mistakes.

They're be asking for photo id of the actual account holder, i.e. the relative, in lieu of id via CC account. And given that Apple was willing to reinstate his account, Kapeli is already exonerated.
Apple was willing to reinstate the account only under the condition that Kapeli admits there was a mistake on his part, so clearly that doesn't exonerate him from having signed up for an account for a third party under his identity. This is Apple's position and I would expect they have designed their terms so that this position holds up.
At least he did not use the same name. The two accounts use different names, otherwise apple would mention it because it's a huge evidence that the accounts are linked :)
At least he did not use the same name. The two accounts use different names, otherwise apple would mention it because it's a huge evidence that the accounts are linked :)
After listening to the entire thing, I can say that Kapeli sounds like a complete ignoramus.

He has registered an account using his credentials, the account was involved in fraudulent activity, that makes him responsible, as an individual. Why is Apple supposed to even care that he doesn't control the other account anymore? He's supposed to control the account, according to the terms of service he agreed to. If he doesn't control it and he doesn't want to be responsible, he has to close it.

Apple is giving him the opportunity to get back to having a business relationship, but he doesn't understand the problem. Apparently, neither do many of the other users on here. Apple has every right to terminate their business relationship,so how is it blackmail? It's more like a plea bargain...

Please read and listen again. He did not register the account, nor use his credentials (if he had, apple's contact attempts would've reached him). He only paid for it, and donated hardware.
The bank account used is credentials and Apple considers both accounts to belong to (quote) "the same legal entity" based on that fact. This is the way Apple conducts business.
It is indeed the way they do, but you are saying he should've known that, when he had in fact no way of knowing.
It is certainly knowable that the identity on the credit card is part of the verification process and that it must match his own. If the name he entered wasn't his own, the verification would likely have been denied: https://discussions.apple.com/thread/6238222?tstart=0

That's why I'm suspicious as to which name he actually entered.

In the U.S., you can add authorized users to your credit cards, and they typically send you new cards that just have a different name, but for which the rest of the information is identical (same number, same CVV code, same expiration).

At least this was the case with the cards issued for authorized users I added to my Citi Double credit card account.

So you could have a single card number with multiple valid names/users.

No, The name of the account and the credit card holder can be different.You just need to provide government ID and your memebershit will be delayed: https://developer.apple.com/support/purchase-activation/

In this case, it seems the two accounts used different names otherwise they would mentioned it already because it's huge evidence that the accounts are linked.

I think I'm much less invested in this than you two but I can say that it would strike me as very unusual to pay for someone else's account with Apple.

For example, Mithaldu, if an anonymous outsourcing party rendered you a service, than rather than wire them money or pay via paypal, would you be okay with paying for an apple account with them, with no further relationship, and you don't even know who they are? Probably not.

I think we can all agree that yes, he "should have" thought about this implication of trust.

It doesn't strike me as unusual. I've paid for tools and training for relatives and friends. A membership seems no more unusual.

[edit: given the down votes, I guess the HN crowd has rich friends or doesn't do mentoring. Sometimes the people you sponsor don't get it right]

Not sure why people are downvoting - they should be commenting if they disagree!

A developer account + some old test devices sounds like a great birthday or christmas present!

You write "for relatives and friends", implying a measure of trust. You don't write "for strangers I didn't know." Would you have?
From his response "helped a relative get started by paying for her Apple’s Developer Program Membership using my credit card. I also handed her test hard"

It was a relative, so I don't get your question's relevance to the situation.

sorry, I missed that part. I straight-up don't believe that their relative engaged in fraudulent activity related to Dash (such as leaving negative reviews of competitors) by complete coincidence and at arm's length. I didn't read all the information carefully though.
> I straight-up don't believe that their relative engaged in fraudulent activity related to Dash (such as leaving negative reviews of competitors) by complete coincidence and at arm's length

You might want to read the rest, the relative was boosting their own apps. Dash was not part of scenario just affected by the end result.

You missed the other discussion which mentions he's Romanian, and very few Romanians have their own banking services, and in fact share banking services among family members.
"This is the way Apple conducts business" is not a justification for conducting business that way.

Kapeli is in Romania where credit card ownership is less common, and the "legal entity link" we're talking about is just a nominal $99/fee and some older devices. Moreover, Apple is admitting they they see them as distinct accounts, only notified one of them, and completely ignored the fact that Kapeli's side of the linked accounts had high credibility.

