Monday, May 10, 2021

Inside App Review

Steve Troughton-Smith has compiled some really interesting court exhibits from the Epic trial:

It seems like they create a trust score of your app based on a list of binary & metadata criteria, and then review what’s changed between versions


Apple acquired SourceDNA in 2016 to improve the automated binary analysis portion of App Review


As of 2015, there were 910 (!) different rules and other criteria that App Review used to approve/deny apps. Only a fraction of those are actually communicated to developers in the App Review Guidelines

Here are the top ten…

App Review’s static analysis includes checking for cookie-cutter apps, and the strings in your binary. Dynamic analysis runs your binary on a test farm and sees what you’re actually doing at runtime


Roblox was rejected for having minigames, and appealed to the App Review Board, saying that they would only add/remove minigames with submissions and not remotely. Nobody on the board replied to the email, so Roblox was given the go-ahead

Apple can end your business and not bother to reply to your email asking why or how you can change. Tribe was thrown under the bus (UTB) by another app developer presumably wondering why they had been rejected, and as a result got thrown out after 3 years on the App Store


Apple thinks developers are liars or idiots for telling Bloomberg that they — correctly — were approved to be on the App Store. There was no rule at the time to justify removing them, so Apple did it anyway and invented one after the fact

Apple didn’t want to come out publicly and say so, because it knew it had no actual rule to point to


Turns out it’s developers, via the developer agreement, that are responsible for ensuring the quality of apps on the App Store, not App Review at all. This is not surprising, but it could be an important distinction


The reason we lost Safari on Windows is the same reason we’re losing Safari on Mac. We didn’t innovate or enhance Safari’


Apple was utterly convinced of its iPhone (P2) security in 2006 right before it was announced. iPhone made it a month and a half after release before being jailbroken to run third-party apps, bypassing every security measure there was.


Forstall wanted to let Yahoo widgets on iOS.


Apple would ‘help’ CNBC write a story about how App Review is not a sweat shop despite its targets and overtime 🤨

See also: MacRumors.


1 Comment RSS · Twitter

Old Unix Geek

The fact that Apple can simply end one's business without recourse makes continued investment in their platform very risky.

If they truly had the number of developers they claim to have (20 million), it would not be surprising if they didn't have the staff to negotiate with everyone.

But how many of these "developers" actually work for a businesses. How many of these "developers" are double counted because people have more than one developer accounts? $100 billion / 20 million developers - dev fees ~ $4900 per "developer" and that doesn't include the cost of Apple hardware.

Sure, some apps don't provide direct revenue, such as banking access, or public transport apps, but Apple is unlikely to cancel those entities' apps.

So I wonder why they couldn't improve this aspect of their business.

On the other hand they are celebrating the fact they cancelled 470,000 developer accounts over at

With such enormous numbers, even with really low false positivity rates, they're guaranteed to punish innocent parties. And one can only conclude that they don't care. They feel they have so many developers, that they can afford to lose some. (Such a difference from 20 years ago!) But again, that makes investing in their platform very risky.

Allowing multiple App-Stores that could sign their own apps, might mitigate this issue.

Leave a Comment