Apple Explains How the App Store Keeps Users Safe in Big-Number Ways

[ToothBlueth]

@turbineseaplane he might be referring to the ones available under the DMA. Which is funny, because, as far as I know, they are all pretty small, highly curated stores.

Even better:

Even though you are distributing outside the App Store, you still need to submit your app(s) to Apple for Notarization before they can be distributed. This is similar to Apple's App Store review process but fewer guidelines.

Source: https://faq.altstore.io/developers/distribute-with-altstore-pal

 

[svish]

Good to see the various numbers. Looks like Apple is promoting the app store due to the recent regulations. However think some customers may prefer to use Apple's billing system as it is convenient to keep track of all the in app purchases in one place.

 

[Devyn89]

Not dismissing the high number of potential frauds Apple circumvents, but the app store is also rejecting apps based on false positives or unclear/changing guidelines that are likely included in those numbers

My anecdotal example, my company's monthly service app updates are routinely rejected (once/twice a year) for unclear reasons despite being on the store for well over a decade - sometimes it's a zealous employee, sometimes it's a stiffer rule, sometimes it's because some bit of text could be misinterpreted by users (and it's extra funny when it's an asset that's been in our app for years that suddently is deemed an issue). There's always a reason for it, but the logic can be counterproductive or missing the mark

While it's good to have a solid validation process, it's not always stopping actual risks - but it's probably ultimately better to have stricter rules than looser ones nonetheless

Oh absolutely, I have issues with how Apple runs and manages the store for sure. My comment was merely acknowledging they catch way more fraud than I was expecting.

 

[armandxp]

Just like with my MacBook Pro, I should have the right to install software on my iPhone from outside of Apple's walled garden.

There should be two options, install from the App Store or install outside the App Store in my opinion. But both should be offered, and in app purchases should be offered as an in app purchase inside the App Store or outside the App Store. Some of us don’t care about paying a little more for the convenience of paying through Apple than a third-party website. If both options were available, would this still be an issue?

I can definitely understand Apple being worried about developers completely circumventing the Apple Store, or offering the app for free in the App Store and only offering upgrades outside of the App Store. As long as the user is able to make a decision whether they want to pay inside the App Store or outside the App Store, I don’t see a problem. But both should be definitely offered.

 

[Mrkevinfinnerty]

I do feel all safe 🥰

Actually i'm starting to get scared of using my Macbook, i've let them know at work.

 

[surferfb]

It is of importance, including a whole range of other things, the latter you constantly ignore. What you also ignore is that it is not a simple choice when there are only two imperfect options.

And like any other human being, you have to make trade offs when purchasing products. As you correctly point out, the world is full of imperfect choices. But that doesn't mean you should get to say "Well, on the whole I prefer iOS, but because I wish it behaved like Android I'm going to force Apple to open up and selfishly take away the safer option of a closed ecosystem from everyone who prefers it. I know better than the platform owner and want my cake and the ability to eat it too."

Again, this world where Apple opens up and there are no downsides at all is a fantasy. You can argue that the downsides are worth the benefits, but you can't argue they don't exist.

This statement is not based on any facts, unless you suggest iOS in itself is a leaking pot. iOS and Android do a good job on security.

Apple being safer than Android is based on tons of facts, especially for the typical user, who is not, like me and you, technically savvy. I suspect most everyone posting on MacRumors could successfully sideload and use alternate app stores without harm. However, we are a tiny percentage of Apple's user base.

In fact, iOS is inherently more secure than Android because the ecosystem is closed. This is not a debatable point. From Kaspersky (emphasis mine):

Notably, Trojans are the most prominent mobile threats — they constitute over 95% of mobile malware. Over 98% of mobile banking attacks target Android devices, which also comes as no surprise. Android is the most popular mobile platform in the world (over 80% of the global smartphone market). Also, Android is the only popular mobile platform that allows users to side-load software.

Don't believe Kaspersky? What about Norton?

One of the main issues with Android app security is that users can navigate to Android settings and install third-party apps—software from sources outside the official Google Play Store. These apps can bypass the Google Play Store review process, potentially posing security risks.

Have you ever seen a guide for "best iOS antivirus apps" like this one for Android? I wonder why that is? Couldn't possibly be because a closed ecosystem significantly reduces the risk of installing malicious apps. (Before you say anything, yes I'm aware Apple doesn't allow apps to scan the way an antivirus app would need to in order to function, but that kinda proves my point about iOS being more secure).

