Hacker News new | past | comments | ask | show | jobs | submit login
Dear Dash Users – A message to all Dash users from the Kapeli Blog (kapeli.com)
83 points by flyingyeti on Oct 11, 2016 | hide | past | web | favorite | 106 comments

This guy has shown quite a talent for self-sabotage. Apple was willing to reinstate him if he'd undo some of the PR damage he'd created by spelling out that he shared the credit card with someone, and that maybe that's not the best idea.

Instead, he was enjoying the spotlight so much, he used the opportunity to escalate further, even publishing his phone call with Apple (illegal on one side of that conversation at least).

And that narrative includes a healthy dose of goodwill, considering how close to "the dog ate it" that story about the family friend is. A friend who apparently also didn't own any Apple hardware, so they shared that as well.

But open sourcing the useless iOS app is apparently a bad idea because his customers don't know how to work XCode, which strikes me as counterintuitive, considering every single one of his customers bought programmer-centric software for Mac.

From my perspective, most of the PR damage is because a lot of other smaller developers have come out of the woodwork to voice their grievances with Apple. These kind of things happen all the time, and a lot of us feel stood on by the giant Apple. Even though this event sounds like a special case, it still highlights the draconian behavior we deal with. (That's what I would call Apple trying to get him to post a blog post with a "statement" about how wrong he was...) I have never felt so small as when dealing with Apple and the app store.

But have they, though? I've read about this topic extensively and I've actually yet to run into a single comment or blog post about someone with a very similar experience and was entirely innocent. All I hear is the same banter that Apple does this to the little guy and everyone in solitary agreement with this notion. Very few people are willing to actually willing to put their pitchforks down and humbly admit that maybe Apple was accurate in its assessments of this developer and did more than they probably should have to rectify things.

When you dance with a gorilla, the gorilla calls the tune.

"(illegal on one side of that conversation at least)."

This is actually not correct, it depends on the state/country he is in.

Also, you don't know if there was consent before the recording started.

There probably wasn't, because people typically capture that sort of thing in the recording (otherwise you don't have any proof of the consent). Based on how it started, it sounds to me like he answered the phone, and when he realized who he was talking with he started recording (without asking for permission).

Not always true: see "Kearney v. Salomon Smith Barney"

He only published the new blog post and the phone call AFTER Apple put out a new press release completely sliming him. He was waiting for his draft blog post to be reviewed, and they go to the press behind his back.

Correct. The issue now is not about the accounts and frauds.

Btw, I believe there is a miscommunication between them as I don't think going to the press behind his back is in Apple's best interest.

And it doesn't even matter whether the other account really was created for a family/friend or not. It's absurd that he would think this absolves him of all responsibilities for that account. It's like lending your credit card to someone, then telling your bank you're not liable for any charges they made. No sane person would think that's reasonable.

I don't know what the app is about, I have never even used an Apple product in all my live. But I admire this guy for not bowing to the demands of Apple. Sticking to your principles, even when that means you're losing money (or, as you put it, "self-sabotage") is not something you see very often nowadays.

He did comply, he just did it in a very odd manner.

I was rooting for him really, because I myself am also at times very frustrated with how Apple treats developers.

But I've lost trust in this guy after reading his blog posts and especially the phone call he published.

The only reason I can think of why the phone call took over 7 minutes is because he wanted to record it and publish it. Really. If you summarize the phone call. It's basically Apple asking him to publish that his account was indeed linked with the fraud account (not even that he's the one who committed the fraud) and he's working with Apple to resolve it, and rest is this dash guy complaining on and on which is completely unnecessary since Apple already knows that and is saying they understand and want to work with him to "make this right" (The Apple guy literally said "make this right").

Also it is very hard to believe at this point that a "relative" did all this. If I--or any normal person--was in the same situation (I am paying for a relative's developer account with my own credit card with my device and turns out that the relative is committing a fraud), my first reaction would NOT be telling Apple "This has nothing to do with me", but "I had no idea, I am still pissed that you guys didn't notify me, but I also understand your position and will talk to my relative to make sure this doesn't happen. After all, I am the one funding this fraud regardless of whether I was aware or not aware.")

If I--or any normal person--was in the same situation

If you define "normal" as "milquetoast and with an Americentric perspective," then maybe.

Americans are much more submissive when bureaucratic process presents a roadblock. Especially a roadblock that seems on the face more reasonable with an American view of sharing bank accounts and old hardware.

Americans' desire for justice and fairness are paraded around. But their sense of justice is beaten out of them until they have Dwight Schrute-esque compliance "That is the law, according to the rules."

