Hacker News new | past | comments | ask | show | jobs | submit login
Ode to the App Review team (marco.org)
157 points by atularora on Feb 4, 2011 | hide | past | web | favorite | 67 comments

Ode to the TSA Screeners

Thanks for touching my junk. I love you guys. No, not for the touching (though sometimes...). What I really love is how your pointless security theatre makes me feel safe and secure.

And your swiftly growing and unnecessary bureaucracy is only getting faster. Not like last year when you made me miss Christmas with my family, or that time a business deal fell through because you wouldn't let me on the plane or tell me why. Now your line of junk touchers is really humming and I'm barely there for an hour or so. What a smooth operation, my hat's off to you.

After all, I make money from flying and it's all down to you guys. Not the pilot, or the air-traffic controller, or the baggage handlers or engineers or stewardesses. No, it's all down to you guys and I salute you. And if my taxes are paying for this meaningless charade, all the better.

It's not like there is any alternative. I've read about other countries where they don't touch your junk and let you bring your own peanuts without a surcharge on the official news sources and it seems like planes are just falling out of the sky left, right and centre because someone didn't get their junk touched or peanuts confiscated. I'm so glad I don't have to put up with that.

God bless Apple, sorry..., America!

That's some top shelf snark right there.

Meh, ode to nothing. The App Review process sucks. I develop apps, and it's the second biggest pain in my behind, next to the App ad hoc provisioning process. We deal with it, but thank you sir, I don't want another.

1. It's capricious.

2. It doesn't catch actual bugs, and then you have to wait to fix them.

3. Apple doesn't engage you easily on questions of whether something or another will result in rejection.

4. Apple changes the rules and block random releases, without communicating rules changes until they reject you.

5. Apple makes it harder to plan marketing campaigns.

I haven't had a new app rejected in probably over a year, and only rarely have they blocked one of my releases, but every time it sucks, and I don't know why they bother.

The process may suck for the developers but I agree with the article that it creates benefits for the end users. It's a core part of Apple's philosophy to cater to their customers at all cost. I am certain that apple pushes its own staff very hard to produce the quality of work they do, and when you sign up to become an Mac or iOS developer you become essentially an apple employee or contractor and as such you have to follow the company culture and philosophy just like the internal staff. It has been working for them, the company is thriving so why change course?

I think there may be merits in the arguments made for third party app repositories for iOS but I believe that there is some value, real or imagined in knowing that an application has the stamp of approval of the company that created the platform.

>> 2. It doesn't catch actual bugs, and then you have to wait to fix them.

Apple aren't your QA team.

They claim that is part of the reason they review apps, and Marco in his article claims they raise the quality of apps.

Both these claims can still be true. I have had a but get through twice, and eventually it was picked up by the app store reviewers, because it was such a hard to replicate bug.

It is certainly true that some QA is better than no QA. Even professional QA's miss some stuff.

No. They are looking for crashers and obvious glitches (as well as malicious code and using APIs that might change and break the app in the future).

While they do try to ascertain that your app does what you claim it does, they are not there to test your logic.

It is possible that their QA involves checking whether an app uses prohibited API or whether it crashes the system or hogs memory etc. It is obviously a high level QA. Just search and see how many "task killer" apps available on Android device.

Also, I think if this app-review process is not beneficial to users, I dont think they would have started this in the first place. Sure, it is an issue to thousands of developers, but it is beneficial to millions of users.

Business related motives could be a big reason as well. But, who is not?

For any of the developers who were there from the start, the decrease in review times speak for themselves. New developers flock to the forums with posts such as "Stuck in review for more than one week". If only they knew what it was like years ago.

They are the spoiled generation of iOS developers. :)

Hell, I remember what life was like before iPhones!

If this was Reddit, we'd see a long chain of comments continuing this trend.

Before smartphones

Before phones

Before electricity


I enjoyed your comment, but I'm just warning everybody else that don't have to feel the need to comment on it.

I remember the days when people just down-voted inappropriate comments instead of "warning" me about what I could or could not write before I had even written it.

I don't remember what life was like before Reddit.

Well, I certainly had more useable time. Stupid addiction. Mainstream reddit manages somehow to be just interesting enough to justify reading it. Even though 95% of it is trite.

Oh, I just mean the memes, I've never been a Redditer except for the occasional use of their reading lists. It's kind of like asking "what was the internet like before 4chan? What did people say? Did the internet, in fact, exist before 4chan?"

If you're reading "mainstream reddit", you're doing it wrong. Though more relevant may increase the amount of time "wasted".

