I've watched the App Store reviewers try out apps (not in person, from logging) and they do seem to do a pretty thorough job of exercising the functionality.
It's extremely easy, but it also is extremely easy to get permanently banned if they find out you "switched on" a hidden feature once the app got into production. A permanent ban can be very damaging, so one needs to make sure to be completely legit when it comes to app store submission reviews and app store ratings
Can confirm. We got the Coinbase iOS app banned for doing this back in the day, when Apple did not allow bitcoin apps (IIRC showing the price was ok, transacting was not). Even after they relaxed their bitcoin restrictions (and calls to the head of app store), they still made us wait out the 12 month ban before reinstating the app.
Who said anything about laws? Apple's rules are no different from HN's rules. And for that matter, your house rules. They're arbitrary decisions to the liking of the respective party. They just have to not be against the law themselves. If they are problematic the solution isn't to generically "ban rules" (saying it out loud already hints at the "value" of this proposition) but to change the law to prohibit certain rules.
This is a super naive analogy - HN doesn't serve close to 50% of the US market, nor is it a platform through which billions of dollars transact. If it did very different rules apply, rightfully so, scale matters, market position matters - from Apple profit margins it's obvious they are abusing monopolistic position.
Given that Apple has no oversight at all here, they can do whatever they want. If an app makes it through review, but has forbidden functionality, Apple will just assume that the developer hid that functionality for the review process, and ban them. Doesn't matter if the approval was due to a mistake on the reviewer's part. Apple won't care.
It is actually pretty easy. As long as you don't use any private APIs, you can completely change the behavior of your app after the review by changing server side settings.
It is partly an intent issue. If you are attempting to pull one over on Apple by hiding app behavior during review, well, they are not going to be happy about that.
Other folks are also noting that, because humans are sometimes bad at evaluating each others' intent, it is probably a good idea to attempt to make one's intent clear if going this route, lest you annoy the gatekeeper.