[daveoc64]

Your stance seems nonsensical to me, given the fact that Epic was clearly able to sneak something that violates the rules past Apple's review process.

It's clearly not possible for Apple to actually check all functionality of every app, particularly as it's so easy to hide it or to put it in an embedded web view.

In this case, Epic managed to put an alternative payment method in - but they are a trusted brand, so there's no real security issue overall.

But could some other developer do the same thing and harvest payment details? Of course.