Ask HN: Apple revoked developer account for 2.5 years and counting
long version:
4.5 years ago I launched Truple (https://news.ycombinator.com/item?id=14113636), a bootstrapped parental control / accountability app. Truple is used by parents to gain insight into how their children use the internet, but also by adults who struggle with online habits they'd like to change (porn being chief among them). The screenshot based approach Truple offers proves to work much better than other solutions. It's the only solution that allows you to use social media, but still have accountability for what you're viewing through social media. For example, if you have access to Twitter, you have access to porn. You can't use twitter without having that access. Truple allows you to use twitter while still being held accountable for what you view on twitter. No other solution offers this, because they don't report what you're viewing within an app. Twitter is just an example, the same goes for all "innocent" apps (social media, streaming sites, etc) that contain concerning content.
2.5 years ago, I submitted an early version of a MacOS app for notarization. A couple of days later my Apple Developer account was "frozen" without any message or indication why. The signing certificates were just revoked. After a year or so, Apple said they found "potentially unwanted software" in my app and were investigating. I indicated that was unexpected (that's the only question they asked me). As background, to run the app you have to download and install it, login to your truple account, select what you want the monitoring settings to be, grant permissions, etc. It's a whole process. I point this out because the app didn't do anything malicious or against the device owners' will.
After nearly two years of waiting on Apple (I emailed regularly, they kept saying it was under review) Apple decided they wouldn't finish the investigation but that I needed to create a new developer account. I've since done so. I submitted a redesigned version of the app for notarization, and now, while my account isn't "frozen", notarization is rejected with the message: "Team is not yet configured for notarization." I submitted a "hello world" app using boilerplate code for notarization, and I get the same rejection. I now have another case open with Apple, and it's going nowhere it seems. I'm assuming Apple has flagged my second account due to the previous issue. I fear I'm stuck in a continual loop.
Truple was the first to offer screenshot based monitoring as a parental control / accountability app, but during the past 2.5 years, multimillion dollar competitors have been allowed by Apple to launch apps with similar functionality for Apple products. I have read and reread the Apple developer agreement. My app is in alignment with it... I've made sure since day one that a "reasonably suspicious" notification is present when the app is monitoring. Once enabled, the data captured is end-to-end encrypted and only made accessible to the account owner and their chosen recipients. I've expressed a willingness to make changes if need be, but Apple hasn't indicated I need to make any. They've just been silent.
What should I do? I've been extremely patient with Apple. But it's now been 2.5 years and it's gotten me nowhere. Apple seems unwilling to do anything for me but take my annual developer fee. I'm not famous an...
234 comments
[ 3.2 ms ] story [ 260 ms ] threadIf that's the problem you're running up against here, and not that you somehow embedded malware/adware into your app that they screen for, I think you might have trouble getting anywhere with this.
Could you elaborate on what your version of this reasonably suspicious notification compared to your competitors actually is?
It's convenient to think I've done something wrong here... but I've puzzled over this for 2.5 years, and if I have done something wrong, the least Apple could do is let me know so I can correct it.
Doesn't this seem kind of damning? Like you admit the recording dot is suspicious, so you remove it because why? Are you targeting anyone that isn't fully aware of what the truple notification means, maybe because they are a child or otherwise mentally compromised?
Again, if the red dot matters, I'll add it back.
This sure as hell reads to me like you’re trying to hide the fact that you’re recording vulnerable user’s screens from them.
The “trying” part isn’t the practical problem.
And if that was not your intent, you are not thinking through the obvious implications of your own software design.
Presumably, more will come.
Sure seems they don't like him to me.
AKA if someone can install the app is it possible to use it to monitor someone without their knowledge?
I think you're doing something the App Store simply doesn't want you to be doing, and it's hard to fault them for that.
That may be enough to generate enough interest for you to find some form of "no win no fee" legal representation on a matter which I admittedly have no clue about.
Good luck!
Thanks for the suggestion!
> Apple shall not be responsible for any costs, expenses, damages, losses or other liabilities You may incur as a result of Your Application development, use of the Apple Software, Apple Services (including this digital notary service), or Apple Certificates, tickets, or participation in the Program, including without limitation the fact that Apple performs security checks on Your Application.
https://developer.apple.com/support/downloads/terms/apple-de...
