{"id":47972,"date":"2025-06-05T16:21:39","date_gmt":"2025-06-05T20:21:39","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=47972"},"modified":"2025-06-05T16:22:42","modified_gmt":"2025-06-05T20:22:42","slug":"2024-app-store-transparency-report","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2025\/06\/05\/2024-app-store-transparency-report\/","title":{"rendered":"2024 App Store Transparency Report"},"content":{"rendered":"

Apple<\/a> (MacRumors<\/a>):<\/p>\n

\n

In the last five years, the App Store has protected users by preventing over $9 billion in fraudulent transactions, including over $2 billion in 2024 alone, according to Apple’s annual App Store fraud analysis. This reflects the App Store’s continued investment in fostering the most secure experience for users while providing developers with tools and resources, including a powerful commerce system that helps customers transact safely and securely in 175 regions around the globe.<\/p>\n

[…]<\/p>\n

In 2024, Apple terminated more than 146,000 developer accounts over fraud concerns and rejected an additional 139,000 developer enrollments, preventing bad actors from submitting their apps to the App Store in the first place.<\/p>\n

Apple also rejected over 711 million customer account creations and deactivated nearly 129 million customer accounts last year, blocking these risky and malicious accounts from carrying out nefarious activity. That includes spamming or manipulating ratings and reviews, charts, and search results that risk compromising the integrity of the App Store.<\/p>\n

[…]<\/p>\n

Before any app makes its way onto the App Store, it is vetted by a member of Apple’s App Review team, all of whom are deeply familiar with the App Review Guidelines<\/em>, and focused on ensuring apps meet Apple’s standards for quality and safety. On average, this team reviews nearly 150,000 app submissions each week, helping bring new apps and updates to the App Store.<\/p>\n<\/blockquote>\n\n

I think some developers would beg to differ on the emphasized point.<\/p>\n\n

\n

Other common tactics used by fraudulent developers can include concealing hidden features and functionality in their code, which are only enabled after the app passes App Review. Apple monitors for such behavior, and in 2024, rejected over 43,000 app submissions for containing hidden or undocumented features.<\/p>\n<\/blockquote>\n\n

Are they saying that there were 43K apps that, like Fortnite<\/a>, tricked App Review and had to be blocked after<\/em> the fact? I don’t see that as an endorsement of the current system vs. what sideloading and code signing would offer.<\/p>\n\n

\n

These bad actors can also attempt to deceive users by disguising potentially risky software as seemingly innocuous apps. Last year, App Review removed over 17,000 apps for bait-and-switch maneuvers such as these, as part of its ongoing efforts to routinely monitor and take action against problematic apps.<\/p>\n<\/blockquote>\n\n

Again, it sounds like these all got through<\/em> App Review.<\/p>\n\n

Nick Heer<\/a>:<\/p>\n

\n

This has become an annual tradition in trying to convince people — specifically, developers and regulators — of the wisdom of allowing native software to be distributed for iOS only through the App Store. Apple published similar stats in 2021<\/a>, 2022<\/a>, 2023<\/a>, and 2024<\/a>, reflecting the company’s efforts in each preceding year.<\/p>\n

[…]<\/p>\n

There are plenty of numbers just like these in Apple’s press release. They all look impressive in large part because just about any statistic would be at Apple’s scale. Apple is also undeniably using the App Store to act as a fraud reduction filter, with mixed results<\/a>. I do not expect a 100% success rate, but I still<\/a> do not know how much can be gleaned from context-free numbers.<\/p>\n<\/blockquote>\n\n

M.G. Siegler<\/a>:<\/p>\n

I’m totally fine if Apple wants to point such numbers out as a way to upsell their own services, such as the App Store itself, and their payments infrastructure. But I’m worried this is more about the continued justification for why they need to keep the App Store locked down.<\/p><\/blockquote>\n\n

Craig Hockenberry<\/a>:<\/p>\n

Now do Stripe.<\/p>

The App Store processes about $100B\/year, while Stripe does about $1T\/year. So, roughly, Stripe’s business is 10x of Apple’s *<\/p>

It also tells us that Apple’s fraud rate is 2% ($2B \/ $100B). Let’s assume that Stripe’s has a similar fraud rate: that means they prevented $20B last year, or $100B vs. Apple’s $9B.<\/p>

Apple’s still thinking like they area the only ones on the Internet that can process money securely…<\/p><\/blockquote>\n\n

Jake Mor<\/a>:<\/p>\n

\n

Finally figured out why your app keeps getting rejected... because Apple takes pride in it.<\/p>\n<\/blockquote>\n\n

Jeff Johnson<\/a>:<\/p>\n

It’s possible, perhaps likely, that Apple executives BELIEVE that the crApp Store is not full of scams, in the same way they may believe that their operating systems are not full of bugs: they have “internal metrics” telling them what they want to hear. In both cases, Apple’s own QA is practically nonexistent due to overwork and understaffing, while their external issue reporting system is overly difficult and unresponsive, a black hole.<\/p>

The execs only see problems when they come via the media.<\/p><\/blockquote>\n\n

John Gruber<\/a> (Mastodon<\/a>):<\/p>\n

\n

What some App Store critics argue is that if any<\/em> substantial amount of fraud, scams, or rip-offs occur through apps distributed through the App Store, that proves that there are no protective benefits of the App Store model. That’s nonsense. There are high-crime cities and low-crime cities, but there exist zero no-crime cities. The question is whether Apple is catching most — or even just “enough” — scammers. Scammy apps, pirated apps, fraudulent app reviewers. You name it.<\/p>\n<\/blockquote>\n\n

Aside from the very small alternative marketplaces in the EU, Apple has made sure that there’s no competition for the App Store. So we can’t actually compare whether they’re doing a good job. All we know is that they block a lot but also that a lot gets through. The main point I would make here is that I don’t think Apple has presented much evidence that the current system is safer than something more like the Mac model with notarization. If the App Store is a magnet for scammers because the search and reviews are so easy to game, and if almost all the damage could be blocked post–App Review, then it’s hard to see how the protections around discovery and the review process are really load-bearing.<\/p>\n\n

Jeff Johnson<\/a>:<\/p>\n

Defenders vastly underestimate the extent to which App Store is a scammer’s paradise that makes it much easier to find victims and take their money. Apple handles hosting, search, downloads, and payments for scammers. “Free with IAP” auto-renewing subscriptions are inherently scammy. And Apple tells users to trust the App Store, lowering their guard.<\/p>

As the sole source of iOS apps, App Store is a single point of failure. Once you sneak in, you’re golden.<\/p><\/blockquote>\n\n

James Remeika<\/a>:<\/p>\n

One very weird stat this year: apps using StoreKit & Apple Pay fell more than 50% since the ’23 report. This stat has been included in this report every year[…]<\/p><\/blockquote>\n\n

See also: Mac Power Users<\/a>.<\/p>\n\n

Previously:<\/p>\n