App Store: blocked fraudulent transactions worth over USD 7 billion

Since launching the App Store in 2008, Apple has continued to invest in developing industry-leading technologies designed to offer the safest and most secure user experience for downloading apps and provide every developer with a dynamic and innovative platform to distribute their software. Today, the App Store is at the forefront of app distribution and sets the standard for security, reliability and user experience. As the scope and complexity of digital threats have evolved, Apple has expanded its anti-fraud initiatives to address these challenges and help protect the user. Every day, Apple teams monitor and analyze fraudulent activity on the App Store, using sophisticated tools and technologies to remove malicious actors and help strengthen the App Store ecosystem.

From 2020 to 2023, Apple prevented potentially fraudulent transactions totalling over $7 billion, including over $1.8 billion in 2023 alone. During the same period, Apple blocked over 14 million stolen credit cards and banned over 3.3 million accounts from making further transactions. As detailed in its fourth annual fraud prevention analysis, released today, Apple rejected more than 1.7 million apps in 2023 because they did not meet the App Store’s stringent privacy, security and content standards. In addition, Apple’s ongoing efforts to stop and reduce fraud in the App Store resulted in the closure of nearly 374 million developer and customer accounts and the removal of nearly 152 million ratings and reviews due to suspected fraud.

Fraudulent accounts

Apple has robust systems to eliminate fraudulent customer and developer accounts quickly and effectively, preventing these parties from defrauding the user. In 2023, Apple closed nearly 118,000 developer accounts, down from 428,000 in the previous year, thanks to continuous improvements in the systems used to prevent the creation of potentially fraudulent accounts. In addition, the company rejected more than 91,000 applications to join the Developer Programme, effectively preventing these individuals from publishing problematic apps on the App Store.

Malicious activity can also occur at the customer account level, so Apple takes a number of measures to protect users and developers from malicious actors. These accounts tend to be bots created for spam or to manipulate ratings, reviews, rankings and search results, threatening the integrity of the App Store and its community of users and developers. In 2023, Apple blocked over 153 million fraudulent account creation attempts and disabled nearly 374 million accounts for fraud and abuse.

Apple’s commitment to reliability and security extends beyond the App Store: in the past 12 months, the company has detected and blocked more than 47,000 illegitimate apps on pirate stores. This type of control also protects those developing legitimate apps, which could be modified or used to disguise malicious software in order to distribute it on these platforms. In addition, in the past month, Apple has blocked nearly 3.8 million attempts to install or launch illegally distributed apps through its Developer Enterprise Program, which allows large organizations to deploy in-house apps for their staff.

Reviewing apps

Apple has a team of more than 500 experts who evaluate every app submitted to the App Store by developers worldwide before it reaches the user. On average, the team reviews about 132,500 apps per week; in 2023, it reviewed nearly 6.9 million while helping more than 192,000 developers publish their first app to the App Store. The team performs a whole series of checks before an app can be published on the store, using automated processes and a review conducted by individuals to detect and block apps that could potentially harm or defraud the user. In 2023, more than 1.7 million apps were rejected for various reasons, including privacy violations and fraudulent activities.

Malicious actors use deceptive tactics to harm the user, including the practice of disguising potentially risky apps as harmless apps. Over the past year, there have been numerous cases in which the review team has identified apps initially presented as harmless products (such as photo editors or puzzles) that, after verification, turned into pirated movie streaming platforms, illegal gambling apps or fraudulent and predatory loan issuers.

In some extreme cases, the team also identified and removed financial services apps involved in complex and malicious social engineering attempts to scam the user, including apps pretending to be known services to facilitate phishing campaigns and providing fraudulent financial and investment services. As a result of its constant work to verify each proposed app and investigate the presence of problematic apps in the App Store, in 2023, Apple’s team removed or rejected 40,000 apps from developers involved in deceptive bait-and-switch activity.

App Store has blocked potentially fraudulent transactions worth over USD 7 billion
App Store has blocked potentially fraudulent transactions worth over USD 7 billion

Apple Developer Program

Malicious actors may also design apps intending to deceive and cheat the user. In 2023, more than 248,000 apps were rejected from the App Store because they violated Apple’s policies against spam, blatantly copied other apps, or deceived the user. In addition, more than 38,000 apps were rejected because they contained hidden or undocumented functions. The App Store also bans apps designed to access users’ private and personal data without their permission or knowledge. Last year alone, more than 375,000 apps were rejected for privacy violations.

In the case of apps reported as fraudulent or malicious via Apple’s ‘Report a Problem’ tool, the app review team acts promptly to investigate and take necessary action. Fraudulent apps are immediately removed from the App Store, and the person who developed them risks expulsion from the Apple Developer Program, which would also result in any unapproved apps in his or her account not being published in the store. In 2023, the app verification team took action to prevent around 98,000 potentially fraudulent apps from reaching users in the App Store.

Payment and card fraud

From home products to entertainment services, apps have become the norm for purchasing. Apple is committed to protecting each user’s financial information through secure payment technologies like Apple Pay and StoreKit, which nearly 1 million apps use to sell goods and services on the App Store. And while fraud losses have reached new peaks globally, in 2023 Apple helped prevent more than $1.8 billion in potentially fraudulent transactions on its platform. Apple takes credit card fraud very seriously and continues its efforts to protect the App Store and those who use it. For example, when users make a purchase with Apple Pay, the system uses a specific number for their device and a unique transaction code: the card number is never stored on the device or Apple’s servers.

Furthermore, credit and debit card data are never shared with developers, thus eliminating another risk factor in payment transactions. When using Apple Pay to make a purchase online or in an app, cards with certain advanced anti-fraud features will allow the user’s device to evaluate information such as Apple ID, device and location (if location services for Wallet are enabled) to develop on-device fraud prevention evaluations. Apple also exploits advanced technologies combined with checks conducted by natural persons to detect when a stolen credit card is being used for illicit purposes. In 2023 alone, Apple prevented more than 3.5 million stolen credit cards from being used for fraudulent purchases and banned more than 1.1 million accounts from making further transactions.

Antonino Caffo has been involved in journalism, particularly technology, for fifteen years. He is interested in topics related to the world of IT security but also consumer electronics. Antonino writes for the most important Italian generalist and trade publications. You can see him, sometimes, on television explaining how technology works, which is not as trivial for everyone as it seems.