Dear Dash Users – A message to all Dash users from the Kapeli Blog(blog.kapeli.com) |
Dear Dash Users – A message to all Dash users from the Kapeli Blog(blog.kapeli.com) |
Instead, he was enjoying the spotlight so much, he used the opportunity to escalate further, even publishing his phone call with Apple (illegal on one side of that conversation at least).
And that narrative includes a healthy dose of goodwill, considering how close to "the dog ate it" that story about the family friend is. A friend who apparently also didn't own any Apple hardware, so they shared that as well.
But open sourcing the useless iOS app is apparently a bad idea because his customers don't know how to work XCode, which strikes me as counterintuitive, considering every single one of his customers bought programmer-centric software for Mac.
This is actually not correct, it depends on the state/country he is in.
Btw, I believe there is a miscommunication between them as I don't think going to the press behind his back is in Apple's best interest.
But I've lost trust in this guy after reading his blog posts and especially the phone call he published.
The only reason I can think of why the phone call took over 7 minutes is because he wanted to record it and publish it. Really. If you summarize the phone call. It's basically Apple asking him to publish that his account was indeed linked with the fraud account (not even that he's the one who committed the fraud) and he's working with Apple to resolve it, and rest is this dash guy complaining on and on which is completely unnecessary since Apple already knows that and is saying they understand and want to work with him to "make this right" (The Apple guy literally said "make this right").
Also it is very hard to believe at this point that a "relative" did all this. If I--or any normal person--was in the same situation (I am paying for a relative's developer account with my own credit card with my device and turns out that the relative is committing a fraud), my first reaction would NOT be telling Apple "This has nothing to do with me", but "I had no idea, I am still pissed that you guys didn't notify me, but I also understand your position and will talk to my relative to make sure this doesn't happen. After all, I am the one funding this fraud regardless of whether I was aware or not aware.")
* Apple terminated both accounts because of fraudulent activity, but only one account was contacted to let them know of this activity.
* Kapeli shared financial information and test devices with this other account, whether it was a relative or not.
* Apple said "Hey, write a post telling the whole story and all will be cleared. Just don't say we were at fault."
* Kapeli agreed he would draft and send. Kapeli apparently did but never heard back.
* Apple had a spokesperson come out that painted a different a picture that basically seem to throw Kapeli under the bus.
After listening to the recording of the conversation, my feeling is that Apple is handling this in a very fair and professional way, and that I was too quick to take sides. I think it is not unreasonable to assume that: same credit card + same hardware = same developer.
Apple on its side have followed its script which also seems to be entirely plausible and in good faith. However, their course of action does apparently not cover the corner case of contacting all account owners to linked accounts before shutting them down. The agreement allows for third party account payment albeit with some slight inconveniences. In addition, the rules for account linking, and it’s very existence is hidden from the developer party, so (s)he has no responsibility to relate to it, or whatever else is outside of the agreement.
People may not like the style the developer has done his part. Nevertheless his story is plausible and consistent, however improbable. Recording phone calls without consent of the other party may be legal in his country; I know it is in mine.
Apple has been caught with its pants down but because of the immense power imbalance, the developer, trough no fault of his own, is set to suffer with no recourse, unless there are stings attached. I find it infuriating that he has to do anything at all to set straight a problem he did not cause.
From this point whatever bad publicity Apple has incurred they have only them selves to blame. They should at least reverse the account lock, and for reestablishing whatever lost public confidence at a minimum produce an apology for the inconvenience.
This is how I understand it from what I have read so far. If any new indications appear to make me change my mind I may do so.
I'll keep using Dash, but I hope the dev will clear himself out from someone that is not helping.
My preferred solution would be for a fellow developer to get it
back on the App Store, as a free app.
Especially because: Open sourcing doesn’t look like a good solution at this time,
as most of my users are not iOS developers and are not familiar
with compiling an app for their devices.
I may be missing something but the author cannot open source the app, but expects a fellow developer to get it on the App Store as a free app. Can the fellow developer pick up the existing app (binary?) and upload it on the app store?You'd have to be mad to actually do that, though. We see quite clearly how Apple can react when they think they've been wronged, and who knows what that binary actually contains.
Seems like the best approach would be to open source it and convince somebody (perhaps several somebodies) to build it from source and put it on the store for free. Obviously, the source release would need to be under a license that was compatible with an App Store release (i.e. no GPL).
