Apple: Dash developer had two accounts, 25 apps, and almost a thousand fraudulent reviews

The Mac App Store
The Mac App Store (Image credit: iMore)

Dash, a popular developer tool for offline documentation reading and code snippet handling, was recently removed from the App Store. Moreover, the developer account was terminated. In a statement to iMore, Apple explained:

"Almost 1,000 fraudulent reviews were detected across two accounts and 25 apps for this developer so we removed their apps and accounts from the App Store," an Apple spokesperson told iMore. "Warning was given in advance of the termination and attempts were made to resolve the issue with the developer but they were unsuccessful. We will terminate developer accounts for ratings and review fraud, including actions designed to hurt other developers. This is a responsibility that we take very seriously, on behalf of all of our customers and developers."

My understanding is that the reviews included fraudulent positive reviews for their own apps and negative reviews for competing apps. That's something the App Store simply can't ignore.

Didn't the developer claim they'd never engaged in review fraud?

Yes, from the Kapeli blog:

Earlier today, Apple cancelled my developer account and has removed Dash from the App Store.Update: Apple contacted me and told me they found evidence of App Store review manipulation. This is something I've never done.Apple's decision is final and can't be appealed.

See also the update, above.

Could this be some one-off error or just some big mistake?

Apple clearly doesn't think so. In situations like this, the App Store team communicates with the developer both prior to any app being removed, and after any app has been removed.

That's following an in-depth investigation by the App Store fraud team, sometimes spanning months or even years. They look for patterns of suspicious activity over time and only act once they're convinced of wrong-doing

It's not something they take lightly, but something they believe is essential to maintaining the integrity of the system.

Is there really "no appeal"?

Apple's not a court of law, so "no appeal" isn't really something that makes sense. There have been numerous cases where Apple has reassessed and reversed decisions in the past, and no doubt there will be again.

They're human beings behind the desks. Given that Apple "often" terminates the accounts and removes the apps of bad actors, and it seldom makes headlines, my guess is that their error rate is extremely low. Likewise, if this happens as often as it sounds like it does, the procedure probably allows for few false positives.

It also seems like developers are given every chance to make things right in these situations: Get clean slates or open new accounts, make sure they're squeaky-clean, and go on about their business.

Couldn't a bad actor frame another developer for review fraud?

This concept — that one bad developer could arrange for false reviews for a competing developer and get them banned from the App Store as a result — has been generating a lot of stress in the community.

My understanding is that the chances of that happening are virtually zero.

The iTunes fraud team follows these kinds of situations over time — weeks, months, and years — and iTunes is in contact with the developer before any action is taken. Even then, it sounds like every developer is given every benefit of every doubt, both before and after removal.

Why isn't Apple more transparent about the process?

My guess is that Apple was hoping to work this out with the developer and not have to resort to making a public statement.

As to the process itself, fraud detection doesn't work if the fraudsters know what you're trying to detect.

But Apple's sure they're right about this?

That's absolutely what it sounds like.

According to 9to5Mac, Apple's head of App Store, Phil Schiller, said just that in response to an email:

I am told this app was removed due to repeated fraudulent activity.We often terminate developer accounts for ratings and review fraud, including actions designed to hurt other developers. This is a responsibility that we take very seriously, on behalf of all of our customers and developers.

That kind of email doesn't get sent, to anybody, nor does the statement up top get issued, without everything being triple checked. At a minimum.

So, what's the takeaway here?

Absent information from Apple, and in the face of denials from the developer, the community couldn't understand what was happening or why.

Some might think Apple deserves the benefit of the doubt, but what Apple — and any platform owner — deserves is the benefit of scrutiny.

App Store has to be a place where developers feel protected, both from and by Apple.

In this case, many theories were proposed, including that the developer might have had multiple accounts. That's what seems to be the case.

Apple has put their cards on the table. Now it's the developer's turn. The community deserves the best from everyone.

Wait, there's an update now?

There is! Since the original story was published, the second developer account and the rest of the apps have been identified. They can be seen listed, in at least one case alongside Dash, on App Shopper and Software

Did the developer respond?

Yup! Kapeli, has issued a follow-up statement:

What I've done: 3-4 years ago I helped a relative get started by paying for her Apple's Developer Program Membership using my credit card. I also handed her test hardware that I no longer needed. From then on those accounts were linked in the eyes of Apple. Once that account was involved with review manipulation, my account was closed.I was not aware my account was linked to another until Apple contacted me Friday, 2 days after closing my account. I was never notified of any kind of wrongdoing before my account was terminated.

