There are a lot of big numbers in this statement from Apple regarding its efforts to combat App Store fraud, but these two paragraphs stood out to me:
Unfortunately, sometimes developer accounts are created entirely for fraudulent purposes. If a developer violation is egregious or repeated, the offender is expelled from the Apple Developer Program and their account terminated. Apple terminated 470,000 developer accounts in 2020 and rejected an additional 205,000 developer enrolments over fraud concerns, preventing these bad actors from ever submitting an app to the store.
And in just the last month, Apple blocked more than 3.2 million instances of apps distributed illicitly through the Apple Developer Enterprise Program. The program is designed to allow companies and other large organizations to develop and privately distribute internal-use apps to their employees that aren’t available to the general public. Fraudsters attempt to distribute apps via this method to circumvent the rigorous App Review process, or to implicate a legitimate enterprise by manipulating an insider to leak credentials needed to ship illicit content.
Both of these are huge figures to me — perhaps even more stunning than the $1.5 billion in fraudulent transactions Apple says that it stopped last year. They give a sense of just how many developer accounts are created specifically to circumvent the App Store rules, to enable fraud, or to misbehave in other ways. The half-a-million developer accounts terminated in 2020 compares to only about 180,000 new developers Apple says that it worked with to get their apps into the App Store.
But all of these numbers are necessarily going to be large. Apple is a big company, there are many users of its products, and it has a large developer community. Unfortunately, none of the numbers in this press release have any attached context. For example, Apple says that it rejected over 215,000 apps in 2020 for not meeting its privacy standards. But to understand what that means in terms of the total number of submissions, you have to go find the documents that surfaced in the company’s lawsuit with Epic Games, where you will find an average of about five million apps submitted annually, around 35% of which are rejected for any reason. But we still don’t know anything about the kinds of apps that were rejected. How many of the 215,000 apps were ever admitted into the store? And were any of them downloaded by users before being pulled? The answers to these kinds of questions are not in this press release.
Also, this felt pointed:
Even with these stringent review safeguards in place, with 1.8 million apps on the App Store, problems still surface. Users can report problematic apps by choosing the Report a Problem feature on the App Store or calling Apple Support, and developers can use either of those methods or additional channels like Feedback Assistant and Apple Developer Support.
These are the only options available to report a fraudulent app? These? I have already covered how Report a Problem is insufficient for raising alarms about a rule-breaking app, particularly if it is free. And the only other thing I can do, as a customer, is to telephone Apple Support? Ridiculous.
If you pay Apple’s developer program fee, you get two more ways of reporting scams. One is Feedback Assistant, which does not have a specific way of reporting fraud or abuse in another developer’s app. But it seems there is actually one way to raise that issue — in Developer Support, click on Report a Concern, then choose “report a fraud concern”. It’s right there, clear as day.
It’s not as clear nor as accessible as a button in the App Store but, you know, it’s something.