Apple says it stopped more than RM9 billion in fraud on App Store, as threat of third-party stores looms

Apple has taken a swipe at third-party app stores, even as looming regulations could soon force Cupertino to allow these stores on its products. The company announced that it prevented USD 2.09 billion (around RM9.4 billion) worth of fraudulent transactions on its own App Store last year, in addition to removing nearly 1.7 million app submissions for failing to meet its “high standards for privacy, security, and content.”

In particular, Apple mocked those “illegitimate storefronts” by saying it has “protected users from nearly 57,000 untrustworthy apps” from the said stores, adding that the latter do not have the same privacy and security protections as the App Store. It claimed that these “unauthorised marketplaces” distribute harmful software that can imitate or alter popular apps without the developers’ consent.

Apple also said it terminated over 428,000 developer accounts for potentially fraudulent activity. This number, it added, is a significant decrease from the 802,000 accounts it banned in 2021, partly due to new methods and protocols that prevent the creation of potentially fraudulent accounts in the first place.

Additionally, Apple said it has:

• rejected nearly 105,000 Apple Developer Programme enrolments for suspicious fraudulent activities, preventing bad actors from submitting apps,
• blocked nearly 3.9 million attempts to launch or install apps distributed illicitly through the Developer Enterprise Programme, which is only meant for large organisations to deploy internal apps on employees’ phones,
• disabled over 282 million customer accounts associated with fraudulent and abusive activity, and
• blocked 198 million attempted fraudulent new customer accounts from being created.

The company also highlighted its app review process that includes several safety checks. These include the Xcode developer software that ensures each app uses authorised technologies and meets the App Store’s minimum requirements, additional checks on App Store Connect to weed out known malware and references to private APIs, and a thorough inspection by a member of the App Review team.

Apple said it has rejected apps this year for various privacy- and security-related reasons, including the use malicious code that could steal users’ credentials and bait-and-switch apps disguised as financial management platforms. Apps were also denied a place in the App Store for either being spam, copycats or misleading; containing hidden or undocumented features; or secretly trying to obtaining personal data without the users’ knowledge.

On top of that, Apple claimed its App Review team investigates apps reported through its Report a Problem tool and remove fraudulent and malicious apps, as well as automatically removing unapproved apps under a developer account terminated for fraud and abuse, preventing them from being submitted to the App Store.

The company said it has also removed over 147 million potentially misleading app ratings and reviews from fraudulent or bot accounts, as well as helping credit card fraud victims by blocking nearly 3.9 million stolen credit cards last year.

Apple’s App Store chest-thumping comes as it looks set to make sweeping changes to its products. Its hand is being forced as part of the EU’s Digital Markets Act (DMA), which has been ostensibly designed to ensure open markets in the continent and will come into effect on March 6 next year.

The main highlights include allowing the installation of third-party app stores and sideloading on its devices. However, it could also be made to open up access to its devices’ Find My feature, NFC chip, cameras, default web browser settings and more to rival companies. Regulatory pressure from the EU is already forcing Apple to make one of the biggest changes to the iPhone—the addition of a USB-C port.