This has all caused community sentiment to ricochet back and forth between the two. That's because the internet is terrible at nuance. Understanding that two things might both be true at the same time, or that two things might both be wrong at same time seems next to impossible. It requires perspective taking, and that's hard.

So, a case of "Apple Said" / "Developer Said"?

Apple firmly believes two accounts, linked together by common credit card, bank account, developer ID login, and bundle ID, committed ongoing review fraud on the App Store and, despite doing everything they could to settle the matter in a way that gave the developer every benefit of the doubt, they were stonewalled until they felt they had no other choice than to release a statement.

The developers believes that, despite having set up the second account, he bears no responsibility for how that account was used, never heard from Apple before his primary account was suspended, went public with his frustration, was working on a blog post to get back on the App Store, and was then blindsided by Apple going public with a statement, and so released a second statement plus a recording of a conversation with World Wide Developer Relations.

That phone call, though!

Indeed. The phone call posted by the developer is problematic for both sides. Taken one way, the rep was admitting no one contacted the developer and was trying to get them to absolve Apple of guilt in an attempt to cover their ass and cover up a mistake.

Taken another way, the rep was doing everything possible to try and deescalate the situation and help a developer who would take no responsibility help himself back onto the App Store.

The rep could very easily have responded with: "Your card, your bank, your ID, your bundle — claiming zero responsibility is absurd, enjoy your revocation," and then deserved much of the scorn thrown his way.

The dev could very easily have responded with: "Ugh, my cousin. I'll have a word and make sure it stops, and that my name gets off that account!" and he might already be back on the store.

It sounds like Apple believes beyond a reasonable doubt that their actions were justified, and the developer feels that he absolutely bears no responsibility for the second account.

So, Apple's right, the developer's right, or they're both right but neither can see it from the other's perspective.

How did it all fall apart?

That's what's less understandable. Who's idea was the blog post? The developer says Apple's, but I've heard the opposite as well. If Apple was really working to get this swept under the rug, why would they want a blog post? If they wanted a blog post, why would they go to the press?

If the developer sent the blog post draft, why wasn't that the end of it? And if the developer was willing to post the phone call, why not post the blog to show it was written and what it contained?

The part I keep coming back to though, is this, from Kapeli:

I did nothing wrong.

Everything else aside, an App Store account that's tied to the same credit card, bank account, Apple ID, and bundle ID committing fraud to the degree that it gets shut down requires at least several major things being done wrong.

So who should we believe?

Unfortunately, when all you want to do is save face, no one can save the situation. I could guess what happened here, and quote Marcellus Wallace on pride, but that's all it would be — a guess.

Here's hoping Dash, absent the other account, still gets back on the App Store. Forget Apple or the developers, it's what's best for their shared customers.