Unless you've lived for meaningful amount of time in various cultures throughout your life, this type of stereotype ("Americans are such and such") tells more about yourself than what really is true.

I say this because I have lived in multiple countries/cultures and have seen many people who say the same thing. Regardless of which country you live in, there are people who talk about how some bad human trait is specific to only their culture. If people from all other countries say the same thing, it probably means it's not unique to only your people.

Also, this is not an American thing. This is called "courtesy".

Saying "I understand why you linked these accounts and that my relative committed fraud" is not the same thing as being submissive and rolling over, and your portrayal of Americans is rather offensive.

It's an unreasonable level of deference to a business process that we now understand can err. And that even if it didn't err in this case, we now know it to be designed to err. It unconditionally resolves an ambiguity into the direction that makes their other work easier, regardless of if the data is less correct. And that even if their contracts of adhesion makes the err legally (or at least bureaucratically) robust, doesn't make it just.

your portrayal of Americans is rather offensive.

You have a good point. Voicing my disappointment in my fellow countrymen might go over better at HN I were doing something minor, like accusing ~40% of them of racism for not sharing the opinion that the Democrats' policy positions are the lesser of two evils.

> It unconditionally resolves an ambiguity into the direction that makes their other work easier, regardless of if the data is less correct.

What the hell are you talking about?

Apple spent at least two years investigating this issue, and was in repeated contact with the developer committing fraud. It's clear that this process is designed to be as conservative as possible, because if it wasn't, it wouldn't take two years to finally hit the point of closing the account.

He said "3-4 years ago" he used his credit card to start the account for a relative. Do we know if he continued to pay for the account? For me it all hinges on this. If it's the same credit card, even if what he says is true, he should own it and admit he f'ed up. If it changed to a different cc, then it's Apple that f'ed up.

And either way, Apple is lame if it takes getting @pschiller involved to try to resolve this. I dig Apple, but they are broken in so many ways.

Edit: typo

There feels like no right side in this story.

* Apple terminated both accounts because of fraudulent activity, but only one account was contacted to let them know of this activity.

* Kapeli shared financial information and test devices with this other account, whether it was a relative or not.

* Apple said "Hey, write a post telling the whole story and all will be cleared. Just don't say we were at fault."

* Kapeli agreed he would draft and send. Kapeli apparently did but never heard back.

* Apple had a spokesperson come out that painted a different a picture that basically seem to throw Kapeli under the bus.

Generally, I don't get this:

* Kapeli shared financial information and test devices with this other account, whether it was a relative or not.

The assumption here is that for some reason a credit card number and device identifiers (unclear where they come from...but maybe mac address?) are enough for Apple to "link" accounts. I contest this for the same reason I think someone knowing my birthday and social security number is _not_ enough for them to be confirmed as "me".

While I don't think Apple is wrong to use this as a psuedo-identifier, I do think it is wrong for them to insist that, "we did nothing wrong" and fail to reinstate the pseudo-linked account immediately after being contacted.

I don't know if Kapeli is telling the truth about the situation...and his reputation is tarnished my eyes, but I definitely don't think Apple should insist that the accounts _must_ (with 100% certainty) be linked based off of the circumstantial credit card and test devices registered to them.

At this point Apple should either reinstate the account or come out with all the information they have to justify their actions. But having "closed door" conversations and throwing allegations at one another without proof and documentation is ridiculous.

Seems to me that everything up to (and including) the initial ban was relatively sensible. You don't need absolute proof that the two accounts really are linked, it's reasonable enough to see something that indicates they likely are and then take action based on that.

Where it fell apart was failing to account for the possibility that they got it wrong. They should have notified both accounts and explained why both were being banned for the actions of one, then allowed a way to demonstrate than the two weren't really linked in order to reinstate the other account.

Unfortunately, this is pretty typical for how Apple operates the App Store. "We're never wrong, get lost" seems to be their motto. For example, for a long time you couldn't even appeal when your app was rejected. If it was rejected incorrectly, then all you could do is try to submit again and hope you got a different reviewer that time.

The App Store is a direct descendant of the iTunes Music Store, which originally existed to serve a handful of big music publishers. In many ways, it hasn't adapted well to serving a million small developers.

This hits the nail on the head for what I am trying to communicate. Thanks!

Basically, CC + registered devices are fine pseudo-identifiers. But they aren't guaranteed unique and therefore edge cases do exist.

