Instead, he was enjoying the spotlight so much, he used the opportunity to escalate further, even publishing his phone call with Apple (illegal on one side of that conversation at least).
And that narrative includes a healthy dose of goodwill, considering how close to "the dog ate it" that story about the family friend is. A friend who apparently also didn't own any Apple hardware, so they shared that as well.
But open sourcing the useless iOS app is apparently a bad idea because his customers don't know how to work XCode, which strikes me as counterintuitive, considering every single one of his customers bought programmer-centric software for Mac.
This is actually not correct, it depends on the state/country he is in.
Btw, I believe there is a miscommunication between them as I don't think going to the press behind his back is in Apple's best interest.
But I've lost trust in this guy after reading his blog posts and especially the phone call he published.
The only reason I can think of why the phone call took over 7 minutes is because he wanted to record it and publish it. Really. If you summarize the phone call. It's basically Apple asking him to publish that his account was indeed linked with the fraud account (not even that he's the one who committed the fraud) and he's working with Apple to resolve it, and rest is this dash guy complaining on and on which is completely unnecessary since Apple already knows that and is saying they understand and want to work with him to "make this right" (The Apple guy literally said "make this right").
Also it is very hard to believe at this point that a "relative" did all this. If I--or any normal person--was in the same situation (I am paying for a relative's developer account with my own credit card with my device and turns out that the relative is committing a fraud), my first reaction would NOT be telling Apple "This has nothing to do with me", but "I had no idea, I am still pissed that you guys didn't notify me, but I also understand your position and will talk to my relative to make sure this doesn't happen. After all, I am the one funding this fraud regardless of whether I was aware or not aware.")
If you define "normal" as "milquetoast and with an Americentric perspective," then maybe.
Americans are much more submissive when bureaucratic process presents a roadblock. Especially a roadblock that seems on the face more reasonable with an American view of sharing bank accounts and old hardware.
Americans' desire for justice and fairness are paraded around. But their sense of justice is beaten out of them until they have Dwight Schrute-esque compliance "That is the law, according to the rules."
I say this because I have lived in multiple countries/cultures and have seen many people who say the same thing. Regardless of which country you live in, there are people who talk about how some bad human trait is specific to only their culture. If people from all other countries say the same thing, it probably means it's not unique to only your people.
Also, this is not an American thing. This is called "courtesy".
And either way, Apple is lame if it takes getting @pschiller involved to try to resolve this. I dig Apple, but they are broken in so many ways.
Edit: typo
* Apple terminated both accounts because of fraudulent activity, but only one account was contacted to let them know of this activity.
* Kapeli shared financial information and test devices with this other account, whether it was a relative or not.
* Apple said "Hey, write a post telling the whole story and all will be cleared. Just don't say we were at fault."
* Kapeli agreed he would draft and send. Kapeli apparently did but never heard back.
* Apple had a spokesperson come out that painted a different a picture that basically seem to throw Kapeli under the bus.
* Kapeli shared financial information and test devices with this other account, whether it was a relative or not.
The assumption here is that for some reason a credit card number and device identifiers (unclear where they come from...but maybe mac address?) are enough for Apple to "link" accounts. I contest this for the same reason I think someone knowing my birthday and social security number is _not_ enough for them to be confirmed as "me".
While I don't think Apple is wrong to use this as a psuedo-identifier, I do think it is wrong for them to insist that, "we did nothing wrong" and fail to reinstate the pseudo-linked account immediately after being contacted.
I don't know if Kapeli is telling the truth about the situation...and his reputation is tarnished my eyes, but I definitely don't think Apple should insist that the accounts _must_ (with 100% certainty) be linked based off of the circumstantial credit card and test devices registered to them.
At this point Apple should either reinstate the account or come out with all the information they have to justify their actions. But having "closed door" conversations and throwing allegations at one another without proof and documentation is ridiculous.
Where it fell apart was failing to account for the possibility that they got it wrong. They should have notified both accounts and explained why both were being banned for the actions of one, then allowed a way to demonstrate than the two weren't really linked in order to reinstate the other account.
Unfortunately, this is pretty typical for how Apple operates the App Store. "We're never wrong, get lost" seems to be their motto. For example, for a long time you couldn't even appeal when your app was rejected. If it was rejected incorrectly, then all you could do is try to submit again and hope you got a different reviewer that time.
The App Store is a direct descendant of the iTunes Music Store, which originally existed to serve a handful of big music publishers. In many ways, it hasn't adapted well to serving a million small developers.
