Cybersecurity

Apple Busts $2 Billion App Store Fraud, Rejects 1.7 Million App Submissions


May 18, 2023Ravie LakshmananMobile Security / App Sec

Apple has announced that it prevented more than $2 billion in potentially fraudulent transactions and rejected an estimated 1.7 million application submissions for privacy and security breaches in 2022.

The computing giant said it terminated 428,000 developer accounts due to potential fraudulent activity, blocked 105,000 fake developer account creations, and disabled 282 million fake customer accounts. It was further noted that it thwarted 198 million new account fraud attempts prior to their creation.

In contrast, Apple is estimated to have booted 802,000 developer accounts by 2021. The company attributes the decline to a new App Store “method and protocol” that prevented the creation of such accounts in the first place.

“By 2022, Apple protects users from nearly 57,000 untrusted apps from unauthorized storefronts,” the company said. emphasized. “These unauthorized marketplaces distribute malicious software that can impersonate popular applications or modify them without the consent of their developers.”

It also touts its App Review process for having been able to flag apps using malicious code designed to steal user credentials from third-party services as well as those masquerading as legitimate financial management platforms. A total of 6.1 million application submissions have been reviewed.

“More than 153,000 app submissions rejected from the App Store last year were found to be spam, imitative, or misleading, and nearly 29,000 were rejected for containing hidden or undocumented features,” Apple said. “More than 400,000 applications were rejected due to privacy violations.”

On a related note, more than 147 million fraudulent ratings and reviews on the App Store were detected and blocked in 2022, with Apple intercepting nearly 3.9 million attempts to install or launch apps distributed illegally through Developer Enterprise Program for the past 30 days only.

Last but not least, Cupertino highlighted that it also blocked nearly 3.9 million stolen credit cards from being used to make fraudulent purchases, and banned 714,000 accounts from transacting again. Overall, $2.09 billion worth of fraudulent transactions on the App Store were blocked in 2022.

The numbers come amid speculation that Apple can be activated immediately sideloading and allowing third-party app stores on iOS devices to comply with the European Union Digital Market Act (DMA), which comes into force on November 1, 2022.

The disclosure also comes close to a similar report from Google, which said it had debunked 173,000 bad accounts and blocked 1.43 million malicious apps from publishing to the Play Store by 2022. It also fended off more than $2 billion in fraud and abuse. transaction.

UPCOMING WEBINARS

Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Fraud can detect advanced threats, stop lateral moves, and improve your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

Despite these ongoing efforts by Apple and Google, threat actors have found various ways to bypass security protections and publish their apps in official app stores, often submitting harmless apps to pass through the vetting process and then updating them with malicious functionality.

Early this February, application development company Mysk uncovered nebulous two-factor authentication (2FA) apps – one of them ranking at number five for “authenticator app” in the US App Store – which tricks users into subscribing to a weekly or yearly plan. Similar fraud application Formerly reported in 2022.

“As bad actors develop their dishonest fraud tactics and methods, Apple is supplementing anti-fraud initiatives with feedback gathered from multiple channels — from news to social media to AppleCare calls — and will continue to develop new approaches and tools designed to prevent fraud. fraud that harms App Store users and developers,” the company said.

Found this article interesting? Follow us on Twitter And LinkedIn to read more exclusive content we post.





Source link

Related Articles

Back to top button