Apple anti-fraud engineer suggests App Store checks do not work

Internal documents released as part of the Epic Games lawsuit reveal an Apple anti-fraud engineer suggesting that App Store checks were grossly inadequate.

Epic cited two particularly damning quotes from Eric Friedman, head of the company’s Fraud Engineering Algorithms and Risk unit, in internal documents …

The Financial Times reports.

A senior Apple engineer compared the defences of its App Store against malicious actors to “bringing a plastic butter knife to a gunfight”, according to legal documents released on Thursday.

The anecdote, which was cited by Fortnite maker Epic Games ahead of a highstakes antitrust trial in California next month, was based on internal Apple documents quoting Eric Friedman, head of the company’s Fraud Engineering Algorithms and Risk (FEAR) unit.

In the papers, Friedman also likened Apple’s process of reviewing new apps for the App Store to “more like the pretty lady who greets you . . . at the Hawaiian airport than the drug-sniffing dog”. He added that Apple was ill-equipped to “deflect sophisticated attackers”.

The quotes were cited by Epic as more evidence that Apple was using app vetting as a pretext for taking its cut of app sales.

The iPhone maker argues that its sole control of the iOS apps market is good for consumers because it vets all apps for safety, security, and functionality. Epic says this isn’t true as many broken, misleading, insecure, and scam apps make it through the app review process. Developer Kosta Eleftheriou has given examples of many of these over the past few months, including non-functional rip-offs of his own apps.

Eleftheriou began highlighting applications that were essentially non-functional ripoffs of FlickType. One of the most blatant ones was KeyWatch […] When users downloaded the app, the first screen was a blank interface with an “Unlock now” button. Tap the “Unlock now” button, and you’d be prompted with Apple’s buy screen to confirm an $8/week subscription for an app that was nonfunctional.

Just this week he pointed to a VPN app that claimed to be “recommended by Apple” on the basis of high App Store visibility brought about by a large number of fake reviews.

Apple anti-fraud protections encompass both automated checks and human verification, and it’s unclear whether Friedman is referencing only the former element, or the whole process. Either way, the fact that a senior Apple engineer tasked with preventing this type of thing considers the app review process to be grossly inadequate to the task certainly isn’t going to help the Cupertino company in the upcoming antitrust case.

Photo by Franck on Unsplash

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear