I seriously don't understand how Apple's processes are allowing this to happen.
How is it that simultaneously, so many apps fail review for tiny details, showing that apps really are having manual review done on them...
...and yet all this spam is getting through?
Forget opinions about Apple or the App Store generally. I'm far more interested in what the actual process failure is here. Because this is really bad and it's precisely what the whole concept of the App Store is meant to guard against.
So what the heck is wrong with their processes? This is such an "own goal" I'm baffled. This is supposed to be a core competency of the App Store. There's no benefit to Apple allowing all these spam apps. So how the heck is a company as generally competent as Apple messing this up so bad?
> How is it that simultaneously, so many apps fail review for tiny details, showing that apps really are having manual review done on them...
> ...and yet all this spam is getting through?
It's important to understand that App Review is not consistently nitpicky but rather randomly nitpicky.
Every indie dev has stories of urgent bug fix updates getting rejected for stupid, unrelated, nitpicky reasons, things that had already been in the app for months or years. Yet every indie dev also has stories of major updates flying through review in minutes, so fast you know it's impossible that anyone looked carefully.
I do get the impression that they're doing random inspections.
Apple seems to be bragging about that, but if you estimate how much time is spent on each app, the numbers look pretty bad. If 500 reviewers spend full-time 40 hours every week doing nothing but reviewing apps — no breaks, no meetings, no training, no vacations, etc. — that leaves only 12 minutes per app, maximum. And they're reviewing not just the app but the App Store metadata: release notes, description, screenshots. They definitely do metadata rejections.
> I do get the impression that they're doing random inspections.
As someone who's been responsible for various iOS App Store submissions for closing in on a decade, the impression I get is that the variation is primarily due to inconsistencies in process between reviewers. The corners probed by one reviewer might go entirely ignored by another and what one reviewer finds perfectly fine constitutes a violation in the eyes of another.
The Play Store review process on the other hand comes off as feeling almost entirely automated barring a handful of exceptions, which works fine until some innocuous change in code or the automated review system trips something somewhere and your app listing is removed. Good luck getting in touch with a real person to fix it.
> bug fix updates getting rejected for stupid, unrelated, nitpicky reasons, things that had already been in the app for months or years
This reminds me of code review in general. Some reviewers have the etiquette of "if it was there already, then it's outside the scope of this review," and some don't.
Maybe a reviewer should have two responsibilities:
1. Review the proposed _change_ and verify that it meets all criteria and doesn't introduce defects.
2. Make note of any existing defects, which are then recorded.
Maybe an app developer can be required to resolve everything found in (2) before the _next_ review.
> Some reviewers have the etiquette of "if it was there already, then it's outside the scope of this review," and some don't.
> Maybe a reviewer should have two responsibilities: [...]
For code review: you can make lots of different choices for responsibilities and still have a good code review process. It just needs to fit your goals and people in your organisation should be on the same page about it.
So for example for code review, I don't think the reviewer should try very hard to understand the change. Explaining the change so that it is easy to understand is one of the responsibilities of the author who proposes the change.
Similarly it's upon the author to demonstrate that the proposed change doesn't introduce any defects and to explain how it meets all criteria. It's not on the reviewer to go bug hunting.
That is so that the next guy who view the change in a few years in version control history to understand how the software developed (or how a bug was introduced) has a fighting chance to understand what happened from what was preserved in version control alone.
Code review is typically based on a premise that the person submitting the change is acting in good faith. This is the only reason it works, because otherwise it’s difficult to review them sufficiently. App review must consider developers to be potentially hostile.
Whenever I get a comment about a pre-existing bug in a code review I make a ticket to fix it and thank them for pointing it out, but I never fix it in the PR. It gets too messy for the other reviewers and too confusing for QA when you end up with a bunch of unrelated fixes in one update.
Things open source developers say because they don’t have experience with binary analysis. Not to say that Apple’s reviewers are going to be looking at IDA or Ghidra dumps, but they can see added capabilities, frameworks, symbols, or assembly and call graph changes.
Not that it matters, because they don’t have the time to manually review source code changes either. At best there’s likely some automated static analysis for undocumented API symbols and common malware signatures.
A larger issue is that to review these kinds of changes you need to have a baseline competency in understanding how code works, and that’s expensive to procure at the scale needed to do proper review.
> It's important to understand that App Review is not consistently nitpicky but rather randomly nitpicky.
This has been my experience as well. A long time ago, my company had an iOS communications app that we'd occasionally white-label for different clients (about 7, in total). The only changes to the apps were the color palette and the name/logo that appeared on the login page.
For whatever reason, we were never able to release the white label for the 4th client. All other versions sailed through review, with the occasional holdup because the terms of service web page linked in the app was part of a web site which, through its navigational elements, would allow one to sign up for our service online. This is against Apple terms if you don't also allow sign up in the app. We were usually able to get this resolved because it wasn't actually a sign-up form, but a form to request more information from our sales team.
For that 4th white label, that "sign-up page" became an issue we could never resolve. Our app was for enterprises, so a per-user purchase/sign-up in the app didn't make sense. We tried to move the terms of service and other required pages to their own web site with no links to anything on our company web page, but that was disallowed because it didn't link to our company web page. Apparently the only allowed solution was remove the request info page from our corporate web site.
In the end, we simply resubmitted as a new app and it was approved without issue.
I feel I understand how this happened. I’ve gone through the process multiple times - smooth sailing for many apps to getting rejected for 4 months de facto (we’re rejecting you know we will be back in touch) only to be told, “you download YouTube videos” … for a text based app with no download features!
What I think is this: apple is optimizing for a 24 hour turn around time. That means many systems do high level checks: entitlements, api calls, then simulator based testing. This means that if one targets specifically for simulator, there are certain ways around what is presented to AppStore, vs what is published. Further, there appears to be a check for similar references only in the target categories, or the terms placed in the App Review request. So gaming all of these features at once can lead to extremely smooth sailing by an organized effort.
>“you download YouTube videos” … for a text based app with no download features!
I've heard several stories of app reviewers opening and reviewing the wrong app, including entering the credentials for a demo account into some unrelated app or service. I imagine something like that could've happened to your review.
The problem is fundamentally that doing a thorough review of every app is unreasonably expensive and as a consequence, that will not happen.