Wait times are so variable. When I started, about 6 months into the iPhone dev being released, we were looking at 2-4 weeks wait time. For a while there it went to 1 week, very fast, then even faster. Now, it is back out to about 1 week.

He brings up a fantastic point on the willingness of customers to spend money. It seems iPhone users spend much more on apps than android users (anyone have data to confirm?).

That said, it seems to me like this isn't just app discoverability and trust -- having your apple id and CC# already setup from day one for most users seem more likely to be the cause. Here's a discussion on Quora about it: http://qr.ae/kY5p

I don't understand this article at all. 99% of iOS users have NO idea that Apple have such a ridiculous screening process, so why would they download freely with the idea that Apple is the crazy gatekeeper?

Secondly, there is a TONNE of copying going on from what I can tell. Dozens of clones of the same games and apps pop up all the time, and while there is no blatant copyright theft, there is still some level of IP theft. Not only that, Apple completely rejects apps when they want to monopolize a particular segment (see: Sony eBooks bannage).

Finally, the reason why it's "getting better", is because Apple has been doing this for years now. Not only that, I'm sure they've streamlined their processes, and hired boatloads of extra reviewers.

I'm tired of seeing marco.org posts skyrocketing to the front page. He's a serious Apple fanboy who, most of the time, provides no real content to the HN community.

For the first point, they don't need to know exactly why the apps from the App Store won't break their phone---they can just learn it from experience.

I'm in total agreement, we've been publishing to the store since 2008 when it first opened.

However, ironically enough a big app we've been working on was rejected last week due to this violation: "4.3 Apps that use location-based APIs for dispatch, fleet management, or emergency services will be rejected."

I've had absolutely no luck contacting anyone within Apple for more information. Last week we also field tested this app with major government emergency response services (ems, police, fire, etc.) within Texas with both success and enthusiasm that a product like ours is coming to market. It's unfortunate seeing that Mr. Jobs recently took a medical leave of absence. Not that he needs it, but an American studying abroad sure might.

" major government emergency response services (ems, police, fire, etc.) "

I can just imagine what the liabilities for Apple would be on that one. Somehow I think they'll be quite content to avoid it by simply not allowing any emergency service apps in the App Store.

Why does Apple have to be liable for everything you put on your phone? Is Microsoft liable for the viruses and spyware that people install on their Windows PCs?

The liability argument is weak, though Apple may have made the case itself by its stringency with the App Store. Now one could say that there was a reasonable expectation nothing he/she could get from the App Store could cause a problem in his/her life because Apple publicly embarked on a vetting process before offering the app for sale.

God forbid anyone dial 9-11 and it not connect thanks to AT&T or bad antenna design.

Were you aware of that clause when you started working on your app?

I doubt he was since the 4.3 beta was just made available to developers a couple weeks ago.

edit: oops, my mistake. Thanks Xuzz.

That's section 4.3 of the guidelines, not iOS 4.3.

That seems like a bad precedent that could harm some apps that create a lot of value. It also seems like if they are applying that rule it might be subjective -- I can think of three off the top of my head that are still in the app store:

- Taxi Magic (Taxi dispatch app)

- Uber (Black Car dispatch app)

- Fire Department (notifies neighbors abt CPR emergencies)

I don't know about Fire Department, but in regards to the other two, booking a taxi isn't the same as dispatching. Dispatching would be the taxi company telling sending a driver to a location.

They just don't want to get sued. Simple as that.

See iTunes EULA:


This is a standard practice with all electronics manufacturers. I've been seeing it for decades at the end of component datasheets from Fairchild, National Semiconductors etc, even for things as trivial as discrete transistors, 555s and 741s. I think its primarily due to the possibility of contributory liability. And it also allows them to price discriminate and sell defense grade components at ~ 4-10x the price.

That's too simplistic a view and, I believe, simply incorrect.

The very existence of Malware has shown that the software business has been broken for years. The more non-technical people bought and used computers the worse it got. The cry of most developers has been that the users are stupid and lazy - "they should simply stop clicking it!"

You could argue that developers have been proven to be untrustworthy and unhelpful and deserve what they got.

The App Store exists because it was needed. It's phenomenal success shows that Apple were right and have gone a long way towards solving the real problems of selling safe software.

We developers need to just take the medicine and stop moaning. It was a long-time coming and it isn't going away.

By bitching we are still serving an injustice to our users. We may not need an App Store - but they do.

Perhaps this is a candidate for the Enterprise provisioning model, rather than the general-audience App Store?

I love ya Marco, but this one felt a bit sappy.

