In an article on its Newsroom page, Apple says that its App Store stopped more than US$1.5 billion in potentially fraudulent transactions in 2020 thanks to its “combination of sophisticated technology and human expertise.”
The tech giant says its App Review team is an essential line of defense, carefully reviewing every app and every update to ensure they adhere to the App Store’s strong guidelines on privacy, security, and spam. The guidelines have changed over time to respond to new threats and challenges, with the goal of protecting users and providing them with the very best experience on the App Store.
In 2020, Apple says the Review Team assisted more than 180,000 new developers in launching apps. Sometimes this takes a few tries. An app might be unfinished or not functioning properly when it’s submitted for approval, or it might not yet have a sufficient mechanism for moderating user-generated content. In 2020, nearly one million problematic new apps, and an additional nearly one million app updates, were rejected or removed for a range of reasons like those.
Apple says a smaller but significant set of these rejections was for “egregious violations that could harm users or deeply diminish their experience.” In 2020 alone, the App Review team rejected more than 48,000 apps for containing hidden or undocumented features, and more than 150,000 apps were rejected because they were found to be spam, copycats, or misleading to users in ways such as manipulating them into making a purchase.
What’s more, some developers perform a bait and switch: fundamentally changing how the app works after review to evade guidelines and commit forbidden and even criminal actions. When such apps are discovered, they’re rejected or removed immediately from the store, and developers are notified of a 14-day appeals process before their accounts are permanently terminated. In 2020, about 95,000 apps were removed from the App Store for fraudulent violations, predominantly for these kind of bait-and-switch maneuvers.
In just the last few months, for example, Apple has rejected or removed apps that switched functionality after initial review to become real-money gambling apps, predatory loan issuers, and pornography hubs; used in-game signals to facilitate drug purchasing; and rewarded users for broadcasting illicit and pornographic content via video chat.
Another common reason apps are rejected is they simply ask for more user data than they need, or mishandle the data they do collect, according to Apple. In 2020, the App Review team rejected over 215,000 apps for those sorts of privacy violations.
Even with these stringent review safeguards in place, with 1.8 million apps on the App Store, problems still surface. Users can report problematic apps by choosing the Report a Problem feature on the App Store or calling Apple Support, and developers can use either of those methods or additional channels like Feedback Assistant and Apple Developer Support.
Apple also recently deployed new tools to verify rating and review account authenticity, to analyze written reviews for signs of fraud, and to ensure that content from deactivated accounts is removed.
Then there’s account fraud in which developer accounts are created entirely for fraudulent purposes. If a developer violation is egregious or repeated, the offender is expelled from the App Store Developer Program and their account terminated. Apple terminated 470,000 developer accounts in 2020 and rejected an additional 205,000 developer enrollments over fraud concerns, preventing these bad actors from ever submitting an app to the store.
Despite fraudsters’ sophisticated techniques to obscure their actions, Apple says its aggressive monitoring means these accounts are terminated, on average, less than a month after they are created.
Finally, financial information and transactions are some of the most sensitive data that users share online. Apple says it’s invested significant resources in building more secure payment technologies like Apple Pay and StoreKit, which are used by more than 900,000 apps to sell goods and services on the App Store. For example, with Apple Pay, credit card numbers are never shared with merchants — eliminating a risk factor in the payment transaction process.