So if an edge case manifests, it seems that recourse is limited and at this point Apple basically is leveraging reinstating Kapeli's account to extort some sort of PR gain.

Again, I personally don't think Kapeli is without fault here...but it's possible what he is saying is _true_, so given that he _might_ have limited connection to the fraudulent behavior and has gone out of his way to try and reinstate Dash, why continue to deny reinstatement?

Apple might have more information, but until I see it its still a question.

There are actually four different items linked between the two accounts:

1. Credit card used to pay the annual developer fee.

2. Test devices.

3. Bank account used to receive payments from Apple.

4. Bundle identifiers used to uniquely identify each app. (http://i.imgur.com/NljOzF4.jpg)

Even if (1) and (2) could be explained by the Dash developer helping someone else get started, (3) and (4) are more difficult to justify. Especially (4) because the bundle identifier is an arbitrary string and there's no real reason for different people to use the same one. But also (3) because it means the Dash developer was receiving payments for the apps being sold by the fraudulent account (i.e he was financially benefiting from the fraudulent activity).

Based on these factors I think it's entirely reasonable for Apple to conclude that both accounts were being controlled by the same person.

What makes you think they've shared all the ways that they were linked? The guy on the phone call may have just listed a couple of them when he was trying to establish with Kapeli what the ground truth was, that these accounts were linked.

> What makes you think they've shared all the ways that they were linked?

I don't think this. But then again I can only have an informed opinion based on the information available (to me).

Even though I disagree with your post, I upvoted it to counter the people on this site who downvote merely because they disagree with somebody's comment.

Haha thanks.

If it's his credit card, then the account is his responsibility. And it's not a stretch to link accounts that are the responsibility of the same person.

>Apple said "Hey, write a post telling the whole story and all will be cleared. Just don't say we were at fault."

Why should Apple tell devs what to publish on their blogs? That does seem like blackmail: say you are sorry and we will let you back in.

Why do people keep saying that Apple's completely voluntary gesture of goodwill (there's no reason at all why Apple has to offer this) is blackmail? If that's blackmail, then every transaction ever is blackmail. "Oh, you want to buy that eggbeater? That's $10" "blackmail!"

Well, Kapeli recorded and uploaded the phone call, shooting himself in the foot.

Call it what you will, but it's the only time in this whole story that hasn't been "he said, she said."

And given that nugget of actual evidence, I can decisively say that he definitely screwed himself over.

This is how the business world works. Sometimes you can't get the best deal, but it's still in your best interest to accept it regardless. You have to act rationally; you can't just defect (to borrow some game theory parlance -- this literally resembles Prisoner's Dilemma) in the name of "principles."

One moderately-crafted blog post later (saying Apple wasn't at fault, and he wasn't either -- his account was "only" linked to the other one), this guy would have been back in business. It's no surprise that this guy hasn't ever worked at a big company before, if you don't swallow your pride every so often and keep your mouth shut, you get kicked to the curb, and it's surreal that he was a self-professed businessman because of how often this happens in the game.

He WAS winning, and he would've won (nobody would've taken his PR damage control post seriously, and initially everyone believed his fabricated narrative of innocence), but he royally #$!@ed up because he thought he could've had his cake and eaten it too.

I can't under any circumstances imagine any possible outcome to this scenario where Apple would've both admitted wrongdoing AND reinstated his app. Let's not get too greedy here...

It's not a fact that had he written a blog post admitting guilt that his account would have been reinstated. That's just a carrot dangled by Apple, without a hard contractual obligation to follow through.

If anything, actually writing that something wrong happened would make it easier for them to justify their decision. It could be a trick representatives sometimes use when they assume the party they are dealing with is guilty. It's admitting to fraud and can hurt him more, especially if it didn't work out. And they can always reverse their decision.

That's nonsense. Even if Apple was trying to trick him (which they definitely were not), his blog post didn't have to admit any wrongdoing. Nothing he needed to say in there would have been admitting to fraud. It merely would have admitted that his account was linked to one with fraud (which nobody is disputing) and that he's working with Apple to unlink it and restore his account.

I thought his post fulfilled that criteria, which I do agree is reasonable for Apple to request, so I was under the impression that OP was arguing he didn't go far enough.

If his post is not enough, then Apple should consider just sending him a statement including the correct wording for him to use.

He drafted a post and sent it to Apple for approval, but didn't get a response before Apple's PR statement was released and before he reacted by posting that phone call. It's plausible to me that the drafted blog post would have been sufficient, but him posting the phone call probably immediately torpedoed it.

