This post is so light on the details (what? when?) that it’s impossible for me to be supportive.

OP: I suggest being MUCH more transparent when asking for help.

For all we know you are running a scam center support app. Consider the outraged posts that make it to the front page, essentially complaining about how their MLM bitcoin scam has been shut down.

This is just one of the many risks you take when your app or service is dependent on some other third party service. Even if it is run by 'the big boys' (in this case Apple), your success is dependent on their good graces.

They can kick you out and make your software the equivalent of bricked hardware; without any means to appeal their decisions.

'Recently', how long are we talking here? You've already emailed the execs, if they think it's worthy of review they'll assign someone to you, it can take a few days.

Apple is pretty vague on their security practices purposefully so people don't try to game them. They are transparent though in that they are pretty strict 8000 dev account appeals and only 225 reinstatement in 2024 https://discussions.apple.com/thread/256187336?sortBy=rank Since you fired someone that would suggest you had something more than just a cert leak to a public GitHub. Did your appeal include an rca covering what actions the employee did that you identified then action plan to prevent in future. In Banking security at least and probably pretty similar we would see a lot of scapegoating in submitted rca which was frowned upon. It is failure of process that allowed an employee to do something undetected so identify action, and how it went undetected and your action plan should cover both. Don't rush into spamming them until you are confident in your plan. How is the cert stored on NAS / machine and what access controls on that machine and data loss prevention strategy for your cert. what monitoring to usage of cert do you have/submissions to app store sent to email all have access to or to company lead?

Just what sort of unauthorized activities are we talking here?

I presume the kind that would prejudice against helping.

Yeah, exactly. When we went through Apple's appeal process, they wanted a full incident report: what the employee did, when you discovered it, what you did to remediate it. If you can't show that you took it seriously and fired/disciplined whoever was responsible, they basically assume you're complicit.

I am very sorry for your loss and the harm it is causing you.

Unfortunately, this is one of the risks of handing control over your future to the tyrants who run walled gardens.

While you can't undo the past, the silver lining of this experience is that it has clarified to you that Apple is an abusive, unfair, and unreasonable corporation that you should avoid doing business with.

As an immediate action, I'm sure it's not what you want to hear, but HTML5 and WASM have come a long way, and mobile web applications are increasingly converging on the capabilities of native mobile applications. While a rewrite will not be cheap or easy, ensuring you can offer service to your users without having to ask an abusive tyrant for permission ensures you are at less risk of this kind of tyranny and the disruption and harm it inflicts upon you and your users in the future.

I am sympathetic to the victims of Apple's tyranny (as well as Google's, Microsoft's, and others), and I know I can't solve the problem by myself, but I would like to help in a more material way - do you have a Bitcoin address I can send a donation to?

we just need a human to read our appeal

Unfortunately you probably need to think abou this from the point of view of an anti-fraud/abuse team. How would you differentiate between a business that had an employee go rogue and a business deliberately trying to cause harm and get away with it?

Claiming you fired the party responsible isn’t very convincing, honestly, especially if it’s hard to verify: was it an alias? did the employee only exist on paper? are they still around just not “employeed”, were they a designated patsy? Nor are claims that you revamped your security, which doesn’t address the root problem of whether it was intentional behaviour or not. And what’s worse, the natural urgency and appeals to emotion that you include in your story are unfortunately widely used tactics by scammers to try to get a human to bend rules to their benefit, and reviewers are trained to treat them as such. You need hard evidence.

How can you demonstrate that you didn’t know what the employee was doing? Have you reported the employee to the police? Is there a criminal case you can point to? Simply having a bad process before could very easily have been an intentional way to avoid knowledge of wrong doing, another common tactic used by criminal orgs.

Best of luck.

we sent supporting paperwork to apple, and a simple search from their end will confirm things

Ah yes, "just Google us" — Apple's legendary customer support experience.

I hope you get this sorted !

thanks

Dealt with this exact situation on a smaller scale — losing access mid-launch is genuinely brutal. The appeals process feels designed to outlast your patience rather than resolve anything. Hopefully someone with actual authority picks this up internally, because the standard support loop just cycles back to the same automated rejections.

If we're going feudal, it would be a good idea to provide justice to the commoners like feudal lords were obliged to do.

I.e. all these "tech companies" that want people to have accounts (and be heavily invested and/or dependent on them) should not be able to cancel those accounts without due process. This should be a legal requirement for them to operate at all.

How about your android version?

How hard it will be to rewrite it for the web?

If it's react native or flutter probably not that hard, you can go back online with some struggle, but it's at least a way.

it could take months to get a working pwa version, but its a must even if the issue get fixed we will create one

Good. Keep the Android build. Apple's walled garden has been a liability since 2011 when they pulled that calendar app. Web fallback is smart -- we had clients stranded for weeks back when iOS was the only option.

no issue with google.

The lack of empathy in the comments is appalling. This could happen to anyone, and the inability to reach a human to fix it is extremely poor customer service.

What did the employee do?

What is their second chance policy for incidents of misuse, generally?

I mean, you're straight up saying your team violated the Dev Terms of Service. That's kinda game over.

Honestly, HN is a great customer support forum considering so many posts actually get treated better than just using the standard customer support (many startups and other companies paying attention to it helps a bunch). It has to have more merit some of the time (this is not to say it is an assessment of what you are saying at all.

I love this thread full of people asking "what did the employee do?" and not "why do Apple and Google have the right to control distribution of all mobile software with no recourse?". It honestly does not matter, in any way, what the employee did. Apple should not be the final arbiter of who is allowed to develop mobile software.

> Apple should not be the final arbiter of who is allowed to develop mobile software.

That is the big picture here. Details aside, one company should not have the power to dictate how developers write software for their customers, just because those happened to purchase hardware from the big company.

If you think of this in terms of how the world existed prior to mobile, it would've been insane for any general purpose compute device (Apple ][, C64, IBM PC, etc).

Isn't that what the web is for?

we suspect leaked certs

"Rogue employee" is doing a lot of work in this post. Did this person have legitimate access to the dev account that they misused, or did they act without any authorization? Those are pretty different failure modes from Apple's perspective, and probably changes what the appeal process looks like.