I've had good and bad experiences, and really no complaints save being pushed to the back of the queue upon rejection, but I do fantasize about creating web apps and being in control of my own release cycle.

Very odd to read, after the Android Market has been running for quite some time, that "The result of [app store review] is that Apple can more easily let us use their payment system without scaring their lawyers, devaluing their store’s image, or incurring high fraud and chargeback fees from their payment processors."

Google certainly has lawyers, and the (former) try-before-you-buy policy was a much more direct answer to fraud and chargeback than stringent app review. As to reputation, the Android store's poor rep is more due to the absence of particular good apps (or the difficulty finding them) than the presence of crud (which Apple's store has in abundance) --- and I don't think you can credit the review process with attracting good developers. Most of them hate it.

It's also funny that he doesn't mention the one thing that the review process does do for end users --- it makes sure that apps conform to Apple's UI guidelines. They can be obnoxious about this, as in the flat rejection of camera apps that use the volume buttons as shutter controls, but the consistency is probably a net win for users overall. Though for Android, manufacturer reskinning is probably a bigger problem.

But it's been used in directly anticompetitive ways (the Google Voice holdup, which let to an FCC investigation; the current Sony reader payments flap) that it's really hard to deny that that's one of the points of the exercise from Apple's perspective. And fanboy rationales which ignore that awkward fact are getting really tedious.

Huh, I was expecting an actual poem. "O App Review, the week just flew."

Indeed, the bar has fallen pretty far with this title.

The review process has come a long way, folks. It's still nowhere as explicitly documented as, say, Sony or Microsoft's review process for video games -- which is both a strength and a weakness -- but the transparency has slowly gotten better each year.

What impresses me the most, though, is the payment system, which he mentions. I don't mind Apple taking a 30% cut of my sales, because they are not just taking care of all the merchant details (e.g. payment processing), but they are giving consumers confidence that they aren't throwing money into the void. Furthermore, the one time I've had a problem with a payment on iTunes, I was reimbursed for the problem, and got my download for free.

What more can end users ask for?

>>"Think of the crappiest iPhone app you ever saw that made it into the store. Now imagine what they must reject. ↩"

imo Marco is mistaken in his assumption that approved apps are always less crappy than rejected apps.

The "crappiest iPhone app" that was approved is likely to be worse than many rejected apps.

That's just an arithmetical reality. It is not indicative of a problem.

It's like saying that the the shortest child to ride a roller-coaster is shorter than the tallest child to get refused.

There is always a fuzzy edge in these situations.

I cannot feel benevolent towards a system that wants to ignore the reality of the world surrounding it. Apple has rejected an Android magazine from being sold (as if it's not possible that someone would own an iPad and an Android phone -- and as if it's possible such a magazine would sway people away from iOS!) and the latest idiocy is requesting the removal of "Available in Kindle edition" from an eBook. There is just no excuse for this.

> There is just no excuse for this.

Sure there is. It's their store and they do whatever they want. Not sure how does that involve ignoring the reality of the world surrounding it, but Apples seems to do quite well regardless.

Come on. The opaque process still sucks no matter what anyone says (that's because is down to a single person's interpretation). And related to the DMCA notices http://blog.wolfire.com/2011/02/Counterfeit-Lugaru-on-Apple-...

Yes it sucks but it sucks far less than the alternatives.

The App Store wasn't created and isn't curated for the benefit of developers - it's all about users: non-technical users who want to use their devices safely and who would blame Apple the moment a 3rd-party app caused a problem.

People on HN say all the time, "Just because it isn't for you, doesn't mean there isn't an audience." For example, see the defending comments on the Ze Frank post today.

Many of the apps Marco writes off as "crap" could easily fall into this category. Yes, it is true that the Android market is filled with "Sexy girls" wallpapers, but there certainly appears to be an audience.

That said, I'd be much more supportive of the App Store if they simply provided another way to get apps for those who standards aren't 100% congruent with Apple's.

why this guy keeps acting as Apple PR, and people even upvote this kind of articles?

If there is something that sucked, sucks, and will probably suck is the Apple app submission process and review process. It's not easy to get this right, as the approval rules are the kind of rules that are very hard to apply in a consistent way in large scale. This can be a partial justification maybe, but the whole process is slow, prone to make mistakes, company-biased (think at Google Latitude and so forth) and in general a pain in the ass for the developers. Note exactly something to Ode.

I guess. Other platforms (WP7, Android) sandbox their applications equally well and respond to DMCA notices to takedown illegal clones, etc. I don't see that as being unique to the Apple App Store or necessarily a function of their review process.