It sounds like Apple is desperately trying to justify the not-very-smart algorithm of an automated "booter" program rather than giving Kapeli the respect and due diligence that he deserves as a top developer.

No. You can use a different bank account to get paid and use a different name for your developer account from credit card used. You can even use a prepaid credit card(But you have to provide ID). In this case, it's clear that the account names were different. Also it seems the bank accounts to get payment from apple were different(Otherwise they would mention it). And the only links were the credit card and some devices(only apple and the developer know how many devices and in some extent)
Last time I bought a dev account to the App Store I had to pay with a credit card in my name. My employer was willing to pay for it and would have preferred to pay on the company credit card but the App Store explicitly didn't allow 3rd party payment.

This was made abundantly clear when I signed up.

According to this, it's fine to use another person's CC as long as you provide govt id such that they can tie your account to a real person (and not the CC).

https://developer.apple.com/support/purchase-activation/

That's your interpretation of an ambiguous sentence. If your interpretation was correct, shouldn't the person you replied to have been informed of that possibility?
Completely, 100% agree with galacticpony. This whole story sounds suspect and I'm falling square on Apple's side here. Kapeli set up a relative with a developer account AND that relative was involved in fraudulent activity that benefits Kapeli and/or damages his competitors? Either Kapeli is lying and did set up his relative to help him out with fraudulent reviews, or he was so negligible so as to risk damage to his status with Apple by hooking up an untrustworthy relative and then felt like he had every right to act indignant when Apple called him out on it AND gave him a chance to make it right?

Sorry, not buying it.

This may be hard to relate to from a First World context, but Kapeli lives in Romania where only 27% of the population owns bank accounts yet alone credit cards.[1] In many parts of the world, financial products are shared by families, even extended families.

This does not completely absolve Kapeli, but the bigger problem here is that Kapeli is (was) a top developer on Apple's platform and had oodles of credibility. He deserved a better investigation than Apple gave him, and to at least have his own ("linked") account notified of the problem before getting banned.

[1] http://ec.europa.eu/public_opinion/archives/ebs/ebs_373_en.p...

No excuse, sorry, especially since it's not at all clear that he's not lying. I'm not saying he is but it can't be ruled out. Even giving him the benefit of the doubt, if it's true that he did innocently help out a relative and had absolutely no idea what that person was up to, then why not show some contrition and just get the problem resolved?

If I bring my cousin with me to a party at a friend's house and he trashes the place and gets into fights, you can sure bet I'm going to be apologizing like heck to the host, cleaning the place up, and trying to make things right. Would all people do that? Maybe not ... but don't go complaining that the host never invited you back if you didn't.

(comment deleted)
You can get a tool to extract a license key on the dev's website.
Why didn't they contact his "primary" account via its registered email address? They shut down two accounts but only contacted the first. The analogy would be better as I'm invited to a party and I bring my cousin. I leave after an hour. My cousin causes a bunch of damage to the host's place after I leave. Then two years later the host comes to my place of business and burns it to the ground and says I should've listened to the demands they made to my cousin over the last two years.
That is a bad analogy. This is case of mistaken identity, not a bad referral. Ask yourself, why are not giving this respected developer the benefit of the doubt?

A better analogy would be: You loaned your underage friend your ID 4 years ago and forgot about it. They proceeded to behave badly at a bar over a period of years without your knowledge. Then the bar owner confuses your identity based solely on that ID, despite your picture looking nothing like them and you being a well known and respected regular, and bans you without notice. Then they admit it wasn't you that trashed the place, but won't let you in until you state that the bar made no mistake in confusing you for that person.

This is also a bad analogy. The other account who is supposedly outside of the control of Kapeli, is involved in thousands of fraudulent ratings manipulations of Kapeli's apps. How likely is it that if the account were so totally out of Kapeli that this cousin would waste their time doing this? It's highly unlikely.
Not Kapeli's apps. There is no indication that there were fraudulent reviews of Dash, nor would it even make sense for there to be since it's so popular. Kapeli's own account was only used for Dash.
(comment deleted)
> He has registered an account using his credentials

Where are you getting that? In his blog posts, he only mentioned the common thing between the accounts were his credit card and old test devices he handed off - how do those qualify as "his credentials"? He explicitly mentioned he wasn't aware that his account and his alleged relatives account were linked until after his account was blocked.

