Apple Thwarts $2 Billion in App Store Fraud, Rejects 1.7 Million App Submissions


May 18, 2023Ravie LakshmananMobile Security / App Sec

Apple has announced that it prevented over $2 billion in potentially fraudulent transactions and rejected roughly 1.7 million app submissions for privacy and security violations in 2022.

The computing giant said it terminated 428,000 developer accounts for potential fraudulent activity, blocked 105,000 fake developer account creations, and deactivated 282 million bogus customer accounts. It further noted that it thwarted 198 million attempted fraudulent new accounts prior to their creation.

In contrast, Apple is estimated to have booted out 802,000 developer accounts in 2021. The company attributed the decline to new App Store “methods and protocols” that prevent the creation of such accounts in the first place.

“In 2022, Apple protected users from nearly 57,000 untrustworthy apps from illegitimate storefronts,” the company emphasized. “These unauthorized marketplaces distribute harmful software that can imitate popular apps or alter them without the consent of their developers.”

It also touted its App Review process as having been able to flag apps using malicious code designed to steal users’ credentials from third-party services as well as those that impersonated legitimate financial management platforms. A total of 6.1 million app submissions were reviewed.

“Over 153,000 app submissions rejected from the App Store last year were found to be spam, copycats, or misleading, and nearly 29,000 submissions were rejected for containing hidden or undocumented features,” Apple said. “Upward of 400,000 app submissions were rejected for privacy violations.”

On a related note, more than 147 million fraudulent ratings and reviews in the App Store were detected and blocked in 2022, with Apple intercepting close to 3.9 million attempts to install or launch apps distributed illicitly through its Developer Enterprise Program over the past 30 days alone.

Last but not least, Cupertino highlighted that it also blocked nearly 3.9 million stolen credit cards from being used to make fraudulent purchases, and banned 714,000 accounts from transacting again. In all, $2.09 billion in fraudulent transactions on the App Store were blocked in 2022.

The numbers come amid speculations that Apple may soon enable sideloading and allow third-party app stores on iOS devices to comply with the European Union’s Digital Markets Act (DMA), which went into effect on November 1, 2022.

The disclosure also arrives close on the heels of a similar report from Google, which said it dismantled 173,000 bad accounts and blocked 1.43 million harmful apps from being published to the Play Store in 2022. It also fended off more than $2 billion in fraudulent and abusive transactions.

UPCOMING WEBINAR

Learn to Stop Ransomware with Real-Time Protection

Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

Save My Seat!

Despite these ongoing efforts by Apple and Google, threat actors have found a variety of ways to bypass security protections and publish their apps on the official app stores, often submitting innocuous apps to get past the vetting process and subsequently updating them with malicious functionality.

Earlier this February, app development company Mysk uncovered sketchy two-factor authentication (2FA) apps – one of them ranking at number five for “authenticator app” in the US App Store – that trick users into subscribing to a weekly or annual plan. Similar scam apps were reported in 2022.

“As bad actors evolve their dishonest tactics and methods of deception, Apple supplements its anti-fraud initiatives with feedback gleaned from a myriad of channels — from news stories to social media to AppleCare calls — and will continue to develop new approaches and tools designed to prevent fraud from harming App Store users and developers,” the company said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link