Hacker News new | past | comments | ask | show | jobs | submit login
$80k/month App Store Scam (medium.com/johnnylin)
716 points by amima on June 10, 2017 | hide | past | favorite | 195 comments

This is particularly annoying while my beta is "waiting for review" so I can have the privilege of giving it to a few beta testers.

How does apple not expect that annoying developers with their app store process (so much so that things like this exist: https://fastlane.tools/), AND charging them 30% AND apparently not actually reviewing anything about the apps making it into their store isn't going to eventually drive people away from it?

(Why yes, I am cranky over the amount of hoops I had to jump through to get to the point of asking apple for permission to put my beta on my co-founder's iPhone)

You can use HockeyApp (https://hockeyapp.net/) or just get your friend's UDID and build an IPA yourself to distribute the build to your friend's device, even if he or she is remote.

Testflight is more intended for "semi-open" betas where you only have tester's email.

You can also do "internal testing" with TestFlight. That way the app is available immediately to any team members and doesn't have to go through review. You have to add the team members somewhere in the portal, but it would make sense for a co-founder to be in there.

get your friend's UDID - yes, you can, but there is a 100 device limit. you can reset that list once a year. it is meant for your team, not for testers.

See now that the OP talked about co-founder. So that is a good use case for an Ad Hoc build for sure.

Yeah, thanks for the advice everyone.

I'll totally admit that apple dev flow (not writing the software, just how to get it to run on devices) is completely foreign to me. Concepts like "itunes connect" (which seems extremely odd to me, since I always thought of iTunes as a media player, not something I would use for software development) are confusing.

Figuring it out, though. Thanks again for the advice (and sorry if I accidentally threadjacked this).

I am pretty familiar with the hoops and even to me it's pretty much a huge pain. It's not just you with that opinion.

As well as the name of the music player app on Mac (on iOS it is only the music buying app), iTunes is also the umbrella term for everything related to buying stuff as a download from Apple (music, movies, books, apps). The App Store started as an offshoot of the iTunes Music Store. And it is still called the iTunes App Store in some places.

I've used Hockeyapp a few years ago for testing iOS apps and the whole workflow was a nightmare because of Apple's restrictions. You had to get users to send in IDs, add the IDs to Apple's site, download a file with the IDs in them, add the file to your app then build and deploy each time you wanted a new tester. You can't run OSX on e.g. AWS/EC2 so setting up continuous integration was troublesome and there was only unofficial third party tools for building from the command-line. Xcode and app installs would also fail all the time with obscure errors about certificates and Googling for solutions turned up hundreds of threads with different solutions and other developers being stumped.

Have things improved?

Beta testing with Android is easy. You can build the app on any OS you want from the command-line and send the app to anyone with no restrictions.

Thank you!

> How does apple not expect that annoying developers ... isn't going to eventually drive [them] away from it?

Apple can dump on developers all they want. As long as they have a consumer base who is more loose with their app spending money than Android users, and a more consistent platform to develop on, developers will stick with iOS just as much as they have. The devs may complain more, but Apple's market is simply more profitable to be in.

Your comment has been noted by Apple, and your app sent to the back of the queue.

I know your comment is a joke, but from Apple's official App Store Review Guidelines (in the introduction):

"If you run to the press and trash us, it never helps."


Let me post the full sentence for the better context:

> If your App is rejected, we have a Review Board that you can appeal to. If you run to the press and trash us, it never helps.

Context really doesn't help that threat.

Wow! This almost reads like a threat, but I'm guessing what they really meant is "we're not going to be intimidated by off-channel pressure".

Also, in some cases/ if you're lucky enough to get significant coverage, it DOES help. E.g. https://9to5mac.com/2017/05/24/dash-app-store-return/

I've always said that's stupidly annoying stopping me from installing apps on my own phone or on my relatives and friends as long as I do it manually using an USB cable. Also stopping beta apps from running after a week. My macOS apps run forever and I develop dozens of apps for personal use.

It's 60 days now?

Off-topic, but I think the idea is to have someone like your co-founder be an internal tester—no review required!

That's totally helpful, thank you!

> isn't going to eventually drive people away from it?

It's wishful thinking - most mobile developers can't afford to say no to abuse from their primary revenue stream.

Use Expo.io ... if you're building in React Native, Expo is the easiest way to distribute apps (even on the Web with Snack)

Expo.io appears to be about the build process. The app still needs to be submitted to the apple store.

I thought the issue was him trying to get it on his cofounder's phone?

At most expo streamlines the build process. You can do all that in xcode. It's been a while since I looked at it but apple let's you have 100 test users.

I love expo to bits but their are many React Native scenarios where it’s not going to work.

One example would be if an app uses third party libraries that rely on native code. Now on the surface this might sound like an exotic requirement but consider that most mobile apis for third party services will probably wrap objective c or Java code.

