The European Union just fired its biggest regulatory salvo yet at Big Tech's handling of online financial fraud, and Apple finds itself right in the crosshairs. The timing is hard to ignore. Just as regulators forced Apple to support third-party app marketplaces in Europe, they are asking whether the company is doing enough to stop scams across its ecosystem. This is not another routine skirmish, it is a direct test of how Apple balances security, control, and compliance in a messy, real-world internet.
The stakes are massive. EU regulators peg annual losses from online fraud at more than €4 billion across Europe, with fake banking apps, sketchy search ads, and bogus accommodation listings doing the damage. EU tech chief Henna Virkkunen told the Financial Times that "criminal activity is exploding online, with artificial intelligence making scams increasingly sophisticated." For Apple, long sold as the gold standard for secure, curated software, the probe validates old worries and threatens the narrative at the same time.
The irony of Apple's security argument
Apple has spent years insisting that tight control over the App Store keeps users safe. The company has frequently cited scam apps and malware to justify selling iPhone apps only through its own store. It is a clean pitch and it resonates. Who does not want a safer phone?
Then reality taps the mic. Numerous reports show scam apps still slip past review. A study from 2021 found almost 2 percent of top-grossing apps in the App Store were scams. That figure stings, especially for a platform built on trust.
The EU will drill into how Apple and Google handle fake apps, especially fraudulent banking apps. If a tightly curated store cannot keep them out, expect regulators to ask whether the security tradeoffs still justify limits on competition and choice.
Apple's defense: impressive numbers with gaps in execution
Apple is not standing still. In 2024, the company says the App Store prevented more than $2 billion in fraudulent transactions. Big number, real impact.
The enforcement picture is just as aggressive. Apple terminated over 146,000 developer accounts tied to fraud and rejected 1.9 million app submissions for security, reliability, and user experience issues, including privacy and fraud violations. For a platform with millions of submissions, that is a serious filter, not a rubber stamp.
Apple also touts Notarization, which checks apps for "egregious fraud" across third-party marketplaces in the EU. The company said it has "continually improved its antifraud measures to keep consumers safe from ever-evolving fraud tactics." Yet scams still seep through. Regulators want outcomes, not just inputs, and they want them measured in fewer victims, not bigger spreadsheets.
The third-party marketplace dilemma
Here is the twist. In the European Union, Apple must now support third-party app marketplaces under the Digital Markets Act, which lets people install apps outside the App Store. Apple warned this would create new security challenges. Now it has to prove it can manage them.
The company has been forced to allow those stores and loosen some controls. The paradox is obvious. The EU pushed Apple to open the gates, then turned around and asked if the guards are doing their job. That tension is not going away.
Apple's response feels careful, and a bit grudging. While EU users can install from third-party marketplaces, those marketplaces must meet Apple's terms, pay a core technology fee, and pass Notarization. Controlled openness, a middle lane that pleases neither security purists nor open-platform diehards.
What's really at stake here?
This is not just about Apple. Regulators are also probing Google, Microsoft, and Booking Holdings under the Digital Services Act, targeting fake banking apps, misleading search results, and phony accommodation listings that drain billions from consumers.
For Apple, the pressure point is fake banking apps that still make it through. The probe asks how those apps harvest financial data despite review, and what concrete measures would stop them.
The penalties are nothing to shrug at. Companies that flout Digital Services Act rules face fines up to 6 percent of global revenue. For Apple, that could mean more than $20 billion based on current revenue, far larger than previous EU hits.
The bigger picture: AI complexity and regulatory evolution
This fight sits where several long-running debates overlap, from security versus openness to how much responsibility platforms shoulder for the harm they enable. It also lands in a Europe that is testing how far it can push market gatekeepers.
Apple has already taken a bruising in 2025. The company was fined €500 million for blocking developers from steering users to alternative payments, a DMA violation. The message is clear, rules have teeth.
The rise of AI makes detection harder. Fraudulent apps can mimic real banking interfaces and behavior with eerie precision. The cat and mouse has sped up, and human review plus rules alone will struggle to keep pace.
Where does this leave Apple and users?
Apple is stuck in a regulatory catch-22. The EU opened the platform, which increases risk, then asked whether Apple is doing enough to contain that risk across a looser ecosystem. It validates parts of Apple's security pitch, yet it also demands proof that antifraud systems protect people in practice, not just on slides.
The probe will take time, probably months, but the direction of travel is obvious. EU regulators are moving hard on financial fraud, next to child protection and election integrity. If all this pressure delivers fewer fake banking apps and fewer wiped-out savings, users will not care who claimed credit.
One thing is clear. Pointing to terms of service is no longer enough. Regulators want measurable drops in harm, and they are ready to levy serious fines to get them. For Apple and its peers, that means building fraud defenses that hold up under scrutiny and under attack, even as AI raises the ceiling on deception. Tall order, but that is the job now.
Comments
Be the first, drop a comment!