You are then left with a trade off between false positives and false negatives. It is entirely possible to have both at once.
The real problem is that centralizing this process is in error. Because not all users are the same.
It makes sense to have a manual review process for e.g. games, where anybody can make a game but games are relatively expensive apps that can eat the cost of a manual review in exchange for the largely uninformed user being assured that the code is trustworthy. The review process could then e.g. exclude apps that screw with the operating system in order to implement some kind of shady DRM.
Some users are using their device in a professional context where lives are at stake if the device gets messed up and can justify an even more thorough review of anything that goes on the device.
Some apps don't require any meaningful permissions and if run in an appropriate sandbox should not require any review at all.
Some users are technically inclined and would like to run whatever code they want on their device, including code that modifies the operating system and code they wrote themselves.
There is no one size fits all. A system that pretends otherwise satisfies no one.
500 reviewers is what they have now and it's not working.
That it's 30% is also the problem. 30% is plenty to review a paid app in the top 1% of downloads, but >94% of iOS apps are free. Not least because Apple takes 30%, which puts a lot of paid developers out of business. But 30% of nothing pays for nothing.
I've found that you get what you pay for in the App Store (although my experience describes the Play Store).
The first mobile app I ever installed in 2015 was for-pay. I believe it was actually $14.95. It was worth every penny, because I'd used that website every day for years already. I was extremely eager to get the mobile app. It was a serialized podcast of sorts, and so having the app meant that I would have offline access to the podcast at the times of day (multiple) when I needed to use it.
I've purchased probably 3 or 4 apps, average price $10. And I was always happy to pay for the ones where I did, especially a fitness app where I gained little functionality but was able to support an indie programmer who'd made a really great offline-capable app.
In a few cases, I downloaded some free games, which I made sure interoperated with iOS so that my friend could play competitively. These games were sleazy, nasty, ad-infested, and probably Mafia owned or something. I needed a shower every time I played those games because, gosh, the things we did to earn coins were unspeakable. I happily uninstalled those games and I've never gamed again on mobile.
The apps I haven't paid for come in a few categories: indispensable utilities (password manager), preloaded brand apps (Android/Google properties), and paid services (my bank, my transportation, etc.)
So I don't really dabble much in free apps at all, because "free" means "ad-supported" or "freemium" or "spammers" and I just have no truck with that. You get what you pay for, and my phone doesn't have the space to be given over to fly-by-nights.
You’re fundamentally misunderstanding the point of app review. It isn’t to enforce that the platform sandbox works; the assumption is that it does. The review process is there to catch abuses that happen inside of the sandbox. This is things like asking for location access and actually using it to let people spy on you, or creating IAPs that are scams, or falsely claiming you’re affiliated with someone else and providing services that are not genuine. This is not a security problem but a quality problem.
That depends on the game. Does it need location for something like Pokemon Go? Does it want to access your contacts so you can find them in the game? Microphone for voice chat?
In some cases those can be justified, but that doesn't work in a sandbox that prohibits them.
When an app is updated you have to put it for review, but they don't seem to check anymore. I've worked with a couple of customers and we had to send Apple custom credentials for login, and they never use the credentials. Sure: perhaps they just wanted to see the boring login screen, or just do some automatic checking of the code. But apart from the first version, they don't seem to really open the app anymore.
The last app I submitted (a few weeks ago), they rejected it like 1 minute later.. Saying they wanted me to send them a link to a video of if being used (That is not a requirement that is written anywhere on the app store or its docs).. After replying with a video link they immediately accepted it.. I can only assume they just wanted to watch a video and give it a pass rather than bother actually opening it themselves.
Yep. I've had them do this multiple times, although my app was made to control specific hardware that they didn't have. I did put a "demo" backdoor into the app for them to use without the hardware, but they demanded a video. I thought that was pretty reasonable and sort of enjoyed doing it.
But... there is so much wrong with the App Store, and Apple purposefully keeps it that way. For example, the so-called search is an absolute sham. Apple claims that publisher name is one of the top three criteria for app search, but searching for our app by exact publisher name didn't bring it up AT ALL. At least not in the first 300 listings, which is where I stopped.
What WAS in those first 300 listings? 300 that didn't contain the search string ANYWHERE. The first few contained a similarly-spelled name that Apple replaced the search term with, without asking... essentially undermining our trademark. After that there was nothing but completely irrelevant results, including numerous FART APPS, which Apple decries as undesirable in its own documentation.
When challenged on this repeatedly, Apple (after initially blowing off my complaint with boilerplate) claimed to have reviewed the situation and found everything working fine. I would have had to escalate it to a legal issue asserting some kind of hijacking of our trademark (no idea if there's any legal ground to stand on there) to take it further.
Apple knows the search is bullshit and lies about it. You can test it yourself as a developer.
That's really funny. My guess is actually not laziness but their device just had some problem installing apps or whatever and they had a quota to fulfill.
Nah this is revisionist. I’ve launched top 10 apps since App Store began. There have always been scam apps and variety of attention paid even when they took TWO WEEKS to get back to you. It has always been BS, just faster BS now.
Apple requires demo/test credentials for apps, and when we push a new version, I frequently see that account log in from a 17.x.x.x (Apple's class A) IP address.
It might depend on the type of app (e.g. games vs finance etc) or the permissions the app requests.
Ditto - I think it's also human testing in my case (or randomised automated testing). We have a commenting feature, sometimes I see comments sometimes not.. I think I've always seen api requests come through.
Just wish it was a whole load faster... when you find a critical issue and want to get it out the door quickly, super frustrating to be waiting !
This is why I get so annoyed by people claiming that side loading will make iOS less secure. You trust open source apps on desktop all the time. I'd rather use crowdsourced trust indicators than some shmuck working at Apple.
>You trust open source apps on desktop all the time
The desktop has the luxury to afford not being as secure as your phone, which serves as a 2FA device, a digital wallet, something that can record your voice and location, and your main means of everyday communication.
Side-loading would just mean every person getting nagged or strong-armed to side-load alls kind of apps (from official stuff from major companies wanting to avoid Apple's pay-cut, to all kinds of shady BS), with average Joes and Janes getting their phone smashed with malware, spyware and such.
The app store review doesn't have to be perfect or catch all. It just needs to be better than no review, and it does fare majorly better than Android (e.g. studies showing the latter gets 90% of the mobile malware).