Okay, then you release your recorded call AFTER they defect (I'm not saying he shouldn't have covered his ass by recording the call, that's the smart thing I would've also done). Imagine how bad that would look for Apple.

If I had to guess, Phil & co. wouldn't want to risk that nuclear scenario (and they are definitely smart enough to know better).

> Okay, then you release your recorded call AFTER they defect

Isn't this essentially what happened (at least according to Kapeli)? He wrote the blog post, sent Apple a draft, then Apple went to the press.

Not at all. Apple released a PR statement about what led up to the termination. And nothing they said in there was incorrect, and nothing they said in there would have contradicted his blog post. The PR statement explained that the fraud was detected across 2 linked accounts and from the way it was written it was obvious that Apple was treating both accounts as being a single developer. The blog post would have explained that his account was linked to another one with fraud, and that he's working with Apple to unlink it. Everybody who reads both posts would understand that his account didn't have any fraud on it directly, but was linked to an account with fraud.

That's essentially what the blog post he drafted said: https://kapeli.com/apple_draft

Right, because those 3 points are what Apple said his blog post had to include (if you listen to the call).

I mostly agree with you, but clearly this is not how Kapeli felt for some reason (eg. perhaps because English is not his first language):

> Tonight Apple decided to accuse me of manipulating the App Store in public via a spokesperson.

Ok, so you get a call from Apple that tells you to write a blog post and they will restore your account. You submit the draft blog post. Then, a respected Apple SVP comes out and calls you a criminal and Apple doesn't reply to the draft. What do you do?

This whole thing has taught me a lesson. I initially sided with the weaker side because I own a copy of Dash, and it is great software, and because one tends to side with the underdog.

After listening to the recording of the conversation, my feeling is that Apple is handling this in a very fair and professional way, and that I was too quick to take sides. I think it is not unreasonable to assume that: same credit card + same hardware = same developer.

I generally agree with you but wanted to point out that:

> same credit card + same hardware = same developer

is fine as a pseudo-identifier for fraud detection...but I don't think is actually an identifier. It's kind of like someone knowing my social security number and birthday but not actually being me.

IMO, Apple should have immediately reinstated the account once contacted about a potential edge case rather than insist that, "they did nothing wrong" because the implication of that is that the above two pieces of information is legally acceptable as personal identification and that the developer _did_ do something wrong.

I may not believe Kapeli 100% and his reputation is tarnished some in my eyes, but I don't agree with Apple standing on the notion that CC + device identifiers together are sufficient PII. Fine for fraud detection in a "pseudo-" context...sure...but not enough to deny immediate reinstatement.

Even though they only mentioned credit card and device identifiers, I'm sure Apple has much more information behind the scenes they don't make public, such as the account behavior, etc.

For example they could just look at the IP from which each account holder signed in, and may have found that they were coming from the same IP. In fact, it is very likely that they would have tried this, and if they did and found that the IP were different they probably wouldn't have been as confident about how they dealt with this case in my opinion.

Why should Apple have immediately reinstated the account? Remember, in all of this, we still have no proof that he doesn't actually control the second account. All we have is his claim that this account belongs to a relative and that he doesn't control it (and even if that's completely true, I think he still bears some responsibility for it since he set up the account and provided the hardware). The fact that Apple was willing to believe him and offer him a way to unlink his account was a gesture of good faith by Apple, nothing more.

My point was that it is not unreasonable to assume same credit card + same hardware = same developer, not that it is an infallible method.

Apple offered some flexibility, to account for the remote possibility of an unfortunate misunderstanding, and offered a way forward that, in my view, was pretty reasonable, and that allowed both sides to safe face, and continue to do business together.

> I generally agree with you but wanted to point out that: > same credit card + same hardware = same developer is fine as a pseudo-identifier for fraud detection...but I don't think is actually an identifier. It's kind of like someone knowing my social security number and birthday but not actually being me.

No, actually it's not. Someone knowing your SSN is completely different form someone having possession of your hardware. Even if the story were different and the CC# had been stolen, iOS hardware identifiers are cryptographically validated on development devices. You can't just go around 'stealing' device IDs without having possession of said devices - ergo it's about as solid an identifier as one can get.

You probably use less information to uniquely identify users in apps that you write. Assuming you write apps in the first place.

Generally, I uniquely identify users by PK sequences on a table with UNIQUE constraints on various pieces of User data.

So if Apple had made credit cards and/or test devices UNIQUE to a given account then sure...but that's not what they did here did they?

So yes, you use a single token. Apple used a token and a credit card number. That's two pieces of identifying information.