(I think it's just as likely that you're pattern-matching against stalker software that Apple screens for, just by dint of what your app does).
In case you didn't read the full description, Apple is allowing competitors to do the same thing.
I've gone over privacy concerns with lawyers though I appreciate your concern/suggestions.
I don't know how accurate the fine details are, but this story in its broad outlines seems very unfair and capricious.
If there was some little tweak that was super important to Apple, I'd hope they'd let me know about it instead of being silent though. I'm willing to adjust based on their feedback, but they say nothing.
Unfortunately, it won't happen because that would mean Apple need to ban MDM software from the App Store. Thousands of thousands of companies using MDM and it won't be a good move for Apple if they attempt to do so. Apple could do it, but they will lose profits, money talks louder than doing for the goodwill.
So don't buy/install it. But don't take away that choice from other people. I have a good married friend who uses parental control software on himself to reduce the temptation to look at porn. It basically just gives his wife access to his browsing history. Sure, he could bypass it a number of ways if he was really determined, but it's more about just raising the level of effort required so that impulsive usage is mitigated.
It's not that simple. You are purposefully bringing up an extremely rare use case to detract from the fact that 99% of users of this software are going to be abusive parents who install it on their children's phones without consent. (Or heck, maybe even abusive spouses.) If parents are that concerned, even banning their children from "innocent" apps like Twitter or computer/phone use altogether is better than this invasive 1984-like software.
Completely separately, though, it's also the case that OP is essentially building an Internet-connected backdoor into the system that will have been permitted to monitor cross-app activity. Even if data is E2E encrypted, that doesn't mean the software is immune from vulnerabilities that could then piggyback on the elevated permissions given to the app. And OP being a bootstrapped developer without the resources to have robust security practices is a liability here. Apple's response to treat this as a vulnerability is reasonable.
(As a side note, if OP wanted to distribute source code and unsigned binaries, macOS would allow an end user to run that software, and that's a perfectly reasonable caveat emptor for me. But Apple is under no obligation to digitally vouch for software that enables abusers and hackers.)
That's a curious phrasing. Are you implying a parent needs consent from their minor child to install something, anything they deem appropriate, on "their" phone?
What exactly is abusive about me wanting to know if my 6 year old is watching porn?
Are parents that signed up for Youtube Kids abusive, too? Is Google abusive for filtering the videos? And are all those who shared articles about how porn was showing up in YTKids abusive for letting parents know that their children might have been exposed to mature material?
Ethically, I agree with the UN Convention on the Rights of the Child[2], which states in Article 16:
>No child shall be subjected to arbitrary or unlawful interference with his or her privacy [...].
>The child has the right to the protection of the law against such interference or attacks.
[1] https://en.wikipedia.org/wiki/Arkangel_(Black_Mirror)
[2] https://www.ohchr.org/en/professionalinterest/pages/crc.aspx
But I, as the parent that is actually responsible for the child (and may face lawsuits if I don't) am not allowed to do any of that.
Got it.
You mean the choice to install malware on other people's devices? Why shouldn't it be taken away?
> The whole purpose of this software is to the reveal the private life of others. Why should people be able to install malware on other people's devices? People shouldn't be allowed to do it to other peoples devices. People should be allowed to install software on their down devices, for their kids or for their own use to help with online behaviors/addictions.
> I certainly wouldn't have tolerated that sort of behavior from my parents when I was a kid myself.
Kids will be kids. I would have been the same way. I learned to pick a lock on the computer desk as a kid in order to play computer games after I was supposed to be in bed. The issues is the negative impact of tech is only growing, and it's harder and harder for kids to come out unscathed.
I am thankful every day that I grew up very technical and I was able to hide being gay from my parents but find the resources I needed online.
If a phone is my only resource, this removes every ability for a child to find resources if they are curious about their sexuality.
Or worse, if their parents are abusive this removes the ability completely for the child to safely get help.
Not to mention people in abusive relationships who might be coerced into using this. Just because they're aware it's on their phone doesn't mean it isn't being used to control them.
I mean you should feel safe enough to come to your partner for help and voluntarily do something like this.
