> As to the point of whether review matters, can you imagine the dreck the store would be filled with without review?

Anecdotally—and this has been true for multiple years—none of the apps I use were discovered via the App Store, I always found them somewhere else. The App Store is already filled with garbage, and searching is both broken[1] and can be manipulated[2].

App review seems to be useless in every single way[3], stops developers from making quick fixes, and arbitrarily stops people from installing apps they may want.

[1]: Last time I tried searching for “pinboard” (a bookmarking service), I had scroll past twenty pinball apps before reaching the first relevant app.

[2]: Apps buying the name of their competitors as search terms for themselves.

[3]: Cant’t even stop malware: https://www.wired.com/story/apple-app-store-malware-click-fr...

I mean the app store is filled with garbage already because review, much like DRM, only solves a few surface problems while punishing good-actors more than clever bad-actors.

Geofencing seems easy enough to spoof if you're Apple and have internal tools down to the hardware. Not to mention, Apple is global business.

The issue of only working during review is solved by doing a two-pronged approach, testing pre-production and proactively testing the released applications after publication. They obviously have manual ways of revoking apps.

> The binary is never changed.

> Apps can behave differently based on a flag set in the cloud, that’s only triggered after approval.

But if this do-nothing app _did_ do something in the review phase, then why switch that functionality off afterwards? If you've already gone to the trouble of writing (or stealing) code to do _something,_ at least enough not to be refused entry into the App Store with a "does nothing at all" verdict, then your scam will only be hurt by switching even that minimal functionality off: Users will just quit using it all the faster. You'd use your remote switch to activate the scamming bits, not to de-activate the rest.

So I don't believe that's how this particular app under discussion got through. It can't have actually done anything useful in the review phase either.