If I had to guess, the combination of matching CCs + matching test devices (i.e. when _both_ are the same) has a fairly low false positive rate for identifying fraudulently-linked accounts.

This type of probabilistic inference is how fraud detection works in everything from Apple to Paypal to world banks.

I would even go so far as to call that aforementioned combination a smoking gun.

The phone conversation was reasonable. Kapeli thought it was reasonable. He sent a draft blog post in for review.

THEN, after this phone conversation, they go to the press with a PR release that paints him as a scammer (and doesn't mention any of the circumstances from the phone call). This happens while Kapeli is waiting for his blog post to be reviewed.

I find it quite discouraging to see so many harsh sentiments towards the developer. Everything that he did and the publicly stated reasons behind them are plausible. In my view the data so far indicate that he played by the rules. In particular he did a charitable thing to pay somebody else’s Developer Program Membership and donate a device, which there is no rule against.

Apple on its side have followed its script which also seems to be entirely plausible and in good faith. However, their course of action does apparently not cover the corner case of contacting all account owners to linked accounts before shutting them down. The agreement allows for third party account payment albeit with some slight inconveniences. In addition, the rules for account linking, and it’s very existence is hidden from the developer party, so (s)he has no responsibility to relate to it, or whatever else is outside of the agreement.

People may not like the style the developer has done his part. Nevertheless his story is plausible and consistent, however improbable. Recording phone calls without consent of the other party may be legal in his country; I know it is in mine.

Apple has been caught with its pants down but because of the immense power imbalance, the developer, trough no fault of his own, is set to suffer with no recourse, unless there are stings attached. I find it infuriating that he has to do anything at all to set straight a problem he did not cause.

From this point whatever bad publicity Apple has incurred they have only them selves to blame. They should at least reverse the account lock, and for reestablishing whatever lost public confidence at a minimum produce an apology for the inconvenience.

This is how I understand it from what I have read so far. If any new indications appear to make me change my mind I may do so.

I've done exactly that for my brother in law. I donated a device and paid for his program membership with my credit card, so I can completely understand why it might have happened. Now, I'm a bit worried about this issue with Apple linking accounts.

I feel bad for this developer. He's clearly quite driven, and that might have inspired his family to reach for the same success. And wanting to help, he gave his card, and now his program has been terminated.

I'll keep using Dash, but I hope the dev will clear himself out from someone that is not helping.

This is hilarious:

  My preferred solution would be for a fellow developer to get it
  back on the App Store, as a free app.
Especially because:

  Open sourcing doesn’t look like a good solution at this time,
  as most of my users are not iOS developers and are not familiar
  with compiling an app for their devices.
I may be missing something but the author cannot open source the app, but expects a fellow developer to get it on the App Store as a free app. Can the fellow developer pick up the existing app (binary?) and upload it on the app store?

It would be tough to take the existing app and reupload it, but this guy could certainly provide another developer with a built binary which they would then submit.

You'd have to be mad to actually do that, though. We see quite clearly how Apple can react when they think they've been wronged, and who knows what that binary actually contains.

Seems like the best approach would be to open source it and convince somebody (perhaps several somebodies) to build it from source and put it on the store for free. Obviously, the source release would need to be under a license that was compatible with an App Store release (i.e. no GPL).

The other developer could be given the source. He doesn't need to open source the app in order to give one other developer access to the source.

That is likely to get the "fellow developer" banned/suspended with the current App store policy.

I14n is fun — to watch for the audience.

Apple behaves as if everyone has a credit card and the mapping from credit card to (legal) person is unique. That isn't so in Romania and Apple's heuristics go boom.

The same assumption shows up again a little later in the imbroglio: Apple asked him to admit some sort of wrongdoing, however gently, because credit card maps to person to the person they spoke to carries some responsibility, etc. Bogdan rejected, because credit card doesn't map to person and giving someone $25 isn't wrong.

It was more than just the credit card. It was test hardware in general, some of the stuff in the phone call suggested that maybe both accounts still share financial details, and there's probably other factors too that Apple doesn't advertise because they don't want to tell fraudsters how to avoid detection (e.g. perhaps both accounts were set up from the same IP address).

If you're going to put your credit card in, then you are responsible for the account. If fraud happens on one account you are responsible for, it's not a stretch to believe that fraud could happen on other accounts you are responsible for.

You're equating "paying for" and "responsible for".

Which is reasonable. If you pay for something, you generally are at least slightly responsible for it. Just because you don't want to be responsible for it doesn't mean you aren't.

