Apple: Dash developer had two accounts, 25 apps, and almost a thousand fraudulent reviews

The Mac App Store
The Mac App Store (Image credit: iMore)

Dash, a popular developer tool for offline documentation reading and code snippet handling, was recently removed from the App Store. Moreover, the developer account was terminated. In a statement to iMore, Apple explained:

"Almost 1,000 fraudulent reviews were detected across two accounts and 25 apps for this developer so we removed their apps and accounts from the App Store," an Apple spokesperson told iMore. "Warning was given in advance of the termination and attempts were made to resolve the issue with the developer but they were unsuccessful. We will terminate developer accounts for ratings and review fraud, including actions designed to hurt other developers. This is a responsibility that we take very seriously, on behalf of all of our customers and developers."

My understanding is that the reviews included fraudulent positive reviews for their own apps and negative reviews for competing apps. That's something the App Store simply can't ignore.

Didn't the developer claim they'd never engaged in review fraud?

Yes, from the Kapeli blog:

Earlier today, Apple cancelled my developer account and has removed Dash from the App Store.Update: Apple contacted me and told me they found evidence of App Store review manipulation. This is something I've never done.Apple's decision is final and can't be appealed.

See also the update, above.

Could this be some one-off error or just some big mistake?

Apple clearly doesn't think so. In situations like this, the App Store team communicates with the developer both prior to any app being removed, and after any app has been removed.

That's following an in-depth investigation by the App Store fraud team, sometimes spanning months or even years. They look for patterns of suspicious activity over time and only act once they're convinced of wrong-doing

It's not something they take lightly, but something they believe is essential to maintaining the integrity of the system.

Is there really "no appeal"?

Apple's not a court of law, so "no appeal" isn't really something that makes sense. There have been numerous cases where Apple has reassessed and reversed decisions in the past, and no doubt there will be again.

They're human beings behind the desks. Given that Apple "often" terminates the accounts and removes the apps of bad actors, and it seldom makes headlines, my guess is that their error rate is extremely low. Likewise, if this happens as often as it sounds like it does, the procedure probably allows for few false positives.

It also seems like developers are given every chance to make things right in these situations: Get clean slates or open new accounts, make sure they're squeaky-clean, and go on about their business.

Couldn't a bad actor frame another developer for review fraud?

This concept — that one bad developer could arrange for false reviews for a competing developer and get them banned from the App Store as a result — has been generating a lot of stress in the community.

My understanding is that the chances of that happening are virtually zero.

The iTunes fraud team follows these kinds of situations over time — weeks, months, and years — and iTunes is in contact with the developer before any action is taken. Even then, it sounds like every developer is given every benefit of every doubt, both before and after removal.

Why isn't Apple more transparent about the process?

My guess is that Apple was hoping to work this out with the developer and not have to resort to making a public statement.

As to the process itself, fraud detection doesn't work if the fraudsters know what you're trying to detect.

But Apple's sure they're right about this?

That's absolutely what it sounds like.

According to 9to5Mac, Apple's head of App Store, Phil Schiller, said just that in response to an email:

I am told this app was removed due to repeated fraudulent activity.We often terminate developer accounts for ratings and review fraud, including actions designed to hurt other developers. This is a responsibility that we take very seriously, on behalf of all of our customers and developers.

That kind of email doesn't get sent, to anybody, nor does the statement up top get issued, without everything being triple checked. At a minimum.

So, what's the takeaway here?

Absent information from Apple, and in the face of denials from the developer, the community couldn't understand what was happening or why.

Some might think Apple deserves the benefit of the doubt, but what Apple — and any platform owner — deserves is the benefit of scrutiny.

App Store has to be a place where developers feel protected, both from and by Apple.

In this case, many theories were proposed, including that the developer might have had multiple accounts. That's what seems to be the case.

Apple has put their cards on the table. Now it's the developer's turn. The community deserves the best from everyone.

Wait, there's an update now?

There is! Since the original story was published, the second developer account and the rest of the apps have been identified. They can be seen listed, in at least one case alongside Dash, on App Shopper and Software

Did the developer respond?

Yup! Kapeli, has issued a follow-up statement:

What I've done: 3-4 years ago I helped a relative get started by paying for her Apple's Developer Program Membership using my credit card. I also handed her test hardware that I no longer needed. From then on those accounts were linked in the eyes of Apple. Once that account was involved with review manipulation, my account was closed.I was not aware my account was linked to another until Apple contacted me Friday, 2 days after closing my account. I was never notified of any kind of wrongdoing before my account was terminated.

This has all caused community sentiment to ricochet back and forth between the two. That's because the internet is terrible at nuance. Understanding that two things might both be true at the same time, or that two things might both be wrong at same time seems next to impossible. It requires perspective taking, and that's hard.

So, a case of "Apple Said" / "Developer Said"?

Apple firmly believes two accounts, linked together by common credit card, bank account, developer ID login, and bundle ID, committed ongoing review fraud on the App Store and, despite doing everything they could to settle the matter in a way that gave the developer every benefit of the doubt, they were stonewalled until they felt they had no other choice than to release a statement.

The developers believes that, despite having set up the second account, he bears no responsibility for how that account was used, never heard from Apple before his primary account was suspended, went public with his frustration, was working on a blog post to get back on the App Store, and was then blindsided by Apple going public with a statement, and so released a second statement plus a recording of a conversation with World Wide Developer Relations.

That phone call, though!

Indeed. The phone call posted by the developer is problematic for both sides. Taken one way, the rep was admitting no one contacted the developer and was trying to get them to absolve Apple of guilt in an attempt to cover their ass and cover up a mistake.

Taken another way, the rep was doing everything possible to try and deescalate the situation and help a developer who would take no responsibility help himself back onto the App Store.

The rep could very easily have responded with: "Your card, your bank, your ID, your bundle — claiming zero responsibility is absurd, enjoy your revocation," and then deserved much of the scorn thrown his way.

The dev could very easily have responded with: "Ugh, my cousin. I'll have a word and make sure it stops, and that my name gets off that account!" and he might already be back on the store.

It sounds like Apple believes beyond a reasonable doubt that their actions were justified, and the developer feels that he absolutely bears no responsibility for the second account.

So, Apple's right, the developer's right, or they're both right but neither can see it from the other's perspective.

How did it all fall apart?

That's what's less understandable. Who's idea was the blog post? The developer says Apple's, but I've heard the opposite as well. If Apple was really working to get this swept under the rug, why would they want a blog post? If they wanted a blog post, why would they go to the press?

If the developer sent the blog post draft, why wasn't that the end of it? And if the developer was willing to post the phone call, why not post the blog to show it was written and what it contained?

The part I keep coming back to though, is this, from Kapeli:

I did nothing wrong.

Everything else aside, an App Store account that's tied to the same credit card, bank account, Apple ID, and bundle ID committing fraud to the degree that it gets shut down requires at least several major things being done wrong.

So who should we believe?

Unfortunately, when all you want to do is save face, no one can save the situation. I could guess what happened here, and quote Marcellus Wallace on pride, but that's all it would be — a guess.

Here's hoping Dash, absent the other account, still gets back on the App Store. Forget Apple or the developers, it's what's best for their shared customers.

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.