The app store process and notarization also means apps can be revoked.
> The desktop has the luxury to afford not being as secure as your phone
I don't understand this argument at all. I have everything on my desktop (laptop). Tax forms, credit card statements, bank statements, financial info, photos of all kinds, emails, ssh keys, etc., going back many many years.
> It just needs to be better than no review
It's not clear that this is true. I think that the existence of app review makes unwary consumers overconfident about the crapp store, and then they get scammed. That's how these scam apps exist and make money. The App Store is honeypot, a scammer's paradise. It's a lot easier to get yourself highly ranked in App Store search than it is to find people to scam on the open internet. But Apple tells consumers that the App Store is safe, which is a lie.
> it does fare majorly better than Android
The lesser of two evils is still evil.
> The app store process and notarization also means apps can be revoked.
>I don't understand this argument at all. I have everything on my desktop (laptop). Tax forms, credit card statements, bank statements, financial info, photos of all kinds, emails, ssh keys, etc., going back many many years.
Too bad. You shouldn't. Or maybe you should, but most people shouldn't.
Their desktop are horrible security wise, they have no expertise to secure them, and they don't even have backups for losing data.
Those people (and many more, who don't even need or have a laptop/PC) still have a mobile phone.
>The lesser of two evils is still evil.
That would only matter if life wasn't all about tradeoffs towards the lesser evil all the time, and if "perfect" was practical.
> Too bad. You shouldn't. Or maybe you should, but most people shouldn't.
Where are you supposed to keep them? iOS devices don't even give you direct access to the file system, and they tend to have a lot less storage space than desktops.
Not to mention, it's a lot easier to do actual work on your desktop, with a large screen, keyboard, and mouse/trackpad. What do you think people use Macs for, gaming? ;-)
> they don't even have backups for losing data.
This is a very weird statement. Desktops have more backup options than a locked down iPhone. Indeed, I backup my iPhone to my Mac. Try backing up your Mac to an iPhone. ;-)
And both Mac and iPhone have iCloud, if you want to use that.
> Those people (and many more, who don't even need or have a laptop/PC) still have a mobile phone.
The people who want locked down phones aren't even rational at this point. They aren't more secure. They just want to "feel" like they are more secure even when they aren't. They just wanna be coddled into a false sense of security. It's just constant pointless circular arguments. No amount of reassurance or claims of proof will help them out of the Stockholm syndrome.
For example I've never encountered someone personally or professionally that has ever had their android phone hacked. But if you talk to an iPhone fan you'd think that you'd get hacked within 5 minutes. It would be funny if it wasn't actually just sad.
>Where are you supposed to keep them? iOS devices don't even give you direct access to the file system, and they tend to have a lot less storage space than desktops. Not to mention, it's a lot easier to do actual work on your desktop, with a large screen, keyboard, and mouse/trackpad. What do you think people use Macs for, gaming? ;-)
Not having an ideal place to keep them is true, and that the desktop is more convenient for many classes of work is also true.
But they don't change the point I'm making. The point is that keeping sensitive data on the average person's computer, on the state that those are (loaded with all kinds of crap programs, clicking on whatever shady links, frequently duped for the most BS malware and spyware, and so on), is a bad idea.
Most average Joes, would be safer to keep, say their CC info, on a locked down phone than on their laptop.
>This is a very weird statement. Desktops have more backup options than a locked down iPhone.
Not so weird considering that for phones an internet backup comes as a one-click built-in operation on by default for many things, whereas for computers those options all require user activity, third party peripherals or accounts, and so on. Most people don't have a backup of their desktop/laptop. So this is again not what about is the ultimate possibilities, but what is the norm.
> The point is that keeping sensitive data on the average person's computer, on the state that those are (loaded with all kinds of crap programs, clicking on whatever shady links, frequently duped for the most BS malware and spyware, and so on), is a bad idea.
This is fearmongering exaggeration.
In any case, no, the point you made, which I responded to, was "The desktop has the luxury to afford not being as secure as your phone". But it doesn't have such a supposedly luxury, because a lot of people in fact do what you claim (absurdly) they shouldn't: store sensitive information on their desktop.
> Not so weird considering that for phones an internet backup comes as a one-click built-in operation on by default for many things, whereas for computers those options all require user activity, third party peripherals or accounts, and so on.
For better or worse, Apple pushes iCloud by default on Mac just as much as on iPhone, so there's no difference.
And this is where we disagree. Ask anyone working on desktop computer support, and you'll be surprised.
>In any case, no, the point you made, which I responded to, was "The desktop has the luxury to afford not being as secure as your phone".
That's an additional point I've made. You know, comments can have more than one. And I also stand by that comment: the phone is more tied to one's identity, often used as proof of identity for many services, and has access to more sensitive data and function than the desktop (from personal pictures, to a person's every voice conversation - which a compromised phone can eavesdrop-, and their every movement, plus, nowadays the best part of their social media use and chats).
Heck, the phone, via PIN and the like, is also used to verify a user on the desktop, for increasingly more services.
Your comment makes me incredibly angry. You bring up the point that people put important information on their phones, ‘lapcat points out that people use their computers for the exact same things, and you have the audacity to tell him that people shouldn’t be doing this? There’s a lot that can be done to help improve the security story on both phones and desktop computers but if your position stems from “people should not be using computers to do computer things” you are divorced from reality and should seriously reconsider any views you’ve built on top of that premise.
Or maybe you should consider alternative viewpoints and the point they're making. Also try not getting what the other person says wrong, complete with misquoting.
I never said “people should not be using computers to do computer things”.
I said that people shouldn't be storing sensitive data on their computers. And there's even more nuance to it, that you've also missed: first, that we're talking about the average person, and the state of their average laptop, vs their phone.
So not as in that people shouldn't do that all things being ideal, but as in that it is a bad security situation for most people, and for most average people worse than their locked-down phones.
If you think the average laptop (mac or not) is more secure than the average iOS device, you're mistaken.
I'd still like to see you explain what you meant by "The app store process and notarization also means apps can be revoked", because it sounds like you don't even have a correct technical understanding of the situation.
A great reminder that memes don't make for good arguments.
It's also funny how you missed the whole context, even despite further detailed explanation.