For example, if I buy a car, hand the keys to a friend, and they go out and commit a crime with the car, I'm going to bet that I'm legally culpable in some fashion.

I've bought a gift to someone almost every month for the past 40 years, and, eh, I'm responsible for that?

Not the same situation. You transferred ownership,and after giving the gift, your involvement was done.

Are you saying that Bogdan did anything other than pay for the account? (Which seems a mite expensive, but I've given relatives more expensive things every year as far back as I can remember, so I'm not going to call that implausible.)

I buy a gun. Lend [0] it to friend. Friend goes on a killer spree.

Can I claim zero responsibility? No.

[0] The friend didn't steal the gun.

Legally, in most US states... it would be a stretch. The prosecutor would have to prove that the lender reasonably expected their friend to commit the crime.

FWIW, I've lent firearms to people on multiple occasions, sometimes for months or years at a stretch.

Yes, I am. If you're going to be the one with their card on the account, you're the one on the hook if something goes wrong.

Apple has known this fraud reviews for a long while, we are talking about 1000s and a time line of two years. I am wondering Apple would normally have terminated the account long ago if DASH wasn't a popular app.

I read a lot of the previous HN thread saying Apple blackmailing him. This point would be correct if you consider Apple was wrong, and this Guy borrowing his credit card AND account to this "relative" ( Which we still dont know if he/she exist ) committing Fraud bare ZERO responsibility for himself.

This is like iFixit tearing up the new AppleTV before NDA and being cocky about it.

I mean seriously, what the hell is wrong with these people?

Weird that i find out about this here - wonder if he's able to send an email to Mac Store purchasers like myself. Regardless, i migrated my license, and all seems to be working now.

Glad the issue didn't impact me too negatively, and i hope this is true for most of his customers.

Apple tries to keep developers and their users as separate as possible. Developers only get aggregate stats from Apple, they get no personal information on the individuals, and there's no way to send a message through Apple either. The only way to communicate something to your whole user base is to put it in an update's release notes and hope everybody reads it. And of course that doesn't work if you've been banned from the store!

A lot of people here are switching over to Apple's side, but I wouldn't be so quick to throw Kapeli under the bus.

Imagine this scenario:

You buy your cousin a fancy sword for his birthday one year, which he later uses as a murder weapon against his girlfriend. The police look up the serial number and see that although it's registered under your cousin's name, your credit card was used to purchase it.

They arrest your cousin, give him a fair trial, convict him of murder, and place him on death row. You're not in touch with your cousin, so you are completely oblivious to everything which has happened. At this point, SWAT officers storm your home and arrest you, refusing to tell you why. You're thrown in a cell and told you have been placed you on death row, and that their decision is final and can’t be appealed.

Your only saving grace is the fact that you happen to be mildly influential in a small community with ties to the government, and you're able to get your side of the story out.

Articles are written about you. People are outraged at the government. Others come forward to tell of their dead relatives who had been wrongly executed as well.

The Attorney General reads one of these articles and scrambles to do PR damage control.

Se has her aid call you and demand that you make a public statement saying that The Government did nothing wrong, that you were the one who purchased the weapon so they were justified in their actions, and that they are so graciously working with you to clear your name. Of course, they completely ignore the part about their negligence and what would have happened if you were just some no-name.


I believe Apple desperately needs to change their policies. These statements like "We can't provide you with any more information.", "This decision is final.", and lack of communication are wrong. Sure, they are a private company and have the legal right to remove anything from their platform at any time for any reason without any notice or explanation, but that doesn't mean that their actions should be supported and endorsed by the communities of users and developers.

Their actions should have consequences in the form of diminished trust, which may be the straw the breaks the camel's back in many developer's and user's choices to continue developing for and using their platform.

I will say that it was not smart of Kapeli to publish the phone call; at least not yet. He should have waited a bit longer, and only published it if Apple didn't follow through on their word. However, I still believe Apple is in the wrong here, and Kapeli's only real crime is that of naivety.

I've only just run across this. It looks like the story here is:

1. Guy publishes paid app to iTunes

2. App is really good, gets a ton of good reviews

3. Apple decides those reviews must be fraudulent, and pulls his app from the store and tells the guy he has to publicly admit that he committed review fraud to get his app reinstated.

4. People who have bought the app can't download it, guy can't do anything to make his own app available anymore without making a false confession and harming his own reputation.

This sort of heavy-handed-but-uncareful approach to "curation" is consistent with my experience publishing to the iOS app store.