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

  • He supposedly paid for good reviews. Now that THAT's out of the way, can you please reach out to both Apple and Verizon and find out why the iPhone 7 is having extremely poor network connections and frequent loss of signal? And after that, maybe why iPhone 7 will not pair with Android Wear watches, as well as some in-car bluetooth units, when older models will, no matter the ios version? Thanks.
  • Really? Smh. Contact Apple yourself. iMore isn't some go between for your problems. Sent from the iMore App
  • If your you're going to give advice, at least give home actuate advices. Network issues=Verizon Pairing watch that's not Apple Watch = Apple first, to see if the competitions wearable it's even comparable with iOS 10
  • typical sheep response
  • cc3d, don't you have better things to do then troll apple blogs?
  • Go to bed please, adults are talking.
  • Who was that directed at?
  • Well said, René! Sent from the iMore App
  • While i understand Apple review process and the evidence they believe, the only reason this get so much press is because "Apple's decision is final".. So what is the guy gonna do if he wants to put the app back? he can't... That's the underlying problem. if Apple doesn't have proof, only what they believe.. that is not proof, its only what they think. But u will know if they allow it back and if the same thing happens again, then it's different story. This is, by the way, complete reversal of what Apple does to average customers, if they purchase wrong app by mistake, or rent wrong movie from the iTunes Store, there may be a bit of a headache to go through, but Apple will refund your money regardless what they say if its an accident.. 1 time only. Personally, I reckon develops should also be given a second chance.
  • no way should devs be givin a second chance when it was their fault at deceiving the review process. Apple has the right to ban whatever they deem necessary and being deceived by the developer is one of them.
  • In my opinion, which is exactly that, my option is Apple needs to change its policy a bit. I like that they protect the end user, me, but I believe they should have a form of communication with these developers. Contact them, present their evidence and give the developer a chance to prove his innocence. They could have honestly made a mistake. Im pretty sure Apple wouldn't suspend and terminate accounts from Adobe, EA etc. the smaller developers without deep pockets or resources are left in the dust. Aren't these the same developers that help build the App Store into the best for any phone? If they don't like the developers response them terminate. If I wrong and they do contact the developer asking for explanation, evidence then I'm sorry. I'm not a developer so I'm not versed in App Store rules. Sent from the iMore App
  • The article says Apple contacted them beforehand to discuss this.
  • You are completely correct in your comment. However when I first wrote this post, the article was not updated with that information.
  • Apple contacted the fraudulent account holder, not the Dash developer. They just need to change their procedure so that ALL linked accounts are contacted should this occur. If the same person receives multiple emails, no problem. But it would prevent this situation.
  • Apple's made mistakes before.... They've flagged app,s then few days later, reversed their decision... If Apple has done the same here, they could easily bring back the account... It's only "final" because Apple says so, but as we know, they do have lee-way. We need more reason as to why Apple did what they did... However, developers can cross the line all the time to rank up their apps, and stick stuff in their code to try and get around what it actually does all the time, so i dunno. No system is bullet proof.
  • One of these stories always comes out right when I am deciding between going back to iOS or stick with Android. Looks like it's Android. Posted via the iMore App for Android
  • It's just bad timing :)
  • Are you kidding me. Apple putting their foot down to protect their customers did it for ya? See ya later, you don't deserve to own any Apple devices whatsoever.
  • I think the detail that is missing is that Schiller looked into it and the action was confirmed. I doubt that a subordinate would hand over such information to Schiller without triple checking it. I am told the man is of some power and authority at Apple.
  • We don't know the data that Apple has access to and which we don't, but I find it hard to believe that they have proof of actual payments for positive reviews.
  • It being apples process, I'm sure they have see. It time and time again and can easily spot this kind of fraud out. Do you think Apple is that dumb? They wouldn't suspend an account "just because"
  • I'm not saying that Dash did this or that. But, it is a shame that some companies pay people to review apps and devices. Just saying...
  • What would stop me as any random stranger, from hiring one of those companies that create fake reviews and having them create fake reviews from some random app (such as this), knowing Apple might remove them from the App Store? (other then the expense of course). What's the next similar app to Dash? Could it have been that developer? Trying to bump Dash from the App Store to try to get their own traction?
  • OK, go back and reread this article and many others. Your fantasy scenario couldn't happen because that's not how this works. We still want you to reread, but to recap a few highlights for you, Apple just doesn't remove app when suspecting fraud, even though that would be their prerogative as a private company. Instead, they investigated, warned the developer repeatedly, and then when it continued they finally, and many would argue, belatedly, dropped the app. See, your worry that Apple didn't have the common sense to contact a developer they suspected was guilty of fraudulent reviews was unwarranted.
  • This to me is yet another problem with Apple entire review process. It is really out of hand that they have zero room for error if they think it is the case. Take Google for example they have 3 strike rule. First time they warn you. Third you get banned. That is a much better approach to this system as it protects false positives. The repeate offenders will get banned but the last thing you want is to remove an app like Dash. Apple review process people claim it is great. Until you talk with a developer who has to do deal with it every day and then you understand the pain. Apple will reject you for random reasons that passed 20 times before and boom rejected. This hurts when it is a hot fix on something completely unrelated to the rejected reason that you need out. The Apple currently in the store guess what has what ever reason you are rejected in it and you need to hot fix.... This just is another shining example of Apple review process needs a lot of work.
