Apple Details New App Store Safeguards Ahead of WWDC 2026

Apple has published a comprehensive update on the App Store’s security and developer‑protection programs, just weeks before its annual developer conference. The report, released on May 20, 2026, breaks down how the company’s multilayered defenses keep both consumers and creators safe while the marketplace continues to grow.

Key figures from 2025

• $2.2 billion in potentially fraudulent transactions blocked.
• 2 million malicious app submissions rejected.
• 1.1 billion fraudulent account creations stopped.
• 40.4 million user accounts deactivated for abuse.
• 193 000 developer accounts terminated for fraud.
• 28 000 illicit apps removed from pirate storefronts (including malware, porn, gambling and pirated copies).
• 9.1 million app submissions reviewed by the App Review team.
• 306 000 new developers welcomed to the platform.
• 59 000 apps pulled for bait‑and‑switch financial schemes.
• 22 000 submissions rejected for hidden features, 371 000 for spam or copycat behavior, and 443 000 for privacy violations.
• 195 million fraudulent ratings and reviews blocked before they could influence the store.

These numbers illustrate the scale of Apple’s effort: every week the App Store sees over 850 million visitors across 175 localized storefronts, and the company’s defenses must keep pace with increasingly sophisticated threat actors.

How the protections work

Human review + machine learning

Apple blends expert manual review with custom‑built machine‑learning models. When a developer submits an app, an automated scanner checks for known signatures of malware, privacy‑risk APIs, and policy‑violating metadata. If the model flags a submission, a human reviewer conducts a deeper analysis, looking for nuanced issues such as hidden functionality or deceptive UI patterns.

Continuous model training

The ML models are retrained weekly using fresh data from newly blocked transactions, fraudulent account attempts, and reports from the App Store ecosystem. This feedback loop helps the system adapt to emerging tactics, such as credential‑stuffing bots that attempt to create millions of fake Apple IDs in a single day.

Multi‑factor developer verification

Beyond the standard Apple ID, developers now must pass a two‑step verification that includes:

1. Document validation – government‑issued ID and business registration are cross‑checked with third‑party databases.
2. Behavioral scoring – the platform monitors the developer’s historical submission patterns, looking for sudden spikes in app volume or changes in code signing practices that could indicate a compromised account.

If a developer’s score falls below a threshold, Apple temporarily suspends the account and requires additional proof before reinstatement.

Fraud‑focused transaction monitoring

Apple’s payment pipeline now runs a real‑time risk engine that evaluates each in‑app purchase against a set of heuristics (price anomalies, geographic inconsistencies, rapid repeat purchases). When a transaction is flagged, the purchase is held for manual review, and the user may receive a notification asking to confirm the purchase.

Piracy and counterfeit removal

Apple collaborates with security researchers and law‑enforcement agencies to locate pirate storefronts that host counterfeit versions of App Store apps. Once identified, the company issues DMCA takedown notices and works with hosting providers to shut down the offending sites. The 28 000 illicit apps removed in 2025 represent a significant reduction in the exposure of iOS users to third‑party malware.

Ecosystem implications

For developers

The stricter vetting process means higher upfront compliance work, but it also protects legitimate creators from having their ideas copied or their revenue siphoned by fraudulent apps. Developers who maintain clean histories and transparent privacy practices are less likely to face account termination, and the new onboarding metrics give them clearer guidance on what will pass review.

For users

Consumers benefit from fewer spammy or malicious apps appearing in search results, more trustworthy ratings, and a lower likelihood of encountering fraudulent in‑app purchases. The reduction in fake reviews also improves the reliability of the App Store’s recommendation engine.

For the broader mobile market

Apple’s public disclosure of these numbers adds pressure on competing stores to publish comparable data. As the iOS ecosystem continues to dominate premium app revenue, other platforms may adopt similar multilayered approaches to retain developer trust and user confidence.

Where to read the full report

The complete transparency document is available on Apple’s newsroom site. For a quick dive into the technical details, see the official App Store safety overview and the accompanying developer guide on App Store Review Guidelines.

---

Apple’s ongoing commitment to security is reflected not just in the raw numbers, but in the continuous refinement of the tools and policies that keep the App Store a trusted destination for both creators and consumers.