Apple behaves as if everyone has a credit card and the mapping from credit card to (legal) person is unique. That isn't so in Romania and Apple's heuristics go boom.
The same assumption shows up again a little later in the imbroglio: Apple asked him to admit some sort of wrongdoing, however gently, because credit card maps to person to the person they spoke to carries some responsibility, etc. Bogdan rejected, because credit card doesn't map to person and giving someone $25 isn't wrong.
I read a lot of the previous HN thread saying Apple blackmailing him. This point would be correct if you consider Apple was wrong, and this Guy borrowing his credit card AND account to this "relative" ( Which we still dont know if he/she exist ) committing Fraud bare ZERO responsibility for himself.
This is like iFixit tearing up the new AppleTV before NDA and being cocky about it.
I mean seriously, what the hell is wrong with these people?
Glad the issue didn't impact me too negatively, and i hope this is true for most of his customers.
Imagine this scenario:
You buy your cousin a fancy sword for his birthday one year, which he later uses as a murder weapon against his girlfriend. The police look up the serial number and see that although it's registered under your cousin's name, your credit card was used to purchase it.
They arrest your cousin, give him a fair trial, convict him of murder, and place him on death row. You're not in touch with your cousin, so you are completely oblivious to everything which has happened. At this point, SWAT officers storm your home and arrest you, refusing to tell you why. You're thrown in a cell and told you have been placed you on death row, and that their decision is final and can’t be appealed.
Your only saving grace is the fact that you happen to be mildly influential in a small community with ties to the government, and you're able to get your side of the story out.
Articles are written about you. People are outraged at the government. Others come forward to tell of their dead relatives who had been wrongly executed as well.
The Attorney General reads one of these articles and scrambles to do PR damage control.
Se has her aid call you and demand that you make a public statement saying that The Government did nothing wrong, that you were the one who purchased the weapon so they were justified in their actions, and that they are so graciously working with you to clear your name. Of course, they completely ignore the part about their negligence and what would have happened if you were just some no-name.
---
I believe Apple desperately needs to change their policies. These statements like "We can't provide you with any more information.", "This decision is final.", and lack of communication are wrong. Sure, they are a private company and have the legal right to remove anything from their platform at any time for any reason without any notice or explanation, but that doesn't mean that their actions should be supported and endorsed by the communities of users and developers.
Their actions should have consequences in the form of diminished trust, which may be the straw the breaks the camel's back in many developer's and user's choices to continue developing for and using their platform.
I will say that it was not smart of Kapeli to publish the phone call; at least not yet. He should have waited a bit longer, and only published it if Apple didn't follow through on their word. However, I still believe Apple is in the wrong here, and Kapeli's only real crime is that of naivety.
1. Guy publishes paid app to iTunes
2. App is really good, gets a ton of good reviews
3. Apple decides those reviews must be fraudulent, and pulls his app from the store and tells the guy he has to publicly admit that he committed review fraud to get his app reinstated.
4. People who have bought the app can't download it, guy can't do anything to make his own app available anymore without making a false confession and harming his own reputation.
This sort of heavy-handed-but-uncareful approach to "curation" is consistent with my experience publishing to the iOS app store.
If you define "normal" as "milquetoast and with an Americentric perspective," then maybe.
Americans are much more submissive when bureaucratic process presents a roadblock. Especially a roadblock that seems on the face more reasonable with an American view of sharing bank accounts and old hardware.
Americans' desire for justice and fairness are paraded around. But their sense of justice is beaten out of them until they have Dwight Schrute-esque compliance "That is the law, according to the rules."
I say this because I have lived in multiple countries/cultures and have seen many people who say the same thing. Regardless of which country you live in, there are people who talk about how some bad human trait is specific to only their culture. If people from all other countries say the same thing, it probably means it's not unique to only your people.
Also, this is not an American thing. This is called "courtesy".
And either way, Apple is lame if it takes getting @pschiller involved to try to resolve this. I dig Apple, but they are broken in so many ways.
Edit: typo
* Kapeli shared financial information and test devices with this other account, whether it was a relative or not.
The assumption here is that for some reason a credit card number and device identifiers (unclear where they come from...but maybe mac address?) are enough for Apple to "link" accounts. I contest this for the same reason I think someone knowing my birthday and social security number is _not_ enough for them to be confirmed as "me".
