Apple accidentally violated US sanctions against a Slovenian developer for more than 2 years

iPad app Store
iPad app Store (Image credit: iMore)

What you need to know

  • The US Office of Foreign Assets Control blacklisted a Slovenian dev in 2015.
  • The developer was removed from the blacklist in 2017.
  • But Apple continued to allow their apps into the App Store throughout.

Apple continued to work with a Slovenian developer despite them being blacklisted by the US Office of Foreign Assets Control (OFAC, according to a new Wall Street Journal report (via 9to5Mac).

According to OFAC Apple disclosed its violation of the sanctions voluntarily, although the lack of compliance reportedly shows that Apple's oversight during the period was "reckless."

So what exactly happened? A lot, as it turns out. And it all seems to have passed Apple by with the developer's apps remaining in the App Store throughout.

Apple allegedly entered into an app development agreement with SIS d.o.o., an app developer based in Trzin, Slovenia, in 2008, according to the settlement agreement between OFAC and Apple.In February 2015, OFAC blacklisted SIS and its majority owner Savo Stjepanovic for allegedly being part of an international steroid trafficking network. As a result of the designations, any property that SIS or Mr. Stjepanovic had an interest in were blocked, and U.S. individuals and entities were prohibited from dealing with them. In May 2017, OFAC removed Mr. Stjepanovic and SIS from its blacklist.During the time SIS was blacklisted, Apple made 47 payments related to the company's blocked apps, including making payments directly to SIS, OFAC said. Apple also collected about $1.2 million from customers that downloaded SIS's apps.OFAC said the span of time over which the alleged violations happened and the multiple points of failure within Apple's sanctions compliance program showed "reckless disregard for U.S. sanctions requirements," according to the agreement.

While that all sounds like something out of a movie, the reason Apple missed the fact that it was dealing with a blacklisted entity is even more bizarre. According to the WSJ report it all came down to a simple case of formatting, with the blacklisted name and the developer's account name not matching completely.

On the day Mr. Stjepanovic and SIS were blacklisted, Apple ran the new designations against its app developer account holder names. But the company's sanctions-screening tool failed to identify SIS as a blacklisted entity because Apple's system listed the company as "SIS DOO," rather than "SIS d.o.o" on OFAC's list, according to the agreement.Apple allegedly failed to identify Mr. Stjepanovic as a blacklisted individual in its system as well, because Apple didn't screen all individual users associated with an App Store account at the time, according to the agreement.

That fact that Apple alerted OFAC didn't mean that it got off without paying a fine, though. Instead the company handed over $467,000 and set about making sure a similar incident can't happen again.

Oliver Haslam

Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too.

Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.