You are right - he doesn't understand the problem - and neither do I. With the information that I have so far, it seems that Apple has set the bar for guilt too low, and the whole process is extremely opaque.

Apple is so childish. It's just a single developer against a whole company. Is it so hard for a company to just bury what happened and move on?
Has there ever been a period during which Apple didn't behave childishly? Its practically in their DNA. All the way from cheating a co-founder out of payment for a contract to "I will spend every last penny apple has in the bank and start a 'thermonuclear war' to destroy android" (condensed from a couple quotes for clarity).
Why the downvotes?

OK.

Apple is awesome and behaving like a proper adult. They are rightfully flexing their muscles and making sure that everyone knows that they are in the right! I wish every corporation would make it as part of their vision to set the record straight against indie developers. World is such a better place thanks to this controversy.

It sure sounds like Schiller's team screwed up here and should reinstate his account forthwith.

In short, Kapeli helped a relative open an account years ago but has otherwise been unassociated with that account. He technically shouldn't have used his credit card to help his relative, but this is Romania and it's just a nominal $99 fee, so he probably didn't think much of it. Apple's stance is they now look at them as "linked" accounts due to the use of his credit card and old devices, so they were justified in shutting down his account for fraudulent activity on the other one.

Problem is Apple never contacted Kapeli's account before shutting both of them down. They didn't do any extra due diligence for a top developer. Their notices only went to the other account, apparently, and Kapeli never had a chance to see them. He just woke up one day and his account was banned.

Now, that's just dumb. If the accounts are linked, why not notify both accounts?

Kapeli's an extremely well-respected app and has oodles of credibility. That alone should have triggered a deeper investigation before shutting him down. That fact that they know what happened here and still refuse to reinstate the account is shameful.

> "In short, Kapeli helped a relative open an account years ago but has otherwise been unassociated with that account."

That's what Kapeli claims. How exactly do you know that the above is true? As opposed to, you know, himself creating two accounts.

Logic. Apple called him and conceded that the reason they thought they were the same "entity" is simply because both used the same credit card number. If Kapeli wanted to be deceptive and create another account to commit a bunch of fraud on that appeared unassociated with him, he'd use another credit card, bundle ID, etc.
Of course, because no one committing fraud ever makes mistakes.

I have no idea if Popescu was really involved in the fraudulent activity or not. But dismissing it as too dumb to be possible is no better than dismissing the possibility of Apple making a detection mistake as too dumb to be possible.

I didn't say it was dumb to think it "possible" for him to be the culprit. I said it was dumb to shut down a top developer account without warning.
I'm referring to your claim that he would have used a different credit card and ID as if this is obviously true. It's neither true nor obvious since he didn't realize by his own admission that the accounts were linked.
Even that doesn't make much sense. It is obvious that Apple would know that the accounts are linked.
You're misunderstanding the entire point of my comment. I was specifically addressing the assertion that Popescu would have used a different card for the other account if he were trying to commit fraud: "If Kapeli wanted to be deceptive and create another account to commit a bunch of fraud on that appeared unassociated with him, he'd use another credit card, bundle ID, etc."

This claim is untrue. Per Popescu's blog, he didn't know using the same bank/CC info would link the accounts. So no, he likely wouldn't have used a different card. So the implication that because he didn't use a different card, he therefore wasn't trying to commit fraud is invalid.

The reference to Apple being dumb was merely for comparison.

I get what you're saying, but it still doesn't make sense. It is obvious that providing bank information will tie your identity to both accounts. That is utterly obvious. Ergo, by "linking" what he is referring to is being personally responsible for the behavior of the other person, even though they have a different name etc., not that Apple would be unable to see the common bank info.
> It is obvious that providing bank information will tie your identity to both accounts. That is utterly obvious.

It's clearly not obvious to Popescu per his own statement on the matter. Asserting repeatedly that it's obvious doesn't make it so.

> Ergo, by "linking" what he is referring to is being personally responsible for the behavior of the other person

This is a distinction without a difference. "Linking" the accounts is pointless unless it creates a meaningful relationship between them. The only reason to link accounts is to establish that they be somehow treated as a unit.

You are claiming that Popescu does not understand that handing his credit card info over to Apple for the other account, amongst other things, would reveal to Apple that he has a connection with it. That is an absurd claim.

Your evidence is his statement, which refers to a more specific technical use of the term "linking", namely responsibility for fraud as a combined "legal entity", the phrase that is used in the cited phone call. I will let the downvotes on your comment speak for themselves here.

I'm making the much more charitable claim that he didn't realize Apple would track the connection between the accounts. This is in line with both his actions and his statements. Your continued attempts to force your specific narrow interpretation onto his statement is absurd.

Your appeal to downvotes as some form of proof that your interpretation is correct is also absurd, partly because downvotes don't mean that much in general, but mostly because I have exactly one in total. So as with the rest of the thread your self-satisfaction seems rather unjustified.

(comment deleted)
You know it's bad when Gruber's blog is being held up as a less biased alternative. He's been so soft on them lately on anything except the Watch, even then he's been pretty soft.
App Store fraud cannot be tolerated.

Really? The integrity of user feedback data, inside a tool for loading software onto a toy (that functions as a tool just often enough for users to convince themselves it's not a toy) is that sacrosanct? What is that data used for? Surely something more important to the world than helping people get find their next fix fastest?

Seems kinda myopic on a grand scale. Has Apple has never done anything cheeky to help their business get ahead? They have a $1.8mm manipulation budget. But they know which toes not to step on, and which toes nobody will hear a scream from. So my use of "manipulation" instead of "marketing" sounds childish.

What if the fake reviews were paid for by a competitor, so they would get banned?
What if Apple just happened to be smart enough to think of the most obvious, very first question that would need to be asked in this situation?
People do this thing with research papers ("the researchers were stupid and didn't think of <insert obvious thing here>") -- so they wouldn't think twice (pun intended) about doing it with a new story.
That would be wonderful. Do you have any evidence that this is the case?

I mean, we are talking about the same company that just a few years back subjected all iPhone developers to such a strict NDA that they were technically not allowed to discuss a WWDC panel they were watching with the person sitting next to them.

What question is that? I'm apparently not smart enough to come up with a question that would enable me to distinguish between reviews from agents paid by competitors versus those paid by the original developer.

Edit: Seriously, what question can I ask? This sounds like a fun brainteaser, like the one where half of the people on an island are liars and half are truth-tellers, and the explorer has to figure out which fork in the road leads to the village. If there's an answer, I'd genuinely like to hear it. Downvoting me is just a way to shrug your shoulders and admit your bluff has been called.

So there's an incentive to write fraudulent, positive reviews for your competitors apps. Noted.
No, you have to have an account that your competitor opened with their own credit card and gave to you, and then you publish an app for that account and buy fraudulent reviews for it.

The account that the fraud happened on, and all the other accounts that appear 'linked' will be closed.

The issue was with the account he gave to his relative, which Apple probably assumed was his account because it used the same credit card and test devices registered to both accounts.

"No, you have to have an account that your competitor opened with their own credit card and gave to you, and then you publish an app for that account and buy fraudulent reviews for it."

implying that this is the only way Apple would consider fraudulent positive reviews to be developer's fault? Unlikely.

Didn't the dash author say that it was inexplicably removed with no warning. Now this press release says otherwise...

For people saying this was already in top of app store, well, there was rating manipulation. That's why it was on the top (?)

So if you want to get your competitor banned from the App store, just post lots of spammy positive reviews for their product? How would you defend your app against such an attack?
While I don't know how their rating system or detection works, I imagine it would be harder than just posting spammy positive reviews. They would have to have solid evidence that you're doing it to your own app, or paying someone to do it on your behalf.
I hope that's the case... It would make sense, since this doesn't appear to be an action Apple has taken on a regular basis.
Genuinely curious: what are some heuristics that could be used to distinguish between fraudulent reviews paid for by the developer and those paid for by a malicious third party?

Maybe I'm missing something, but it seems practically impossible to distinguish between the two unless there was a royal screw up somewhere along the line.

Using freebie promo codes given by the developer
I would recommend responding to Apple when they attempt to contact you. It appears that this developer did not do that.
It also sounds like he didn't get those attempts. It's easy to assume good faith on the part of both parties here.
That was my first thought as well... Even if in this case it was actually Dash putting up fake reviews, this seems like a slightly dangerous precedent to set.