>I'd still like to see you explain what you meant by "The app store process and notarization also means apps can be revoked", because it sounds like you don't even have a correct technical understanding of the situation.
It means that arbitrary sideloading can't be revoked, whereas app store apps and notarized apps (not the same set, though the latter is a subset of the former) can.
Sideloaded apps bypass the app store, but you still need a central entity that has the notarization control/ability to revoke. And of course notarized software is still checked by that entity (e.g. Apple for notarized macOS apps).
> Sideloaded apps bypass the app store, but you still need a central entity that has the notarization control/ability to revoke. And of course notarized software is still checked by that entity (e.g. Apple for notarized macOS apps).
And this is precisely what people are calling for on iOS, to make it more like the Mac. It's assumed that Apple would require Developer ID and notarization for sideloaded iOS apps. Thus, sideloaded apps could be revoked just as easily as App Store apps.
I really don't get the argument that desktops don't need to be secure. I have my password manager (yes it is encrypted, but can be bypassed by a keylogger) and my ssh private keys on my desktop.
> You trust open source apps on desktop all the time.
I trust the software on my laptop far less than the software I install on my phone. I’m much more willing to install AppStore apps from random publishers than I am random software off the internet. There’s nothing on my laptop that didn’t come from a well known, reputable source, and web apps mean I don’t need to install nearly as much software on my laptop in the first place.
The fact that the majority of mobile malware targets Android, despite iOS users having much more spending power, seems to be rather compelling evidence that side loading does in fact make the os less secure.
> I'd rather use crowdsourced trust indicators than some shmuck working at Apple.
It isn't some shmuck working at Apple who reviews apps for quality and security, but some underpaid contractor on the other side of the planet who quickly needs to apply a checklist to your app before they lose the gig entirely for not meeting their hourly quota.
I wonder if it possible to really quantify how difficult it is to get an bad acting app for any store approved?
We've all heard stories about random bans and apps black listed and so on. Happened to some folks I know.
Having said that ...
I worked on an app recently that used location data heavily. I was told all about how picky Apple (and they mentioned Google too) would be, from folks online, and at work. Some folks even suggested hiring someone who had managed to get an app approved to help us get it approved.
I asked that everyone calm down ... and just let me TRY submitting the damn app first before we decided we're climbing a tall mountain or whatever they thought.
I got right in to the App Store and Google Play ... no problem.
Now granted my app is REALLY up front about using location data and such. But I wonder what the story really is?
I've heard (from random people) it's about whether the permission aligns with the category the app falls into.
A map app is assumed to have a legitimate purpose for location. But if you want to make a journalling app that automatically captures where you visit (like Apple just did) you'll have a hard time being allowed to make the argument.
That would make sense as far as my usage goes. The app revolves around logistics, it's a business focused app... all those things go hand in hand with location data.
I can imagine if a human saw it it would be a "yeah of course" kind of moment.
Some rando "free crossword puzzles", might get a closer look.
I still remember the early days when you needed a third party app to use your camera flash as a flashlight, and then having most of them request your contacts, location, and every other type of data that the OS would allow.
I really try to leverage builtin apps as much as possible. For example, I don't have a music playing app. I use "Files" and "Podcasts" which were preloaded. Files can play music for me just fine, because I don't have any playlists or sophisticated playback needs (I lied, I do have a few playlists made out of folders with files arranged just so.)
I don't really try to solve problems with 3rd party apps, like I don't have any adblocking, but I use NextDNS so the private DNS blocking is built in and I can use that from anywhere. I just use my default web browser and my default email reader and all that.
I think it's a fundamental type error that people tool up their little mobile device as if it's a desktop computer full of software. Again, I have little storage space to give over to a bunch of third-party cruft. So I use the preloaded apps to the best of their abilities, and I load stuff as I have a fundamental need or there's a paid service I'm accessing with them.
I uninstall apps frequently too. It is essential security review to reduce attack surface. I like how the Android 11 will revoke permissions that haven't been used in a while. It's good practice to remove your unused apps because then you are less likely to succumb to supply-chain attacks, among others.
In addition to what everyone else is saying, in my experience a lot of it can be explained by one simple thing: the reviewers are just plain bad at their jobs.
I'm not trying to be mean; it's just my experience. They generally don't familiarize themselves with even the most recent previous interaction, so they repeat the same mistakes that have already been resolved. They don't know their own rules. They imagine things that aren't there because some word sounded similar to another one, and they don't have enough technical context to actually understand what the words on their checklist mean.
Is that surprising? I don't think so! Think about what these people are being asked to do? They're repeatedly stepping through a tedious checklist full of stuff they barely understand, and then they have a choice of either waving an app/update through, or pissing off some developer. How many people with otherwise-marketable skills are going to stay in a job like that?
A few years ago, I made comments on HN about how I found Chinese Bonzi Buddy clones on the Mac App Store, except using different animals like tigers and lions. Same functionality of Bonzi Buddy outside of that.
It's absolutely astounding to me that this problem is still going on to this day, with even scammier apps.
It is worth noting that even the iOS App Store hosts multimillion dollar scams on it[1].
You have to remember that Apple struggled because developers weren't targeting their platform for a long time. The Mac was for creative software and little else. That problem has burnt itself into their psyche to such an extent that as far as they are concerned more software targeting their platform is always a good thing.
The upshot of this is Apple boasting about having 2 million apps in the App Store. This is the complete opposite of their normal product strategy where everything is pared back to the minimum.
Sadly you can't have 2 million apps and maintain a high standard. The costs to review each of those apps thoroughly would be astronomical.
> Sadly you can't have 2 million apps and maintain a high standard. The costs to review each of those apps thoroughly would be astronomical.
Well, that's part of the problem. Should we really have 2 million apps in the store, when 70% of them are knockoffs, scams or absolute garbage? That's currently one app for every 850 iOS users, it's a ridiculous number.
The estimate for Apple's cut for app sales & subscriptions last year was 85 billion dollars. Surely that can fund a decent reviewing process... but they also benefit from all this 'activity'.
Very likely these apps are just spammed and you don't get to see the rejected apps.
As for why the process isn't catching such obvious flaws - I'd say there's no strong incentive, the only feedback I've seen consistently is related to protecting their revenue cut - the rest is much more random, especially after initial review.