What actually happened:

1. Guy publishes good paid app and gets a tonne of good reviews

2. He helps out a relative by buying an apple developer account for them, giving them a machine to test with

3. Relative also uses same "com.kapeli.*" bundle ID

4. Relative decides to buy 1000 fraudulent reviews

5. Apple tells the relative to stop posting fraud reviews, who refuses

6. Apple terminates both developers accounts since they are all the same information (they look like the same person, same credit card, bank account, test machine, and bundle ID)


The accounts were linked (same devices, same credit card number): https://london.kapeli.com/downloads/Apple_Call.m4a (edit: direct link to the phone call with the Apple representative)

As much as they tend to piss me off for other things. I don't see any wrongdoing from them. It's like accusing them of cutting off the payments to a bakery that operates from the same bank account to that of a drug dealer.

Also that kind of blackmail: "You're sure you want that statement to become public?" is plain stupid.

Why is the developer being so dense? Just being difficult for no reason because he has a stick up his ass.

"You're sure you want that statement to become public" it literally makes no sense...

All he's done is posting that Apple call has burnt every bridge he had with them, and made Apple look great. Literally they sound very professional on that call and very willing to help him, and instead he is just being unnecessarily difficult.

Actually I wouldn't be so sure as to who burnt the bridge first. He posted the recording after Apple went public with their side of the story.

What happened to the supposed blog post? Why did Apple go to the press without getting back to him on the draft?

No one knows what happened between the phone call and Apple's press release. So we can't make judgment on that.

That said, I was amazed how that guy from Apple was being so patient with this guy being so immature. The Apple guy was trying his best to sort this out, but for every word he said, this Dash guy would keep complaining. This phone call could have ended in 30 seconds but took over 7 minutes because all this guy did was complain (which I think he did for the purpose of making this recording), and I don't even know what you would get from complaining that way when the other person was trying to help you. I would have been pissed if I was that Apple guy.

They weren't linked in the UI. They were "linked" in Apple's backend system according to secret heuristics. The dev had no idea they were linked, so I hate seeing people stating "the accounts were linked" as if that's something he should have known or anticipated.

How many random devs and accounts have been secretly "linked" to my account? I have no idea.

That's extremely naive, to think that accounts with the same CC are not linked.

I find it hard to believe that this happened without his knowledge. It was his credit card. It was his identifier. I can not imagine he never searched the store for lookalikes or his identifier, etc.

See https://software.com/publisher/kapeli

Just to clarify: On Friday my position was "I have no reason to believe Kapeli is lying and every reason to believe that Apple made a mistake". But after reading and listening to various sources I can not defend this position any more. It makes me sad.

Don't forget:

7. Apple offers to reinstate the developer account, iff the user makes a post pointing out how this wasn't Apple's fault.

> 3. Relative also uses same "com.kapeli.*" bundle ID

Just saying: anyone can freely create any App ID they want. I just successfully created "com.google.android.nougat" as a test.

I'm fairly sure you don't have the same user and CC on file as they do.

But it proves bundle IDs can only be treated as circumstantial evidence at most.

So you combine that with the same CC number on file, and the same development machines, and now you have a very good chance the same person is responsible.

Do you expect to use this identifier to make money (in a fraudulent way) and Google not caring over several years?

In addition to what joeberon said. After this happened Apple were prepared to welcome him back to the App Store after Apple had learnt of all the facts. Kapei had gone public about this account nuke (which at times is the only way to raise the issue, I remember the times I've had to deal with Googles Support for the play store shudder) and while he didn't know all the details on why his account was nuked the issue has gained some notable press in the dev circles. Because of this Apple had asked for him to release a blog post explaining what had happened, that Apple had correctly detected fake reviews on one account, that account was linked in a couple of ways to him so when Apple nuked the one account they nuked the other along with it and that's is why his account was terminated.

Now in my opinion that is a fair request and if I were in his shoes I would of done just that because I can see how Apple could of tied the two accounts together. Others have said that it's Apple Blackmailing him "Post a blog post if you want your account back" and I can see their logic.

Apple don't want to be seen as they made a mistake because they did detect fake reviews and took account against the account volating their polices. But they also want it known why his account was caught up in this mess.

Were Apple right in nuking both accounts that they deemed were linked together? Should Apple made contact with all parties (it seems the accounts did have at least differnt contact information as he said he got no notice off Apple, Apple say they did contact the dev who's app had the fake reviews) before terminating accounts? Should a public statement explaining the incident be a requirement of reinclusion to the App Store

These are questions I have asked myself and have yet to come to a firm decision on myself.