But generally I agree with what you are saying and it is very worrysome. Which is my entire issue with this app. Looking at the marketing it is not focused on the partner looking for help, it is giving praising reviews from the spouses and parents violating their "loved ones" (purposefully put in quotes if you deem something like this necessary) privacy.
At first I thought exactly this. This app is disclosing what it does, in the open. The product is very direct and clear what it does, and how it does it. One of the hallmarks of malware is that is is doing things without the user knowing, or in many cases wanting. The only way I would install this is if I wanted it to do exactly what it does.
> Do you have safeguards that can 100% rule out the use of your App as spyware ?
I'm not sure that this is really what is needed here. Any app with telemetry, especially screenshots could be used as spyware. In this case, the app is not hidden, is installed by the user, and it is very clear what it does. There's nothing clandestine or spy-ish about it. It is literally marketed saying this app will take and send screenshots to a person you pick.
> I don’t think you have considered the legal ramifications
This is probably where the biggest potential problems really are: truple is collecting evidence that likely would be used against users in court - be it civil court where it could be used to prove you were doing something bad at 10am (you were chatting instead of working) last week or criminal court where the screenshot might be used as direct evidence of a crime.
Competitors currently allowed by Apple don't offer end-to-end encryption. Most delete data eventually, but 15 days is the shortest retention I'm aware of.
Your perspective is objectively incorrect. Something cannot be "malware" if it is intentionally installed for a purpose beneficial to the installer, doesn't contain hidden anti-features, or doesn't make itself intentionally hard to uninstall (modulo the obvious cases where that's a feature, such as find-my-stolen-device tools, and this one).
> I think you should move on with your life.
This is useless and the opposite of helpful. If you don't have anything constructive to say on HN, perhaps you shouldn't say anything at all.
> I‘m sorry for You. I can see how you‘d think that your software is providing society a service.
...and this is downright condescending.
Your view is objectively incorrect. Something cannot be "malware" if it is intentionally installed for a purpose beneficial to the installer, doesn't contain hidden anti-features, or doesn't make itself intentionally hard to uninstall (modulo the obvious cases where that's a feature, such as find-my-stolen-device tools, and this one).
Ours was for regualtory compliance -- a legal obligation for cannabis businesses. REJECTED! And after a 6mo appeal/review process -- with moving goal-posts -- we were allowed back in. YAY.
And then they started getting into the application and making demands -- one was to use their payment systems -- which was BS, because our clients get into the App, and use it most of the time outside of Apple devices (ie: Desktop in Browser). So another round, 3mo later and they'd not force the payment issue.
And the next review required us to remove any details about pricing from our application -- not our app pricing -- but the pricing for the inventory under management. So, users, in-app, couldn't see the regulatory compliance data: price of product sold; in the APP. But we pushed through! and finally got published in the App Store!! Yay!
And one month later we had to renew our Apple Developer -- cause this whole thing took 11 months of back/forth with Apple.
Then we got clients using it (finally!) and the clients were all grumpy cause the features were gone. Then another two more years with us trying to Apple trying to improve our App.
An last year, we just bailed on the App Store and have given up.
What's super frustrating is since we initially tried our process (starting in 2016) -- other cannabis apps, with pricing and online ordering and all this stuff that we were NOT allowed to do are in the store.
As for Android -- Google is also Cannabis hostile but side-loading onto Android is a breeze (by comparison to iOS)
The censorship abilities these companies have is just too much. I don't like Trump but it really bothered me that Facebook and Twitter blocked him. If the block the US president how many smaller guys are being censored and you never will know?
Cannabis businesses are illegal to operate in the United States, where Apple resides. Possession and distribution of cannabis is a federal felony in all 50 states and US territories.
This is an issue with the United States, not with Apple.
The lack of side loading is an Apple issue, but if you are going to make that argument (and you should!) then the cannabis app rejection is a red herring.
I'm working on a mobile browser for PWAs https://apps.apple.com/ca/app/wapps-private-minimal-browser/...
