Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Apple Removed 95,000 Fraudulent Applications From App Store in 2020

In 2020, Apple removed or rejected hundreds of thousands of applications from the App Store for engaging in various forms of fraudulent behavior, including spam, mischief, and privacy violations.

In 2020, Apple removed or rejected hundreds of thousands of applications from the App Store for engaging in various forms of fraudulent behavior, including spam, mischief, and privacy violations.

The company’s App Review team last year rejected roughly 200,000 applications that either contained hidden features or which were found to be spam, copycats, or attempting to trick users into making purchases.

An additional 95,000 apps were removed for violating the App Store policies, mainly for performing bait-and-switch maneuvers, where the app functionality is fundamentally changed – usually to commit nefarious actions – after approval in the App Store.

“In just the last few months, for example, Apple has rejected or removed apps that switched functionality after initial review to become real-money gambling apps, predatory loan issuers, and pornography hubs; used in-game signals to facilitate drug purchasing; and rewarded users for broadcasting illicit and pornographic content via video chat,” the company reveals.

Last year, Apple’s App Review team rejected more than 215,000 applications that were found to harvest more user data than needed, or which were mishandling the collected data.

App Store fraud attempts, Apple says, may span even further, involving ratings and reviews, user accounts, developer accounts, and financial transactions.

Thus, in 2020, the Cupertino-based company removed over 250 million ratings and reviews, terminated 470,000 developer accounts, and rejected 205,000 developer enrollment attempts over fraud concerns. Furthermore, the tech giant deactivated 244 million customer accounts and rejected 424 million account creation attempts over fraud and abuse concerns.

With over 900,000 applications in the App Store selling goods and services via payment technologies like Apple Pay and StoreKit, fraud attempts are bound to emerge, and Apple says it was able to prevent more than $1.5 billion in potentially fraudulent transactions last year. The company also identified attempts to use roughly 3 million stolen cards and banned approximately 1 million accounts from transacting again.

Advertisement. Scroll to continue reading.

The company also notes that it hunts down illegitimate applications being distributed through pirate storefronts and prevents apps from being illicitly distributed through the Apple Developer Enterprise Program.

Related: Apple Warns of New Zero-Day Attacks on iOS, macOS

Related: Apple Patches Security Bypass Vulnerability Impacting Macs With M1 Chip

Related: Apple Moving Forward on App Privacy, Despite Pushback

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.