I think the most logical explanation is that app review is largely automated, perhaps with a permissive algorithm, while some sampling of apps are reviewed by humans with strict standards, which may be applied inconsistently because that’s how humans do.
It’s really not that surprising to me, given the scale of the App Store.
I know for a fact that some people manage to bypass Facebook Ads review process by bribing some local employees in developing countries (India, Indonesia etc..). I wouldn't be surprised if this was used with Apple as well as they usually tend to outsource these jobs in Developing countries.
>How is it that simultaneously, so many apps fail review for tiny details, showing that apps really are having manual review done on them...
...and yet all this spam is getting through?
Because a trillion dollar company chose to outsource manual app review to Indian call centre workers. End of story.
When u create a walled garden like this. The people who are more likely to get into the garden are the unscrupulous dodgy assholes who will learn how to, and do whatever it takes to exploit and profit from the system.
The good actors doing things in good faith are the ones who will have difficulty getting in.
Another example: Youtube: Content farm garbage gets promoted by the algorithm while well made videos get hellbanned by spurious copyright claims.
.....
Any system u make, people will find the best way to exploit it.
Like with a democratic system of government there needs to be transparency, accountability, ombudsmen, investigative journalists + a complex web of agencies and regulations and mechanics constantly working to stop it falling into total corruption and de-facto despotism.
These systems run by big corps are like the wild west, there is none of that stuff, so of course they immediately become completely corrupt.
> There's no benefit to Apple allowing all these spam apps.
You're being naive. Even if the crapware didn't sell, getting it into the AppStore costs the developer an annual subscription fee, and thus creates revenue for Apple. And if you've seen the AppStore, you know that 99% of apps are crapware with maybe 5 users.
There are 20M developer accounts. And Apple charges $100 per account per year. That's $2B in revenue. Apps on the App Store make $100B in revenue. So, Apple makes equivalent of 2% of Apps revenue from developer accounts. I doubt they'll intentionally risk the $100B revenue by making their App Store full of crapware for a 2% equivalent.
I think “developer accounts” doesn’t imply “pays $100 a year”.
I have an account on developer.apple.com, but never pay anything for it.
That gives me the right to generate a certificate to sign development applications and install them on a few devices (where the certificate will rapidly expire), but not to put anything on the App Store.
Sorry, I meant that the maximum they’re making is $2B. But in reality it’s surely a much smaller number. Which makes it even more unlikely that Apple is optimizing for developer fees.
They are not risking anything since they also take a 30% cut off any successful scam. This can only be stopped by goodwill somewhere up the management chain.
It's the same principle as Amazon choosing to ignore the scams on their store.
Amazon still benefits from scam reviews, for example, because those reviews entice people to make purchases from Amazon. Amazon profits from the scam, and has little incentive to do anything about it, given that the vast, vast majority of their customers don't know or don't care about fake reviews in the first place.
For the app revenue it seems you are off by an order of magnitude. That is the dev's revenue and apple takes 30%. Also, credit processing takes another cut, hosting,... . Risking that is still dumb, but far from the 2% number you gave.
Why would they have manual reviews? How would it scale with hundreds of thousands of developer accounts? It's mostly automated with rare manual escalation for "suspicious activity". The "process" is to ban the malicious accounts when reported, like everywhere else.
They quite literally justify the lack of sideloading and the 30% cut by saying that they provide you actual human services like review.
"The guiding principle of the App Store is simple—we want to provide a safe experience for users to get apps and a great opportunity for all developers to be successful. We do this by offering a highly curated App Store where every app is reviewed by experts and an editorial team helps users discover new apps every day. For everything else there is always the open Internet."
> I seriously don't understand how Apple's processes are allowing this to happen
My guess is the decisions are deliberately stochastic to stop human bias entering the chat. So we get sketchy apps slipping through the cracks, whilst developers who spent a lot of love and care polishing a fine app getting rejected.
Hanlon's razor is great when you apply it to your personal relationships, but it falls apart when you apply it to trillion dollar companies and their golden geese.
I don't see why we should assume malice based on market capitalization. It's easy to imagine a situation where an organization the size of Apple just doesn't have the competence to deal with all the spam. They're a huge organization, I doubt any one person has a complete view of App Store moderation especially (by definition) their unknown unknowns.
It depends on how they measure moderation in the App store. Everything may appear to be going well from what they can see and measure. I see no reason to believe apps are getting through because of bribery when we can explain this situation as "large organizations are inefficient".
Law of large numbers seems to be one people ignore. If I’m making a scam app, I’ll just use multiple accounts and hope one gets through eventually. I won’t be discouraged by rejects because I’ll have an automated system that handles everything including retries. If I’m banned, I’ll just buy a new account and try again.
> I also found that some developers are abusing Apple’s Developer Agreements by spamming multiple accounts and flooding the store with nearly identical applications. This creates a “cartel” style environment and unfair competition for other developers.
This isn't supposed to happen, but it does. I have had Apple ask me to remove apps (one of about ten), because of "marked similarity" with other apps in my store (I had a single codebase that was recompiled for various locations, and also rebranded, but the app was basically the same).
I saw one developer that had over 400 nearly identical apps. They were some kind of "local guide" app, and the only difference was the text content. Otherwise, even the branding was exactly the same, and each app was its own app; not a single app, with multiple faces.
Apple does not let you change your screenshots and app previews, after your app has been published.
That's because some game developers wrote crapplets, then replaced the crud screenshots, with ones from commercial apps.
Grifters can be damn clever, and learn to push the limits of any system.
And one of the reasons that the Apple App Store is such a rich target, is because it makes serious money. All other marketplaces pale in comparison.
There's a lot of people that want to "bring down" the App Store, so it's just as cruddy as the competitors. Not sure that would work out the way people think.
I wonder if most of the "Serious money" is made from subs, in app purchases, app purchases or ads.
Do lots of people with iPhones buy random apps and sub/pay in them?
I've always wondered if this was an interesting market to get into but the horror stories over the years have kept me from touching it - is it feasible for a relatively competent dev to break into this market without dark methods?
I think the real question for a lot who might consider it is whether it’s possible for a competent and honest dev to break in and make money. Someone who wants to provide meaningful value and experiences to smart users, as opposed to just landing whales.
You need to resubmit a new version. It can be just a "bumped" build, if there's no app change, but the screenshots don't appear, until the new version has been approved and released.
The App Store review process is in need of a change. It probable made sense when iOS and macOS were in their infancy and apps were few and easy to review.
What userspace API exists (for non-App Store iOS apps) for one app to install another and integrate with iOS’ App Management features? or basically, to break-out of the iOS App Silo/Sandbox?
The only alternative is basically a VM-like app silo that hosts other apps inside of it… I can see this working for something like a Java JVM “Jar-runner” or MAME but I’m not sure how it would work for native code that assumes it has its own process and void main() method.
I’m hoping that we’ll see something like how Cydia was around 2013ish (with managed system extensions, kernel-mode things, enhancements to Springboard, etc) but that’s the last thing Apple would want (case-in-point, where have all the cool system-modifying kexts for desktop MacOS gone?) - so I suspect Apple’s EU-only sideloading will still protect system integrity, maybe even with a way to completely block non-AppStore apps’ processes from using non-public (but still usermode) APIs and services?
Considering how unprofessionally petulant and churlish Apple acted in the aftermath of the Dutch dating-app spat last year I’m expecting them to do the same with this. See https://daringfireball.net/2022/02/going_dutch
> What userspace API exists (for non-App Store iOS apps) for one app to install another and integrate with iOS’ App Management features? or basically, to break-out of the iOS App Silo/Sandbox?
I don't know anything about the iOS API, but I imagine the EU market regulators will come up with a pretty huge fine if these APIs aren't made available. The whole point of the DMA app restrictions is to take out such digital gatekeeping.
There would need to be a competitor for any real antitrust efforts, but I imagine Epic might want to open up their own store to distribute games like Fortnite without paying the Apple tax.
The problem is that the scammers don't care, and they don't give up. They just keep throwing shit at the wall to see what sticks. As the article explained, these scam developers have multiple Apple developer accounts. Even if Apple bans one account, they'll just open another. And they're often in countries where the US legal system can't touch them, so there's nothing to be lost from getting caught.
Legitimate developers won't go to such (unethical, possible illegal) lengths. Rejection is a much bigger deal to those who spent a lot of time and care on an app, and hope to make a good name for themselves as developers.
Apple's argument is, which I'm somewhat sympathetic to, the $100 fee acts as an effective rate limiter. The payment is low enough that it's not a significant barrier to anyone, except perhaps the most threadbare of hobbyists. But it's enough to make it utterly impractical for a scam developer to submit a thousand apps through a thousand developer accounts paid for with a thousand different credit cards.
> The payment is low enough that it's not a significant barrier to anyone
It's a barrier to many open source projects.
> But it's enough to make it utterly impractical for a scam developer to submit a thousand apps through a thousand developer accounts paid for with a thousand different credit cards.
You can submit many apps under one account. You don't need 1000 accounts for 1000 apps.
It's strange to argue that it acts as an effective rate limiter when one of the points of the linked article is that these scam developers have multiple Apple Developer accounts.
> You do if you don’t want Apple to be able to delete all your apps with one click.
False dichotomy. Two accounts accomplishes that just as well. It's a lot easier and cheaper to create a few accounts whenever necessary rather than prematurely creating 1000 accounts just to avoid a remote possibility.
Besides, I'm not sure that these scammers have literally 1000 apps (though I don't rule out that possibility).
> It’s a lot more tractable for Apple to deal with a handful of accounts than thousands.
And yet Apple doesn't deal with it, as the linked article demonstrates.
I can’t believe I would have to explain the value of having hundreds of unconnected accounts if the goal of a spammer is to have their scam persist for as long as possible. It is a weird line of argument to say that because Apple doesn’t do everything perfectly, they should not implement any mitigation strategies at all.
Like seriously, I have no idea what you were trying to say, or what do you think Apple should do, or what you want to convince me of.
> I can’t believe I would have to explain the value of having hundreds of unconnected accounts if the goal of a spammer is to have their scam persist for as long as possible.
You don't have to explain the value of it, just as you don't have to explain the value of having a Lamborghini. Of course it would be very nice to have a Lamborghini. But it's not necessary to buy a Lamborghini if it's too expensive. Neither is it necessary to buy 1000 Apple Developer accounts if it's too expensive. That ought to be a simple concept to understand.
The price of a Lamborghini isn't a "limiter", it's a luxury.
> It is a weird line of argument to say that because Apple doesn’t do everything perfectly, they should not implement any mitigation strategies at all.
Good thing I didn't argue that.
> Like seriously, I have no idea what you were trying to say, or what do you think Apple should do, or what you want to convince me of.
I'm not trying to convince you of anything.
But I am disputing your claim, "Apple's argument is, which I'm somewhat sympathetic to, the $100 fee acts as an effective rate limiter."
$100 is nothing to organized scammers. These scammers make enough money that they can hire their own developers and buy layers of mules to get their apps on the App Store.
The vast majority of these scams don't rely on custom apps, though. They rely on apps that are used for legitimate reasons, but can also give scammers access to computers, like TeamViewer or AnyDesk. The App Store model does nothing to stop these scams.
You misunderstand, it’s not the $100 which thwarts scammers, it’s the prospect of having to find 1,000 distinct credit cards and spend $100,000 to programmatically spin up 1,000 developer accounts. If accounts were free, scammers could abuse this process en masse.
People care about false positives. Even if it was 0.X% of false positives, if those .X% include apps from Panic and Videolan we won't shrug it off as some cost to pay for the process.
Right, my mistake. I think I wanted to say "when the Mac App Store was in its infancy" but lost the meaning mid sentence. Even iOS was launched without an App Store in the first year.
"The full Safari engine is inside of iPhone. And so, you can write amazing Web 2.0 and Ajax apps that look exactly and behave exactly like apps on the iPhone. And these apps can integrate perfectly with iPhone services. They can make a call, they can send an email, they can look up a location on Google Maps.
"And guess what? There's no SDK that you need! You've got everything you need if you know how to write apps using the most modern web standards to write amazing apps for the iPhone today. So developers, we think we've got a very sweet story for you. You can begin building your iPhone apps today."