While I don't think Apple is wrong to use this as a psuedo-identifier, I do think it is wrong for them to insist that, "we did nothing wrong" and fail to reinstate the pseudo-linked account immediately after being contacted.
I don't know if Kapeli is telling the truth about the situation...and his reputation is tarnished my eyes, but I definitely don't think Apple should insist that the accounts _must_ (with 100% certainty) be linked based off of the circumstantial credit card and test devices registered to them.
At this point Apple should either reinstate the account or come out with all the information they have to justify their actions. But having "closed door" conversations and throwing allegations at one another without proof and documentation is ridiculous.
Where it fell apart was failing to account for the possibility that they got it wrong. They should have notified both accounts and explained why both were being banned for the actions of one, then allowed a way to demonstrate than the two weren't really linked in order to reinstate the other account.
Unfortunately, this is pretty typical for how Apple operates the App Store. "We're never wrong, get lost" seems to be their motto. For example, for a long time you couldn't even appeal when your app was rejected. If it was rejected incorrectly, then all you could do is try to submit again and hope you got a different reviewer that time.
The App Store is a direct descendant of the iTunes Music Store, which originally existed to serve a handful of big music publishers. In many ways, it hasn't adapted well to serving a million small developers.
1. Credit card used to pay the annual developer fee.
2. Test devices.
3. Bank account used to receive payments from Apple.
4. Bundle identifiers used to uniquely identify each app. (http://i.imgur.com/NljOzF4.jpg)
Even if (1) and (2) could be explained by the Dash developer helping someone else get started, (3) and (4) are more difficult to justify. Especially (4) because the bundle identifier is an arbitrary string and there's no real reason for different people to use the same one. But also (3) because it means the Dash developer was receiving payments for the apps being sold by the fraudulent account (i.e he was financially benefiting from the fraudulent activity).
Based on these factors I think it's entirely reasonable for Apple to conclude that both accounts were being controlled by the same person.
Why should Apple tell devs what to publish on their blogs? That does seem like blackmail: say you are sorry and we will let you back in.
> same credit card + same hardware = same developer
is fine as a pseudo-identifier for fraud detection...but I don't think is actually an identifier. It's kind of like someone knowing my social security number and birthday but not actually being me.
IMO, Apple should have immediately reinstated the account once contacted about a potential edge case rather than insist that, "they did nothing wrong" because the implication of that is that the above two pieces of information is legally acceptable as personal identification and that the developer _did_ do something wrong.
I may not believe Kapeli 100% and his reputation is tarnished some in my eyes, but I don't agree with Apple standing on the notion that CC + device identifiers together are sufficient PII. Fine for fraud detection in a "pseudo-" context...sure...but not enough to deny immediate reinstatement.
For example they could just look at the IP from which each account holder signed in, and may have found that they were coming from the same IP. In fact, it is very likely that they would have tried this, and if they did and found that the IP were different they probably wouldn't have been as confident about how they dealt with this case in my opinion.
Apple offered some flexibility, to account for the remote possibility of an unfortunate misunderstanding, and offered a way forward that, in my view, was pretty reasonable, and that allowed both sides to safe face, and continue to do business together.
No, actually it's not. Someone knowing your SSN is completely different form someone having possession of your hardware. Even if the story were different and the CC# had been stolen, iOS hardware identifiers are cryptographically validated on development devices. You can't just go around 'stealing' device IDs without having possession of said devices - ergo it's about as solid an identifier as one can get.
This type of probabilistic inference is how fraud detection works in everything from Apple to Paypal to world banks.
I would even go so far as to call that aforementioned combination a smoking gun.
THEN, after this phone conversation, they go to the press with a PR release that paints him as a scammer (and doesn't mention any of the circumstances from the phone call). This happens while Kapeli is waiting for his blog post to be reviewed.
1. Guy publishes good paid app and gets a tonne of good reviews
2. He helps out a relative by buying an apple developer account for them, giving them a machine to test with
3. Relative also uses same "com.kapeli.*" bundle ID
4. Relative decides to buy 1000 fraudulent reviews
5. Apple tells the relative to stop posting fraud reviews, who refuses
6. Apple terminates both developers accounts since they are all the same information (they look like the same person, same credit card, bank account, test machine, and bundle ID)
https://www.reddit.com/r/apple/comments/56uque/apple_dash_de...
