About App Store security
The App Store is a trusted place where users can safely discover and download apps. On the App Store, apps come from identified developers who have agreed to follow Apple guidelines, and are securely distributed to users with cryptographic guarantees against modification. Every single app and each app update is reviewed to evaluate whether it meets requirements for privacy, security and safety. This process, which is being constantly improved, is designed to protect users by keeping malware, cybercriminals and scammers out of the App Store. In addition, apps designed for children must follow strict guidelines around data collection and security designed to keep children safe, and must be tightly integrated with iOS and iPadOS parental control features.
App Store security protections include:
Automated scans for known malware: To help prevent it from ever making it onto the App Store and thus ever reaching or harming users.
Human review by a team of experts: To review the app description — including marketing text and screenshots — for accuracy. This creates a high barrier against the most common scams used to distribute malware: misrepresenting the malware as a popular app, or claiming to offer enticing features that aren’t actually provided.
Manual checks: To check that the app doesn’t unnecessarily request access to sensitive data and extra evaluation of apps targeted at children to help ensure they comply with stringent data collection and safety rules.
Trustworthy, centralised user reviews: To help surface issues and significantly reduce the attacker’s prospects of misleading many users. Even if a malicious app were able to completely hide its behaviour during the review process, users of the app who encounter and report issues alert others — and Apple — thereby providing another avenue for detection. The App Store aggressively combats fraudulent reviews to improve the value of this signal.
Processes for correction and removal: In case issues should occur. In a case where an app makes it into the App Store but is then later discovered to violate guidelines, Apple works with the developer to quickly resolve the issue. In dangerous cases, involving fraud and malicious activity, the app is immediately removed from the App Store and users who downloaded the apps can be notified of the app’s malicious behaviour.
Security of apps on iOS and iPadOS relies on a combination of all layers — robust App Review to help prevent the installation of malicious apps, and robust platform protections to limit the damage malicious apps can inflict. The security designed into iOS and iPadOS provides users with powerful protections that are the best of any consumer device, but those protections aren’t engineered to protect against choices a user might be tricked into making. App Review enforces the App Store policies designed to protect users from apps that may attempt to harm them or trick them into granting access to sensitive data. And, in the very serious instances of malicious apps trying to bypass on-device protections, App Review makes it harder for them to get on users’ devices in the first place.
Though App Store security measures alone can never be perfect, as part of a defence-in-depth strategy for platform security, they contribute to making widespread attacks against iOS and iPadOS users impractical and uneconomical for financially-driven attackers. By reviewing every app before it becomes available on the App Store to help ensure it’s free of malware and accurately represented to users, and by swiftly removing apps from distribution if they are found to be harmful and limiting the spread of future variants, Apple protects the security of the ecosystem and provides peace of mind to customers.