Apple said on the 20th, local time, that it blocked $2.2 billion worth of suspected fraudulent transactions from the App Store last year. Over the past six years, the cumulative amount blocked has exceeded $11.2 billion.
On the surface, the numbers may read like a giant company’s self-promotion. But if you turn the announcement around, a different picture emerges. It means that fraudulent attempts worth about 3 trillion won existed in just one year, and that the target was the wallets of the 850 million people who visit the App Store every week. Korean iPhone users are included in that 850 million.
◆ The place blocked was not the payment window, but the “entrance”
The most notable point in the announcement is where the blocking took place. Apple emphasized not only catching fraudulent cards at the payment stage. Most of the blocking happened at the entrance where accounts and apps are created, before the fraud even began.
According to the company, 1.1 billion attempts to create fraudulent accounts using bot networks and other methods were neutralized from the start last year. An additional 40.4 million accounts confirmed to have been misused were deactivated.
The same was true on the developer side. 193,000 developer accounts were suspended, and more than 138,000 developer registration applications were rejected.
The numbers at the review stage are even more specific. Last year, 9.1 million app approval requests were reviewed. Of those, more than 2 million were rejected.
Nearly 59,000 apps that used manipulative tactics to deceive users were removed, and large numbers of apps with hidden functions or potential privacy violations were also filtered out.
Manipulation in ratings and reviews was also targeted. More than 1.3 billion ratings and reviews were processed last year, and nearly 195 million fake ratings were blocked before they were posted. In other words, even before a user downloads an app believing in a 4.8-star rating, this invisible screening has already been at work.
The principle behind all of these measures is simple. Fraud is completed at the moment of payment, but the preparation for it begins much earlier. It goes through the process of creating fake accounts, registering scam apps, and inflating ratings. Apple’s defense strategy focused on cutting off that preparation process rather than guarding the payment window. The idea is that preemptive blocking costs less and reduces damage more than post-incident detection.
◆ The stronger the platform becomes, the more fraud moves “outside”
That leads to the next question. If the inside of the App Store has become this tightly sealed, where have the fraudsters gone?
The answer is already in the announcement materials. Apple said it blocked 2.9 million installation and execution attempts of apps illegally distributed outside the App Store or approved alternative marketplaces in the past month. It also found 28,000 fake apps on illegal copycat stores. Once the front door was shut, fraud seems to have rushed toward side and back doors.
This trend is anything but someone else’s problem for Korean users. Last year in Korea, text messages impersonating parcel deliveries, health checkups, obituaries, and university admissions notices continued without pause. So-called smishing became routine, enough for the government to issue a separate year-end phishing warning. The destination of the links in such messages is usually the same: an app installed outside the official market, in other words, an unidentified installation file.
As the screening system of major platforms strengthens, fraud moves into areas the system does not reach. A single text, a single link, an installation screen of unknown origin become the new battlefield. Behind the $2.2 billion Apple blocked lies the shadow of fraudsters still active outside the platform.
◆ The final gap in the defense network is the user’s fingertips
So what can users do? The answer is that it does not require elaborate security knowledge.
The most reliable line of defense is to limit app installation to official marketplaces. Apple devices basically restrict installation from sources other than the App Store and approved markets. Simply not disabling that setting can help avoid the risks targeted by those 2.9 million illegal app execution attempts. For Android users, keeping “allow installation from unknown sources” turned off serves the same purpose.
It is safer not to tap links in text messages. Whether it is a notification about admission, a delivery notice, or anything else, if verification is needed, check directly through the institution’s official app or website. In the age of smishing, the basic rule is not to trust a sender number or the appearance of a link.
Payment security also needs attention. Apple said it blocked fraudulent use of 5.4 million stolen credit cards last year, but once card information leaks, even a platform’s blocking system has limits. Turning on payment alerts from your card issuer lets you detect unauthorized transactions as quickly as possible.
For households with children, it is better to use family protection features such as purchase requests and Screen Time operated by Apple to close off unauthorized payment channels in advance.
The platform blocked $2.2 billion worth of fraud, but one gap remained beyond even that defense network. That is the moment when users themselves tap a link, allow installation, or approve a payment. The one last gap is protected not by the system, but by the user.
Apple’s announcement shows how many threats a giant platform is blocking. At the same time, it also reveals where those threats cannot be stopped. Fraud has not disappeared; it has simply moved. And that new location is getting closer and closer to the user’s fingertips.
The number 3 trillion won a year really says not just that the platform is succeeding, but that even now, somewhere, someone is still targeting your phone.