There are a few good comments in this thread, but then this one...what a joke.
Let's recap: Advertiser sells ads, doesn't run ads on App Store submitted version, complains that they had to run ads so Apple could verify what the ads are,...?
I'd rather Apple put this app through its places 100x through rather than let a nefarious ad machine through.
You're misunderstanding what the OP is saying. He/she is pointing out a logical fallacy in the App Review rules.
Developers are allowed access to something called an "advertising identifier" which lets them track users between apps, for the purposes of targeted advertising. Apple is very restrictive in terms of user identification, in order to protect users' privacy, so this is the only way to uniquely identify a user/device, and the user can optionally opt-out of the advertising identifier entirely.
Apple doesn't want developers to use the advertising identifier for things other than advertising. But the way they enforce this is simply by requiring that an app include ads in order to use the advertising identifier. If you use the advertising identifier and your app doesn't visibly include ads, it will be rejected.
This restriction is ostensibly intended to prevent developers from abusing the advertising identifier, but really it just encourages developers to include shitty ads in their apps, because if you include ads, you can use the advertising identifier for whatever you want behind the scenes. It's a nonsensical way of enforcing this policy. Thus, "security theater."
apple doesn't care what your ads are. they care that you don't use the ad identifier for things that aren't ads. nothing to do with being a "nefarious ad machine"
Let's recap: Advertiser sells ads, doesn't run ads on App Store submitted version, complains that they had to run ads so Apple could verify what the ads are,...?
I'd rather Apple put this app through its places 100x through rather than let a nefarious ad machine through.