> Now in my opinion that is a fair request and if I were in his shoes I would of done just that because I can see how Apple could of tied the two accounts together.

He did do that though. He wrote a [blog post draft][1] that mentioned the "linked account" and sent it in to them for review.

Rather than respond to or approve his blog post draft email, Apple went behind his back to the press with statements that omitted all of the "linked account" circumstances and painted him as a legit scammer.

[1]: https://kapeli.com/apple_draft

And sadly we may never know why Apple did that. Apple's statement was released on Monday iirc and then Bogdan released his side to the story afterwards.

Was Apple's release written up before Bogdan's conversation with them on Friday/Saturday (And no one told Tom that the situation had changed) or did something else happen between then and Monday to change Phil's mind?

Have you listened to the phone call?

Yes. Well the snippet of the call that was released on his blog anyway.

There is not blackmailing from Apple. They are offering him a chance to wipe his slate clean if he publicly (since he was the one to go public) acknowledges that what Apple did was justified (and it was).

He has to now decide what's more important: his pride or his revenue (https://web.archive.org/web/20150103225308/http://blog.kapel...), it's that simple.

> Others have said that it's Apple Blackmailing him "Post a blog post if you want your account back" and I can see their logic.

I'm not saying Apple did blackmail him, just stating what others on this site have said do me. Personally listening to the call I would of made the blog post, not because I thought Apple were blackmailing me but because I can see Apple's Point of View in this matter and that it had stirred things up.

But it had been pointed out to me that the blog post being a condition of having the account reinstated (and Apple ideally wanting to look over a draft of that post first) could be taken as Apple blackmailing him and its hard to argue against that point. And that's why I bring up the question in my post "Should a public statement explaining the incident be a requirement of reinclusion to the App Store?" (Whoops it appears I missed off the ? in that post, but it was meant as a question).

I'm going to give the Dev the benefit of the doubt for a moment when they said they got very little information out of Apple was to why it was closed. [1]

> A few hours ago I received a “Notice of Termination” email, saying that my account was terminated due to fraudulent conduct. I called them again and they said they can’t provide more information.

The first initial publication of the issue was that he had very little information to go off, he had been accused of fraudulent conduct, he believed that he had not done any thing fraudulent and Apple said the matter was closed.

If he believed he was in the right after that you have very few options open to you and as been shown in the past (and in my experience with Google) going public can be one of the ways to get a 2nd set of eyes on the issue. At the very least he would have to explain to his users why they can no longer update/download his app from the place they had purchased it from.

In this case getting that 2nd set of eyes on the issue as did get the ball moving again so I'm not going to hold anything against any one who has to use the tactic of going public (Though imo it has to be done carefully as it can be the nuclear option but if the other side has already used theirs you are often left with little other option. But it has to be done carefully because we have seen it used when the dev has been at fault).

I can see why Apple would like a statement clearing up what had happened but the "blackmailing" argument is should it be a requirement?

Again personally if I was in his shoes I would of made the post anyway, I wouldn't of seen it as a "condition" because I can see why Apple deemed the 2 accounts as linked and I would like to explain to my users what the mix up was, because after going public they are bound to ask anyway.

[1] https://blog.kapeli.com/apple-removed-dash-from-the-app-stor...

EDIT: When I say "they are bound to ask anyway." I was referring to my users, not Apple.

> But it had been pointed out to me that the blog post being a condition of having the account reinstated (and Apple ideally wanting to look over a draft of that post first) could be taken as Apple blackmailing him and its hard to argue against that point.

No it's not. Nothing about this even comes close to blackmail. Blackmail is demanding payment under threat of doing something bad. This is the complete opposite. This is Apple offering the developer an opportunity that Apple doesn't need to offer, in return for a very simple blog post basically explaining that Apple's offer does not mean Apple's original account termination was in error. This is no more blackmail than selling you an item for $10 is blackmail.

I was looking for a good counter point to the argument as it didn't feel like blackmail to me, thank you for some insight. After posting I started feeling that this felt more like an "out of court settlement" to me then anything else. Apple had proposed a way to put this behind them and move on (not a good comparison I know that is why I didn't go back and add it after the post).

Actually I think an "out of court settlement" is a reasonable analogy.

If a cop pulls you over and finds some drugs, it's not 'an opportunity' when they demand a bribe from you to make it go away. It's corruption/extortion.

Maybe it's in your best interest to pay the bribe, but it's more admirable to expose the crooked cops.

Are you trying to make an analogy? Because that's not even remotely representative of the situation.

Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact