Apple Says It Stopped $7 Billion in Fraudulent Transactions in Last 4 Years

[john123]

PASSIONATE THOUGHTS INCOMING!

How many of those were innocent users that had their accounts terminated because Apple suspected them of being fraudulent?

At least 1. Me, just last week. Fortunately Apple restored my account, but when I was told I was permabanned by the initial support rep — no recourse, all purchases lost, $2000 in Apple balance zapped — I panicked. The rep told me to "create a new Apple ID" which according to the interwebz is their standard line. (That's kind of nutty when you think about it. If they think you're doing fraudulent stuff, why would the instruction be to try again?)

Don't know. Do you? I would assume it's .01% which is a completely acceptable number given the scale.

As someone who does a lot of work developing and using metrics and stats on exactly this sort of thing (fraud detection) in my line of work, I'll betcha an awful lot of money that it ain't 0.01%. And I'm not saying that because of my own personal anecdote above. It's really hard to balance these things. And it's especially hard when you're in the early stages of building out your rules and algorithms. Even then, you can't get to significant percentages of detection without flagging a chunk of innocent people. Which brings me to....

False positives happen but generally speaking yoj can contest and prove this in most cases. So it is a small minority.

Apple allowing you to easily contest and prove is a VERY new thing. The reason I panicked is that if you scour the internet for hours (if you find 2 grand missing, you will too!), you'll find story after story of people saying that they had zero luck getting an Apple permaban lifted despite repeated attempts to escalate it. The success stories are few and far between, and the lengths people had to go to in order to achieve them were crazy. Ultimately this is the danger of any account you have with any third party. You really have no leverage, and your recourse options (small claims court; in the case of Apple, the Terms and Conditions define the value as Santa Clara county) are (A) a pain in the butt and (B) only able to compensate you monetarily. Small claims court can't compel a company to restore your account.

Based on all my reading of horror stories, I was shocked but overjoyed that they restored my account — in a day no less. I hope that's a model they've adopted generally so that people get proper review if they get flagged.

 

[Anonymous123]

Let’s put it this way: let’s say there’s a physical product you want to buy and it’s sold at various brick-and-mortar stores at various price points. Some stores have a higher risk of crime—it may be marginally higher or significantly higher, but higher than others nonetheless.

So you hop in your car to purchase your product but your car only lets you drive to the place it deems the safest, even if it costs more at that location. You have no choice to go anywhere else. Some may feel comforted knowing they’re being taken to the safest place, but imagine being told you can’t drive anywhere else even if you want to. Oh, and the makers of this car also get kickbacks when you purchase at the store of its choice.

 

[roar08]

Meanwhile customers overpaid 50 billion to Apple because there is no competition in app market place in last four years.

If customers are happy with the value provided by goods and services they purchase, how are they overpaying? Am I overpaying $270k for my 488 because a Civic is $25k if I'm happy with my purchase? This is such an emotion-ridden, subjective argument based on comparing one individual's sense of value and economic status to another. There's no mass, public outrage of the App Store — it's government overreach with the support of their Marxist sheep. App Store fees fall almost perfectly in the middle of many other similar platforms, which has been reported on time and time again. Where's the outrage? Apple is an economic giant, and an easy target for the have-nots.

 

[threesixty360]

When people say it doesn't matter if you don't use side loading etc.. isn't there a network effect here?
If a fraudulent side loaded app can use all the api's and get at your contact list etc.. cant they potentially harvest your contacts and send emails / messages to your contacts with links that could seem legitimate?

Also, what if the side loaded app did brick your phone somehow (I've actually done this back in the day on the original jailbroken iPad). Apple will have to deal with that problem for you at the store. Apple support are going to bare the brunt of any issues from third party stores I would imagine.

Finally, comparing macOS to the footprint of iOS devices is like chalk and cheese. Attack surface for iOS products run into hundreds of millions if not billions of devices. Plus, each phone is likely to have more personal info than any laptop will have (banking apps, geo-location records, health info etc..). iOS security needs to be far better than laptop security in practise.

 

[macfacts]

now all of that is being ruined by sideloading/alt stores. thanks to you know who.

no one is forcing your to side load apps or use alt app stores.

 

[wigby]

As someone who does a lot of work developing and using metrics and stats on exactly this sort of thing (fraud detection) in my line of work, I'll betcha an awful lot of money that it ain't 0.01%. And I'm not saying that because of my own personal anecdote above. It's really hard to balance these things. And it's especially hard when you're in the early stages of building out your rules and algorithms. Even then, you can't get to significant percentages of detection without flagging a chunk of innocent people. Which brings me to....

I'm sure that hundreds of thousands are flagged but Apple is not shutting down any accounts based solely on an algorithm. That is why they have a staff of people which is part of the 15%-30% expense that developers pay.

 

[Anonymous123]

When people say it doesn't matter if you don't use side loading etc.. isn't there a network effect here?
If a fraudulent side loaded app can use all the api's and get at your contact list etc.. cant they potentially harvest your contacts and send emails / messages to your contacts with links that could seem legitimate?

Also, what if the side loaded app did brick your phone somehow (I've actually done this back in the day on the original jailbroken iPad). Apple will have to deal with that problem for you at the store. Apple support are going to bare the brunt of any issues from third party stores I would imagine.

Finally, comparing macOS to the footprint of iOS devices is like chalk and cheese. Attack surface for iOS products run into hundreds of millions if not billions of devices. Plus, each phone is likely to have more personal info than any laptop will have (banking apps, geo-location records, health info etc..). iOS security needs to be far better than laptop security in practise.

Valid points, but letting the maker of the device rather than the government or the user themself make the decision to take on the risk is the troublesome part.

Fundamentally there are those who don’t believe in choice because of security risks, and those who believe in choice because it outweighs those security risks.

 

[dasmb]

More monopolistic practices. This country was built on fraud!

 

[mw360]

do people in this comment section realize that no one is forcing you to sideload apps? the app store isn't going anywhere

That's a silly false dichotomy. Plenty of users have apps that are very important to their routines/workflows and if those apps go to a different store or go web-only, the user will be essentially pressured to follow. The degree of pressure will vary according to the value of the app.

 

[Anonymous123]

That's a silly false dichotomy. Plenty of users have apps that are very important to their routines/workflows and if those apps go to a different store or go web-only, the user will be essentially pressured to follow. The degree of pressure will vary according to the value of the app.

Not sure what the problem is with this scenario. If it’s the same app in one app store vs. another I’d imagine the security risk is low. Also no one is saying you have to download the app on another app store. If you don’t want to use it anymore because it switched stores then that’s up to you, and you should be upset at the developer for its change in exclusivity, not the idea of multiple app stores in general. This would be like throwing the baby out with the bath water.

 

[BaldiMac]

Fundamentally there are those who don’t believe in choice because of security risks, and those who believe in choice because it outweighs those security risks.

Of course, that's nothing but a false dichotomy and appeal to emotion. There is obviously a tremendous amount of choice on the App Store.

For me, the App Store model is about both increased security and increased choice. Other people have different priorities.

 

[hans1972]

This confirms my statement, which I make frequently when anyone supports developers: I consider developers to be harmful and horrible people until proven otherwise.

We need Apple to shield us against the developers.

This something a lot of Macrumor's commenters and the EU refuse to consider.

 

[hans1972]

Exactly. Downloading an app through alternative channels is entirely optional. Anyone against this is against users having a choice. Users can still use the traditional App Store if they have any security/privacy concerns.

It’s been said before by others and I’ll say it again, it’s been like this on macOS for forever and no one made a big deal about it. User choice is a good thing and this report is clearly a move to promote their own ecosystem.

I'm against user's having choice and I'm especially against developer's having choice.

It's worse on macOS and I want it to be more like iOS when it comes to applications.

 

[Anonymous123]

Of course, that's nothing but a false dichotomy and appeal to emotion. There is obviously a tremendous amount of choice on the App Store.

For me, the App Store model is about both increased security and increased choice. Other people have different priorities.

There may be a tremendous amount of choice in apps but there is only a single choice in where you get them from. I’m not referring to the number of apps themselves; rather, the ability to download those apps from other areas rather than only one place.

 

[hans1972]

do people in this comment section realize that no one is forcing you to sideload apps? the app store isn't going anywhere

We know that, but some of us want only one simple, uniform source for all the software for the platform.

We want simplicity and uniformity. We want Apple to work as a shield against all developers. We don't want any contacts with developers if it can be avoided. We definitely want developers to have little choices and be treated as second class citizens under the stern control of Apple to keep them in place.

 

[Naraxus]

That's a silly false dichotomy. Plenty of users have apps that are very important to their routines/workflows and if those apps go to a different store or go web-only, the user will be essentially pressured to follow. The degree of pressure will vary according to the value of the app.

Not sure if you know this or not but that's generally how free-market economies work.

 

[BaldiMac]

There may be a tremendous amount of choice in apps but there is only a single choice in where you get them from. I’m not referring to the number of apps themselves; rather, the ability to download those apps from other areas rather than only one place.

So? Why would anyone want to go to multiple places to install and update apps? Seems like more work to me. A single place to make sure all your apps are up to date is a solution to a problem.

 

[hans1972]

I would venture to guess these types of users probably wouldn’t be going out of their way to download apps through alternative marketplaces. And if they are, you’re basically saying Apple needs to police stupidity by restricting choice, thereby limiting options for better-educated users. I understand where you’re coming from, but these are the types of scare tactics that Apple is relying on to be proliferated to keep everything in their ecosystem.

Yes, some knowledgable users want to treat iOS like Windows or macOS. It's a horrible idea and why I want those user's not to use Apple's systems. They can get everything they want on Android.

 

[hans1972]

Let’s put it this way: let’s say there’s a physical product you want to buy and it’s sold at various brick-and-mortar stores at various price points. Some stores have a higher risk of crime—it may be marginally higher or significantly higher, but higher than others nonetheless.

So you hop in your car to purchase your product but your car only lets you drive to the place it deems the safest, even if it costs more at that location. You have no choice to go anywhere else. Some may feel comforted knowing they’re being taken to the safest place, but imagine being told you can’t drive anywhere else even if you want to. Oh, and the makers of this car also get kickbacks when you purchase at the store of its choice.

But what was nice about iOS and the App Store was that there was only one place to go. That's nice when you don't like driving and don't like change.

 

[wigby]

I would venture to guess these types of users probably wouldn’t be going out of their way to download apps through alternative marketplaces. And if they are, you’re basically saying Apple needs to police stupidity by restricting choice, thereby limiting options for better-educated users. I understand where you’re coming from, but these are the types of scare tactics that Apple is relying on to be proliferated to keep everything in their ecosystem.

Apple needs to police the ecosystem that they already setup because that is why their users bought an Apple product. When Apple users feel too restricted, they simply move to Android and life goes on for everyone. Disrupting the entire ecosystem because of a few complainers that have a clear alternative, affordable choice does not feel like a viable solution for all.

 

[Anonymous123]

So? Why would anyone want to go to multiple places to install and update apps? Seems like more work to me. A single place to make sure all your apps are up to date is a solution to a problem.

Some people don’t mind, others do. Again, it’s about having the choice as not everyone holds this opinion. If users are able to get an app cheaper in one store vs. another then to them it may be worth it.

 

[DailySlow]

Yes but that doesn't stop ignorant users from side loading, getting a virus, sharing data with criminals, bricking their device, etc. and these things affect all of us directly and indirectly. I have many friends and family that have no knowledge nor patience for best security practices. Most developers pay 15%-30% to Apple to stop fraudulent charges and malware so I want them to do this effectively. I don't have the time to go to each person I know to teach them basic security.

Agree there. Plus going around use of long long passwords, a pay VPN, plus plain dumb lazy habits just in Apple’s non-sideloadeuser base is bad enough. Sideloading and iffy non-vetted apps from the new storefronts now will be a mess. At least jailbreaking requires a heightened familiarity of risks and of tech. No more.

 

[BaldiMac]

Some people don’t mind, others do. Again, it’s about having the choice as not everyone holds this opinion. If users are able to get an app cheaper in one store vs. another then to them it may be worth it.

App Store prices are already ridiculously cheap with immense competition keeping prices low. In my opinion, the marginal benefits aren't worth opening up iOS to a trillion dollar malware industry.

 

[Anonymous123]

App Store prices are already ridiculously cheap with immense competition keeping prices low. In my opinion, the marginal benefits aren't worth opening up iOS to a trillion dollar malware industry.

This perspective on pricing is subjective, especially in our current economy. And if alternative app stores mean lower costs on monthly subscription prices, that cost adds up over time. Subscription-based products are becoming more common and if developers are able to charge less monthly when not using the official App Store, that may be a major win for many users.

 

[jbattan]

That is just a phenomenal set of numbers. Thank you, Apple, for keeping us safe.