1. Credit card used to pay the annual developer fee.
2. Test devices.
3. Bank account used to receive payments from Apple.
4. Bundle identifiers used to uniquely identify each app. (http://i.imgur.com/NljOzF4.jpg)
Even if (1) and (2) could be explained by the Dash developer helping someone else get started, (3) and (4) are more difficult to justify. Especially (4) because the bundle identifier is an arbitrary string and there's no real reason for different people to use the same one. But also (3) because it means the Dash developer was receiving payments for the apps being sold by the fraudulent account (i.e he was financially benefiting from the fraudulent activity).
Based on these factors I think it's entirely reasonable for Apple to conclude that both accounts were being controlled by the same person.
Why should Apple tell devs what to publish on their blogs? That does seem like blackmail: say you are sorry and we will let you back in.
After listening to the recording of the conversation, my feeling is that Apple is handling this in a very fair and professional way, and that I was too quick to take sides. I think it is not unreasonable to assume that: same credit card + same hardware = same developer.
> same credit card + same hardware = same developer
is fine as a pseudo-identifier for fraud detection...but I don't think is actually an identifier. It's kind of like someone knowing my social security number and birthday but not actually being me.
IMO, Apple should have immediately reinstated the account once contacted about a potential edge case rather than insist that, "they did nothing wrong" because the implication of that is that the above two pieces of information is legally acceptable as personal identification and that the developer _did_ do something wrong.
I may not believe Kapeli 100% and his reputation is tarnished some in my eyes, but I don't agree with Apple standing on the notion that CC + device identifiers together are sufficient PII. Fine for fraud detection in a "pseudo-" context...sure...but not enough to deny immediate reinstatement.
For example they could just look at the IP from which each account holder signed in, and may have found that they were coming from the same IP. In fact, it is very likely that they would have tried this, and if they did and found that the IP were different they probably wouldn't have been as confident about how they dealt with this case in my opinion.
Apple offered some flexibility, to account for the remote possibility of an unfortunate misunderstanding, and offered a way forward that, in my view, was pretty reasonable, and that allowed both sides to safe face, and continue to do business together.
No, actually it's not. Someone knowing your SSN is completely different form someone having possession of your hardware. Even if the story were different and the CC# had been stolen, iOS hardware identifiers are cryptographically validated on development devices. You can't just go around 'stealing' device IDs without having possession of said devices - ergo it's about as solid an identifier as one can get.
This type of probabilistic inference is how fraud detection works in everything from Apple to Paypal to world banks.
I would even go so far as to call that aforementioned combination a smoking gun.
THEN, after this phone conversation, they go to the press with a PR release that paints him as a scammer (and doesn't mention any of the circumstances from the phone call). This happens while Kapeli is waiting for his blog post to be reviewed.
Apple on its side have followed its script which also seems to be entirely plausible and in good faith. However, their course of action does apparently not cover the corner case of contacting all account owners to linked accounts before shutting them down. The agreement allows for third party account payment albeit with some slight inconveniences. In addition, the rules for account linking, and it’s very existence is hidden from the developer party, so (s)he has no responsibility to relate to it, or whatever else is outside of the agreement.
People may not like the style the developer has done his part. Nevertheless his story is plausible and consistent, however improbable. Recording phone calls without consent of the other party may be legal in his country; I know it is in mine.
Apple has been caught with its pants down but because of the immense power imbalance, the developer, trough no fault of his own, is set to suffer with no recourse, unless there are stings attached. I find it infuriating that he has to do anything at all to set straight a problem he did not cause.
From this point whatever bad publicity Apple has incurred they have only them selves to blame. They should at least reverse the account lock, and for reestablishing whatever lost public confidence at a minimum produce an apology for the inconvenience.
This is how I understand it from what I have read so far. If any new indications appear to make me change my mind I may do so.
I'll keep using Dash, but I hope the dev will clear himself out from someone that is not helping.
My preferred solution would be for a fellow developer to get it
back on the App Store, as a free app.
Open sourcing doesn’t look like a good solution at this time,
as most of my users are not iOS developers and are not familiar
with compiling an app for their devices.
You'd have to be mad to actually do that, though. We see quite clearly how Apple can react when they think they've been wronged, and who knows what that binary actually contains.
Seems like the best approach would be to open source it and convince somebody (perhaps several somebodies) to build it from source and put it on the store for free. Obviously, the source release would need to be under a license that was compatible with an App Store release (i.e. no GPL).
Apple behaves as if everyone has a credit card and the mapping from credit card to (legal) person is unique. That isn't so in Romania and Apple's heuristics go boom.
The same assumption shows up again a little later in the imbroglio: Apple asked him to admit some sort of wrongdoing, however gently, because credit card maps to person to the person they spoke to carries some responsibility, etc. Bogdan rejected, because credit card doesn't map to person and giving someone $25 isn't wrong.
I read a lot of the previous HN thread saying Apple blackmailing him. This point would be correct if you consider Apple was wrong, and this Guy borrowing his credit card AND account to this "relative" ( Which we still dont know if he/she exist ) committing Fraud bare ZERO responsibility for himself.
