June 1, 2022
TO UPDATE
The App Store stopped nearly $1.5 billion worth of fraudulent transactions in 2021
Over the year, over 1.6 million risky and untrustworthy apps and app updates were blocked from rogue users
Apple is committed to making the App Store a safe and trusted place for people to discover and download apps. A key pillar in these efforts is Apple’s ongoing work in uncovering and taking action against malicious actors attempting to defraud developers and users.
Scammers are evolving their methods of online fraud, often making their activities harder to detect. Because of this, Apple has continued to refine its processes, invent new ones, and develop solutions to counter these threats.
Last year Apple released an initial fraud prevention analysis showing that Apple’s combination of sophisticated technology and human expertise protected customers from potentially fraudulent transactions worth more than $1.5 billion in 2020 alone and attempted theft of their money, their… information and their time – and kept nearly a million problematic new apps off their hands.
Today, Apple releases an annual update on that analysis: In 2021, Apple protected customers from nearly $1.5 billion in potentially fraudulent transactions and stopped over 1.6 million risky and vulnerable apps and app updates from fraudulent users.
Apple’s efforts to prevent and reduce App Store fraud require ongoing monitoring and vigilance by multiple teams. From App Review to Discovery Fraud, Apple’s ongoing commitment to protecting users from fraudulent app activity shows why independent, respected security experts say the App Store is the safest place to find and download apps.
App review
The app review process is multi-layered, combining computer automation with manual human review. App Review uses proprietary tools that leverage machine learning, heuristics, and data collected since the App Store’s initial launch, which help to quickly extract large amounts of information about an app’s potential issues and violations.
Human review is the distinctive component of the app review process. The App Review team reviews every app and update to ensure they comply with the App Store’s privacy, security, and spam policies. This process serves as a critical line of defense to protect users from bad actors.
App Review’s goal is always to help get quality new apps on the App Store.
In 2021, App Review helped over 107,000 new developers bring their apps to the Store. This process can be iterative, as apps are sometimes unfinished or contain bugs that break functionality when they are first submitted for approval, or they may need to improve their moderation mechanisms for user-generated content. In 2021, over 835,000 problematic new apps and another 805,000 app updates were rejected or removed for a variety of reasons like these. As part of the App Review process, any developer who believes they have been falsely reported for fraud may file a complaint with the App Review Board.
A smaller group of these denials were for blatant violations that could harm users or severely impact their experience. In 2021 alone, the app review team rejected more than 34,500 apps because they contained hidden or undocumented features, and more than 157,000 apps were rejected because they turned out to be spam, a knockoff, or misleading users by using them for example, persuaded them to make a purchase.
Sometimes nefarious developers try to bypass App Review by creating an app that appears in a way only to change its concept or functionality once approved. If Apple finds instances of this type of fraud, App Review will disapprove or immediately remove such apps from the Store, and affected developers will receive a 14-day appeal notice prior to termination. In 2021, over 155,000 apps were removed from the App Store for these types of violations.
App Review plays a large role in Apple’s efforts to protect user privacy, which Apple believes is a fundamental human right. App submissions are reviewed to ensure user data is treated appropriately. In 2021, the App Review team rejected over 343,000 apps for requesting more user data than necessary or mishandling data already collected.
Apple’s Developer Code of Conduct clarifies that developers who repeatedly engage in manipulative or deceptive behavior — or any other fraudulent behavior — will be kicked out of the Apple Developer Program. The same code also requires developers to accurately and honestly represent themselves and their offerings on the App Store, not engage in behavior that may manipulate any element of the customer experience on the App Store, and maintain high-quality content, services and experiences for customers.
If users have a concern about an app, they can report it by clicking the Report a Problem feature in the App Store or by calling Apple Support. Developers can use either of these methods or additional channels such as Feedback Assistant and Apple Developer Support.
Fraudulent ratings and reviews
App Store ratings and reviews serve as a resource for users and developers alike. Many iOS users rely on this feature to decide whether to download an app or which app option best suits their needs. These ratings and reviews, in turn, help improve discoverability in the App Store and provide meaningful information to developers, who take that feedback and improve their apps’ features and offerings accordingly.
Illicit ratings and reviews pose a serious risk to the App Store, as this type of deception can trick users into downloading – and in many cases buying – an untrustworthy app that attempts to manipulate the system by providing false information rather than expect the App Store to provide users with a quality experience. Trust in this system is paramount, and Apple’s anti-fraud initiatives help maintain its integrity. A sophisticated system that combines technology and human verification by teams of experts allows Apple to moderate ratings and reviews.
With more than 1 billion ratings and reviews processed throughout 2021, Apple has systematically identified and blocked from publication over 94 million reviews and over 170 million reviews for failing to meet moderation standards. Another 610,000 reviews were removed after publication due to customer complaints and additional human review.
account fraud
If developer accounts are used fraudulently or in a particularly egregious manner for fraudulent purposes, the offending developer’s Apple Developer Program account will be terminated. While these individuals or companies use sophisticated techniques to obfuscate their actions, Apple monitors to ensure relevant accounts are quickly terminated. As a result of these efforts, Apple terminated over 802,000 developer accounts in 2021. Another 153,000 developer registrations were rejected due to fraud concerns, preventing these bad actors from submitting an app to the store.
To protect users who download apps outside of the secure and trusted App Store, Apple has found and blocked over 63,500 illegitimate apps on pirate storefronts over the past 12 months. These storefronts proliferate malicious software, often designed to resemble popular apps—or modify popular apps without their developers’ permission—while bypassing the App Store’s security measures.
In the past month alone, Apple blocked more than 3.3 million instances of apps being illegally distributed through its Enterprise Developer Program, which aims to give large companies the ability to develop their own apps for internal use and distribute privately. Attackers have attempted to exploit this program to disregard App Review or involve a legitimate company by compromising an insider to reveal credentials needed to send illegal content.
Apple is also taking action against fraudulent customer accounts. In 2021, Apple disabled over 170 million customer accounts related to fraudulent and abusive activity. If an account exhibits behavior similar to those who have previously committed abuse, they will be deactivated before they can even be used. Additionally, in 2021, more than 118 million attempted account openings were rejected for showing patterns consistent with fraudulent and abusive activity.
Eradication of account-level fraud helps curb this type of dishonest behavior and presents users with more accurate information about an app’s relative quality and popularity in the App Store.
Payment and credit card fraud
For many people, no data is more sensitive than their financial information. Because of this, Apple has invested heavily in developing more secure payment technologies like Apple Pay and StoreKit. These technologies are used by more than 905,000 apps to sell goods and services on the App Store. For example, with Apple Pay, credit card numbers are never shared with merchants – eliminating a risk factor in the payment process.
As with all forms of fraud, Apple takes credit card fraud very seriously and is committed to protecting the App Store and its users from this type of hassle. In 2021 alone, a combination of technology and human verification prevented more than 3.3 million stolen cards from being used for potentially fraudulent purchases and blocked nearly 600,000 accounts from repeat transactions. Overall, Apple protected users from nearly $1.5 billion in potentially fraudulent transactions in 2021.
Apple’s efforts ensure the App Store remains a safe and trusted place for users to find and download apps, and for developers to do what they do best: create. To ensure the trusted ecosystem is maintained for years to come, Apple will continue to work to detect fraudulent activity and accounts and prevent financial crime.
Press Contacts
Apple Media Helpline
media.help@apple.com
(408) 974-2042