Apple says its trying to keep the App Store a safe and trusted place for people to discover and download apps. A key pillar in that effort is Apple’s ongoing work detecting and taking action against bad actors who seek to defraud developers and users.
Bad actors continue to evolve their methods of online fraud, often making their schemes harder to recognize. That is why Apple has continued to refine its processes, create new ones, and engineer solutions to take on these threats.
Last year, Apple released an inaugural fraud prevention analysis, which showed that in 2020 alone, Apple’s combination of sophisticated technology and human expertise protected customers from more than $1.5 billion in potentially fraudulent transactions, preventing the attempted theft of their money, information, and time — and kept nearly a million problematic new apps out of their hands.
Apple is now releasing an annual update to that analysis: In 2021, Apple protected customers from nearly $1.5 billion in potentially fraudulent transactions, and stopped over 1.6 million risky and vulnerable apps and app updates from defrauding users.
Apple’s efforts to prevent and reduce fraud on the App Store require continuous monitoring and vigilance across multiple teams. From App Review to Discovery Fraud, Apple’s ongoing commitment to protect users from fraudulent app activity demonstrates once again why independent, respected security experts have said the App Store is the safest place to find and download apps.
App Review
The App Review process is multilayered, and combines computer automation with manual human review. App Review uses proprietary tools that leverage machine learning, heuristics, and data accumulated since the App Store first launched, which helps to quickly extract large volumes of information about an app’s potential issues and violations.
Human review is the distinguishing component of the App Review process. The App Review team reviews every app and every update to ensure they follow the App Store’s guidelines related to privacy, security, and spam. This process serves as a critical line of defense to help protect users from bad actors.