*Thread*
Overnight both @Apple and @EpicGames released hundreds of pages of new documents, containing lots of colour based on discovery and recent depositions. I stayed up reading so you don't have to. Here's what I learnt (couple *bombshells* in here)
Overnight both @Apple and @EpicGames released hundreds of pages of new documents, containing lots of colour based on discovery and recent depositions. I stayed up reading so you don't have to. Here's what I learnt (couple *bombshells* in here)
Epic argues that Apple’s App Store review process is “cursory” and that Apple doesn’t recruit reviewers with sophisticated tech backgrounds.
When the App Store first began, applicants were considered qualified if they “understood how to use a Mac”, “understood how to use an iPhone”, “understood a little about the Apple brand”, “could breathe . . . could think”.
In current job postings, listed qualifications for App Reviewers primarily include nontechnical skills such as teamwork, curiosity, clear communications and resilience. A thorough knowledge of macOS and iOS is noted as “helpful,” but not a requirement.
Epic said the volume of apps submitted “does not permit robust review."
As of April 2016 the human review process typically took 13 mins per app and 6 minutes per app update.
As of April 2016 the human review process typically took 13 mins per app and 6 minutes per app update.
App Reviewers typically review between 50 to 100 apps per day … "In certain instances, reviews took less than a minute to review apps.”
Certain apps that may have competed with Apple’s apps or features, such as Google Voice, were “rejected on pretextual grounds”.
(that is, competitive reasons)
(that is, competitive reasons)
Former head of App Review says some apps were “remov[ed]” “immediately” because Mr. Schiller and Mr. Cue were “adamant” about (their) removal, despite Mr. Shoemaker’s “protest[s]” that there was no clear justification for doing so under the app review guidelines.
App review had limited ability to detect “Jekyll” apps — malicious apps that can alter their behavior post App Review.
Epic argues Apple has “no evidence” its app review process “screens for security issues better than other methods of app distribution”. It cites many examples of fraudulent apps, eg fake blood pressure detection tools and scams where users have been mislead into buying items
Eric Friedman, head of Apple’s FEAR unit — Fraud Engineering Algorithms and Risk — said in a recent deposition that his team believed the App Review team was inadequate to the risks posed by malicious actors, saying they were “bringing a plastic butter knife to a gun fight.”
In 2015, Apple recognized that Google’s way of automating the screening process had some advantages. It acquired a company called SourceDNA to help detect malicious apps.
However in late 2017 Apple’s FEAR team still called the App Review process inadequate. Friedman said it “was more like the pretty lady who greets you with a lei at the Hawaiian airport than the drug sniffing dog.”
FEAR likened App Review to _TSA employees, “under pressure to move people through” and “not able to deflect sophisticated attackers”.
FEAR believed App Review is judged by, and therefore is focused on, “‘how my apps can we get through the pipe’ and not ‘what exotic exploits can we detect?’”
In 2017 Apple conducted a “case study” of an app fraudulently offering virus scanning. The app was rejected twice, then accepted b/c the human reviewers didn't know about prior rejections.
The fraudulent app offered non-existent “virus scanning” services for $99.99 through IAP. It eventually became one of the “Top Grossing” apps in the App Store.
A TouchID scam is described: An app launches asking to enable TouchID. The screen goes dark so the text can’t be read and a notification appears asking for a $89.99 payment for a premium membership. Users click, money gone.
CEO of Headspace became upset with the level of “egregious theft” on the App Store as copy-cats sprang up, stealing its IP.
“Shockingly, Apple [is] approving these apps, and when the users buy the apps they are left with nothing but some scammy chat rooms in the background."
“Shockingly, Apple [is] approving these apps, and when the users buy the apps they are left with nothing but some scammy chat rooms in the background."
Epic cites that Apple even approved a “school shooting game” two weeks after the Stoneman Douglas High School shooting, in Florida, left 17 dead.
App developers complain about Apple’s criteria being unclear “every day,” — Epic cites Shoemaker, former head of App Review from 2009 to 2016
There's quite a bit more but I've run out of time. Story on @FT up soon.
Apple engineer likened App Store security to ‘butter knife in gunfight’ on.ft.com/31USYTC @FT
• • •
Missing some Tweet in this thread? You can try to
force a refresh