An example of this came up for a friend who was building a github app. He had to eject from expo because the github mobile api wasn’t included in expo and required native code for authentication.

React Native fully supports the use of abitrary native code. You just write a small native module and then port it into the JS side

You can even work with things like Promises etc across native boundaries

Thats true (I've wrapped native code before) but if you use any native code you can’t use expos over the air updates or the qr code scanner. So it wouldn’t solve the parent comments problem, in that scenario, which is actually quite common.

Also, the last time I checked ejecting from expo, which you will need to do to use native code, was a bit of a pain. That was a few weeks ago so maybe they have stream lined the process since then.

Yes, but that's not true of Expo, is it?

I understand that, but suggesting it as a tool for prototyping and easily sharing apps with others (which was the concern I was responding to) does not warrant multiple down votes, unless the readers here are absolute assholes?

I didn’t down vote you. However it’s very likely that the guy isn’t using React Native and if he was he’d most likely know about expo and its limitations.

#1 - Apple has a quarter of a trillion dollars in cash. You would think they could afford intelligent, reasonable app review teams. Clearly they don't bother, based on the complaints from honest developers and evidence of pure scams like this.

#2 - Average computer/phone users are willfully ignorant. I would say stupid, but that's a judgement call (even though I think it's true). Someone with knowledge can advise them, but they cannot be bothered with all that fuss. They'd rather ignore sound advice and push buttons. After all, look at the who runs the country and the complacence of many of its people.

Have you ever had a friend who was a lawyer? Did you ever get some traffic ticket and think, "Hey, I'll ask Bob if he can help me handle this!"? I'm guilty of this once in a while. But "average users" are guilty of doing this to technical people all the fucking time. And when we advise them of behaviors to change to avoid future incidents, they nod and agree, but then repeat the stupid behavior later.

Sorry for the rant, but perhaps it's time to just start replying to scammed/screwed users with, "Oh wow, that's really unfortunate. I guess you'll have to go buy a new phone/computer." Maybe that will jar them into actually using their brains.

* Edit for wine-related typos.

Well, they're a tiny bit better than Google when it comes to app reviewing. I mean, Google Play is literally filled to the rafters with low quality ripoffs of known franchises that clearly break every copyright and trademark law in the book, along with the kind of scams mentioned in the article.

But in either case, it seems like the 'submission review process' is far more minimal than whatever Apple and Google advertise on their websites. Seems like unless a lawyer/the police/authorities send a take down notice, the companies don't give a toss about anything resembling quality control.

There is some responsibility as gatekeeper of applications (especially if you make an effort to create a walled garden) to ensure some level of quality. And as this article points out, Apple obviously made little or no effort (or is very stupid? I doubt that.)

Consider the potential number of new apps per day to an app store. Now imagine that each app requires 10-60 minutes of a halfway intelligent human's time to review. That's not such a huge staff required, especially compared to the revenue of said app store.

Or let's be generous and reduce the responsibility of app stores to just police the top 20 or 50 apps. If, daily or weekly, the top 20 apps were reviewed for quality, that would obviously require a very small staff... and it would prevent situations like this.

Ultimately, situations like this will result in class action lawsuits (like the one Amazon dealt with that resulted in them refunding a lot of childrens' in-app purchases). Perhaps what's happening is that companies decide it's just easier (organizationally) to handle legal problems than to manage business better. After all, final settlements tend to be fractions of actual costs to consumers.

I'm more wondering whether Apple and Google's review processes might make them unable to be protected by safe harbour laws. I mean, there was a case where a forum type site got in trouble because members had posted illegal content and the moderation team had apparently approved every submission manually.

So I'm almost wondering whether at one point, we might either see a copyright holder sue Apple (or Google given Google Play is even worse here) for allowing infringing apps or the authorities treat them as complicit in fraud.

> Consider the potential number of new apps per day to an app store. Now imagine that each app requires 10-60 minutes of a halfway intelligent human's time to review. That's not such a huge staff required, especially compared to the revenue of said app store.

I'm not sure this adds up. By my counting, taking the total number of apps currently in the store, it would add up to something like 700 apps/day - which is reasonable. But as I understand, they review submissions rather than apps (or at least they should, for this process to make any sense) - which means that new versions of the same app also need to be reviewed, and then the same version might get reviewed multiple times if it gets rejected. Given the update frequency for a typical mobile app, this all would add up really quickly.

Could they still afford it? I bet. But it would be a significant expense.

Developers can deceive reviewers, for example by making app to check whether it is in review stage and behaving differently.

I think a better idea would be improving different permission dialogs UI and telling users to think before granting access to anything. Still it won't help against fake apps using same name as popular apps to get into search results.

On #1: in my experience the Apple reviewers are intelligent and capable people. However they are mostly non-technical.

This is incredibly frustrating because while they are strict at enforcing policy, they sometimes let things through or block things for what seems like completely arbitrary reasons. So these virus scanner apps may be in complete accordance with policy — and they let them through. But then a well-meaning app may want to do something interesting, and because it's against policy they block it.