Its just the people trying to provide a service to a crowd that still needs to be onboarded to Web3 who find the problems
Just cater to Web3 users, there are trillions of dollars of value already in the ecosystem which can be used for investment, revenue, goods and services
The people that want dollars are such a small portion at any given point in time, which is perfect
I’ve never thought “wish this was on the App Store”
Anyway, the "head of the household" should get out of 1920 and find out about talking to your family like a person and using standard parental controls as validation, not weird policing. If you make your home a battle, people will find the stuff they want elsewhere and not talk to you about it if they have questions.
This has always happened, be it with explicit software entitlement or just with "off limits" areas.
I suggest you find a business partner with better connections. You won't be able to force Apple to notarize your thing...
As an aside, shaming someone out of a impulsive habit may not be sustainable. I'd say that you're trying to cure a symptom rather than create room for self-reflection and encourage them to chase down the missing pieces and identify the root cause.
The MDM solutions all require enterprise developer accounts. I want to pursue one, but I hoped to get this resolved first.
(That being said: I'm not sure I would have approved an app like yours since it is designed to invade privacy)
You may like you and your young children being able to stream unlimited hardcore pornography to their iPads, but that doesn't mean other people have to like and allow it for themselves.
I don't think the biggest risk is really your hosting environment, but domain names. That's the one link in the chain that can really make life miserable if you were to lose your domain name. Which in effect is your identity. You can find replacement service providers for hosting. It may take you a bit of time to move things, but there isn't a lack of choice. It is harder to deal with losing a domain name that is essentially your brand.
However, I know several businesses whose product only runs on AWS and would need a ground-up rewrite to run anywhere else. Not to put too fine a point on it, but that is exceptionally poor risk management and if I were to find myself in this situation I'd have nobody else to blame but myself.
And this is transitive: if you are a customer of a product that is tied 100% to a single infrastructure provider and they are critical to your business, you must have a contingency plan in case they get into trouble.
While I wasn't so aware of the risk when I started, I've learned plenty about it over the past 4.5 years.
> frankly, you should not be surprised that something like this happened. Did you read the whole description? The surprising thing is the unfair (unequal) treatment, the silence on their part, and the long delay.
I took a look at your website https://truple.io and... there is very little mention of this being for parents. TBH looking at the website is... deeply concerning for anyone that would legitimately want to use this product. Especially on a spouse?!?
I am willing to bet part of the issue is the targeting for this app. The functionality is likely second, but they may have special rules when it comes to parental apps. But there is a very very fine line there that can be dangerous when it comes to surveillance.
Last... I find your focus on "online filth" insulting.
Search for "accountability software", and you'll find apps advertised in a very similar manner that have had no issues with Apple, with absolutely no mentioning of parental controls.
> I took a look at your website https://truple.io and... there is very little mention of this being for parents. TBH looking at the website is... deeply concerning for anyone that would legitimately want to use this product. Especially on a spouse?!?
It's used voluntarily by the device owner. It's not used "on" anyone. The whole point of this is to provide accountability. Including a comment from below I'd hoped would get pinned: "Some may not agree with the use of parental control/accountability software. That's fine. Truple is not designed for you. There are tons of people who are negatively impacted by technology and they desperately need/want help. They should have the option to get it, and there should be competition in the space to deliver the best product for them. In today's world, using the internet is a part of life, and isn't something you can reasonably go without. Truple was built to help people learn to use technology responsibly with the help of their loved ones."
> Last... I find your focus on "online filth" insulting.
Online filth was intended to generalize the concerns, not focus them.
If you want direct links, send me an email (you can find it in my profile).
I'm interested in the detective project of figuring out what red lines your app may have crossed, just because it's interesting. But cards on the table: none of these apps should be allowed on the app store. Maybe Apple just hasn't gotten around to shutting down "Covenant Eye" yet.
For the “premium” level with all the controls (which frankly is the service level any responsible parent will want), you have to back each kid’s phone up to iTunes on your (parent) laptop, then erase and reinstall each one with a new OurPact-controlled OS.
I'm starting to see a pattern here.
The backup is taken at install time and it's perfectly reasonable to do so. The backup is stored local on your computer using the standard backup mechanisms, it's not uploaded to the cloud.
The installation process is actually opting the device into an enterprise management profile, not a custom OS. That custom OS blurb sounds like some goofy marketing speak or misunderstanding how this process works. The management profile allows OurPact to manage the device on your behalf using the same APIs any enterprise device management vendor would use.
