Ask HN: Apple terminated our dev account over a rogue employee

I know that HN isn't a customer support forum and it might not be right to post this here, but we are absolutely desperate and hoping someone in this community can point us in the right direction.

We are a small software company in Africa. For over two years, we've built and maintained an app. It has become a vital economic engine for our local community, employing a whole fleet of delivery agents and serving as a lifeline for local stores and restaurants.

Recently, we discovered that a single employee used a shared company machine to engage in unauthorized activities that violated Apple's Developer Terms of Service.

We took immediate action: we fired the employee on the spot and completely overhauled our security. We revoked all individual access and implemented mandatory, peer-reviewed, supervised sessions for any Apple Developer portal access.

The problem is the collateral damage. Apple terminated our entire organization's account. We submitted an appeal through App Store Connect, but we feel completely stuck behind automated walls. We have also emailed Apple executives, but are waiting in the dark.

Because of this one employee's actions, our app is facing total removal, and families in our community are quite literally losing their daily income. We aren't asking for special treatment, just a chance for a real human at App Review to look at the security steps we've taken and consider a second chance.

If anyone here has been through this, has advice, or knows how to get a human at Apple to actually read our appeal, our entire community would be forever grateful. Thank you so much for your time.

(For reference if any Apple folks are reading: our Apple Team ID is T35TM9SW45)

124 points | by 0x1f 4 hours ago

15 comments

  • fn-mote 1 hour ago
    This post is so light on the details (what? when?) that it’s impossible for me to be supportive.

    OP: I suggest being MUCH more transparent when asking for help.

    For all we know you are running a scam center support app. Consider the outraged posts that make it to the front page, essentially complaining about how their MLM bitcoin scam has been shut down.

    [-]
    • 0x1f 55 minutes ago
      sorry for not including details, we do not know why the account got terminated exactly, were suspecting leaked certs
      [-]
      • jmkni 36 minutes ago
        Your issue might not be just the rogue employee leaking certificates, it sounds like you were sharing one Apple Developer account between multiple developers which is also against their T's & C's

        Really every developer should have their own account and work on their own machine

        If you were all using the one account on the same machine, then Apple has no way of telling who did what

      • cheema33 34 minutes ago
        I think the earlier comment was asking about transparency about your product. What is it and exactly what does it do? And also what exactly did the rogue employee do?

        Some of these detail might allow the community to decide if Apple is being unfair or there is actual cause for concern. We have so far seen a very one-sided story.

  • didgetmaster 1 hour ago
    This is just one of the many risks you take when your app or service is dependent on some other third party service. Even if it is run by 'the big boys' (in this case Apple), your success is dependent on their good graces.

    They can kick you out and make your software the equivalent of bricked hardware; without any means to appeal their decisions.

    [-]
    • applfanboysbgon 1 hour ago
      They aren't dependent on a third-party "service", exactly. If you make software for phones, the most popular hardware platform in the world @ 8 billion devices, you are at the complete mercy of Apple/Google, period.
      [-]
      • 0x1f 57 minutes ago
        web is the way
    • endofreach 54 minutes ago
      Yes. Want to keep it that way? Or what are you working on?
  • joecool1029 2 hours ago
    'Recently', how long are we talking here? You've already emailed the execs, if they think it's worthy of review they'll assign someone to you, it can take a few days.
    [-]
    • ViktorRay 1 hour ago
      If you would, please re-read the part of the original post where the author talks about how families in Africa are literally losing their daily income. I’m guessing “a few days” can make a big difference here.
  • Den_VR 1 hour ago
    Just what sort of unauthorized activities are we talking here?
    [-]
    • bombcar 1 hour ago
      I presume the kind that would prejudice against helping.
  • CamJN 1 hour ago
    Unfortunately you probably need to think abou this from the point of view of an anti-fraud/abuse team. How would you differentiate between a business that had an employee go rogue and a business deliberately trying to cause harm and get away with it?