However for developers who want to create good iOS experiences, App review will call you to keep you updated, they will take the time to consult with engineers on your behalf, and they will even advocate for your cause internally (which can sometimes, and recently for me, result in actual policy changes at Apple).

I expect Apple will soon be refunding customers of these scam virus scanner apps, and the review team will be updated with guidance to reject such apps in the future.

I find them to be hit or miss. I've had things rejected that were just simply not in violation of the rules. I think sometimes they just get a memo or something about a specific section of the guidelines and they take it too far. I've had to take things out of my apps that are 100% within the guidelines just because I got a reviewer that didn't understand what was going on.

It's extremely shocking to see how easy people are fooled online.

I didn't understand this until a few years back. Now I think of it as an inevitable misfortune that everyone will suffer sooner or later. Like a flu virus.

It's not just "average users", it's everyone. Some more than others, but everyone with a human mind dealing with a UI carefully designed to deceive.

If you get into an accident or get food poisoning, do you want your doctor treating you like this?

> #1 - Apple has a quarter of a trillion dollars in cash. You would think they could afford

Same can be said for any company/bank/government.

> #2 - Average computer/phone users are willfully ignorant

This - most people doesn't want to know how everything works - and they pay for it in various ways. It's not a matter of intelligence to know everything - but at least someone should know how they are spending their money. Could be a matter of trust, are they trusting Apple too much?

#1 - I don't really think many companies sit on .25 Trillion Dollars of cash. Perhaps if you applied appropriate taxes (which are currently deferred indefinitely), the actual cash would be much lower and thus more common amongst companies.

#2 - No, it's just that people optimize away their concerns. Until it's a _real_ problem, they don't bother. I get that, because I do that with other things in my life. But it's still unwise, and given the position (and power) technology has in our lives, I think people should adjust their priorities.

They've been dumping Trillions of dollars into the economy with QE trying to bring even a little bit of inflation which would get that money out of Apple's hands without passing it through Donald Trump's fingers.

What do you mean by "appropriate taxes".

Apple have paid "appropriate taxes". What the commenter meant to say was that the money is held offshore, and unable to be repatriated without paying significant tax. This is a red herring however, since Apple's borrowing power in the credit markets is virtually unlimited.

How does garbage like this get through the App Store? I thought Apple was notoriously strict on approvals?

Also, do people still use the App Store? I don't think I have casually browsed for apps in 5 years or more.

Years and years ago when we first launched a video chat room app, they denied it. They said it wasnt allowed to have a listing of rooms. So we simply had the app request a file from our server on app launch. If the file was present, we hid rooms. Once we got approved we just removed the file. We kept that up for a few months but it seemed like after the initial approval apple never bothered to check again so we just abandoned it after that.

What was their reasoning "listing of rooms"? I'm somewhat familiar with the developer guidelines and not familiar with that one.

Be careful, I once got this from Apple (they had misunderstood something about my app)

"Deliberate disregard of the App Store Review Guidelines and attempts to deceive users or undermine the review process is a direct violation of section 3.2(f) of the Apple Developer Program License Agreement. Continuing to violate the Terms & Conditions of the Apple Developer Program will result in the termination of your account, as well as any related or linked accounts, and the removal of all your associated apps from the App Store."

> How does garbage like this get through the App Store

Yes, exactly. How is there no-one at Apple/Google checking the top list of their app stores once a day to weed out all the crap?

All you would have to do is put eyes on any app that charges $400 a month like this scam. That's got to be an absurdly low number of apps.

It frustrating. I tried to get a legit app through the app store that had a link to our website where people could sign up. The iOS app is for customers with accounts, so it made sense to us to have a link where users could see our website (discover our Saas product and sign up). Apple repeatedly rejected it since they wanted their 30% cut of our revenue. So we now have to make it clear in our description that this app if for current customers only.

However, these scamming apps make it through.

The app store guidelines very clearly prohibit what you tried to do, and it's been well-known that this is prohibited for many many years.

If you want to be able to get new users with your app, you need to provide an IAP subscription option.

I was rejected for linking to a THIRD PARTY service that happened to have a paid plan too. Didn't get any revenue from that and couldn't very well offer IAPs even if I wanted to... after being in the store for a year, too. The reviewers are grossly incompetent more often than not.

Doesn't Netflix's app's first screen say sign in or visit Netflix.com to sign up?

They used to do that, and that is ok. But you can't link them to an external site to pay and sign up.

But now they just bit the bullet and give up a portion of their revenue to Apple and Google. Although I believe 30% is only for the first year. It goes down after that.

I suspect a big player like Netflix can negotiate the revenue split with Apple. Nothing we mere mortals can.

The weird thing is why would Apple get any of the revenue. I don't think microsoft gets any from people that watch netflix in their browser, nor google if people watch it in chrome.