Once the device is opted into the management profile, it's quite obvious it's under control and you have a lot of options including setting time limits on app, enabling various child protection features, preventing apps from being deleted, and most importantly choosing what apps are available and creating schedules for the device (i.e. disabling games during school hours/night).
Nothing about this process hides the fact that the device is managed. There is an OurPact Jr app that can be installed which gives the owner visibility into the schedule. I highly recommend reading the reviews by upset children for the OurPact Jr app on the app store. They are hilarious.
Anyway, my point is as a parent with a tech background and 3 children, OurPact has been a very useful and positive addition to our home life. They've been a good steward. They are limited in what they can do by Apple, but what they have done they have been very transparent and communicative.
You might think you're doing something positive here - but all you're doing is ensuring that your kids will forever treat you as an adversary. Don't be surprised when they leave home after high school and never speak to you again.
What happens if one's kid's are gay? Or interested in myriad other topics? Should a parent have 100% visibility and supervision over such things?
But... they need to have their limits. A parent should not know every single thing going on with their child. Especially as their child is figuring out their own identity and later transitioning into adulthood.
I know there was once (yay landlines) that I caught my parents listening in on a call I was on... It broke my trust with them completely. I no longer felt safety from my own parents, to be honest it made me feel like a hostage in my young brain. From then on I did everything in my power to hide things further from them (and being very technical this was not hard).
You need your child to feel comfortable enough to come to you when they need something, not for you to come to them because you saw something that should have been private.
Basic child blocks? Thats fine up to a certain age
Time limits? Of course, that is your prerogative.
But knowing every single thing that is done on what should be a very personal device... that is problematic.
... why are you trying to sell this app via the Mac App Store in the first place?
Should I, or should I not be forbidden from filtering the internet for myself? Meanwhile, the content I see is filtered by FB, Twitter, etc. Why should their desires rule mine on my device?
Should I, or should I not be forbidden from seeking help accomplishing my own goals for online use, in particular accountability for giving up various addictions? Meanwhile, FB and Twitter are allowed to know what I view, but I'm not allowed to let anybody else know what I view. Why should they be able to hold me accountable, while I'm not allowed to seek accountability from anybody else?
But this is totally besides the point. We're not discussing what Apple's rules ought to be. We're trying to help figure out what they are. That's what the author of this app asked us to do.
I'm hoping you've simply not really thought this through. We can't demand that parents be held accountable for what their children do while also forbidding parents from knowing what their children are reading, watching, writing, hearing, or saying.
There's no reason that knowledge has to be garnered surreptitiously. (If your answer is "if it's not surreptitious, then kids will try to bypass it" … well, they will anyway.)
The comment (https://news.ycombinator.com/item?id=29571643) to which you were responding (https://news.ycombinator.com/item?id=29571750) says:
> You're asking me? Ok: it should not be possible for you to install surreptitious screen recording software on an iPhone.
I agree with this 100%. It should not be possible on any platform. Key word there being surreptitious.
To clarify, your comments are about iOS apps. Look at their MacOS apps, and it's a different story. The capture the entire devices screen, not just the web browser. And several competitors do it.
So are you still sure I should never be allowed to run this code on my phone?
"Online filth" is in your website header, so your kinda focusing on them. I looked at the reviews and your most recent one continues to reinforce something about "filth" https://play.google.com/store/apps/details?id=com.camhart.ne...
As far as not being used "on" someone. Again you have reviews from Spouses and Parents which would imply they are being used "on" someone. Something I noticed the other apps focus on is individual accountability. I see almost no reference to spouses or parents there. Just having some you trust to be accountable too.
Your first line on google play says "Truple protects your loved ones against porn & other online filth. It holds your loved ones accountable in a way that's near impossible to bypass by capturing and sharing screenshots." How exactly is that not it being "used on anyone"?
Your marketing around this tells a story of surveillance trying to pass it off as some "good" where accountability is a secondary issue. While here you are focused on accountability.
And personally I have to wonder if Apple takes this into account when approving apps (which I assume they do)
Which one is it?
Edit: lol @ “flagged”
Buncha idiots. Answer my question instead.
