A Record Year for App Store Security
Apple’s latest figures highlight how central fraud prevention AI has become to App Store security. In its review of 2025 activity, the company reports stopping more than $2.2 billion in potentially fraudulent transactions, bringing the total blocked over six years to more than $11.2 billion. That intervention sits on top of a stricter app review process: over 2 million app submissions that might have harmed users were rejected before reaching iPhone and Mac devices. Apple’s Trust and Safety teams are also pushing hard on account abuse, detecting and blocking about 1.1 billion fraudulent customer account creation attempts and deactivating 40.4 million customer accounts for fraud and abuse. With mobile app fraud growing in scale and sophistication, these numbers show an unprecedented level of defensive effort designed to protect both users and the overall integrity of the App Store ecosystem.
How AI and Human Review Work Together
The engine behind this surge in protection is a hybrid system where AI and human reviewers reinforce each other. As app submissions grow and AI-assisted app development makes malicious software harder to spot, Apple leans on machine learning to pre-filter risk. The company’s fraud prevention AI looks for complex malicious patterns, compares related apps, and scrutinizes app updates for suspicious changes. Human reviewers then focus on the edge cases and nuanced policy questions that algorithms struggle with, strengthening the app review process instead of replacing it. This collaboration extends to TestFlight, where approximately 2.5 million submissions were blocked over fraud and security issues. By letting algorithms handle volume while people handle judgment, Apple can operate at the scale of billions of transactions without abandoning the case-by-case scrutiny that users expect from App Store security.
New Tactics, New Defenses: From Bait-and-Switch to Privacy Abuses
Modern mobile app fraud rarely looks like obvious malware. Instead, attackers increasingly rely on subtle tactics that try to slip through review and change behavior later. Apple says its systems identified almost 59,000 apps that engaged in bait-and-switch behavior, where an app is approved legitimately but later modified to conduct financial fraud. Fraud prevention AI is particularly useful here, watching for behavior shifts over time rather than just static code. The company also rejected more than 22,000 app submissions with hidden or undocumented features, 443,000 for privacy violations, and over 371,000 for copying other apps. Each category represents different pressures on App Store security, from covert data collection to intellectual property abuse. By targeting these patterns at scale, Apple is trying to ensure that dangerous apps are filtered out before they can exploit users under the radar of traditional one-time reviews.
Beyond the App Store: Fighting Clones, Pirates, and Fake Developers
Apple’s fraud fight extends well beyond the visible App Store listings. In 2025, it detected and blocked around 28,000 illegitimate apps hosted on pirate storefronts. These include pirated versions of legitimate apps but also gambling, adult content, and outright malware masquerading as trusted software. On the developer side, roughly 193,000 developer accounts were deactivated over fraud concerns, and another 138,000 developer enrollments were rejected outright. These moves are aimed at breaking the supply chain of mobile app fraud: if malicious actors cannot reliably obtain or keep developer status, it becomes harder to push harmful apps to users. Combined with strict scrutiny of customer accounts, this ecosystem-wide strategy underscores how App Store security now involves policing every step of the app lifecycle, from developer signup to distribution channels outside Apple’s own storefront.
An Unprecedented Scale of Protection—With Gaps Still to Close
Despite the impressive metrics, Apple acknowledges implicitly that no app review process is perfect. The company’s own figures focus on blocked attacks, not the harmful apps that inevitably slip through. Recent examples include a fake cryptowallet that allegedly cost users about $9.5 million before removal, and a wave of AI “nudify” apps that reached millions of downloads and even surfaced in App Store search ads. These incidents reveal the limits of both algorithms and human reviewers facing constantly evolving threats. Still, the scale of prevented damage and rejected submissions signals a significant investment in user protection and platform trust. For developers, the bar to entry is higher; for users, the net risk is lower than it would be without such aggressive defenses. The challenge now is iterating fast enough that App Store security can keep pace with the next generation of mobile app fraud.