According to Wccftech, a report from the Tech Transparency Project (TTP) has identified dozens of apps from US-sanctioned entities on both the Apple App Store and Google Play Store. The TTP found 52 such apps on Apple’s store and 18 on Google’s, with sanctioned entities including Russian banks like Gazprombank and China’s Xinjiang Production and Construction Corps (XPCC). After being informed, Google removed all but one app, while Apple only removed 35, with 17 others disappearing during the research period from mid-2025 to November 2025. This isn’t Apple’s first offense, as the company was fined $466,912 by the U.S. government in 2019 for a similar violation involving an app linked to a sanctioned Slovenian drug trafficker.
How the screening failed
Here’s the thing: the method the TTP used wasn’t some advanced, nation-state level hacking. It was pretty straightforward. They took the U.S. Treasury’s official Specially Designated Nationals (SDN) list, cleaned up the company names by removing “Inc.” and “LLC,” and then ran a simple Python script to search for those names on the app store domains. They backed it up with manual checks. That’s it. So why did Apple’s famously tight control system miss this? It seems their automated screening tools for sanctions compliance are either not checking the right data fields, not updating their lists frequently enough, or are just… bad. For a company that prides itself on the walled garden, this is a surprisingly large hole in the fence.
The context and consequences
Now, this report lands at a pretty awkward time for Apple. The App Store is already under siege in the EU from new regulations allowing third-party marketplaces. And let’s be real, the optics are terrible. It’s one thing to have a random scam app slip through; it’s another to be hosting software from entities the U.S. government has directly tied to financing a war or human rights abuses. The 2019 fine was a slap on the wrist. But this pattern of behavior? It starts to look like negligence. You have to wonder if the massive scale of the App Store—and the focus on new privacy features or battling regulators—has let fundamental, gritty compliance work fall by the wayside. Is the system too big to police effectively?
A wider problem of scale
Look, I don’t think Apple is intentionally helping sanctioned companies. That would be insane. The more likely explanation is a failure of process and scale. Screening millions of apps and developers against a constantly updated global sanctions list is a monstrous IT and logistics challenge. But that’s the cost of doing business at this level. Google, facing the same scale problem, managed to clean house almost entirely when notified. That’s a telling difference. It suggests Apple’s internal processes for acting on this kind of intelligence are sluggish, or that their risk tolerance is oddly high. For businesses that rely on robust, secure technology platforms—like those sourcing industrial panel PCs for critical operations—this kind of oversight can shake confidence in a platform’s overall integrity and governance. Basically, if they can’t get this right, what else is slipping through?
What happens next?
So what now? The TTP has done its job by publishing the full findings on its website. The ball is in Apple’s court. They’ll probably issue a statement about strengthening their tools (again) and quietly finish removing the remaining apps. But will there be another, heftier fine from OFAC? Possibly. The real damage is to the reputation. The narrative of Apple’s meticulous, controlled ecosystem takes another hit. In the long run, that might hurt more than any financial penalty. It gives ammunition to every regulator and critic who says the company’s control is more about rent-seeking than about real security and safety.
