Apple Blocks $11 B in App Store Fraud Over Six Years, Shutting Down 193 K Malicious Developer Accounts
What Happened — Apple disclosed that it has blocked more than $11 billion in fraudulent App Store transactions across the past six years, including $2.2 billion in 2025 alone. The company also terminated 193 000 developer accounts, rejected over 2 million app submissions, and deactivated 40.4 million customer accounts suspected of abuse.
Why It Matters for TPRM —
- Demonstrates Apple’s mature fraud‑detection capabilities, reducing downstream risk for enterprises that rely on the App Store for software procurement.
- Highlights the scale of financial crime targeting a major SaaS marketplace, underscoring the need to vet third‑party platforms for anti‑fraud controls.
- Provides concrete metrics that can be used to benchmark vendor risk‑management programs against industry best practices.
Who Is Affected — Technology / SaaS vendors, enterprises that distribute or consume iOS/macOS apps, and any organization that integrates Apple‑provided APIs or services.
Recommended Actions —
- Review your organization’s reliance on Apple’s App Store for critical business applications and confirm that contractual clauses address fraud‑prevention responsibilities.
- Validate that Apple’s fraud‑detection processes (human review + machine‑learning models) align with your own risk‑tolerance thresholds.
- Incorporate Apple’s fraud‑prevention statistics into your third‑party risk scorecards and monitor for any changes in the volume of blocked transactions.
Technical Notes — Apple employed a combination of automated machine‑learning models and manual review to identify stolen credit‑card usage, fake developer enrollments, and deceptive app listings. No specific CVEs or vulnerabilities were disclosed; the effort focused on fraud detection across account creation, app submission, and user‑generated content pipelines. Source: BleepingComputer