Apple stopped $1.5 billion in fraudulent transactions in 2021

Apple is dedicated to keeping the App Store a safe and trusted place for people to discover and download apps. A key pillar in that effort is Apple’s ongoing work detecting and taking action against bad actors who seek to defraud developers and users.

Bad actors continue to evolve their methods of online fraud, often making their schemes harder to recognize. That is why Apple has continued to refine its processes, create new ones, and engineer solutions to take on these threats.

Last year, Apple released an inaugural fraud prevention analysis, which showed that in 2020 alone, Apple’s combination of sophisticated technology and human expertise protected customers from more than $1.5 billion in potentially fraudulent transactions, preventing the attempted theft of their money, information, and time — and kept nearly a million problematic new apps out of their hands.

Today, Apple is releasing an annual update to that analysis: In 2021, Apple protected customers from nearly $1.5 billion in potentially fraudulent transactions, and stopped over 1.6 million risky and vulnerable apps and app updates from defrauding users.

Apple’s efforts to prevent and reduce fraud on the App Store require continuous monitoring and vigilance across multiple teams. From App Review to Discovery Fraud, Apple’s ongoing commitment to protect users from fraudulent app activity demonstrates once again why independent, respected security experts have said the App Store is the safest place to find and download apps.

App review
The App Review process is multilayered, and combines computer automation with manual human review. App Review uses proprietary tools that leverage machine learning, heuristics, and data accumulated since the App Store first launched, which helps to quickly extract large volumes of information about an app’s potential issues and violations.

Human review is the distinguishing component of the App Review process. The App Review team reviews every app and every update to ensure they follow the App Store’s guidelines related to privacy, security, and spam. This process serves as a critical line of defense to help protect users from bad actors.

App Review’s goal is always to help get quality, new apps on the App Store.

In 2021, App Review helped over 107,000 new developers get their apps onto the store. This process can be iterative, since sometimes apps may be unfinished or contain bugs that impede functionality when they are first submitted for approval, or they might need to make improvements in its moderation mechanisms for user-generated content. In 2021, over 835,000 problematic new apps, and an additional 805,000 app updates, were rejected or removed for a range of reasons like those. As part of the App Review process, any developer who feels they have been incorrectly flagged for fraud may file an appeal to the App Review Board.

A smaller group of these rejections were for flagrant violations that could harm users or deeply diminish their experience. In 2021 alone, the App Review team rejected more than 34,500 apps for containing hidden or undocumented features, and upward of 157,000 apps were rejected because they were found to be spam, copycats, or misleading to users, such as manipulating them into making a purchase.

Sometimes, nefarious developers try to circumvent App Review by creating an app that appears one way, only to alter its concept or functionality once it’s been approved. When Apple finds instances of this sort of fraud, App Review rejects or removes such apps from the store immediately, and the impacted developers receive a 14-day appeals process notice prior to termination. In 2021, over 155,000 apps were removed from the App Store for these kinds of violations.

App Review plays a big role in Apple’s efforts to protect user privacy, which Apple believes is a fundamental human right. App submissions are reviewed to ensure user data is being handled appropriately. In 2021, the App Review team rejected over 343,000 apps for requesting more user data than necessary or mishandling data they already collected.

Apple’s Developer Code of Conduct makes clear that developers who engage in repeated manipulative or misleading behavior — or any other fraudulent conduct — will be removed from the Apple Developer Program. This same code also requires developers to represent themselves and their offerings on the App Store accurately and honestly, refrain from engaging in behavior that can manipulate any element of the App Store customer experience, and maintain high-quality content, services, and experiences for customers.

CT Bureau