The web wasn’t ready, but native was arguably even less ready due to lack of sandboxing. High fidelity would have been possible with a web based SDK. But that would have invited plebs to convert existing shitty pages to be “apps”, and in those days iOS apps was a noise-free exclusive experience.
Web or not, gatekeeping software distribution was and remains a power grab, unrelated to security. It’s even less of an issue on mobile which has proper sandboxing anyway.
This has been the case for the past one or two years already. Every app category is completely filled with scams, crappy clones, and brainless mass-produced 'puzzle games' [1].
Just yesterday I was searching for a 3D modelling app, and roughly 80% of the results were this type of game, while the apps I wanted were far down the list (and came with a $14,99/month subscription).
The store has become a complete shit show, and the curation that used to justify the walled garden is nowhere to be found. We get the worst of both worlds.
[1] if you can even call them 'games'. They are usually a set of static illustrations, a cheap backstory loosely related to the topic, some drag-and-drop puzzles, and little glimpses of child abuse, violence and sex, being promoted for a 12+ age range.
I remember last year when I got my first Mac in over a decade being excited to see the app store. Every now and then I saw Mac exclusive apps being posted on here that looked incredible, just so well designed with a lot of focus. I also heard about the rigorous review process so assumed that it'd all be like that.
When I got it and tried looking for a music player (I'm not a big fan of Apples own music player + it doesn't support FLAC) I was stunned by just how much junk there was on there. The bloody Google Play store looked better, and this was repeated for pretty much every common purpose app I looked for. Of course there were good ones (I never managed to find a good music player, or audiobook player, though), but thats a pretty low bar.
Coming from Fedora and seeing the quality apps being put out on Flatpak and the like (Amberol and Cozy for example), as well as quite a few other things about MacOS in general, I felt like Gnome was more like (what I expected from) MacOS than MacOS itself. Over time, as I got used to the differences in the OS, a lot of that faded, but my feelings about the two app markets remains the same.
A lot of developers who bought into the "OS X is just a pretty and stable UNIX" mantra from the mid/late 2000's Mac era have jumped off the Mac train. I wrote some popular macOS apps for powerusers, but the nonsense that Apple has pulled over the last 5+ years led to me pulling out, it just isn't worth the headache or literal monetary cost to maintain free software for the platform.
There was a lot of software from that era that reminded me of the type of poweruser enthusiasts would write for Linux. It's one of the reasons I originally left Linux for OS X 15+ years ago.
These days the pendulum has shifted, Apple is hostile towards powerusers and anyone that wants to modify or run their systems as they see fit. Today, Linux is the "pretty and stable UNIX" that OS X was in the Snow Leopard days. Linux app repositories are filled to the brim with quality software that doesn't show me ads, try to sell me subscriptions or are hindered by my computer's manufacturer for reasons.
> Linux app repositories are filled to the brim with quality software that doesn't show me ads, try to sell me subscriptions or are hindered by my computer's manufacturer for reasons
I expected that kind of thing going in, but was expecting that with privacy being the focus, UI and ease of use would suffer. For me, that ended up being a worthwhile tradeoff, but after getting here I discovered that wasn't the case at all; the apps actually look and feel better than what you'd find elsewhere. Its incredible
Yup, a lot of people are stuck with 2005-era ideas of how Linux is. A lot of time has been spent on polishing UI and UX to the point Windows and macOS feel clunky in comparison.
You also get a lot of high quality apps from people who take pride in their craft versus apps published by companies who want to spend the least amount of money to get the most amount of $0.99 subscriptions as they can out of an app.
A Mac app that has been posted on HN and appearing on its front page almost certainly passes a higher quality bar than an app found by searching the Mac App Store.
I feel the same way. I'm not a fan of the "Books" audiobook player Apple offers, but there really wasn't anything better on the app store. (or anywhere online that I could find).
More surprising was the lack of good podcast apps, again I ended up sticking with Apple's default app, which isn't great. It seems most of the good devs/designers only develop for iPhones these days, as there are a few great podcast app's to choose from.
A simple search for keywords like “OpenAI” and “ChatGPT” on the MacOS App Store reveals the alarming truth about the prevalence of scam apps and shady developers.
Any platform that offers an opportunity to make "passive income" is filled with such garbage, optimized with manipulated reviews, keyword stuffing, and other tricks.
I've seen it on Shopify (stores and Shopify apps), Amazon (sellers and publishing tools), and Etsy, to name a few. Search YouTube for "ChatGPT side hustles" and you'll get thousands of hits.
The platforms don't care. Anything that adds friction or costs such as policies with teeth and staff dedicated to rooting out the scams hurts their bottom lines.
This is a good callout - I'm planning writing an article on the newest member of this group: ProductHunt.
Once a promising place to find curated, quality apps that developers put care into, is now a hellscape of endless repetitive entries of the hype du jour, mixed in with sleazy Google-style adverts and awful social-media-esque interaction reminders (streaks, leave reviews on apps you haven't even clicked on, etc)
I'd like to think it's possible for this to stop, but I honestly don't anymore.
One thing I’m wondering about the upcoming sideloading capability in iOS 17 (even if only in Europe):
What will permissions look like? It seems like everyone is assuming Apple will be forced to let people sideload apps with completely unfettered access to all APIs, the way jailbroken apps work.
That view, to me, seems unrealistic. I think it more likely to have the opposite: no access to most APIs so that only basic, self-contained apps can be installed.
Does anyone know if the EU law requires them to open up all these APIs and completely abandon their code-signing and entitlement system? Or will it be somewhere in between where some APIs will be required to be open but others restricted?
The whole thing is very complicated. I’m not sure I like the idea of government regulating what APIs are available. That seems like way too much interference.
>> 7. The gatekeeper shall allow providers of services and providers of hardware, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same hardware and software features accessed or controlled via the operating system or virtual assistant listed in the designation decision pursuant to Article 3(9) as are available to services or hardware provided by the gatekeeper. Furthermore, the gatekeeper shall allow business users and alternative providers of services provided together with, or in support of, core platform services, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same operating system, hardware or software features, regardless of whether those features are part of the operating system, as are available to, or used by, that gatekeeper when providing such services.
So if I’m reading this correctly, it sounds like Apple’s entire system of entitlements, app signing, and controlled access to APIs goes out the window along with it. This should also affect macOS which uses entitlements the same way.