>So we have a huge number of potential customers who are very comfortable installing a lot of apps and can buy ours by simply entering a password.

And Android doesn't even need that. Nnow anyone can instantly remote install an app from the convenience of their browser. I think even that beats the iTunes value proposition of having a desktop presence.

I am not sure Android sandboxes that well. (I dont have much knowhow of android sdk btw). But from the applications that are available on the android market - I know that people android apps can do more harm than on iOS, they have more power in android (for example, there are anti-virus apps on android! task killers!, apps can access your photos without you knowing it and upload them somewhere, app launchers, integrate with dialer, etc)

I am not sure Android sandboxes that well.

Android sandboxes far better than iOS. It has a more granular, integrated security system.

The existence of "anti-virus" and task killers speaks more about customer ignorance and the placebo effect than it does to the platform.

I think the App Store review process is actually dangerous because it implies something that isn't true. Apple makes zero guarantees about the quality of safety of the applications.

Granularity is good -- but as far as I know people ignore the security permissions warnings, because they are hard to understand, and its difficult to understand why would an app need them, and most people generally just click yes. So practically, it does not really help (thats the impression i got from reading online) For anti-virus apps, its not about why people buy (customer ignorance), but their existence and feasibility implies apps have the power to monitor the system closely. App store review helps ... when android store lists apps like these: http://photos.appleinsider.com/android.market.ios.002.jpg how can you trust the android store more or equal to the apple app store?

Those are completely irrelevant problems. The problem you cite is the nature of the beast with an open market. I think you'll have a hard time finding Android fans willing to sacrifice the open intentions of Android and Google's Market to prevent copyrighted apps from getting into the Market.

I find it funny, that image, as if some random bloggers "indictment" should motivate Google to action. They're handling it just as they handle Youtube, and I think it's brilliant. If you see your material in the Market, file a DMCA. Problem solved.

Yes, customers ignore permission warnings, but again, that's an unrelated issue, and surely you're not suggesting that Apple's lack of a permission list is better simply because users sometimes ignore it when offered.

In terms of security, both from a disclosure, per-permission level granting and sandboxing perspecitve, Android has a superior model.

I'm not quite sure why copyright infringement should make me concerned about the applications as a user. Though it's notable that there have been several noted cases of gross copyright infringement on the AppStore.

However I actually think there is a perfect medium somewhere in the middle: Granular permissions that allow for curation by an optional third party. That would be an ideal situation for the market, where Grandma or Joe User can select from a number of curation sources (or punching it in directly) where reviewers rate by quality, assess if the permissions are appropriate, etc.

> Apple makes zero guarantees about the quality of safety of the applications

An important point, considering "flashlight" apps that managed to sneak in SOCKS proxies. No doubt more nefarious things would be difficult to do as a non-super user, but it does seem a false assumption to trust App Store apps implicitly.

Antivirus apps don't do anything. Task Killers don't kill tasks anymore. Yes, apps can access your SD card, I don't see that as a disadvantage and I don't see the risk in optional, opt-in home replacments.

How can the app review ensure that, say, you don't have a timebomb in your program after which you start sending off private data? Apple doesn't ask for the source code, does it?

They do not do that, nor can they without examining the source very carefully. There have been cases of apps getting through with illegal functionality in.

But then all the app store gives people is a false sense of security. The willingness of people to trust arbitrary App Store apps should be condemned, not celebrated.

There is no way to guarantee that something hazardous could never be hidden in, or downloaded later. There are too many ways of obfuscating your code, even when viewing the source code.

You can limit what the app has access to, and Apple and Google do this.

Not true.

By regulating the process - and the payment - Apple is able to instantly remove an app as soon as it is found to be malicious and refund anyone who paid for it out of the developers pocket.

Isn't Google/Android also able to do this (without any app reviews)?

But that's independent of the review process. They could do the same thing without a review.

For comparison, the Mozilla Addons review process requires you to provide them a copy of the (unobfuscated) source code. You always have the option of self-hosting, of course.

Could you imagine the fuss they'd be if Apple started to demand our source code too!

If you're going to have a review process at all, you should at least add something of value. Either ask for source code (and deal with the backlash) or don't have a review process at all. A two-level review system (one with source code, one without) with appropriate warnings is fine, too.

The app store review process as it currently stands is worthless, useless and meaningless.

[This comment has been approved by the Hacker News Review team]

Great article!

Funny that this comment is downvoted considering the (in my opinion) exceedingly rude act of quietly silencing users here.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact