Tech major Apple has said it is dedicated to keeping the App Store a safe and trusted place for people to discover and download apps.
A key pillar in that effort is Apple’s ongoing work detecting and taking action against bad actors who seek to defraud developers and users.
"Bad actors continue to evolve their methods of online fraud, often making their schemes harder to recognise. That is why Apple has continued to refine its processes, create new ones, and engineer solutions to take on these threats," read a statement issued by Apple.
Last year, Apple released an inaugural fraud prevention analysis, which showed that in 2020 alone, Apple’s combination of sophisticated technology and human expertise protected customers from more than $1.5 billion in potentially fraudulent transactions, preventing the attempted theft of their money, information, and time — and kept nearly a million problematic new apps out of their hands.
Today, Apple is releasing an annual update to that analysis: In 2021, Apple protected customers from nearly $1.5 billion in potentially fraudulent transactions, and stopped over 1.6 million risky and vulnerable apps and app updates from defrauding users.
Apple’s efforts to prevent and reduce fraud on the App Store require continuous monitoring and vigilance across multiple teams.
From App Review to Discovery Fraud, Apple’s ongoing commitment to protect users from fraudulent app activity demonstrates once again why independent, respected security experts have said the App Store is the safest place to find and download apps.
The App Review process is multilayered, and combines computer automation with manual human review.
App Review uses proprietary tools that leverage machine learning, heuristics, and data accumulated since the App Store first launched, which helps to quickly extract large volumes of information about an app’s potential issues and violations.
Human review is the distinguishing component of the App Review process.
The App Review team reviews every app and every update to ensure they follow the App Store’s guidelines related to privacy, security, and spam.
This process serves as a critical line of defence to help protect users from bad actors.
App Review’s goal is always to help get quality, new apps on the App Store.
In 2021, App Review helped over 107,000 new developers get their apps onto the store.
This process can be iterative, since sometimes apps may be unfinished or contain bugs that impede functionality when they are first submitted for approval, or they might need to make improvements in its moderation mechanisms for user-generated content.
In 2021, over 835,000 problematic new apps, and an additional 805,000 app updates, were rejected or removed for a range of reasons like those. As part of the App Review process, any developer who feels they have been incorrectly flagged for fraud may file an appeal to the App Review Board.
A smaller group of these rejections were for flagrant violations that could harm users or deeply diminish their experience. In 2021 alone, the App Review team rejected more than 34,500 apps for containing hidden or undocumented features, and upward of 157,000 apps were rejected because they were found to be spam, copycats, or misleading to users, such as manipulating them into making a purchase.
Sometimes, nefarious developers try to circumvent App Review by creating an app that appears one way, only to alter its concept or functionality once it’s been approved.
When Apple finds instances of this sort of fraud, App Review rejects or removes such apps from the store immediately, and the impacted developers receive a 14-day appeals process notice prior to termination. In 2021, over 155,000 apps were removed from the App Store for these kinds of violations.
App Review plays a big role in Apple’s efforts to protect user privacy, which Apple believes is a fundamental human right. App submissions are reviewed to ensure user data is being handled appropriately.
In 2021, the App Review team rejected over 343,000 apps for requesting more user data than necessary or mishandling data they already collected.
Apple’s Developer Code of Conduct makes clear that developers who engage in repeated manipulative or misleading behaviour — or any other fraudulent conduct — will be removed from the Apple Developer Program.
This same code also requires developers to represent themselves and their offerings on the App Store accurately and honestly, refrain from engaging in behaviour that can manipulate any element of the App Store customer experience, and maintain high-quality content, services, and experiences for customers.
If users have concerns about an app, they can report it by clicking on the Report a Problem feature on the App Store or calling Apple Support, and developers can use either of those methods or additional channels like Feedback Assistant and Apple Developer Support.
Fraudulent Ratings and Reviews
App Store ratings and reviews serve as a resource for users and developers alike. Many iOS users have come to depend on this feature as a way to help decide whether to download an app, or which app option best suits their needs.
In turn, these ratings and reviews help improve discoverability on the App Store, and provide meaningful intelligence to developers who take this feedback and improve their apps’ features and offerings accordingly.
Illegitimate ratings and reviews pose a serious risk to the App Store, as this sort of deception can lead users to download — and in many cases, buy — an untrustworthy app that attempts to game the system through misrepresentation, rather than provide the quality experience users expect from the App Store.
Trust in this system is of the utmost importance, and Apple’s antifraud initiatives help maintain its integrity. A refined system that combines technology and human review by expert teams allows Apple to moderate ratings and reviews.
With more than 1 billion ratings and reviews processed throughout 2021, Apple systematically detected and blocked over 94 million reviews and over 170 million ratings from publication for failing to meet moderation standards. An additional 610,000 reviews were also removed after publication based on customer concern submissions and additional human evaluation.
When developer accounts are used for fraudulent purposes in a deceitful or especially egregious fashion, the offending developer’s Apple Developer Program account is terminated.
While these people or entities deploy elaborate techniques to obscure their actions, Apple monitors to ensure related accounts are terminated quickly. As a result of these efforts, Apple terminated over 802,000 developer accounts in 2021.
An additional 153,000 developer enrollments were rejected over fraud concerns, preventing these bad actors from submitting an app to the store.
In an effort to protect users who download apps beyond the safe and trusted App Store, over the last 12 months, Apple found and blocked over 63,500 illegitimate apps on pirate storefronts.
These storefronts distribute malicious software often designed to resemble popular apps — or that modify popular apps without their developers’ authorisation — while circumventing the App Store’s security protections.
Over the past month alone, Apple has blocked more than 3.3 million instances of apps distributed illicitly through its Enterprise Developer Program, which is designed to enable large organisations to develop and privately distribute their own apps for internal use.
Offenders have sought to exploit this program in an attempt to flout App Review or involve a legitimate enterprise by compromising an insider to leak credentials needed to ship illicit content.
Apple takes action on fraudulent customers accounts, too. In 2021, Apple deactivated over 170 million customer accounts associated with fraudulent and abusive activity. If an account exhibits similar behaviours to those that have engaged in previous abuse, they’re deactivated before they can be used at all.
In addition, more than 118 million attempted account creations were rejected in 2021 because they displayed patterns consistent with fraudulent and abusive activity.
Rooting out fraud on an account level helps curb this sort of dishonest behaviour, and present users with more accurate information on the relative quality and popularity of an app on the App Store.
Payment and Credit Card Fraud
For many people, no data is more sensitive than their financial information.
That’s why Apple has invested enormously in creating more secure payment technologies like Apple Pay and StoreKit.
These technologies are used by more than 905,000 apps to sell goods and services on the App Store. For example, with Apple Pay, credit card numbers are never shared with merchants — eliminating a risk factor in the payment transaction process.
As with all forms of fraud, Apple takes credit card fraud extremely seriously and is committed to protecting the App Store and its users from this sort of distress.
In 2021 alone, as a result of a combination of technology and human review, more than 3.3 million stolen cards were prevented from being used to make potentially fraudulent purchases, and banned nearly 600,000 accounts from transacting again.
In total, Apple protected users from nearly $1.5 billion in potentially fraudulent transactions in 2021.
Apple’s efforts keep the App Store a safe and trusted place for users to find and download apps, and for developers to do what they do best: create.
To help ensure that trusted ecosystem is sustained for years to come, Apple will continue working to detect fraudulent activity and accounts, and prevent financial crimes.