An automated mistake by Apple resulted in the company remotely killing all of a Mac developer’s apps. Users were unable to open them, and a message flagged them as malware, advising users to delete the apps to avoid damaging their Macs.

Developer Charlie Monroe, creator of the Downie video downloader, among other apps, said that Apple didn’t even send him a message saying it had happened, and for several hours he didn’t know whether he still had a business or not…

Monroe described the experience in a blog post:

He said one of the most alarming aspects of it was the damage to his reputation.

On Aug 4, 2020, I woke up to a slightly different world — I had lost my business as it seemed. Full inbox of reports of my apps not launching (crashing on launch) and after not too long I found out that when I sign into my Apple developer account I can no longer see that I would be enrolled into Apple’s developer program […]

After more investigation, I found out that the distribution certificates were revoked — evidently by Apple as no one else has access to them and I was sound asleep when all this happened. Each macOS app these days needs to be co-designed using an Apple-issued certificate so that the app will flawlessly work on all computers. When Apple revokes the certificate, it’s generally a remove kill-switch for the apps.

I got really frightened as all of sudden, no user was able to use my apps anymore […] As it was 7 a.m. (all times are CET), Apple’s contact form only showed the option to send them an email — so I did. At 9 a.m. with my teeth grinding, I went for the phone option where you leave a number and they call you back. Didn’t.

At this point you no longer know whether you have a business or not. Should I quickly go and apply for a job? Or should I try to found another company and distribute the apps under it? What should I do?

This was echoed by a Downie user.

The most damaging to me is the message shown to user:

I really find the above borderlining on slander.

He said that it took Apple 24 hours to partly fix the problem, removing the flags, though that still left him having to recompile, re-sign, and redistribute everything. This was initially done without any contact from Apple.

Hi. I want to let you know that I spent two and a half hours on the phone with @Apple trying to get them to say exactly how Downie (change the name) will harm my computer. They said it was malicious code detected. If that was an error, your reputation has absolutely been harmed.

— JTWilliams.me (@JTWilliams_me) August 5, 2020

Apple did later call back, explaining that his account was “erroneously flagged by automated processes as malicious and was put on hold.”

It seems incredible that all this could happen without human intervention. Apple does, of course, have to act swiftly when there is a chance of malware in the Mac App Store, but you would have thought it would have pinged a human being to verify the situation before inconveniencing significant number of Mac users, and potentially doing permanent damage to a developer’s reputation. Most app users will never know the story behind this, only that they bought an app, Apple told them it was malware, and they deleted it as instructed.

It also seems unlikely to help Apple’s antitrust battles, where many are arguing that the company holds too much power over users and developers alike.

What’s your view? Is this kind of mistake by Apple inevitable when the scale of app stores requires automated processes? Or should such drastic action always require human verification? Please share your thoughts in the comments.