This is like iFixit tearing up the new AppleTV before NDA and being cocky about it.
I mean seriously, what the hell is wrong with these people?
Glad the issue didn't impact me too negatively, and i hope this is true for most of his customers.
Imagine this scenario:
You buy your cousin a fancy sword for his birthday one year, which he later uses as a murder weapon against his girlfriend. The police look up the serial number and see that although it's registered under your cousin's name, your credit card was used to purchase it.
They arrest your cousin, give him a fair trial, convict him of murder, and place him on death row. You're not in touch with your cousin, so you are completely oblivious to everything which has happened. At this point, SWAT officers storm your home and arrest you, refusing to tell you why. You're thrown in a cell and told you have been placed you on death row, and that their decision is final and can’t be appealed.
Your only saving grace is the fact that you happen to be mildly influential in a small community with ties to the government, and you're able to get your side of the story out.
Articles are written about you. People are outraged at the government. Others come forward to tell of their dead relatives who had been wrongly executed as well.
The Attorney General reads one of these articles and scrambles to do PR damage control.
Se has her aid call you and demand that you make a public statement saying that The Government did nothing wrong, that you were the one who purchased the weapon so they were justified in their actions, and that they are so graciously working with you to clear your name. Of course, they completely ignore the part about their negligence and what would have happened if you were just some no-name.
---
I believe Apple desperately needs to change their policies. These statements like "We can't provide you with any more information.", "This decision is final.", and lack of communication are wrong. Sure, they are a private company and have the legal right to remove anything from their platform at any time for any reason without any notice or explanation, but that doesn't mean that their actions should be supported and endorsed by the communities of users and developers.
Their actions should have consequences in the form of diminished trust, which may be the straw the breaks the camel's back in many developer's and user's choices to continue developing for and using their platform.
I will say that it was not smart of Kapeli to publish the phone call; at least not yet. He should have waited a bit longer, and only published it if Apple didn't follow through on their word. However, I still believe Apple is in the wrong here, and Kapeli's only real crime is that of naivety.
1. Guy publishes paid app to iTunes
2. App is really good, gets a ton of good reviews
3. Apple decides those reviews must be fraudulent, and pulls his app from the store and tells the guy he has to publicly admit that he committed review fraud to get his app reinstated.
4. People who have bought the app can't download it, guy can't do anything to make his own app available anymore without making a false confession and harming his own reputation.
This sort of heavy-handed-but-uncareful approach to "curation" is consistent with my experience publishing to the iOS app store.
1. Guy publishes good paid app and gets a tonne of good reviews
2. He helps out a relative by buying an apple developer account for them, giving them a machine to test with
3. Relative also uses same "com.kapeli.*" bundle ID
4. Relative decides to buy 1000 fraudulent reviews
5. Apple tells the relative to stop posting fraud reviews, who refuses
6. Apple terminates both developers accounts since they are all the same information (they look like the same person, same credit card, bank account, test machine, and bundle ID)
https://www.reddit.com/r/apple/comments/56uque/apple_dash_de...
As much as they tend to piss me off for other things. I don't see any wrongdoing from them. It's like accusing them of cutting off the payments to a bakery that operates from the same bank account to that of a drug dealer.
Also that kind of blackmail: "You're sure you want that statement to become public?" is plain stupid.
See https://software.com/publisher/kapeli
Just to clarify: On Friday my position was "I have no reason to believe Kapeli is lying and every reason to believe that Apple made a mistake". But after reading and listening to various sources I can not defend this position any more. It makes me sad.
7. Apple offers to reinstate the developer account, iff the user makes a post pointing out how this wasn't Apple's fault.
Just saying: anyone can freely create any App ID they want. I just successfully created "com.google.android.nougat" as a test.
Now in my opinion that is a fair request and if I were in his shoes I would of done just that because I can see how Apple could of tied the two accounts together. Others have said that it's Apple Blackmailing him "Post a blog post if you want your account back" and I can see their logic.
Apple don't want to be seen as they made a mistake because they did detect fake reviews and took account against the account volating their polices. But they also want it known why his account was caught up in this mess.
Were Apple right in nuking both accounts that they deemed were linked together? Should Apple made contact with all parties (it seems the accounts did have at least differnt contact information as he said he got no notice off Apple, Apple say they did contact the dev who's app had the fake reviews) before terminating accounts? Should a public statement explaining the incident be a requirement of reinclusion to the App Store
These are questions I have asked myself and have yet to come to a firm decision on myself.
He did do that though. He wrote a [blog post draft][1] that mentioned the "linked account" and sent it in to them for review.
Rather than respond to or approve his blog post draft email, Apple went behind his back to the press with statements that omitted all of the "linked account" circumstances and painted him as a legit scammer.