> It appears that reports are going to be attributed to actual accounts, which should enable Apple to identify abusers more easily.
I don't feel X == Y in this case. Account creation is not a high enough bar to block abusers IMHO. Amazon reviews require accounts too, but that obviously doesn't stop the negative review attacks which GP mentioned.
Account creation is a very high bar when it comes to Apple services, because Apple "console bans" hardware devices associated with accounts that evidence fraudulent behavior. I expect they will only seriously consider reports from users who have an active Apple hardware device bound to their Apple account.
I also expect they'll link this system to a human review queue. If you send abusive reports for something that isn't scammy, it will probably not be considered scammy during human review, especially if you're responsive to questions asked by Apple during that review. There will, of course, be a 'first post' false positive someday when a reviewer makes the wrong call, but it's a safe bet that they have not implemented a Google/Facebook/Yelp system where your life and livelihood can be destroyed by an algorithm without human participation.
I’m sure like most models, the weight of your submission will largely be determined by multiple factors, such as the age of the account, how much money you’ve spent, whether you’ve spent money on the app being reported, how many devices are connected to the account and for how long, etc. Not all complaints are created equal and it allows them to attribute a “trust factor” across several metrics.
For a few thousand bucks and the right cause, I'll happily sell my vetted AppleID for this. I don't have anything important in there -- a ton of apps that I never use that I can't remove from my account, and years of history. It is of zero value to me, but apparently because of these checks, could be worth a lot of money to someone else.
I feel like App Store accounts require a credit card number, and they do an authorization for a few cents to check if it’s real. At least they did years ago when I tried to set up a relative’s iOS device with a fake credit card number.
I would assume that attacks similar to these could be checked against device ownership - for example if a user has been the first registered owner of an apple device, their reports may be deemed more trustworthy. If they see a device being reused to submit similar reports, that could be a signal that reports are fake.
Quite easy/cheap to pass that bar - have your 100-1000 sockpuppets spend a few $$ on a subscription (which may or may not be money coming back to you in some fashion), then buy competitor apps and report them as scams.
Possibly negated with some form of (even Apple-internal) web-of-trust measurement of account validity.
I don't feel X == Y in this case. Account creation is not a high enough bar to block abusers IMHO. Amazon reviews require accounts too, but that obviously doesn't stop the negative review attacks which GP mentioned.