  • Apple's statement said "Warning was given in advance of the termination and attempts were made to resolve the issue with the developer but they were unsuccessful." So it's not like it came out of the blue without warning. What else can Apple do? Unless you think Apple is lying about trying to resolve things with the developer before banning. The developer had 2 accounts and 25 apps removed. The takedown was not specifically aimed at Dash. And app review is different than app store fraud detection.
  • You're assuming Kapelis owned both accounts. Apple notified the fraudulent account, but not Kapelis' account.
  • Yet, that horrible review process you has only led to Apple has to putting going on $60 Billion, yes that's the "Big B" T-Blur, into the hands of hundreds of thousands of developers world wide. Apple has millions of apps to deal with, so no they aren't going to cater to the whim of every developer who cries "Apple is unfair!" And, as many others have pointed out, you were dead wrong about Apple's process not including warnings. Your error is just one example of why Apple can't have the "inmates running the asylum." Developers' role is to follow the rules that everyone has to follow and that were set up for the greater good. Yes, the good of the many outweigh the needs of a few. Apple was first in creating something unique in the world, a marketplace of hundreds of millions of customers that Apple puts in front of you to reach from your desk or coffeeshop and get a piece of the tens of billions developers are making. Yes, be grateful for the opportunity.
  • Thank you for proving you have no clue what you are talking about and blindly following what ever applies says is perfect. Get back to me when you become a real developer and figure out how out dated and out of line with modern standards the app store and Apple review process is because by your logic what Microsoft did in the 90's crippling competitivors was a good move because it made them billions. Apple is not developer friendly at all. Updates are painful to roll out with no way to load an earlier version out. No way to get critical bug fixes out in a timely manner. But hey thanks for playing
  • This happens to small developers ALL THE TIME, and Apple's rate of false positives is higher than anyone would prefer to believe. It's a problem, and it's a shame it takes such a high profile app to have a discussion about this. Whether or not that developer is innocent is way less important than the systemic issues Apple faces with the App Store, its app review process, its handling of user reviews, and the sketchy, opaque nature of app store search results than encourages everyone to bend the rules just to stay alive.
  • I am especially curious about the added parenthetical expression in PS' email, specifically "including actions designed to hurt other developers". He didn't have to say that, as the sentence otherwise stood in its own. Makes me wonder if this guy wasn't writing bad reviews about other competitors' apps to bolster his own, rather than what everyone else has speculated, writing or paying for good reviews for his own. Sent from the iMore App
  • Uh, "was writing" not wasn't... Sent from the iMore App
  • nice catch!
  • “In situations like this, Apple communicates with the developer both prior to any app being removed, and after any app has been removed.”. Are you sure Rene? Kapelis blog that you linked to would indicate otherwise.
  • This is one of those times that I say it is a good time to call Rene out on his inner Apple Fan Boy. This case on Dash it is pretty clear Apple did not do the communication and I am willing to bet good money it has happen multiple times before. It just took a good app being killed for the press to finally make noise about it.
  • Pretty clear how? Developers also pull stunts like these all the time then of course deny any wrongdoing.
  • I believe Apple did contact the fraudulent account. The problem is that Apple did not contact Kapelis' account.
  • It's funny reading the "righteous" comments from 3 days ago, then now...*silence* Sent from the iMore App
  • Ha! Love the developer response. I had no idea. Really? I'm guessing he is still paying for it, and that account is still linked to his credit card, similar to how my wife and kids are tied to my account by my credit card. Guess what happens if they make hundreds of dollars of IAPs? I pay. Same thing. He's paying for an account that is engaging in fraudulent activity. Oh well. Sent from the iMore App
  • even i do stuff to get round Apple,,, but the difference is at least know Apple polices ... Then again,,, i if i were doing this, i would not be foolish enough to link a valid email address that did the manipulation in the first place either
  • Sounds like a crooked developer. No, it's my Oops..wait, yep, i did set that up. Another moron dev. Devs do crooked reviews all the time. Companies buy such reviews giving out items. But they never use their own accounts.
  • But officer I had no idea I was driving so fast, that's not my fault .....
  • lol... yes i was drunk.
  • There are those users that will always be on the side of developers how matter what they say is true or false, just because they use their app.
  • Rene, wrote: "... two accounts, linked together by common credit card, bank account, developer ID login, and bundle ID, ... Your card, your bank, your ID, your bundle ... an App Store account that's tied to the same credit card, bank account, Apple ID, and bundle ID ..." The only things linking the two accounts were a credit card and some devices (serial numbers or device ids). Each account has its own developer id and bundle id. If multiple accounts could share a bundle id, then the App Store would not function properly. Kapeli made the mistake of linking his credit card to his relative's account, as well as not unlinking the gifted/donated test devices from his account. Apple only notified the relative's account which was the one committing the fraudulent activity. They did not notify Kapeli's account, which was linked to the relative's account. If Apple had contacted ALL accounts linked to the relative's account, Kapeli would have known about the fraudulent activity and done something to dissociate himself from his relative's account. Apple, and others, have made the invalid assumption that linked accounts are owned by the same entity (person, company, etc.). In most cases, linked accounts are owned by the same entity, but in this instance the linked accounts were owned by separate entities (Kapeli, his relative). His relative was notified of the suspected fraudulent activity for their account, but Kapeli was not even though his account was linked (unknowingly/forgetfully) to his relative's account. The audio recording is proof of this, and Apple's representative implies Apple's invalid assumption about linked accounts. Apple needs to change their fraudulent activity notification policies so that ALL accounts linked to the one committing the fraudulent activity are notified of said activity. As @Solublepeter said, "If the same person receives multiple emails, no problem. But it would prevent this situation."