In theory either could interfere with your interaction with netflix and demand money to allow it through. Google could start a whitelist of good sites and demand revenue sharing to be allowed on the list but people would go ballistic and firefox would have a lot more users.

I really don't see how apples arrangement is any more acceptable.

What your describing is more like what ISPs will do without net neutrality. Browsers have financial incentives not to do that (e.g. there are well know free alternatives, and it's an important feature of android or windows that you can browse the internet).

Holy shit. I searched this and found [1]. 15% recurring revenue per signup seems like one hell of a commission. But perhaps warranted if it's bringing in people that haven't had Netflix before and legitimately sign up via the app.

1: https://www.macrumors.com/2015/04/13/apple-15-percent-cut-ap...

I don't think they can. Netflix needs Apple more than Apple needs Netflix.

But, if you have existing customers and their account has lapsed and must be paid to re-enable service your app can link to a web-page payment form

I'd imagine there's some companies that even Apple can't bully.

You can get new users through your app, you just have to provide a free version. Then if they want to use the premium features, they can log in on the web and pay. But you can't link them to the site or to an external payment method.

It's completely ridiculous. There's one way to distribute software on the second-largest mobile platform in the world, so we either have to pay whatever cut they shake us down for, or provide a terrible user experience by not even letting users click on a link to using our own subscription backend.

  But I’ve also never clicked on a Google Ad, yet Google somehow rode Adwords to $700 billion dollars today.

> do people still use the App Store

Yes people spend billions of dollars a month on the App Store.

I get the feeling it's very top heavy, with the vast majority coming from in-app purchases of games. Presumably these are the ones advertised relentlessly too.

Maybe they submitted it 100 times before it got approved. With the money at stake, the effort is worth it.

There should be a bad app bounty for stuff like this trash.

I was wondering the same thing.. Maybe the developer was able to remotely flip a switch after the app went through approval to change its behavior and app review didn't catch it? What's really surprising is how long it's been out (almost 2 months)

I can see that by using Microsoft CodePush or similar. But you can't change the description, in app purchases or title without going through the approval process again.

You definitely can the description...

Maybe they used some code push tech similar to what rollout used to update the app after review.

Or they can just have a delay in the app, or have it check a website to see which code path it takes.

Yep. I do wonder if they employed some sort of shady tactic like this or my suggestion to get past app review. What surprising is they were still in the app store after 2 months. Apple usually pulls things pretty quick.

This was my first thought too. How do these apps even make it past review.

These App Store ads are the Wild West right now. I've seen multiple cases where I search an exact app name, and that app's competitor has the top "spot" due to buying an ad. It's like if you searched for Uber and saw an ad for Lyft above it.

How long will apple allow this? At the very least it should be impossible to bid on trademarked terms, and no ad should ever outrank an exact match result.

Contrary to what other commenters believe, this is the way that all PPC systems work - search for "Uber" on Google, Bing, etc and you're guaranteed to see a Lyft ad.

Googled "uber".

Top result: ad - www.uber.com

Second result: ad - www.lyft.com/Uber_Drivers/Join_Lyft

Third result: organic - www.uber.com

There should be more results, but they aren't visible without scrolling down. Frankly, I find that more disturbing than anything else about this.

The Uber result for me also gives me 5 internal links to uber.com and a "more results from uber.com" link. Also in the sidebar I get a link to Uber's wikipedia page, as well as various information about the company, and links to competitors such as Lyft and Sidecar.

Welcome to 1997.

just did in incognito and saw an uber ad but no lyft one


Lyft and Uber.

No doubt Uber paid a lot of money for that to be the case...

They're paying money so that I don't see ads? That seems quite nice of them.

Not sure if you're being facetious or not, but they're paying Google to not show ads for their competitors when a person searches for "uber".

As far as I'm aware, that's not something that Google allows you to do. Is it?

It seems more likely that:

- Other services have decided not to bid on "Uber". It may be more useful to bid on general keywords like "taxi" or "black car", etc.

- The price for that keyword is too high to be worth it

- The performance of the ads is poor such that Google doesn't show them.

- It's also possible that Lyft is bidding on the keyword "Uber", but only in certain geographical areas where they're trying to grow their presence.

It's indirect. Lyft sets a max price of $0.05 for an ad placement, so uber has to set $0.06 to ensure that they get the ad and lyft doesnt.

What's with everyone chipping in knowledge of things they have no clue about? In your scenario, Google would just put the Lyft ad below the Uber ad in the search results, not make it invisible.

What stops Uber from making a third party company that outbids Lyft for the 2nd ad? Presumably it's just not worth it, people click the first ad or skip to the results?

That is against Google TOS.


Ads for both freecreditreport.com and experian.com display, owned by the same company

You can have multiple ads.

Not showing up for the same keyword, no you can't, without breaking Google's TOS.

It's not against Google TOS in many cases.

