A few weeks ago, Google released some stats about how it stopped malicious activity on Google Play in 2020, with the most notable one being the banning of over 100,000 developer accounts. Now, Apple has revealed similar stats regarding its own review process for the App Store.

Apple noted that the sophistication and scale of cybersecurity threats in apps is increasing day by day, which is why it has a stringent review policy in place that aims to restrict malicious apps from launching in the App Store. A crucial part of this process is the App Review team which utilizes the App Store's guidelines to approve or reject submissions from various developers. These guidelines are also updated frequently given the continuously evolving threat landscape.

To that end, the App Review team assisted 180,000 developers to launch their apps in 2020 while over one million new apps and one million updates were rejected for not working as advertised or for not having proper moderation mechanisms in place to monitor and moderate user-generated content.

48,000 of these apps were rejected for containing undocumented capabilities while 150,000 were rejected because they were deemed to be copycat or contained features which scammed users into making purchases. 95,000 apps were removed from the App Store for employing bait-and-switch tactics. Lastly, 215,000 app were rejected because they violated user privacy by either mishandling consumer data or demanding more permissions than actually required. Apple says that even now it is continuously working to remove apps which switch functionalities after the initial review process to engage in predatory activities such as selling drugs, gambling, and rewarding users for sharing pornographic content via video calls.

Another core component of the App Store is the ratings and reviews system since many users depend on it to decide which apps to download or purchase. In 2020, Apple use a combination of artificial intelligence and humans to examine over a billion ratings and reviews, which resulted in almost 250 million of them being removed for not meeting Apple's standards.

When it comes to account fraud, Apple terminated the contracts of 470,000 developers in 2020 and rejected an additional 205,000 new enrollments due to suspicion of fraudulent activities. On average, Apple detects and terminates fraudulent developer accounts within a month after enrolling them. The company also boasted that:

Apple’s work to ensure the safety of users who download apps extends even beyond the App Store. Over the last 12 months, Apple found and blocked nearly 110,000 illegitimate apps on pirate storefronts. These storefronts distribute malicious software often designed to resemble popular apps — or that modify popular apps without their developers’ authorization — while circumventing the App Store’s security protections.

The Cupertino firm also has a Developer Enterprise Program for organizations which want to publish their apps for internal use, bypassing the standard app review process. Even here, Apple noticed and stopped over 3.2 million instances where fraudulent submissions were being made, likely by a malicious actor tricking an insider to leak credentials.

Apple's activity did not only stop at fraudulent developer accounts. In fact, it deactivated 244 million customer accounts because of "fraudulent and abusive activity". Another 424 million new enrollments were rejected for suspicion of the same.

Finally, with respect to payment and credit card fraud, Apple once again used a combination of artificial intelligence and human review teams to stop transactions from over 3 million stolen cards in 2020. A million accounts were banned from transacting in the future altogether. Overall, these activities resulted in users being protected from $1.5 billion in potentially fraudulent activity in 2020.

While the figures are arguably impressive and Apple says that it is working around the clock to make the App Store a safer place for developers and customers alike, no system is perfect and malicious activity can sometimes still slip through the cracks unnoticed. If something like this grabs your attention, Apple recommends that you make use of the "Report a Problem" capability in the App Store or directly call Apple Support to alert them.



Posted: May 14, 2021 6:07 pm
Related Forum: Mobile Devices

Source: https://www.neowin.net/news/apple-rejected-over-200000-apps-in-2020-for-violating-user-privacy/