Overview
Apple has published its annual App Store fraud prevention report, revealing that the company blocked over $11 billion in fraudulent transactions across the App Store over the past six years. In 2025 alone, Apple prevented more than $2.2 billion in potentially fraudulent activity — a figure that underscores both the scale of attempted App Store abuse and the ongoing investment Apple makes in platform security.
The report highlights Apple's multi-layered approach to detecting and blocking fraud, from automated machine learning systems to human review teams that manually evaluate apps and transactions.
Key Figures
| Metric | Value |
|---|---|
| Total fraud blocked (6 years) | $11 billion+ |
| Fraud blocked in 2025 | $2.2 billion |
| Fraudulent transactions blocked (2025) | Not disclosed |
| Apps rejected for policy violations (2025) | ~2 million+ submissions |
| Developer accounts terminated (2025) | Over 147,000 |
| Customer accounts disabled for fraud (2025) | Over 374 million |
| Fraudulent ratings and reviews removed | Over 203 million |
How Apple Detects App Store Fraud
Apple's fraud prevention ecosystem operates across multiple vectors:
1. App Review
Every app submitted to the App Store undergoes human and automated review before being published. In 2025, Apple:
- Rejected apps that requested excessive permissions beyond their stated functionality
- Blocked apps using hidden or undocumented features (bait-and-switch tactics)
- Removed apps that impersonated legitimate software — including financial institutions, government agencies, and popular consumer apps
- Flagged apps with hidden subscription charges or misleading pricing structures
2. Transaction Monitoring
Apple's Fraud Prevention platform analyzes every App Store transaction in real time using machine learning models trained on historical fraud patterns. Flagged transactions include:
- Unusual purchase velocity from a single device or account
- Transactions correlated with stolen payment credentials
- Burst-purchasing patterns associated with gift card laundering schemes
- Purchases from known fraud-linked IP ranges or device fingerprints
3. Developer Account Vetting
To reduce developer-side fraud (where legitimate-looking developers submit malicious apps), Apple:
- Terminated over 147,000 developer accounts in 2025
- Requires verified identity for App Store Connect enrollment
- Reviews developer histories before approving apps from new accounts
The Fraud Landscape in Mobile App Stores
Apple's figures illustrate a persistent and growing challenge in mobile platform security. Common App Store fraud patterns include:
Fake Subscription Apps
Apps that display misleading free-trial offers, then charge high recurring subscription fees after a brief grace period. Apple's review process has specifically targeted these patterns, requiring clear subscription disclosures before download.
Payment Credential Theft Apps
Apps that mimic legitimate banking or payment interfaces to harvest credentials from users. These "trojan" apps are often caught at review but increasingly surface via App Store Connect account compromise.
Rating and Review Manipulation
Fake review services sell inflated App Store ratings to help fraudulent apps appear legitimate. Apple removed 203 million fraudulent ratings and reviews in 2025 — a figure that represents the ongoing scale of manipulation attempts.
Crypto and Investment Scams
"Pig butchering" scams and fraudulent crypto wallet apps have increasingly targeted iOS users. Apple removed thousands of these apps in 2025, often after coordinating with law enforcement and financial regulators.
Comparison to Android
Apple's closed ecosystem and mandatory review process contrast significantly with Google Play's historically more permissive approach. While Google has invested heavily in Play Protect and machine-learning-based app scanning, the sideloading capability of Android and Google's larger developer base create a structurally different (and generally higher) fraud surface.
Apple's refusal to allow sideloading on iOS — a position that regulators in the EU have contested — is partly justified by these fraud statistics. The EU's Digital Markets Act has compelled Apple to permit alternative app distribution channels in the EU, which security researchers predict will increase fraud exposure for European iPhone users.
Implications for Security Professionals
| Takeaway | Detail |
|---|---|
| App Store fraud is a business | $11B in 6 years reflects organized criminal operations, not opportunistic one-offs |
| ML + human review is the effective combination | Purely automated review misses contextual fraud patterns |
| Developer account compromise is a growing vector | Attackers target developer accounts to distribute malicious apps under trusted identities |
| Fake reviews distort user trust | 203M removals shows review integrity is under systematic attack |
| EU sideloading policy increases risk | Alternative app marketplaces expand the fraud surface beyond Apple's review controls |