2024 App Store Transparency Report
In the last five years, the App Store has protected users by preventing over $9 billion in fraudulent transactions, including over $2 billion in 2024 alone, according to Apple’s annual App Store fraud analysis. This reflects the App Store’s continued investment in fostering the most secure experience for users while providing developers with tools and resources, including a powerful commerce system that helps customers transact safely and securely in 175 regions around the globe.
[…]
In 2024, Apple terminated more than 146,000 developer accounts over fraud concerns and rejected an additional 139,000 developer enrollments, preventing bad actors from submitting their apps to the App Store in the first place.
Apple also rejected over 711 million customer account creations and deactivated nearly 129 million customer accounts last year, blocking these risky and malicious accounts from carrying out nefarious activity. That includes spamming or manipulating ratings and reviews, charts, and search results that risk compromising the integrity of the App Store.
[…]
Before any app makes its way onto the App Store, it is vetted by a member of Apple’s App Review team, all of whom are deeply familiar with the App Review Guidelines, and focused on ensuring apps meet Apple’s standards for quality and safety. On average, this team reviews nearly 150,000 app submissions each week, helping bring new apps and updates to the App Store.
I think some developers would beg to differ on the emphasized point.
Other common tactics used by fraudulent developers can include concealing hidden features and functionality in their code, which are only enabled after the app passes App Review. Apple monitors for such behavior, and in 2024, rejected over 43,000 app submissions for containing hidden or undocumented features.
Are they saying that there were 43K apps that, like Fortnite, tricked App Review and had to be blocked after the fact? I don’t see that as an endorsement of the current system vs. what sideloading and code signing would offer.
These bad actors can also attempt to deceive users by disguising potentially risky software as seemingly innocuous apps. Last year, App Review removed over 17,000 apps for bait-and-switch maneuvers such as these, as part of its ongoing efforts to routinely monitor and take action against problematic apps.
Again, it sounds like these all got through App Review.
This has become an annual tradition in trying to convince people — specifically, developers and regulators — of the wisdom of allowing native software to be distributed for iOS only through the App Store. Apple published similar stats in 2021, 2022, 2023, and 2024, reflecting the company’s efforts in each preceding year.
[…]
There are plenty of numbers just like these in Apple’s press release. They all look impressive in large part because just about any statistic would be at Apple’s scale. Apple is also undeniably using the App Store to act as a fraud reduction filter, with mixed results. I do not expect a 100% success rate, but I still do not know how much can be gleaned from context-free numbers.
I’m totally fine if Apple wants to point such numbers out as a way to upsell their own services, such as the App Store itself, and their payments infrastructure. But I’m worried this is more about the continued justification for why they need to keep the App Store locked down.
Now do Stripe.
The App Store processes about $100B/year, while Stripe does about $1T/year. So, roughly, Stripe’s business is 10x of Apple’s *
It also tells us that Apple’s fraud rate is 2% ($2B / $100B). Let’s assume that Stripe’s has a similar fraud rate: that means they prevented $20B last year, or $100B vs. Apple’s $9B.
Apple’s still thinking like they area the only ones on the Internet that can process money securely…
Finally figured out why your app keeps getting rejected... because Apple takes pride in it.
It’s possible, perhaps likely, that Apple executives BELIEVE that the crApp Store is not full of scams, in the same way they may believe that their operating systems are not full of bugs: they have “internal metrics” telling them what they want to hear. In both cases, Apple’s own QA is practically nonexistent due to overwork and understaffing, while their external issue reporting system is overly difficult and unresponsive, a black hole.
The execs only see problems when they come via the media.
What some App Store critics argue is that if any substantial amount of fraud, scams, or rip-offs occur through apps distributed through the App Store, that proves that there are no protective benefits of the App Store model. That’s nonsense. There are high-crime cities and low-crime cities, but there exist zero no-crime cities. The question is whether Apple is catching most — or even just “enough” — scammers. Scammy apps, pirated apps, fraudulent app reviewers. You name it.
Aside from the very small alternative marketplaces in the EU, Apple has made sure that there’s no competition for the App Store. So we can’t actually compare whether they’re doing a good job. All we know is that they block a lot but also that a lot gets through. The main point I would make here is that I don’t think Apple has presented much evidence that the current system is safer than something more like the Mac model with notarization. If the App Store is a magnet for scammers because the search and reviews are so easy to game, and if almost all the damage could be blocked post–App Review, then it’s hard to see how the protections around discovery and the review process are really load-bearing.
Defenders vastly underestimate the extent to which App Store is a scammer’s paradise that makes it much easier to find victims and take their money. Apple handles hosting, search, downloads, and payments for scammers. “Free with IAP” auto-renewing subscriptions are inherently scammy. And Apple tells users to trust the App Store, lowering their guard.
As the sole source of iOS apps, App Store is a single point of failure. Once you sneak in, you’re golden.
One very weird stat this year: apps using StoreKit & Apple Pay fell more than 50% since the ’23 report. This stat has been included in this report every year[…]
See also: Mac Power Users.
Previously:
- The App Store Era Must End
- Deluge of Fake Mac App Store Reviews
- Apple Transparency Report to Include App Takedowns
- 2022 App Store Transparency Report
- IAP Bait-And-Switch Apps
- What It Was Like to Sell Apps Online in 2003
- Epic Direct Payment
7 Comments RSS · Twitter · Mastodon
I seriously wonder how much app reviewers are subtly under pressure to reject apps on their the slightest (often misguided) doubts in order to aid Apple's narrative and PR like this, that it is the sole true protector of app users. Could there exist, even, a quota for rejections? Unspoken of course.
It's nice of them to provide such a detailed report.
But then, how does it come that they can't produce some basic info about the financial results of the App Store when asked in court?
As usual, Gruber with the dumbest take. The issue here is that we're dealing with 70s Detroit (going with his analogy), but the mayor presents its crime rate as Tokyo's, and a bunch of "reporters", whose career and livelihood is tied to the Mayor's mandate, are calling piss "gold-tinted rain".
@Anonymous Coward: I have always assumed that the target of the reviewers is twofold: get apps done in a certain amount of time and reject a certain amount of apps. I don't think that they are "subtly under pressure". "I don't like how the crossed t looks like" means that the app is rejected.
"helping bring new apps and updates to the App Store"
To help, verb: making it impossible to do something and then randomly selecting some people who get to do it based on secret rules that you're only told about in the most vague way possible.
"Apple’s own QA is practically nonexistent due to overwork and understaffing, while their external issue reporting system is overly difficult and unresponsive, a black hole."
OKR: Reduce bug count by 90%.
Solution: Make it impossible to report bugs.
"There are high-crime cities and low-crime cities"
If there is only one huge city and only one police force that patrols it, that presents a much larger target and enables much bigger problems.
"get apps done in a certain amount of time and reject a certain amount of apps"
That's almost certainly how that works. It's the call center model, not the original Apple Store Genius model.
Yeah, unfortunately, Apple have undermined their ability to tout the App Store as curated for users' safety by allowing sorts of scam apps to exist - some of them even promoted in Top Paid or 'Free' app features! Let alone all the child targeting IAP apps. The keyword ad purchase system that promotes rip-off apps above the real thing is just ridiculously bad for users.
If they just cared enough to police the App Store better than they have, then the argument that they deserve to implement their own rules as they wish would have a lot more credence.
Being better that the Android alternative/s is the lowest of low bars.
Maybe the Gruber analogy can be extended to paint the App Store as Gothem City and Apple as a deeply flawed version of Batman?
