Apple released new data about anti-fraud measures related to its operation of the iOS App Store on Tuesday morning, trumpeting a claim that it stopped over $7 billion in “potentially fraudulent transactions” across the four years between 2020 and 2023.
More than $1.8 billion of that total was stopped in 2023, per Apple, which is down from the $2 billion in potentially fraudulent transactions Apple reported preventing in 2022. It also said it blocked over 14 million stolen credit cards and more than 3.3 million accounts from transacting again between 2020 and 2023.
As with any self-reported corporate metrics, the aim is to shape a narrative: In Apple’s case it’s a longstanding claim that its mobile ecosystem sets “the standard for security, reliability, and user experience”, as its blog post puts it.
It’s worth noting that counter-narratives do exist, such as the developer lawsuit Apple settled back in fall 2022, which had raised complaints about unfair app rejections, scams and fraud.
The timing of Apple’s blog post coincides — coincidentally or not — with the kick-off of Google’s developer confab, I/O. That’s interesting because, in recent months, Mountain View has been running a pilot of a new automated anti-fraud measure for its own app store, Google Play, suggesting competition to burnish mobile security cred is heating up thanks to AI.
Apple’s other pressure point on ecosystem integrity comes from regulators. In the European Union the iPhone maker has, since February, been forced into allowing third-party app stores and app sideloading under the bloc’s Digital Markets Act (DMA). It must also let developers use third-party payment tech (rather than its own) if they wish. Apple argues the DMA’s enforced openness is weakening the security of its iOS ecosystem.
The “fourth annual fraud prevention analysis” Apple has published today offers a retrospective look at where its App Store ecosystem stood on stopping scams and other problematic behaviors before meddling EU regulators got involved.
It also reads like a marketing pitch to developers who, in the EU at least, have an increasing array of choices about how to distribute their apps, rather than being forced to submit to the Apple’s App Store to reach iOS users.
App Store integrity in the frame
Reporting additional metrics for 2023, Apple said it rejected more than 1.7 million app submissions for failing to meet its “stringent” standards for privacy, security and content. It also said its efforts to stop and reduce App Store fraud led to it terminating nearly 374 million developer and customer accounts, and removing “close to” 152 million ratings and reviews over fraud concerns.
Also in 2023, Apple said it shuttered close to 118,000 developer accounts — which its blog post notes is a marked decrease from the 428,000 terminations in the prior year (2022). It credits “continued improvements” in preventing the creation of potentially fraudulent accounts in the first place with this decrease, without specifying the changes it’s made.
In further actions last year, Apple said it rejected more than 91,000 developer enrollments for “fraud concerns” — preventing these accounts from submitting what it couched as “problematic apps” to the App Store.
Apple’s App Review team has over 500 staff who Apple said are tasked with evaluating every app submission. “On average, the team reviews approximately 132,500 apps a week, and in 2023, reviewed nearly 6.9M app submissions while helping more than 192,000 developers publish their first app onto the App Store,” it wrote.
Per Apple, the App Review workflow involves both automated processes and human review to try to spot and block fraud and other harms. In 2023, more than 1.7 million app submissions were rejected by Apple for “various reasons, including privacy violations and fraudulent activity”.
“Bad actors employ deceptive tactics to harm users, including the practice of disguising potentially risky apps as innocuous ones,” the company wrote. “Over the past year, there have been numerous instances where App Review identified apps initially misrepresented as harmless products — such as photo editors or puzzle games — that later transformed postreview into pirate movie streaming platforms, illegal gambling apps, or fraudulent and predatory loan issuers.”
“In some extreme instances, the team also identified and removed financial service apps involved in complex and malicious social engineering efforts designed to defraud users, including apps impersonating known services to facilitate phishing campaigns and that provided fraudulent financial and investment services,” Apple added, noting App Store reviewers “removed or rejected 40,000 apps from developers who engaged in bait-and-switch activity” across the year.
Comment