It would be a big risk, but one could potentially buy 'false flag' reviews - throw some negative reviews on your own product, and positive reviews on your biggest competitor - It would hurt yourself in the short-term, but could pay off if you can get the competitor banned. Again, super risky, probably stupid strategy... But with the state of the 'app' market, I wouldn't be surprised if people would try it.

(comment deleted)
It works on Google Play lol. Apple's iTunes accounts on iOS devices are actually pretty cumbersome to use and change quickly.

You just go on fiverr.com and pay someone in Indonesia $5 for the hit.

I think apple is pretty savvy to this sort of attack. They only banned him after there were thousands of fake reviews (supporting his app, and harming others) AND an account that was tied to his (same device ids and credit card) was involved.

I think apple acted pretty responsibly here.

So if I want to remove a competing app from the app store, all I have to do is buy them a bunch of fake reviews and Apple will ban them?
Yes, but apparently you'll have to wait two years for Apple to do anything
No. There is no evidence for this.

You're assuming that Apple has no process to distinguish between intentional fraudulent reviews coming from the developer in question, and random fraudulent reviews from others. But that assumption is not supported by any facts.

There is no evidence it isn't this either. Detecting fake reviews is easy, detecting the source (probably a click farm) is probably pretty easy too but getting to the bottom of who hired the click farm would be extremely difficult. You'd probably need assistance from law enforcement or a court, probably in a developing country, to get that information from the click farm operators.

I would think its pretty easy to hire a click farm to blatantly post fake reviews to the app store. The worse the click farm is at covering their tracks the better if you're trying to get a competitor banned by Apple.

Dash was a popular app among developers who use Apple products I doubt the fake reviews would be needed. I wouldn't be surprised at all if this was caused by a third party.

Without some direct information from Apple, it's perfectly valid to wonder if they were manipulated in some way. There aren't any facts available to us that point in one direction or the other.
Reviews require purchase, though. So for paid apps, it's much harder to do as a third party because you'll pay full price, whereas the developer gets back 70% of what they pay.

Although I have no idea how you'd create dozens of accounts with independent payment methods without it becoming suspicious. I guess you can use gift cards anonymously but that's almost certain to trigger even the most basic anomaly detection.

> Almost 1,000 fraudulent reviews were detected across two accounts and 25 apps for this developer so we removed their apps and accounts from the App Store

Sounds damning. Was this a paid app? How many downloads did it have?

I'm willing to give Apple the benefit of the doubt here, because they are unlikely to release information as specific as this to the press unless it's been checked and vetted, even if they don't release the proof to the public. And without the proof, it's really their word against the developer's. Does Apple have a bad reputation when it comes to this kind of thing? If not, why are people so strongly on the developer's side?
The root problem in this controversy, in my opinion, is that iOS offers no other way to install third party applications outside the appstore for the general public. If a blackmailing attacker hits your app with fraudulent reviews on purpose you have nowhere to go with your app. If you could at least host the .ipa for installation on your own web page, such tactics wouldn't necessarily turn into a death sentence, just a loss of access to an effective sales channel (the app store)
Platforms that dont support side loading need to be held to a higher standard than those that dont.
this is a new attack vector that will definitely start getting used against competitors.
This may sound stupid, and I am not by any means saying this is what happened here, but would it be possible for someone to maliciously buy fake reviews for a competitor app? What would happen in this scenario?
Where does Apple respond? Or is this blog maintained by Apple?
(comment deleted)
I get the feeling the bigger problem for Apple is the number of developers who really don't believe them.
I'm not familiar with this site, so this might be ignorant, but it seems strange. Bad copy on a wordpress site. At first is looks pretty official, but none of the "according to Apple" or "Apparently" quotes are cited or linked. Did Apple release a statement or press release about this? At the end it just says "it seems to me...". Who is this guy? Do we have a better source for this news?
This is Jim Dalrymple's site (I might have the spelling wrong). He is well-known among Apple bloggers to be well connected to Apple people. I've seen sites like MacRumors use a "Yep." confirmation from Dalrymple as evidence of a rumor, so I guess folks have some reason to believe he's connected.
Having dealt with nefarious characters in a pretty active community that was quick to defend their own members (even when they were being very naughty) I'll give my guess as to what's happened, basically assuming good faith in Apple, mainly to counter a lot of the questions here around "what if a competitor bought these..."

