Apple reveals the shocking true extent of App Store fraud
"Preserving a safe and secure marketplace requires constant vigilance, as bad actors continue to evolve their tactics."
Once upon a time, Apple users believed they were totally safe from digital nasties within the fruity firm's walled garden.
But innocence rarely survives an encounter with the worm (or one of many other security threats now known to target Apple).
One of Apple's supposed safe spaces is its App Store, which is a much more locked-down, buttoned-up place than the wild west of Google Play - a rival with looser submission rules than Cupertino's tightly controlled marketplace.
However, even in Apple's relatively secure stronghold, a bomber will sometimes get through.
Now Apple has revealed the shocking extent of its battle against App Store scammers.
iFraud: Locking down the App Store
Over the past five years, Apple prevented more than $9 billion in fraudulent transactions. In 2024 alone, Apple blocked more than $2 billion dodgy transactions and rejected two million risky app submissions, ensuring they could never end up in users' hands.
In its annual App Store fraud analysis, Apple wrote: "Preserving the App Store’s safe and secure marketplace requires constant vigilance, as bad actors continue to evolve their tactics in an attempt to defraud users.
"These threats range from deceptive apps designed to steal personal information to fraudulent payment schemes that attempt to exploit users. Apple employs a comprehensive approach to combating fraud on the App Store, with teams across the company working to detect, investigate, and prevent malicious activity before it can reach users."
Apple’s antifraud systems flagged and removed over 146,000 developer accounts in 2024 and blocked another 139,000 from enrolling to stop malicious apps from reaching the App Store.
READ MORE: Apple patents sinister worker monitoring technology that can expose daydreamers
During the same period, Apple rejected more than 711 million fake customer account attempts and deactivated nearly 129 million accounts linked to scams, spam, and review manipulation.
Beyond the App Store, Apple blocked over 10,000 illegitimate apps from "pirate storefronts" and stopped 4.6 million attempts to install unauthorised apps, helping protect both users and developers from malware, scams, and app cloning.
It probably also annoyed a few users by unintentionally blocking them from installing perfectly legitimate apps, forcing people to disable key security protections to bypass its sometimes overzealous protections. Annoying, but not the end of the world, we'd argue.
How does Apple block malware and malicious apps from the App Store?
Before any app goes on sale, it is vetted by a member of Apple’s App Review team, which reviews nearly 150,000 app submissions each week
The review process involves human oversight and automated processes to detect and block action on apps that are suspected to be potentially harmful to users.
Of the 7.7 million App Store submissions reviewed in 2024, more than 1.9 million were rejected for failing to meet Apple’s standards for security, reliability, and user experience, including for privacy violations or fraud concerns.
Apple stated that fraudulent developers conceal hidden features and functionality in their code, which are enabled after the app has passed its review. In 2024, it rejected more than 43,000 app submissions for containing these hidden or undocumented features. Last year, it also rejected 320,000 submissions that copied other apps, spammed users, or otherwise misled Apple fans.
READ MORE: Apple's "authoritarian" Lockdown Mode is "harmful", academics claim
"Bad actors can also attempt to deceive users by disguising potentially risky software as seemingly innocuous apps," Apple wrote. "Last year, App Review removed over 17,000 apps for bait-and-switch manoeuvres such as these, as part of its ongoing efforts to routinely monitor and take action against problematic apps."
Apple also blocks apps that attempt to access users’ personal data without their permission or knowledge are also prohibited from the App Store. In 2024, App Review rejected 400,000 app submissions for privacy violations.
"Apple takes swift action against apps that attempt to cheat the system and boost their ranking on the App Store, such as by using bots or paid services to artificially inflate download numbers or post fake five-star reviews," it added.
Cupertino cops also removed more than 143 million fraudulent ratings and reviews from the App Store in 2024.
Commenting on the news, Adam Boynton, Senior Security Strategy Manager EMEIA at Jamf, told Machine: "Apple’s report highlighting the prevention of $2 billion in App Store fraud is a clear signal of both the rising sophistication of mobile threats and the strength of Apple’s security model.
"Criminals are increasingly turning to fake apps, ranking manipulation, and social engineering to exploit users. Apple’s layered defences, including its App Review process, strict privacy policies, and real-time monitoring, help create one of the most secure app platforms in the world.
"However, as threats continue to evolve, particularly with the rise of advanced malware and targeted attacks, organisations must look beyond app vetting alone. It is essential to secure the entire device experience, not just the point of download.
"Apple sets a strong baseline. The next step is for businesses to take ownership of mobile security and deliver trusted, secure experiences from install to impact."
Do you have a story or insights to share? Get in touch and let us know.
