Apple: App Store stopped $2 billion in fraud, blocked 2 million risky apps in 2024

5gDedicated
Yanac

Apple continues to put forth the proposition that how it runs its App Store is good for customers. The company’s annual App Store fraud analysis puts a number to this benefit, revealing that Apple has prevented over $9 billion in fraudulent transactions at the App Store in the last five years.

Apple’s data comes as the company continues to trudge through ice and fire concerning how it runs the App Store, with payment methods and support for transactions outside its store all being attacked by regulators everywhere. And while the arguments against it gain favor, Apple wants its own arguments heard, countering the sometimes one-sided reportage around its mythical “Apple Tax.”

“In the last five years, the App Store has protected users by preventing over $9 billion in fraudulent transactions, including over $2 billion in 2024 alone, according to Apple’s annual App Store fraud analysis,” Apple said. 

That’s up about 10% over last year, when it prevented over $1.8 billion in fraud.

The cost of vigilance, the price of failure

The cost of security is, they say, eternal vigilance, which is what Apple promises at its stores. Achieving that vigilance takes a big investment, not just of time but also of money to pay people to do the watching. 

To give a sense of scale, Apple told us that 7.7 million apps were submitted to the App Store last year, and of these, 1.9 million were rejected. With Apple’s teams assessing 150,000 app submissions every week, third-party stores logically need to be able to provide the same degree of security oversight to protect their own.

Perhaps one of the more staggering takeaways is the scale at which attempts against the store are being made. Apple says that in the last month, it stopped almost 4.6 million attempts to install or launch illicitly distributed apps. It also blocked more than 10,000 illegitimate apps distributed by what the company calls “pirate storefronts.” 

What threats are users exposed to? 

Apple shares a few, including deceptive apps designed to steal personal information, and fraudulent payment schemes that attempt to exploit users. Some of the other commonly used attack forms Apple says it blocked last year: 

Apps with hidden features and functionality that are only enabled after the app passes App Review. Apple rejected over 43,000 apps for this kind of thing last year. 

More than 320,000 submissions that copied other apps, were spam, or otherwise misled users were rejected.

Risky software disguised as innocuous apps. Apple’s App Review team removed over 17,000 apps for bait-and-switch maneuvers such as these in 2024, the company said.

Apple also rejected 400,000 app submissions for privacy violations.

Of course, the company may have highlighted these attack categories as an oblique way to warn consumers using other stores of the kinds of attacks they may fall victim to.

Payment and ratings fraud

Fans of alternative payment methods to Apple Pay take note: Apple identified nearly 4.7 million stolen credit cards and banned over 1.6 million accounts from transacting again in the last year.

The company also stressed that the way its transaction system works gives customers a lot more privacy and security, as actual card details are never shared online. This of course helps prevent those details being stolen in future database attacks.

As Epic’s Fortnite storms up the App Store charts, it is also interesting that Apple’s report pays particular attention to apps that use insalubrious methods to achieve the same thing.

Apple says it removed more than 143 million fraudulent ratings and reviews from the 1.2 billion posted to the App Store last year as it identified attempts to use bots or paid services to game its reviews system. The company also kicked over 7,000 apps out of its store that made such attempts.

Developers, developers…

Of course, it’s not just customers who benefit from a well-curated app reviews system. Developers also benefit from a more equal chance to reach customers, Apple pointed out.

It is to be hoped that any future third-party stores share some of these commitments.

Those commitments should, logically, extend to discipline against developers. Apple says that in order to prevent fraud, it terminated over 146,000 developer accounts last year. It also blocked 139,000 developer enrollments.

Why are tens of thousands of attempts to overcome App Store security taking place? It could be the sheer number of people using the store, which is currently serving 813 million visits each and every week. 

What’s not being said, but could perhaps be inferred, is that once Apple is forced to open up access to third-party stores, consumers will need to become very, very certain the stores they use are delivering at least as secure a purchasing experience as Apple already does or face the consequences of that risk.

Given choice, some stay

Apple’s critics will likely mock the company’s approach, arguing that any good retailer should provide similar protections and that the company’s attempts to reinforce perception of the potential risks reflects its prime need to protect its own revenue.

Perhaps that is true, to some extent — but what is also true is that once Apple is forced to open up access to its stores and devices on a wider basis, then the gloves will be off when it comes to promoting App Store as a service.

Apple will continue to promote the advantages its already trusted service brings, while competitors will be forced to match those commitments or be exposed as providing a more insecure, less trustworthy service. For many customers, Apple’s service will still be the choice they make.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.Apple: App Store stopped $2 billion in fraud, blocked 2 million risky apps in 2024 – ComputerworldRead More