APPLE App Store has managed to stop more than US$1.5 billion (RM6.15 billion) in potentially fraudulent transactions in 2020, thanks to the combination of sophisticated technology and human expertise.
According to Apple, with threats present since the availability of App Store on iPhone, they have increased in both scale and sophistication in the years since.
In tackling the treats, the Cupertino-based company said it had scaled its efforts to meet those threats, taking relentless steps forward to combat these risks to users and developers alike.
Apple said it takes significant resources behind the scenes to ensure these bad actors can't exploit users' most sensitive information, from location to payment details. While it's impossible to catch every act of fraud or ill intent before it happens, thanks to Apple's industry-leading antifraud efforts, security experts agree the App Store is the safest place to find and download apps.
App Review team
One of the ways the Apple has taken to prevent the potentially fraudulent transactions is through its App Review team, which, according to the company, is an essential line of defence.
What it does is carefully reviewing every app and every update to ensure they adhere to the App Store's strong guidelines on privacy, security, and spam, where the guidelines have changed over time to respond to new threats and challenges, with the goal of protecting users and providing them with the very best experience on the App Store.
For example, in 2020, the team assisted more than 180,000 new developers in launching apps.
Sometimes this takes a few tries. An app might be unfinished or not functioning properly when it's submitted for approval, or it might not yet have a sufficient mechanism for moderating user-generated content. In 2020, nearly one million problematic new apps, and an additional nearly one million app updates, were rejected or removed for a range of reasons like those, said Apple.
A smaller but significant set of these rejections was for egregious violations that could harm users or deeply diminish their experience. In 2020 alone, the App Review team rejected more than 48,000 apps for containing hidden or undocumented features, and more than 150,000 apps were rejected because they were found to be spam, copycats, or misleading to users in ways such as manipulating them into making a purchase, it added.
For example, some developers perform a bait and switch: fundamentally changing how the app works after review to evade guidelines and commit forbidden and even criminal actions. When such apps are discovered, they're rejected or removed immediately from the store, and developers are notified of a 14-day appeals process before their accounts are permanently terminated.
As a result, Apple said in 2020, about 95,000 apps were removed from the App Store for fraudulent violations, predominantly for these kind of bait-and-switch manoeuvers.
In the last few months, for example, Apple has rejected or removed apps that switched functionality after initial review to become real-money gambling apps, predatory loan issuers, and pornography hubs; used in-game signals to facilitate drug purchasing; and rewarded users for broadcasting illicit and pornographic content via video chat.
According to Apple, another common reason apps are rejected is they simply ask for more user data than they need, or mishandle the data they do collect. In 2020, the App Review team rejected over 215,000 apps for those sorts of privacy violations. Apple believes privacy is a fundamental right, and this commitment is a major reason why users choose the App Store.
Apple said even with these stringent review safeguards in place, with 1.8 million apps on the App Store, problems still surface. Users can report problematic apps by choosing the Report a Problem feature on the App Store or calling Apple Support, and developers can use either of those methods or additional channels like Feedback Assistant and Apple Developer Support.
Fraudulent ratings and reviews
One of the ways users can make decision on what apps to download is through the App Store ratings. Developers rely on them to incorporate new features that respond to user feedback.
Apple relies on a sophisticated system that combines machine learning, artificial intelligence, and human review by expert teams to moderate these ratings and reviews to help ensure accuracy and maintain trust. Since 2020, Apple has processed over 1 billion ratings and over 100 million reviews, and over 250 million ratings and reviews were removed for not meeting moderation standards.
Apple also said it recently deployed new tools to verify rating and review account authenticity, to analyse written reviews for signs of fraud, and to ensure that content from deactivated accounts is removed.
Account fraud
Appe said sometimes developer accounts are created entirely for fraudulent purposes.
"If a developer violation is egregious or repeated, the offender is expelled from the App Store Developer Programme and their account terminated," is said.
Apple terminated 470,000 developer accounts in 2020 and rejected an additional 205,000 developer enrolments over fraud concerns, preventing these bad actors from ever submitting an app to the store.
Over the last 12 months, Apple said it found and blocked nearly 110,000 illegitimate apps on pirate storefronts. These storefronts distribute malicious software often designed to resemble popular apps — or that modify popular apps without their developers' authorisation — while circumventing the App Store's security protections.
And in just the last month, the company blocked more than 3.2 million instances of apps distributed illicitly through the Apple Developer Enterprise Programme. The programme is designed to allow companies and other large organisations to develop and privately distribute internal-use apps to their employees that aren't available to the general public. Fraudsters attempt to distribute apps via this method to circumvent the rigorous App Review process, or to implicate a legitimate enterprise by manipulating an insider to leak credentials needed to ship illicit content.
In addition to fraudulent developer accounts, Apple said it works to identify and deactivate fraudulent user accounts. In 2020 alone, Apple deactivated 244 million customer accounts due to fraudulent and abusive activity. In addition, 424 million attempted account creations were rejected because they displayed patterns consistent with fraudulent and abusive activity.
Payment and credit card fraud
Financial information and transactions are some of the most sensitive data that users share online.
Apple said it has invested significant resources in building more secure payment technologies like Apple Pay and StoreKit, which are used by more than 900,000 apps to sell goods and services on the App Store. For example, with Apple Pay, credit card numbers are never shared with merchants — eliminating a risk factor in the payment transaction process.
With online data breaches frustratingly common, these protections are an essential part of keeping users safe. However, Apple said users may not realise that when their credit card information is breached or stolen from another source, fraudsters may turn to online marketplaces like the App Store to attempt to purchase digital goods and services that can be laundered or used for illicit purposes.