If you want to make the choice to stop watching porn, that is fine. If you want to use software like this and you want to ask your spouse to help, that is fine.
But your marketing, your google play listing that I quoted it is not you making the choice. It is someone else "protecting" you and making the choice.
Quoting an exact quote from your google play listing. The very first sentence:
"Truple protects your loved ones against porn & other online filth. It holds your loved ones accountable in a way that's near impossible to bypass by capturing and sharing screenshots."
"Truple holds YOU accountable in a way that's near impossible to bypass by capturing and sharing screenshots."
But at this time, there is one story of what this app does here (hacker news) and a completely different story from what is being told on the website and marketing.
The other apps that they are saying had no issues with approval, follow the story that is being told here.
I don't think it changes the problematic nature of the app. But they are claiming to be the same as the other app but there is a dramatic difference in how the capabilities of the app is communicated to Apple and users.
It's not two stories... I include customer reviews on my landing page that show spouses, individuals, and parents feedback because all benefit from it.
The Google Play app description is adjusted to be more in alignment with Google Play Developer Agreement policies.
To clarify, keeping Google, Apple, and everyone else happy with the wording in the marketing seems to demand walking a razers edge. I've done my best to comply appropriately for each platform. It's a disservice to the conversation for you to pull in the Google Play listing, make accusations about me/Truple as a result, and not have the full picture. I've shared more in this post than I originally cared to in order to provide the bigger picture. I'm not trying to hide anything here, but there are reasons other than malicious intent for why things are worded the way they are and instead of leaping to those conclusions you could instead ask why.
If a device does not provide this option for compromised security, it is by default censorship.
It is 100% 2 stories. Over and over again here you are saying "personal accountability" or similar. Which on paper is fine. If you really truly voluntarily want to do this... great!
But do you not understand while personal accountability fine... your marketing is calling out spouses and parents reviews! Nothing about either of those being there says personal accountability. if you truly actually believed in personal accountability you could only show reviews from them, not from others!
To clarify. If my spouse is the one that thinks that this app "saved my marriage" as your reviews really like to say. There is something... very very wrong. If I feel the need to review it because I felt like I needed help. That is fine! Do you see the difference?!?
See https://web.archive.org/web/20200216145020/https://play.goog...
My takeaway is that I’m beginning to think that Apple was correct in blocking your app.
So right there it's admitting that the intended use is to spy on someone else (in this case, "your kids"). I'm with you here. I just don't believe OP on this one.
Apple thinks this is a spying app, and they don't want it on their platform.
This is a sort of "smelly" word to see in an advertisement, in that referring to material as "filth" brings up memories/images of, for want of a better phrase, cultural intolerance. You may get better reception by calling such content "improper" or something less emotionally charged.
I googled a bit and found [1] and [2]. Their marketing is very very different from yours [3].
[1] looks very tasteful, considering they are basically spyware. It's a very positive spin with great copywriting.
[2] gives me some Christian vibes, it's not for me, but it still looks decent.
[3] on the other hand just looks really creepy. The copy is awkward and the hectic GIF with the screenshots and the bikini picture just gives me stalker vibes.
It's a question of taste. Great Mac and iPhone are done very tastefully. Truple is missing that.
(That doesn't mean that Apple only approves tasteful apps. There are a lot of poorly designed apps on the app store. But if you are doing something even slightly questionable, and your app looks a bit creepy, then Apple is not going to go out of their way to help you get it out there, even if you aren't breaking any explicit rules.)
[1]: https://accountable2you.com [2]: https://everaccountable.com/ref/61/ [3]: https://truple.io
It is wild to me that there is a megacorporation whose subjective opinion of "tastefulness" (based on their own North American cultural norms) is a gate to software delivery and that there is an entire category of users who actually think this is a good thing.
Then why can't Apple just fucking say that? Why all the stupid drama?
There are times when obscurity isn't OK (notably, when it prevents other good actors from verifying the security of a piece of software), but this isn't one of those times.
Personally speaking, I also fear rejection/failure. Dealing with this has been extremely difficult for me emotionally.
Your app sounds like it offers real value and is actually innovating. Apple is destroying your business at their discretion, for seemingly no reason.