 

[BigBlur]

• Of the more than 7.7 million App Store submissions reviewed in 2024, Apple says it rejected more than 1.9 million of them for failing to meet the company's standards for security, reliability, and user experience, including for privacy violations or fraud concerns.
• In 2024, Apple removed more than 37,000 apps for fraudulent activity.

How does Apple catch these? Is there a way to report shady apps to Apple? Kik was once a popular messaging app back in the day. I recently logged into my old account to see what it's like now, only to find out that it's just plagued with porn/sex bots and escorts trying to get your money. I wouldn't even be surprised if it's used for sex trafficking. It is definitely not the fun app it used to be and, and it seems like it's slipping through the cracks for allowing fraudulent activity.

 

[citysnaps]

No pass needed - nobody is/should be above the rules.

As an example, me as a publisher have had apps on the store for years - you have a track record of what was submitted/approved/rejected and a history of reports made against your apps (or, in an ideal case, no reports made against your apps).

That reputation system exists already in some way, you don't need to get your apps re-evaluated from scratch when you update them as if they are entirely new and/or as if it's the first time you publish apps.

What I'm asking for is common sense and consistency when you have a solid track record to not get your updates randomly rejected for weird reasons - flag me stuff that cause issues, work with me, don't just reject my update because someone over there deems some text that's been in the app for ages to be problematic out of the blue.

Oh did I mention that the reason for rejecting my update is not clearly explained to make sure I know what to fix in order to not suffer more delays in updating my app?

It's happened a few times where it's something along the lines of "goes against the rules for requesting access to location" - yes there are rules for requesting and using location, we know them by heart at this point, but what's suddently an issue with what I do when it wasn't a problem before isn't clear.

And this shouldn't happen with vetted publishers - unless there's proper communication on upcoming changes for us to adjust and remain compliant. But Apple doesn't do that, they don't care known/vetted publishers suffer random setbacks like that.

Have you tried writing directly to Carson Oliver at Apple expressing your issues and frustrations? If so, how was it handled? Another option would be Phill Schiller.

 

[fguerraz]

Huh, I knew the numbers were high, I didn’t realize they were that high.

They are not. They conflate all problems together: not meeting UX standards, a breach of TOS, and actual security issues are very different things. Then put all these numbers in perspective with a 1bn device base, and it’s a lot of nothing.

 

[ToothBlueth]

But that doesn't mean you should get to say "Well, on the whole I prefer iOS, but because I wish it behaved like Android I'm going to force Apple to open up and selfishly take away the safer option of a closed ecosystem from everyone who prefers it.

First and foremost, I can’t force anyone, I can merely vote on a party/person I deem qualified. The EU is forcing Apple, like other governments, to become a fair platform, as the market for smartphone OSes is problematic.

Second of all, that line of reasoning is how fascism or autocracies establish, we have to consider the rights and voices of minorities as much as majorities. I am aware this is not a perfect analogy, but smartphones have become essential to modern life, and our governments should require OS providers to give people the right to make reasonable choices on the platform they provide.

Again, this world where Apple opens up and there are no downsides at all is a fantasy.

Never have I done so.

Also you’re cherrypicking from both norton and kaspersky. Norton especially, as they highlight that Galaxies and Pixels have very good security. The kaspersky article seems pretty old, it even considers balckberry OS.

 

[Chungry]

They are not. They conflate a problems together: not meeting UX standards, a breach of TOS, and actual security issues are very different things. Then put all these numbers in perspective with a 1bn device base, and it’s a lot of nothing.

Pretty much this. It's purposely obfuscation of the threat footprint.

 

[elthesensai]

The decision to use Apple’s App Store—or to download apps from the web or third-party app stores—should be left to the consumer who purchased the device. The real reason for the app distribution monopoly is to maximize profits. Full stop. If Microsoft had done this in the 1990s, the government would have investigated and sued.

 

[ProbablyDylan]

Have you ever seen a guide for "best iOS antivirus apps" like this one for Android? I wonder why that is? Couldn't possibly be because a closed ecosystem significantly reduces the risk of installing malicious apps. (Before you say anything, yes I'm aware Apple doesn't allow apps to scan the way an antivirus app would need to in order to function, but that kinda proves my point about iOS being more secure).

This is actually a great argument for the free market. You've highlighted a whole category of software that doesn't exist on iOS - not because there's no demand, but because Apple has deemed it is not allowed to exist.

 

[ToothBlueth]

not because there's no demand, but because Apple has deemed it is not allowed to exist.

And easily repackaged as propaganda, such as:

Have you ever seen a guide for "best iOS antivirus apps" like this one for Android?