No it is not something Google allows. But for big brands they manually disallow paid results (see "Nike"). I don't see any ads on the uber results page.

I search nike on google and I get an ad. The ad is for nike.

There is some mechanism where you can take control of your trademark on adwords.

You can only report misuse of your trademark in the ad content, but Google has no problem with trademark bidding.

No, Google enforces trademarks after a complaint by the owner.

I believe competitors can still bid for that word, but cannot misuse it (ie, make misleading claims, or claim to be that company)

See https://support.google.com/adwordspolicy/answer/6118

Ignoring any ethical concerns you may have...

Advertising has often been comparing yourself to other brands. As one real world example: The Pepsi Challenge from the 80s. People drank Coke and Pepsi blindly and chose which one they liked better.

It is not illegal in the US and not inherently a misuse of trademark law. I'd be surprised if you were to tell me that Uber and Lyft are not buying ads against each other's search terms.

Google does not allow bidding on trademark terms you do not own, so there is at least clear precedent.

Edit: Oops, mostly wrong. Guess I've had an adblocker for too long. :)

Yes they do, and they have for 15+ years. Their website even says:

Trademarks as keywords Google won't investigate or restrict the selection of trademarks as keywords, even if we receive a trademark complaint.

Search for "Uber" on Google and you should see a Lyft ad right near the top of the paid section.

Worth noting they will police the use of the trademarked term in the ad itself. But only after the trademark owner complains about it, and not in all situations. You can still bid on the term, of course, just somewhat restricted in what the resulting ad can say.

Isn't it more like searching for Uber, and seeing an ad for Ober, that's advertising an app that look exactly like Uber's?

Historically Apple's primary strength is product quality. This kind of apps should not pass the App Store review. The App Store should not allow ads, since they reduce overall product quality. Google web search is different. Google does not control web contents. Google's primary product/service is the free web search, and they have to make a profit from it. App Store search is a tiny part of Apple's product/service. Apple makes tons of money from other parts.

Steve Jobs was the creative artist in the IT industry, and obsessive in product quality. It may be time to ask the question "What would Steve Jobs have done?"

> it's like if you searched for uber and ad for lyft above.

When I search for lyft I actually see uber ad above: https://imgur.com/gallery/zQz7e

One thing of note: the spelling errors are deliberate to let only the most gullible people through to the last step (improving the odds that the person in question will not know how to report this as a scam or initiate a chargeback). The same tactics are used by ads on porn sites[0].

[0] Or so I have heard ... from a friend

There's a paper from Microsoft IIRC explaining this behavior. I'm on mobile right now, otherwise I'd find it and link it here.

Similar thing with long sales pages. Reader doesn't know exactly what he wants, isn't convinced, but with a lot of filler mumbo jumbo and some images, maybe a video, you can get them to buy on the spot.

Interesting! I was wondering what the reason was. My first instinct was to assume the developer just used Google Translate or something like that and perhaps not being an English speaker was bad at spelling too. But based on your comment I am not intrigued with the possibility of it being a deliberate tactic.

Some keywords need to return help topics instead. If you search "virus scanner", Apple should tell users their device really doesn't need one

I like the idea. A friendly banner that says "Did you know that your iPhone really doesn't need Antivirus apps? Learn more..." is a nice way to educate the user.

Nevertheless garbage apps like the one described here have no place in the App Store and should not be available at all.

In hindsight, this seems obvious, and a great idea. Are there any "banned search keywords" now, or is it completely unrestricted? I'm curious if there's just no mechanism for this at all, or if they just aren't using it when they should.

I don't think there is, or I haven't come across any

One could argue to the contrary; The existence (and apparent success) of scam apps like this is a clear evidence your iPhone could use a 3rd party "virus scanner" - one that would protect you from malicious "virus scanners" :p

Can they even work? It depends if iOS provides a public API for getting a list of installed apps

No. The only way would be to check "openURL" for known ones, but that's limited. Or from some webserver update a list of known scam ones and just tell them to uninstall them.

Twitter does something shady to get a list of the installed apps on the device.


The link is 6 years old and the direct link at the bottom mentions (like I) that that particular method is not viable anymore.

As for the 'check running apps'. Maybe that works still, but as mentioned it only works if the apps are running at the same time, or recently. So it would never give you a full list.

There has got to be more to this story. People would refute accidental purchases of $400/mo. Perhaps these guys are using tech support scams etc to drive traffic to this thing, or they're simply using stolen credit card numbers to setup Apple App Store accounts. Perhaps that's why the spelling and layout is so bad...it's possible that they don't intend anybody outside of themselves to actually use it.

> There has got to be more to this story. People would refute accidental purchases of $400/mo.

There are plenty of folks out there who pay little to no attention to what's being billed on their cards.

As an example: http://www.nbcnews.com/id/14838642/ns/technology_and_science...