As much as they tend to piss me off for other things. I don't see any wrongdoing from them. It's like accusing them of cutting off the payments to a bakery that operates from the same bank account to that of a drug dealer.
Also that kind of blackmail: "You're sure you want that statement to become public?" is plain stupid.
See https://software.com/publisher/kapeli
Just to clarify: On Friday my position was "I have no reason to believe Kapeli is lying and every reason to believe that Apple made a mistake". But after reading and listening to various sources I can not defend this position any more. It makes me sad.
7. Apple offers to reinstate the developer account, iff the user makes a post pointing out how this wasn't Apple's fault.
Just saying: anyone can freely create any App ID they want. I just successfully created "com.google.android.nougat" as a test.
Now in my opinion that is a fair request and if I were in his shoes I would of done just that because I can see how Apple could of tied the two accounts together. Others have said that it's Apple Blackmailing him "Post a blog post if you want your account back" and I can see their logic.
Apple don't want to be seen as they made a mistake because they did detect fake reviews and took account against the account volating their polices. But they also want it known why his account was caught up in this mess.
Were Apple right in nuking both accounts that they deemed were linked together? Should Apple made contact with all parties (it seems the accounts did have at least differnt contact information as he said he got no notice off Apple, Apple say they did contact the dev who's app had the fake reviews) before terminating accounts? Should a public statement explaining the incident be a requirement of reinclusion to the App Store
These are questions I have asked myself and have yet to come to a firm decision on myself.
He did do that though. He wrote a [blog post draft][1] that mentioned the "linked account" and sent it in to them for review.
Rather than respond to or approve his blog post draft email, Apple went behind his back to the press with statements that omitted all of the "linked account" circumstances and painted him as a legit scammer.
Was Apple's release written up before Bogdan's conversation with them on Friday/Saturday (And no one told Tom that the situation had changed) or did something else happen between then and Monday to change Phil's mind?
I don't think this. But then again I can only have an informed opinion based on the information available (to me).
Basically, CC + registered devices are fine pseudo-identifiers. But they aren't guaranteed unique and therefore edge cases do exist.
So if an edge case manifests, it seems that recourse is limited and at this point Apple basically is leveraging reinstating Kapeli's account to extort some sort of PR gain.
Again, I personally don't think Kapeli is without fault here...but it's possible what he is saying is _true_, so given that he _might_ have limited connection to the fraudulent behavior and has gone out of his way to try and reinstate Dash, why continue to deny reinstatement?
Apple might have more information, but until I see it its still a question.
So if Apple had made credit cards and/or test devices UNIQUE to a given account then sure...but that's not what they did here did they?
your portrayal of Americans is rather offensive.
You have a good point. Voicing my disappointment in my fellow countrymen might go over better at HN I were doing something minor, like accusing ~40% of them of racism for not sharing the opinion that the Democrats' policy positions are the lesser of two evils.
What the hell are you talking about?
Apple spent at least two years investigating this issue, and was in repeated contact with the developer committing fraud. It's clear that this process is designed to be as conservative as possible, because if it wasn't, it wouldn't take two years to finally hit the point of closing the account.
He has to now decide what's more important: his pride or his revenue (https://web.archive.org/web/20150103225308/http://blog.kapel...), it's that simple.
I'm not saying Apple did blackmail him, just stating what others on this site have said do me. Personally listening to the call I would of made the blog post, not because I thought Apple were blackmailing me but because I can see Apple's Point of View in this matter and that it had stirred things up.
But it had been pointed out to me that the blog post being a condition of having the account reinstated (and Apple ideally wanting to look over a draft of that post first) could be taken as Apple blackmailing him and its hard to argue against that point. And that's why I bring up the question in my post "Should a public statement explaining the incident be a requirement of reinclusion to the App Store?" (Whoops it appears I missed off the ? in that post, but it was meant as a question).
I'm going to give the Dev the benefit of the doubt for a moment when they said they got very little information out of Apple was to why it was closed. [1]
> A few hours ago I received a “Notice of Termination” email, saying that my account was terminated due to fraudulent conduct. I called them again and they said they can’t provide more information.
The first initial publication of the issue was that he had very little information to go off, he had been accused of fraudulent conduct, he believed that he had not done any thing fraudulent and Apple said the matter was closed.
