What if your app stopped working? The cost of an automated Apple mistake
As a platform focused on the distribution of trusted software, we at Setapp make every effort to ensure all our apps work seamlessly. Sometimes, there are things that we can’t control, though.
Recently, Apple revoked Charlie Monroe’s app distribution certificates with no prior warning or explanation. This is how the now-notorious “Day Without Business” story began. Monroe is a longtime Mac developer and a Setapp vendor, whose apps like Downie, Permute, and UctoX have been Setapp favorites. With Apple revoking the certificates, all of these apps stopped working.
Here’s the full story and what developers can learn from it.
What really happened
On August 4, Monroe discovered he was unable to sign into his Apple Developer account, and users were unable to launch any of his apps. The most damaging thing, according to Monroe, was the warning message shown to everyone who tried to open the apps. They were flagged as malware.
Obviously, the whole situation was disturbing. Imagine one day all of your users whose workflows depend on the app functioning can no longer use it — and no one knows why.
“At this point you no longer know whether you have a business or not. Should I quickly go and apply for a job? Or should I try to found another company and distribute the apps under it? What should I do?”
It soon became clear the reason why apps didn’t work were revoked certificates. Apple-issued certificates are used to ensure every macOS app works flawlessly on all computers. Once Apple revokes the certificate, the app stops working.
After a few unsuccessful attempts to contact Apple, the developer finally spoke to their phone support. They couldn’t explain what happened and said they would pass the issue onto the team. This phone call was followed by hours of silence, uncertainty, and a lot of stress before Apple finally reinstalled the account. As Apple explained later, the reason the apps’ certificates were suspended was an automated process that “erroneously flagged the developer’s account as malicious.”
How the issue was communicated
Now, what do you do during those 24 hours? You can’t possibly sit and wait while years of work go off the rails. Apart from actively knocking on Apple's door, Charlie Monroe also published the story on his blog and used every opportunity to keep his customers informed:
“Trying to be as open as possible about this issue, I tried to keep everyone updated on social media (Facebook and Twitter), where the issue got some attention and eventually got posted on sites like Apple Insider and others.”
Many people shared the developer’s frustration and tweeted about the case, asking Apple to explain themselves.
We at Setapp tried to keep people in the know, too. As soon as we learned about the problem, we sent an email to everyone who had used Charlie Monroe apps in the last three months.
We did this for two reasons: 1) People needed to know the developer was aware of the issue and working on it; 2) It was important to us that this had a minimal impact on users’ workflows, so we took the unusual step of suggesting other apps that users could consider using in the short-term. Here’s what the email looked like:
The moment Charlie Monroe had his account reinstated, we sent another email informing users that the apps were working again. Setapp members were able to return to using Downie, Permute, and UctoX as usual. Those who used Charlie Monroe apps outside of Setapp had to reinstall the apps, which the developer instructed them to do in a blog post as well as on Twitter.
Advice for developers
Disputes over App Store policies and treatment of developers have been building for months — from the Hey email app to the recent Fortnite case. We hope similar situations don’t happen to other developers, but in case they do — here are a few things we recommend to do:
1. Try to contact Apple as soon as possible
Apple’s support page says developers can receive guidance by phone or email. Phone support is supposed to be the quickest. Unfortunately for Charlie Monroe, a few hours went by before he managed to get through. So don’t give up if you don’t succeed on your first attempt. Keep trying.
2. Keep your clients informed
As the Charlie Monroe case reveals, people appreciate it when you let them know what’s happening. So instead of trying to fix it all behind the scenes — especially if you can’t really influence how quickly the problem will be fixed — tell your users about it. This also relates to any third-party services distributing your apps (like Setapp).
We’re convinced it’s due to quick and open communication that Setapp's user base wasn’t affected. Here’s a screenshot from analytics, which shows that the usage of Charlie Monroe apps dropped sharply on August 4 (the day when the apps stopped working) but went back to normal the very next day.
3. Make it public
If your attempts to resolve the case directly and through the recommended channels have not yielded results, consider talking publicly/writing/tweeting about it. Due to the developer’s active online presence, the story was picked up by a few major media and actively shared on Twitter and Facebook. This was a huge help. In fact, Charlie Monroe says public attention might have played a major role in how quickly Apple got the certificates unrevoked.
There’s a lot to ponder here in terms of how the issue could have been prevented. Should Apple use a human review instead of an automated process? Or is it an acceptable mistake considering the scale of the App Store? Hopefully, this story doesn’t set a precedent. For many small developers, one day without business could mean irreparable damage.
A good way to avoid potential issues is to always keep in mind App Store Guidelines and distribute your apps via trusted services. In case an unexpected problem occurs, don’t hesitate to communicate it right away and keep your clients in the know.