Poor lady. It sounds like she may have been fully aware of what she was paying, she just never did any research to find out that she was overpaying by about 500x. Which, is almost as bad as never looking at your bank statements.

I agree, that looks suspicious. Why people would need adware removal on iPhone when there is no malware in the first place? And judging by app design it doesn't look like its developer cares about conversion.

You could even force people on the street to subscribe to the app instead of mugging them. This solved the problem that more and more people are cashless. Also you don't have to worry about selling contraband.

> it's possible that they don't intend anybody outside of themselves to actually use it.

Then why run the ads?

wow, I'm pretty pissed off by this. One of my clients is a medical marijuana startup and we have had to jump through so many hoops to stay compliant with Apple's random app store rules. We have been rejected on several occasions and pulled from the app store.

I also had another app that was accepted into the app store then when I pushed an update release I was informed that my logo had to change because it used Apple's camera emoji. I only did this because another popular app did the same thing (down for lunch). In order to stay compliant, I had to change my logo.

I'm fine with said rules existing as in theory they are meant to protect lay customers from junk like this. How on earth did this thing make it through a review process that's so hard on some apps?

I wish Apple would apply it's rules and vetting with more consistency.

I was under the impression that the approval process for the app store was somewhat rigorous.

How did this app get through that?

Apple is rigorous (I've been rejected close to 20 times). But app review is also hard, especially when there is a flood of new app submissions every week, day and hour. Validating that an app does what it says it does isn't really what App Review is for. Most of my rejections were for how I described a feature, not how a feature worked.

Also there are ways to defeat App Review. Geo-fencing, time-boxing, etc so your illegal code never runs during review.

Shouldn't it be a giant red flag to a reviewer when the app is focused on an entirely fictional premise?

If the app was claiming to grow a dinosaur in your backyard after you pay $400/mo would it be treated any different?

> If the app was claiming to grow a dinosaur in your backyard after you pay $400/mo would it be treated any different?

Honestly, that already sounds like a significantly better app than “Mobile protection :Clean & Security VPN”.

I do agree though. It's quite odd that something as clearly bad and misleading as this could get past the review stage even assuming timeboxed code and so forth. That would imply that it would have to do something both useful and congruent with its description during the review process, and presumably not be full of spelling mistakes and badly described features. That seems unlikely.

>Honestly, that already sounds like a significantly better app than “Mobile protection :Clean & Security VPN”.

They are both scam apps, that take your money and give you nothing, so not sure how that is any better?

The dinosaur app doesn't hijack your internet traffic or (presumably) sell your contacts.

Yet again I learn the lesson that wry humour does not work on the internet.

Agreed. Also, all the obvious typos, unneeded permissions, and the high in app purchase price seem like they should have been flags to dig deeper.

Unless they somehow hid all of this, it seems to point to a weakness in the app review process.

Yes it should be. But it might not be that easy. App reviewers aren't developers, sometimes they don't know what's possible or not. And they review lots of apps, sometimes they might not apply the rules correctly.

But the bigger problem is that you can write conditional code that doesn't run during review. So the skanky things you do might not be caught, see Uber's geofencing of cupertino when they tried to fingerprint phones to catch account scammers.

Pretty sure the marketing text can't be changed post-review, so again that should have at least been caught.

> But it might not be that easy. App reviewers aren't developers, sometimes they don't know what's possible or not. And they review lots of apps, sometimes they might not apply the rules correctly.

Shrug, it's Apple's walled garden and Apple's reviewers. They are free to hire different people or set different app review policies.

Really -- there's vastly more honest people than dishonest, so outrage over issues like this haven't arrived (yet), otherwise Apple would do a deeper review.

Are they really that rigorous? We just submitted our first game to the app store and they bounced us for two reasons, which were both because they hadn't seemed to pay attention to the game.

We have some text on a button that says "PACK 2 / EARN 50 STARS / OR BUY $1.49" (over three lines) which I thought was pretty clear: earn 50 stars in game to get the pack or use real money (the game teaches you about earning stars as you play) . They assumed that clicking on the button and spending real money would GIVE the player 50 stars so I suspect they didn't play the game at all and just went straight to the IAP screen.

The second thing they said was that there was no restore purchases button (which is a requirement if you have IAPs). Well, there is a restore purchases button in the credits screen, they just didn't explore the user interface (but somehow they found the IAP screen).

So they seem to do a very cursory look at submissions.

This kind of things make me wonder why I am honest and poor (I mean not rich to the millions, I am not actually "poor"). I could do scams like this and be rich by the minute...

You said it yourself: You're honest. Take pride in that and keep being you.

I have just enough knowledge and just enough free time to maybe pull off one of these kinds of scams, but two things stop me: One, I have to look at myself in the mirror every day, and two, even if I set my morals aside, given my luck, I'd be the one Apple finally decides to make an example out of and sends the feds to my doorstep.

