You tap a button. A game downloads. You play it. Perhaps you purchase a couple of digital coins in the app. All of this is done in a matter of seconds! Yet an absolute war is raging behind that flawless display on your cell phone, daily, hour by hour. The figures are truly horrendous. Apple just published its internal security logs for the App Store for the year 2025. The company was blocking almost $2.2 billion in transactions that it identified as being “pure fraud
That is one year, and there’s the next year! Look at the last six years and the total amount of dirty money blocked is over $11.2 billion. It reveals the true extent of the desperation and organization of cybercriminals in the digital marketplace. No longer are they mere guys in hoodies choosing passwords. We’re talking about huge botnets! They set up fake developer profiles. They duplicate the popular banking applications. They attempt to bundle malware into seemingly harmless calculators or weather applications. The minute you type in your credit card information into the bogus screen, the funds are gone. This degree of digital vigilance is no longer a matter of corporate goodwill. It’s a legal requirement and will be enforced. Platforms face huge legal obligations under Section 43A and Section 66 of the Information Technology Act to safeguard sensitive user data and prevent digital forgery. If they mess up, the government intervenes.
How To Reach Out To Parents, Teachers, and Adults To Stop The Fake From Getting Out Of Hand
It is not so easy to get an app to appear on the store. Last year was a very hard review schedule for the review teams. They received more than 9.1 million entries from developers all over the world. They were very likely to click the reject button. As of 2025, Apple has rejected more than 2 million apps for various reasons since 2025.
Reasons cited for rejection are like a rap sheet. Over 443,000 apps were caught by reviewers that were attempting to secretly steal the user information and breached basic privacy laws. Another 371,000 were simply facsimiles. You know the type. You type a popular puzzle game into the search box, and look at five puzzle games that are slightly misspelled with the hopes that you click them by accident. So there are the sneaky ones too. Some 22,000 entries were abandoned due to features that developers were hiding in the code that were not documented.
The worst one is bait and switch. A developer presents a clean, uninteresting app with features for utilities.A developer brings a plain, uninteresting app with features for utilities. Flashlight or QR scanner. The review team reviews it, and it is not found to be faulty, and it is approved. As soon as it is in use, the developer uploads an update from a distant server that converts the application into an illegal gambling site or a scam. Last year Apple was stung by this strategy. They blasted almost 59,000 apps from the storefront for this very stunt. That’s a significant increase from the 17,000 trapped at the same time last year. These bait-and-switch portals are a favorite source of financial scams in the rural areas and are a constant target of the Indian law enforcement agencies
Taking Down The Shadow Networks
The fight isn’t simply about the applications, it’s about the earnings. It’s about the humans behind the computers. Bad guys require an account to operate. They create botnets that create thousands of fake user profiles per minute. These fake accounts are used to spam real users, or to manipulate the download charts so that their malicious apps appear popular.
The walls of security suffered enormous damage. Last year, Apple stymied over 1.1 billion attempts to sign up fake customers. Simply consider the amount of server power needed to cope with that. Not only that, they chased and disabled a whopping 40.4 million old user accounts associated with suspicious activity.
They also went after the developers. Around 193,000 developer accounts were completely terminated for fraud. Another 138,000 new developer enrollments were also blocked from entering the door by the security teams.
And the battle went outside the official store. Apple began to crack down on bogus stores on the broader web. These are websites that people frequent to download paid apps for free or grab any adult content or gambling software. The company traced and thwarted 28,000 malicious apps that were spread on these dark channels. The IT Act provides the authority with the authority to block access to these illegal servers, but the first line of defence is the tech companies themselves. They’ve prevented 2.9 million attempts by users to install unauthorized software from outside sources in their systems just in the past month
A Human And Machine Cleanup Crew
It’s not realistic for humans to manage the nine million app submissions and billions of transactions. The team would be blown out of the water if it were the volume. Depending on a hybrid system is very important for Apple. They have massive human resources and bring the grunt work to the AI.
All the code submitted is analyzed by machine learning models. System is quick. It compares apps to find similar apps, identifying the copycats. It detects advanced malicious patterns within huge updates. It alerts any suspicious looking item and passes it to a human to decide. This prevents the reviewers from wasting their time on trying to determine whether it is spam or not. It allows them to concentrate their expertise on the truly complicated scams which attempt to outsmart the system.
The Plastic And The Reviews is an album that is well worth listening to.
For all scammers, the ultimate goal is to make money. They purchase large collections of stolen credit card information on the Darknet and attempt to validate them by making online purchases. App stores are a great place to do this. If the stolen card functions perfectly in successful transactions of digital products, then the scammer has the assurance that the card is alive.
The financial protections prevented 5.4 million stolen credit cards from being used in 2025. It also permanently prevented close to 2 million user profiles from making any transactions in the future.