 

[platinumaqua]

More propaganda. App Store is still full of apps with third party trackers and have no way to disable them.

App Store also blocks the full Gecko Firefox so it's impossible to get a browser that can run the full uBlock Origin. That block also perpetuates the upgrade treadmill, as let's be honest, most of Web browsing is done on browsers, and an up-to-date browser can extend the usable lifetime of operating systems significantly.

 

[turbineseaplane]

App Store also blocks the full Gecko Firefox so it's impossible to get a browser that can run the full uBlock Origin.

Infuriating. I'd really like to have full, real, Firefox on my iPad as it's what I use on desktop.

 

[turbineseaplane]

This is actually a great argument for the free market. You've highlighted a whole category of software that doesn't exist on iOS - not because there's no demand, but because Apple has deemed it is not allowed to exist.

And moving outside of something like Virus concerns, the death grip of Apple control creates an environment where we don't even know what types of interesting and useful Apps could exist, but don't ... due to that draconian control.

It literally stifles actual innovation when the App procurement lockdown is this tight and lacking in competition.

 

[Chungry]

More propaganda. App Store is still full of apps with third party trackers and have no way to disable them.

App Store also blocks the full Gecko Firefox so it's impossible to get a browser that can run the full uBlock Origin. That block also perpetuates the upgrade treadmill, as let's be honest, most of Web browsing is done on browsers, and an up-to-date browser can extend the usable lifetime of operating systems significantly.

Apple still needs to decouple system-level apps like Safari so they can be updated more often. But that would create more work for them... Guess it's not happening because it doesn't deliver shareholder value and it's not some new sexy thing they can analyze ASP for

 

[Vimy]

• In 2024, Apple removed more than 37,000 apps for fraudulent activity.

I wouldn't brag about approving 37000 fraud apps.

 

[wanha]

Everything Apple says is true.

The quiet part is that they also made themselves gatekeepers who charged an exorbitant toll and crafted complex "rules" which were and are to the detriment of their competitors, developers, and own customers, all in an attempt to milk the App Store for all it's worth to satisfy investors who, in fact, can never be satisfied

 

[platinumaqua]

There's also Apple being a content police so that they block applications that can access (or happen to access incidentally) adult content. Sure, block it for children, but not even allow it as an option for adults?

 

[platinumaqua]

Apple still needs to decouple system-level apps like Safari so they can be updated more often. But that would create more work for them... Guess it's not happening because it doesn't deliver shareholder value and it's not some new sexy thing they can analyze ASP for

They wouldn't even compile WebKit nightly for macOS more than two versions old...

 

[vkd]

How is anyone to know these statistics quoted are not fraudulent? The majority of stuff that comes out of government and the media is fake news, psy-ops or manipulated. Who is to say that what Apple says is any better? After all they are, ultimately, another govt. dept., same as Google are, Meta, Microsoft, etc. Its all about control, and social management.

 

[Chungry]

How is anyone to know these statistics quoted are not fraudulent? The majority of stuff that comes out of government and the media is fake news, psy-ops or manipulated. Who is to say that what Apple says is any better? After all they are, ultimately, another govt. dept., same as Google are, Meta, Microsoft, etc. Its all about control, and social management.

It's an open secret that Google is the revolving door, semi-private arm of the state department. I'd imagine the infiltration extends to other companies as well.

 

[surferfb]

The decision to use Apple’s App Store—or to download apps from the web or third-party app stores—should be left to the consumer who purchased the device. The real reason for the app distribution monopoly is to maximize profits. Full stop. If Microsoft had done this in the 1990s, the government would have investigated and sued.

Microsoft had 90% marketshare in the desktop market in the 1990s, so yes, I agree had Microsoft done this in the 1990s they would have been sued. I'll also add that if Apple had 90% market share (or Android was similarly locked-down) I would agree with all of you opening up was needed. But Apple has ~28% market share and Android is open. So the option is there for those who want it.

This is actually a great argument for the free market. You've highlighted a whole category of software that doesn't exist on iOS - not because there's no demand, but because Apple has deemed it is not allowed to exist.

I agree 100% The free market is the solution here. If only there was some other mobileOS without those restrictions.....

It literally stifles actual innovation when the App procurement lockdown is this tight and lacking in competition.

There is literally an OS with over 70% marketshare that allows you to run anything you want. Apple isn't stifling innovation here. Anyone can make that app that Apple is "restricting" and show people what an amazing app it is.

Anyways, I'm not sure additional debate is a good use of anyone's time so I'll bow out here.