If he believed he was in the right after that you have very few options open to you and as been shown in the past (and in my experience with Google) going public can be one of the ways to get a 2nd set of eyes on the issue. At the very least he would have to explain to his users why they can no longer update/download his app from the place they had purchased it from.
In this case getting that 2nd set of eyes on the issue as did get the ball moving again so I'm not going to hold anything against any one who has to use the tactic of going public (Though imo it has to be done carefully as it can be the nuclear option but if the other side has already used theirs you are often left with little other option. But it has to be done carefully because we have seen it used when the dev has been at fault).
I can see why Apple would like a statement clearing up what had happened but the "blackmailing" argument is should it be a requirement?
Again personally if I was in his shoes I would of made the post anyway, I wouldn't of seen it as a "condition" because I can see why Apple deemed the 2 accounts as linked and I would like to explain to my users what the mix up was, because after going public they are bound to ask anyway.
[1] https://blog.kapeli.com/apple-removed-dash-from-the-app-stor...
EDIT: When I say "they are bound to ask anyway." I was referring to my users, not Apple.
This is how the business world works. Sometimes you can't get the best deal, but it's still in your best interest to accept it regardless. You have to act rationally; you can't just defect (to borrow some game theory parlance -- this literally resembles Prisoner's Dilemma) in the name of "principles."
One moderately-crafted blog post later (saying Apple wasn't at fault, and he wasn't either -- his account was "only" linked to the other one), this guy would have been back in business. It's no surprise that this guy hasn't ever worked at a big company before, if you don't swallow your pride every so often and keep your mouth shut, you get kicked to the curb, and it's surreal that he was a self-professed businessman because of how often this happens in the game.
He WAS winning, and he would've won (nobody would've taken his PR damage control post seriously, and initially everyone believed his fabricated narrative of innocence), but he royally #$!@ed up because he thought he could've had his cake and eaten it too.
I can't under any circumstances imagine any possible outcome to this scenario where Apple would've both admitted wrongdoing AND reinstated his app. Let's not get too greedy here...
If anything, actually writing that something wrong happened would make it easier for them to justify their decision. It could be a trick representatives sometimes use when they assume the party they are dealing with is guilty. It's admitting to fraud and can hurt him more, especially if it didn't work out. And they can always reverse their decision.
If I had to guess, Phil & co. wouldn't want to risk that nuclear scenario (and they are definitely smart enough to know better).
"You're sure you want that statement to become public" it literally makes no sense...
All he's done is posting that Apple call has burnt every bridge he had with them, and made Apple look great. Literally they sound very professional on that call and very willing to help him, and instead he is just being unnecessarily difficult.
What happened to the supposed blog post? Why did Apple go to the press without getting back to him on the draft?
That said, I was amazed how that guy from Apple was being so patient with this guy being so immature. The Apple guy was trying his best to sort this out, but for every word he said, this Dash guy would keep complaining. This phone call could have ended in 30 seconds but took over 7 minutes because all this guy did was complain (which I think he did for the purpose of making this recording), and I don't even know what you would get from complaining that way when the other person was trying to help you. I would have been pissed if I was that Apple guy.
How many random devs and accounts have been secretly "linked" to my account? I have no idea.
For example, if I buy a car, hand the keys to a friend, and they go out and commit a crime with the car, I'm going to bet that I'm legally culpable in some fashion.
Can I claim zero responsibility? No.
[0] The friend didn't steal the gun.
FWIW, I've lent firearms to people on multiple occasions, sometimes for months or years at a stretch.
If his post is not enough, then Apple should consider just sending him a statement including the correct wording for him to use.
Isn't this essentially what happened (at least according to Kapeli)? He wrote the blog post, sent Apple a draft, then Apple went to the press.
> Tonight Apple decided to accuse me of manipulating the App Store in public via a spokesperson.
No it's not. Nothing about this even comes close to blackmail. Blackmail is demanding payment under threat of doing something bad. This is the complete opposite. This is Apple offering the developer an opportunity that Apple doesn't need to offer, in return for a very simple blog post basically explaining that Apple's offer does not mean Apple's original account termination was in error. This is no more blackmail than selling you an item for $10 is blackmail.
Maybe it's in your best interest to pay the bribe, but it's more admirable to expose the crooked cops.