    Claiming you fired the party responsible isn’t very convincing, honestly, especially if it’s hard to verify: was it an alias? did the employee only exist on paper? are they still around just not “employeed”, were they a designated patsy? Nor are claims that you revamped your security, which doesn’t address the root problem of whether it was intentional behaviour or not. And what’s worse, the natural urgency and appeals to emotion that you include in your story are unfortunately widely used tactics by scammers to try to get a human to bend rules to their benefit, and reviewers are trained to treat them as such. You need hard evidence.

    How can you demonstrate that you didn’t know what the employee was doing? Have you reported the employee to the police? Is there a criminal case you can point to? Simply having a bad process before could very easily have been an intentional way to avoid knowledge of wrong doing, another common tactic used by criminal orgs.

    Best of luck.

    [-]
    • 0x1f 1 hour ago
      we sent supporting paperwork to apple, and a simple search from their end will confirm things
  • napolux 1 hour ago
    How about your android version?

    How hard it will be to rewrite it for the web?

    If it's react native or flutter probably not that hard, you can go back online with some struggle, but it's at least a way.

    [-]
    • 0x1f 1 hour ago
      it could take months to get a working pwa version, but its a must even if the issue get fixed we will create one
    • 0x1f 58 minutes ago
      no issue with google.
  • Fire-Dragon-DoL 2 hours ago
    I hope you get this sorted !
    [-]
    • B1FF_PSUVM 1 hour ago
      If we're going feudal, it would be a good idea to provide justice to the commoners like feudal lords were obliged to do.

      I.e. all these "tech companies" that want people to have accounts (and be heavily invested and/or dependent on them) should not be able to cancel those accounts without due process. This should be a legal requirement for them to operate at all.

    • 0x1f 1 hour ago
      thanks
  • stevenalowe 26 minutes ago
    The lack of empathy in the comments is appalling. This could happen to anyone, and the inability to reach a human to fix it is extremely poor customer service.
  • jmkni 1 hour ago
    What did the employee do?
  • internet2000 1 hour ago
    I mean, you're straight up saying your team violated the Dev Terms of Service. That's kinda game over.
  • 1123581321 1 hour ago
    What is their second chance policy for incidents of misuse, generally?
  • zitterbewegung 1 hour ago
    Honestly, HN is a great customer support forum considering so many posts actually get treated better than just using the standard customer support (many startups and other companies paying attention to it helps a bunch). It has to have more merit some of the time (this is not to say it is an assessment of what you are saying at all.
  • anonym29 1 hour ago
    I am very sorry for your loss and the harm it is causing you.

    Unfortunately, this is one of the risks of handing control over your future to the tyrants who run walled gardens.

    While you can't undo the past, the silver lining of this experience is that it has clarified to you that Apple is an abusive, unfair, and unreasonable corporation that you should avoid doing business with.

    As an immediate action, I'm sure it's not what you want to hear, but HTML5 and WASM have come a long way, and mobile web applications are increasingly converging on the capabilities of native mobile applications. While a rewrite will not be cheap or easy, ensuring you can offer service to your users without having to ask an abusive tyrant for permission ensures you are at less risk of this kind of tyranny and the disruption and harm it inflicts upon you and your users in the future.

    I am sympathetic to the victims of Apple's tyranny (as well as Google's, Microsoft's, and others), and I know I can't solve the problem by myself, but I would like to help in a more material way - do you have a Bitcoin address I can send a donation to?

    [-]
    • 0x1f 51 minutes ago
      we just need a human to read our appeal
  • takahitoyoneda 2 hours ago
    [dead]
  • applfanboysbgon 1 hour ago
    I love this thread full of people asking "what did the employee do?" and not "why do Apple and Google have the right to control distribution of all mobile software with no recourse?". It honestly does not matter, in any way, what the employee did. Apple should not be the final arbiter of who is allowed to develop mobile software.
    [-]
    • overvale 50 minutes ago
      Isn't that what the web is for?
    • 0x1f 59 minutes ago
      we suspect leaked certs