> given my luck, I'd be the one Apple finally decides to make an example out of and sends the feds to my doorstep

This usually has more to do with honest people not being good/experienced at being criminals, rather than luck.

Honestly can very much mean making less. The rich are not often associated with "giving" but rather "taking".

Too much honesty can hurt your business if you are doing sales or negotiations.

Scamming ends up being just as much work and hustle as doing it the right/honest way...

How are chargebacks handled on the App store? I would assume a scam like this will receive a relatively enormous number of chargebacks.

I'm willing to bet that this is some kind of money laundering operation, a way to pull funds from stolen credit cards, or perhaps a way for "tech support" type scammers to get payment from their victims. Perhaps all of they above. I know some extremely technology illiterate people, but I can't think of any of them who would willingly pay $400 a month for "virus protection."

> but I can't think of any of them who would willingly pay $400 a month for "virus protection."

Not willingly and probably not a full month, but I could imagine that some users accidentally subscribe to the $100 "trial" period - it really is just a quick Touch ID press away. The price and charge frequency is listed in a small font size for a brief moment before you press that button. I guess many users will stop that subscriptions once the first charge is done...and they are able to find the subscription options buried deep in the iOS settings app. Considering how essential subscriptions are these days I find it troubling that managing them is such a well hidden feature in iOS.

I was thinking a similar thing. How many people wouldn't notice being $400/month down? Also, don't Apple email people receipts for subscription payments as for one off purchases?

I mean, I'm sure there will be a few who don't notice, but it seems likely that chargebacks would be through the roof.

they will threaten to close your account if you chargeback too much.

I tried to get a refund from Apple once, for a fraudulent app, but I never heard back. So I disputed the charge with Visa. I thought I'd solved the problem until Apple locked me out of the app store. The only way to get back to installing apps (even free ones) on my phone, if I remember right, was to use a new credit card.

Later on I did successfully get a refund for being charged twice for the same content when I bought it again on a family-shared device. Free tip: in-app purchases apparently aren't sharable to the family.

Counter anecodote: I got a (Mac, not iOS) app refunded within 2 days because it didn't function as well as I thought it would (email client). No hassle.


I don't understand why such an obvious scam works; Apple keeps the money for a while so they should be able to cancel the developer account and refund all users.

There is a 35-60 day lag time in getting paid. If you started scamming May 1st, you wont' be getting paid until the first week in July for your May scam sales, so there is the potential in freezing the account.

I found a scam competitor once and reported it to Apple and they pulled it just before the payment day so I'm hoping he never got paid.

Apple earns 30% per scammed user and let the app pass through review. The implication is obvious.

The whole point of the App store and Apple's bragging about it was that you were in a walled garden, and shit like this didn't happen. It's in their own interest not to kill their golden goose by allowing this kind of scam in their garden.

...the implication is asinine.

Someone needs to report the scam and then wait for Apple to do their review. If nobody reports it, the scammer makes a lot of money till that time.

There does seem to be some opportunity to inject common sense in there though. How common, for example, is a $100/week in-app purchase? Seems like there's some threshold that should kick off a review automatically.

Yes, that. This is not a difficult problem. App purchase behavior that is more than a couple of standard deviations away from ordinary, but successful, apps should trigger a heavy human review.

Are we to assume that NOBODY has reported this in the two months it's been in the app store?

At what point do you say "no, the app store experiment has failed" and give users control of their own devices?

Never, I guess.

We need an extension of net neutrality (app neutrality?)

Once Apple stops making money. At 30% for every transaction, this won't happen any time soon.

Looks like many of the keywords you can buy Ads for are underpriced. To advertise for a keyword you need to build can "relevant" to that keyword. It takes time for legitimate app developers to build apps to take advantage of those keywords. Until then, the underpricing of ads is taken advantage of by these "scammers" who build costly non-functional apps and recycle the earnings into buying ads for them.

That won't fix anything. When a scammer is successfully charging 50 times as much as a legitimate app, they can outbid any real ad.

And I thought Apple vets the apps (and from what I heard even betas and upgrades/updates too?) before letting it go live on the App Store.

As a long time Android user (and no I wans't happy for most parts; and I wanted to taste the iOS waters both as an user and a mobile dev) who recently moved to an iPhone SE I feel really disappointed.

Haha I thought this was a how to guide initially as a "good entrepreneur" mind you good to me is subjective, or is it personal. Money is money right? I can't ask my clients to pay me so I obvs don't support that.

Nice into the rabbit hole though, should see how bad it gets with VMs.

Are you saying you're a scammer? I'm having a hard time understanding this comment

No I'm not a scammer. I can't even ask my clients to pay me. Most recently these people got a big SEO audit pdf and I'm the poor bastard that has to do it for no pay hahaha. They're like "alright so... all these urls and how the db/pages work? Rewrite them..." and I'm pretty sure I'd break a good part of it, just because of how expansive the site is. (I'll decline at least on this part as it's beyond me, like being asked to integrate a PayPal recurring API payment thing)

Nah they're like my second best client ever but it's still I don't get paid hourly/"a reasonable fixed price" so no in short form, I have no self respect.

