Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Apple Removed 95,000 Fraudulent Applications From App Store in 2020

In 2020, Apple removed or rejected hundreds of thousands of applications from the App Store for engaging in various forms of fraudulent behavior, including spam, mischief, and privacy violations.

In 2020, Apple removed or rejected hundreds of thousands of applications from the App Store for engaging in various forms of fraudulent behavior, including spam, mischief, and privacy violations.

The company’s App Review team last year rejected roughly 200,000 applications that either contained hidden features or which were found to be spam, copycats, or attempting to trick users into making purchases.

An additional 95,000 apps were removed for violating the App Store policies, mainly for performing bait-and-switch maneuvers, where the app functionality is fundamentally changed – usually to commit nefarious actions – after approval in the App Store.

“In just the last few months, for example, Apple has rejected or removed apps that switched functionality after initial review to become real-money gambling apps, predatory loan issuers, and pornography hubs; used in-game signals to facilitate drug purchasing; and rewarded users for broadcasting illicit and pornographic content via video chat,” the company reveals.

Last year, Apple’s App Review team rejected more than 215,000 applications that were found to harvest more user data than needed, or which were mishandling the collected data.

App Store fraud attempts, Apple says, may span even further, involving ratings and reviews, user accounts, developer accounts, and financial transactions.

Thus, in 2020, the Cupertino-based company removed over 250 million ratings and reviews, terminated 470,000 developer accounts, and rejected 205,000 developer enrollment attempts over fraud concerns. Furthermore, the tech giant deactivated 244 million customer accounts and rejected 424 million account creation attempts over fraud and abuse concerns.

With over 900,000 applications in the App Store selling goods and services via payment technologies like Apple Pay and StoreKit, fraud attempts are bound to emerge, and Apple says it was able to prevent more than $1.5 billion in potentially fraudulent transactions last year. The company also identified attempts to use roughly 3 million stolen cards and banned approximately 1 million accounts from transacting again.

The company also notes that it hunts down illegitimate applications being distributed through pirate storefronts and prevents apps from being illicitly distributed through the Apple Developer Enterprise Program.

Related: Apple Warns of New Zero-Day Attacks on iOS, macOS

Related: Apple Patches Security Bypass Vulnerability Impacting Macs With M1 Chip

Related: Apple Moving Forward on App Privacy, Despite Pushback

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.