In cases where Apple is this certain (or seemingly certain) they usually have a smoking gun. That is, they have some kind of heuristic or action/event that is unquestionably tied to the developer. Perhaps a bunch of the positive reviews came from installs that used a developer freebie code, something only the developer could give out.

Also, smoking guns, when you're dealing with fraud and systems that people can manipulate, are the kind of thing you don't share with others.

I expect that Apple has seen _a lot_ of competitors trying to screw over other apps, and they would have exhausted that possibility before banning a popular app.

I think the difficult part is correctly attributing the behavior to the correct party.

My knee jerk reaction to this article, is that if I were nefarious and I wanted to get a competitor off the appstore, than I would game the review system on their behalf. I didn't look at it too closely, but I think part of it they said was also creating negative reviews for competitors.

Like you said, it depends on the smoking gun or the strength of evidence, but without knowing what criteria Apple uses I think it's difficult to say how prudent they might be.

I of course have no indication that another party is involved in this case, I just imagine that it could, along with any number of other scenarios. Without knowing what evidence or criteria apple uses to make this determination, it's impossible to say as an external observer.

Yep. I look at it this way: Apple has a team, or teams, dedicated to detecting and stopping fraudulent behavior. People on these teams are very smart and are likely using very sophisticated methods for detecting fraudulent behavior and attributing it, and they are very sensitive to false positives.

It's likely better to take no action than to take action, so when you take action, it is only when there is a very strong positive signal.

Again, I'm making assumptions because this is how the work I did went. There are a lot of things that can be done before dropping an app from the store entirely, and Apple is incentivized to keep the apps in the store – they get paid when people buy them, so removing them is a last straw.

I know of one very large company that paid for downloads and 5 star reviews for years; I doubt Apple would ever do more than ask pretty please. Given how far their rating has fallen recently they might have been asked to stop. But that's a long way from punishment.
So, now we have a "He Said; She Said" situation. Who do we trust? Apple? They've made mistakes before, and need to protect their integrity. The Dash developer? It's in his best interests to paint himself in the best light.

What's worse, by coming out, the Dash developer has forced Apple into a defensive position, ensuring that Dash will never appear on iOS again. Dash has now lost revenue and exposure opportunities, and Apple's consumers are reminded once again that they don't have the right to control their devices.

Both sides want to come out of this looking good, and right now neither side does.

And hence comes the recordings.

Dash developer caught up in an errant fraud check? Eh, it happens. At least this is Apple; were it Google, the developer would be right proper fucked (then again, his post made it to HN, so he might have gotten some special attention).

However, making that resolution conditional on the developer making Apple look good in a blog post? That feels pretty scummy here again to me.

The error seems innocent enough to me (though the party line of "we can't tell you why you were shut down" is the worst way to interact with your developers), but the conditional resolution is not making Apple look good.

so was he migrating his account from type to another in an attempt to disrupt the investigation? Perhaps as a means to break connections between accounts , apps, and such?
So, in order to punish the developer of an app Apple takes an action that significantly hurts the users of that app.
I know this doesn't treat the totality of what you're saying but in the past (and I assume it to be the case here) if you paid for the app on the app store it'll be available for download even if it's delisted. This was the case with the game Edge when they got targeted by a trademark troll for their name.
I believe the app stays available in the Purchases section like you said if the developer "unpublishes" the app, but not if the account or app is "terminated" by Apple.

In addition to Dash (which I'm not able to locate in my Purchases tab), I've noticed this to be the case with apps that violate Apple's rules, like those hidden proxies or emulators that have sprung up over the years and were later removed by Apple.

The Dash developer posted his side of the story including a recorded call with Apple: https://blog.kapeli.com/dash-and-apple-my-side-of-the-story
What I've done: 3-4 years ago I helped a relative get started by paying for her Apple's Developer Program Membership using my credit card. I also handded her test hardware that I no longer needed. From then on those accounts were linked in the eyes of Apple. Once that account was involved with review manipulation, my account was closed.

I was not aware my account was linked to another until Apple contacted me Friday, 2 days after closing my account. I was never notified of any kind of wrongdoing before my account was terminated.

(comment deleted)
Can anyone who bought Dash confirm or deny that you can still access it from the "purchased" tab in the app store? This used to be the behavior for paid apps that were delisted† and I assume it still is.

† I remember it happening for the game Edge when it was taken down due to trademark trolling. It was later reinstated.