Have you consulted with any lawyers? If they’re suspending your account without any cause, I think that counts as a breach of contract on their end. And if there were are a lot of competitors popping up in the past 2.5 years, you could potentially even calculate some hefty damages beyond just the $99/year Apple tax.
> Your app sounds like it offers real value and is actually innovating. Apple is destroying your business at their discretion, for seemingly no reason. People really get fired up about apps like this, but few people can say they've built software that has saved marriages and helped parents to raise their children. I honestly can and am honored and grateful to be able to do it.
I have not yet consulted lawyers on it. That's one of the next steps I'd been considering if I can't make "going public" helpful.
I see a lot of people here who are critical of the app you're trying to sell but also doing their best to be helpful. If you're looking for a cheering section, you're probably not going to find it here; you asked a question in your post, and it is being answered, thoughtfully and thoroughly.
Truple doesn't do that.
Arguably defending Apple’s App Store policies is the controversial take on this forum.
If you read the FAQs on the website, it clearly states:
And if Apple thinks this is malware or might be a legal liability, why can't it be transparent in its communication with the developer?https://news.ycombinator.com/item?id=29570450
How is changing the logo "removing" a "conspicuous warning indicator that screen recording was enabled" when the app literally tells you that the device is being monitored?
There's no meaningful difference between a new logo appearing that you can tap on to see that your device is being monitored, and the same logo with a red dot. A curious user is going to tap both of them, and a lazy user won't bother with either.
Claiming that altering the app icon without anything more (e.g. changing where/when the icon is visible, impersonating a system icon) is "removing a conspicuous warning indicator" is straight-up deceptive.
Spoiler Alert: Because Apple (and Google) can get away with it.
No matter how much you make concessions and try to obey the rules, a surveillance app is always shady. Much like brothels still have a shady atmosphere even where it's legal. Some markets are so.
Apple is a closed ecosystem, and building on a closed ecosystem always carries the risk that the ecosystem owner will decide an individual or company just can't play. But that doesn't make it better; it's just a risk to be aware of.
In order to eliminate a few sexual behaviors you’ve created an application that has serious potential for abuse and control. A well functioning adult will simply have a burner phone and the infected phone will only be used for “approved” uses. A minor or abused adult will stop using the phone and probably be isolated as a result. Which of their friend or family will want to have even benign communication with the subject knowing this app is installed (because they will).
You’re not a victim here.
If the app was just rejected I'd agree. Freezing the account, and then _years_ later suggesting the user create a new account makes no sense.
The app he made in our example is privacy degrading with control and abuse likely being its best feature. He took his shot.
EDIT: The difference being, Apple says YES / NO to every app, and every app always goes through the process, unlike policing traffic violations. If Apple is not being inconsistent, they need to say why.
Either way, in this case they blocked a developer that was making what sure as hell looks like spyware to me, I'm not convinced this is a bad thing.
Also, you absolutely do need a license to operate a car. Probably not a good metaphor for your case.
I personally think all such apps should be blocked. What bothers me is the inconsistency, or the opaqueness that means we cannot determine whether or not there is an inconsistency.
Let's leave behind this app for a second, and speak in generalities. What should Apple do if it believes that an account is making and distributing spyware or malware? Should they not ban the account altogether? In fact, wouldn't you be mad if you found out that there were playing whack-a-mole with individual submissions from a developer that they'd already decided was harming end users? I personally would be pretty annoyed if it turns out that they let a malicious developer produce spyware and continually tweak and re-submit their apps it until the approvers let it through, and would absolutely support a policy of banning whole developer accounts for certain infractions. I doubt I am in the minority here, even if there are disagreements about what those ban-worthy infractions should be.
So, the question here is whether or not this app is spyware or not. I personally am beginning to suspect yes, both because parental software always toes that line, and based the apps marketing and the developer's comments in this forum. Others might disagree. But while it's reasonable to disagree about whether this is spyware, given the above logic I think we can agree that it's perfectly reasonable for Apple to ban an account that it has determined is making spyware. You should disagree with the determination, and understand that the ban follows that determination directly.
Personally I think the weirdest thing here is the recommendation to make a new account. Generally most companies hate it when you try and recreate an account after a prior ban, and an official recommendation here seems quite odd.