What I think will go away is the annual developer fee, since the provision specifies access to the OS and features must be free of charge.
Apple may charge separately for access to the App Store and developer tools if it so chooses. However, I predict that once it becomes viable due to the law, a new community of FOSS developer tools will arise.
What’s interesting is the wording of the law does not seem to include free access to services provided by the “gatekeeper.” So Apple could presumably still lock away access to push notifications, Maps, iCloud storage, etc.
I suppose all of those features could be provided by 3rd parties through their own servers though.
I want sideloading because I want to run a GameBoy emulator on my iPhone. Not because I don’t want to be forced to use the App Store (though I don’t want that either).
The demand for sideloading is two-pronged: devs want sideloading because Apple’s App Store policies are unnecessarily restrictive in some ways (e.g. private APIs) and capriciously enforced; end-users want sideloading because the single App Store fundamentally restricts choice and end-user freedoms (if you want an App that necessarily needs to use a private API or, say, a first-party PornHub app, then you’re 100% SOL without jailbreaking or using dev/corp sideloading).
A bit, all the App Store apps (with a few exception by Apple, of course) are sandboxed. That's an additional level of security that normal apps don't require.
The macOS sandbox is not perfect, but in most cases is better than nothing.
They do allow, but it’s not required.
So many developers take the easy way and don’t sandbox their app even when it’s easy.
The macOS sandbox clearly needs some improvements, but developers have their part of faults too.
That’s not how the macOS app sandbox works, it’s up to the developer to implement it.
Apple introduced a few protection for normal apps recently, for example reading files from Documents, Desktop, external drives, and a few more places shows a modal dialog the first time, but it’s a long way from the capabilities of the app sandbox.
How? Sandboxing isn't about preventing running app unsigned by Apple. A sandboxed app can be signed with ad-hoc certificate.
Sandboxing means to explicitly limit the reach of an app. This is easy in some case: limit access to the network, the microphone, etc.
However is not so simple when you have to manage files and security scoped bookmarks: every app will require some changes, sometimes small, sometimes large, to store the security scoped bookmarks it needs. This is not something you can automate with good results.
And sometimes not reasonably possible at all, because e.g. like all sandboxing approaches I'm aware of, Apple's file sandboxing, too, sucks at handling multi-file file formats. (Though to give them credit, they're the only ones who at least have made an attempt at handling those [1], even if that still only covers a rather limited part of that use case.)
[1] At least according to the documentation I've found, their sandboxing should be able to handle "related" files that only differ in their file extensions, but a number of existing file formats are easily more complex than that. I think that's still more than what's possible on Android, Windows or Linux, though…
Apple really doesn't care. A much older example than ChatGPT copycats are apps that blatantly rip off the Spaced Repetition Software Anki.
The official version of Anki for iOS is called AnkiMobile. [1]
But if you search for "Anki" on the App Store you are plastered with Apps called "Anki Pro", "Anki App" etc. It's really quite infuriating, especially for smaller developers who unlike OpenAI don't have the resources to fight against this. [2]
I guess the question is are these apps actually doing the thing that say they do? ie, calling the OpenAI APIs for the user? If the user is getting what they want then I'm not sure it's a scam. If it is actually just a convenient wrapper around chatgpt
As long as Apple outsources low-quality cheap labor for app reviews this will keep happening.
I've been developing iOS apps for 12 years and I can't tell how many times the reviewers failed to follow very basic instructions in review notes, or that they've randomly rejected our apps in a bugfix update that has nothing to do with their rejection reason, almost in each case requiring appealing to review board. The board definitely has some more senior and understanding people with common sense, but why do we need to reach out to them so commonly in the first place?
Knowing the quality of app reviewers, it's not a surprise for me to see so many spammy apps in the store.
> The Dark Side of the Mac App Store: How Scam Apps and Shady Developers Are Preying on Users
As opposed to the "Light Side" of the Mac App store, where the app store itself is preying on app publishers and users, and shady companies behind popular apps are preying on users.
Apple would have a much easier time if they allowed devs (and themselves) to fully automate iOS devices so that real testing could be done on real devices in a fast and fully-automatic way.
There's a non-dark side? Mac App Store has been a consistent pain as a user just cause of the login and flaky download process. I dread every time I want to download something and it has to come from there. If something that simple is so annoying, I don't even want to know what app discovery or the developer's side is like.
Found out a little late that Xcode can be downloaded as a standalone DMG from developer.apple.com/downloads instead of the MAS.
Oh well, nobody really uses the Mac App store anyway. This is the big difference with iOS where you're stuck with it (at least for now until they're forced to open it up).
I remember when my company’s apps in the app store were controversial… even though we were completely upfront, and ended up pulling the controversial features. I can only imagine how much it has degraded since then:
Nothing new here. There are many apps which are derived from the same source with minor tweaks. This becomes more obvious if you do a market research on a subject and test/compare various apps. Initially, I thought people were selling/buying template apps but it is more likely that the same person/team is creating and uploading the same app under different skins and names.
There’s a paywall you can’t exit. Review exploit. Ripping off the logo. By the definition of a scam those things are dishonest in the attempt to make a quick buck. You can do mental gymnastics to try to justify this, but at the end of the day you know this is pretty scammy - especially since you can use chatgpt for free.
Can we please stop pretending that walled gardens produce better quality and security? Apple is only one company, and companies are heavily incentivized to put profits first, quality second. If those two are at odds, guess what the company will prioritize?
The only thing that can improve things is more and better standards. Letting companies dictate only results in pretty crap.
I'm optimistic that AI solutions can really do great work to improve false negative/positive rates in highly manual systems like this.
With that said, it's a slippery slope, and will quickly lead to different types of inconsistencies in policy, enforcement, and all the other problems that come with taking humans out of the loop.
How is it that simultaneously, so many apps fail review for tiny details, showing that apps really are having manual review done on them...
...and yet all this spam is getting through?
Forget opinions about Apple or the App Store generally. I'm far more interested in what the actual process failure is here. Because this is really bad and it's precisely what the whole concept of the App Store is meant to guard against.
So what the heck is wrong with their processes? This is such an "own goal" I'm baffled. This is supposed to be a core competency of the App Store. There's no benefit to Apple allowing all these spam apps. So how the heck is a company as generally competent as Apple messing this up so bad?