I was scammed once (at least), it was a site that said "Sell your ideas for money!" hahaha, I "sold my ideas" For a non-refundable fee of $99 and this also overdrew my bank account.

^^ That reinforces my original thought, I could build a similar "legit looking site" throw a payment system on there and get some poor schmuck like myself to fall for it and pay. Good job on me who built that site for say $17.00 and some time.

edit: I was scammed by this lady (beat up looking face) and this guy, her "son" or whatever... they were asking for gas but insisted I give it to them in cash (at the gas station). Yeah I'm pretty stupid.

I see, i commiserate. I got stiffed for a months work by a recent freelance client, i empathize. I'm sorry if I slighted you, guess I read the wrong thing out of your comment.

I hope you don't get scammed in the future.

No I'm out of line anyway (talking about clients when I'm publicly traceable), but it is true regarding not being paid. I've had a great client that actually paid me hourly but my skills were not up to par though. Mostly I've just been doing "fixed price" work which can drag on for months. Oh well... hopefully I build "SAAS" products or something.

No prob I didn't take offense I just talk too much haha

While it's frustrating if taken at face value, Sensor Tower's numbers aren't totally valid. They get the number for a few of my apps really wrong. The download stats are more or less true, but the revenue can be way off.


And Apple just rejected my app because it has a 'register free trial' link. Which is actually free, actually a trial, no CC info asked, no in-app purchase.

Their response was "if you offering something - you should be using in-app purchases".

Oh. OK.

When I read stuff like this I really lose faith in the human race.

That's my current feeling looking at the Bitcoin price chart.

Does nobody from apple read hn? How does one recommend iPhone to NGOs, privacy activists, other vulnerable people?

yeah app store quality has dropped to google play levels to the point that one of ios last, actual, concrete advantage for non technical users is becoming moot.

The Mac App Store seems to have been considerably worse than the Google Play store since inception. I think that the iOS app store is just coming down to the level of the Mac App Store: barely suitable for distributing Apple's own applications.

They've built an entirely-new store that's shipping with iOS 11, apparently. Might fix a few things.

> I’ve also never clicked on a Google Ad.

I've never done it, either. I clearly remember the only few times I clicked on AdSense ads - once by mistake, and was extremely annoyed at the results (it was a sort of list like search results), and 2-3 times to test my own AdSense ads (yeah, against ToS).

Yet AdSense is raking in billions. I've always wondered who actually clicks on the ads :D

If you are on HackerNews, you probably aren't the typical internet user. I bet my 60 year old mom clicks on tons of ads without even knowing it.

> Yet AdSense is raking in billions. I've always wondered who actually clicks on the ads :D

A lot of users have a really poor sense of what all the stuff on their screen is. Google started putting ads inline with search results for a reason. Well, reasons, rather, all of them fairly "evil", but that was one of them.

Bots click ads. And people paid to click ads :D

The scummy DOWNLOAD NOW ads that end up on legit software download pages has got to snag more than a handful of people. They're big shiny buttons with tiny (actually an ad) disclaimers.

You know, it's sad that people are eager to pay Apple nearly a thousand dollars for a phone, buy an iCloud subscription to go with it, and maybe buy a MacBook (Pro?); and then content that after all of that money changes hands, Apple still wants to fill 80% of your screen with an advertisement. Then, if it wasn't bad enough, they don't vet the advertised applications for basic legitimacy (meanwhile legitimate apps frequently get caught up in endless nitpicking at submission).

I get why people do it, but it's sad that they do.

im really happy with my macbook.

its reasonably powerful, doesnt make any noise, has an SSD and is a unix system without any of the linux haggling.

paying 1k extra for not having to deal with shit was really worth it for me. certainly made sense from a quality of life perspective.

and im anything but an apple fanboy.

I get the feeling that companies like Amazon and Apple purposefully try to hide as much as possible/tolerable the fact that you are subscribed to something (specifically, Apple apps and Amazon's Audible). I've spent tens if not hundreds of dollars towards subscriptions I didn't even know I had, and I'm afraid this might account for a shocking amount of revenue, as this article suggests. Microsoft on the other hand seems to let you know when you are going to charged again (I've experienced this with my office license subscription).

There's no way that a huge portion of the blame for this is not Apple's. Some of the ways they run the App Store were pretty silly starting out, and now just outright ridiculous.

Little distinction between ads and search results? No filtering or approval for ads? Scammy $100/week subscriptions for nothing? Meanwhile you're not allowed to make fun of the presidents elbows or whatever. Come on.

Brilliant! Wish I would have thought of that xD

finally i can be rich too! too bad i am not an ios dev. these apps are made by people from 'nam. i doubt you could do this in a civilized country without getting sued into the ground though.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact