- ■
Tech Transparency Project identified 102 nudify apps across Apple and Google app stores generating synthetic non-consensual intimate imagery.
- ■
These apps collectively generated $117 million in revenue with 700+ million downloads—both platforms taking a cut of sales for tools they explicitly prohibit.
- ■
Apple removed 24 apps after contact; Google suspended 'several' but refused to disclose the number, signaling inconsistent enforcement.
- ■
For policy teams: New regulatory window opens now. EU investigation of X/Grok launched Jan 26; NAAG and Democratic senators already demanding action.
Apple and Google just got caught hosting a problem their own policies explicitly forbid. A Tech Transparency Project review found 102 nudify apps—55 on Google Play, 47 in the Apple App Store—that turn photos into non-consensual sexual imagery. The platforms removed some after being contacted, but the discovery reveals a critical gap in moderation infrastructure: AI-generated abuse tools require different detection, removal, and policy frameworks than traditional content moderation. This moment forces platform governance to evolve or face mounting regulatory pressure.
The moderation failure is stark because the policies exist. Apple's app review guidelines explicitly ban material that is "overtly sexual or pornographic." Google Play's Developer Policy is even more specific: apps that "claim to undress people or see through clothing" are prohibited "even if labeled as prank or entertainment apps."
Yet nudify apps remained in both stores, generating revenues that both platforms collected from. This isn't a gap in policy language—it's a gap in detection infrastructure. The distinction matters because it defines what has to change.
When Tech Transparency Project conducted their January review, they found the apps by searching for obvious terms: "nudify," "undress." They tested them against synthetic images. The apps worked exactly as advertised: generating nude renders of clothed women. This was category identification that required neither algorithmic sophistication nor human expertise—basic keyword matching and functional testing. The fact that this reached 700 million downloads and $117 million in revenue suggests moderation teams weren't looking for this problem category at all.
Katie Paul, director of TPP, framed the discovery directly: "These were definitely designed for non-consensual sexualization of people." Not entertainment. Not art tools. Not theoretical. The apps exist to generate sexual imagery without consent—a specific harm with specific victims.
The platform responses hint at the governance problem. Apple removed 28 apps when contacted by CNBC and TPP. Two were re-approved after developers resubmitted with minor changes. TPP later clarified that only 24 had actually been removed. Google suspended "several" apps but declined to specify how many, saying its investigation was ongoing. This inconsistency—one platform acting quickly with incomplete data, the other moving slowly without transparency—suggests neither has established clear procedures for synthetic media abuse removal.
This becomes a regulatory liability issue because the pattern repeats across other vectors. The European Commission opened an investigation into X over Grok's spreading of sexually explicit content on January 26. The National Association of Attorneys General sent letters to Apple Pay and Google Pay in August demanding they remove nudify services from payment networks. Democratic senators from Oregon, New Mexico, and Massachusetts wrote to Apple and Google this month requesting removal of X from app stores, citing non-consensual sexualized image generation.
These aren't isolated complaints. They're converging pressure on a new category of abuse that existing moderation infrastructure wasn't designed to catch. Traditional content moderation looks at whether posted content violates policies. Synthetic media abuse requires a different detection model: identifying the tool that creates the abuse, not the abuse image itself. An app that generates non-consensual nudes is harmful by design regardless of whether any specific nude has been reported.
The harms are quantified beyond abstract regulatory concern. CNBC's September 2025 investigation tracked women in Minnesota whose public social media photos were fed into nudify services. Over 80 women were victimized. Because they were adults and the perpetrator didn't distribute the deepfakes, no crime technically occurred. But the harm—reputation, psychological, safety risk—is absolute. And that harm accelerates with app accessibility. The 102 apps with 700 million downloads represent 700 million potential exploitation vectors.
The geopolitics layer adds regulatory urgency. TPP found that 14 of the identified apps were based in China. This triggers data sovereignty concerns. As Paul noted, "China's data retention laws mean that the Chinese government has right to data from any company anywhere in China. So if somebody's making deepfake nudes of you, those are now in the hands of the Chinese government if they use one of those apps." That transforms app store liability from content moderation into national security policy.
Where this inflection points: Platforms must establish synthetic media abuse as a governance category with dedicated detection, removal workflows, and policy enforcement distinct from traditional content moderation. This means:
For Apple and Google policy teams: implementing keyword-plus-functional testing for abuse tools, not just content. This is faster to operationalize than content detection—you're identifying the tool, not parsing imagery—but requires retraining moderation workflows.
For investor models: valuation now includes liability for synthetic media infrastructure. If one platform gets ahead of regulatory compliance, that becomes competitive advantage. If neither does, both face exposure when regulations codify.
For builders in policy and regulatory affairs: the window closes in 6-12 months. EU regulations around AI Act and Digital Services Act are already being interpreted to cover synthetic media tools. U.S. state attorneys general have signaled enforcement. Platforms that proactively establish category-specific governance avoid reactive compliance penalties.
For app developers: distribution terms are tightening. The platforms' policy language already prohibited this. Enforcement is now accelerating. Any tool in the synthetic media abuse category will face rapid removal.
This is the moment platform moderation splits into two distinct categories: user-generated content (traditional enforcement) and synthetic abuse tools (new detection infrastructure). Apple's faster response—removing 24 apps within days—signals one platform recognizing the governance gap. Google's opacity suggests institutional inertia. The regulatory window is narrow. EU, NAAG, and Senate pressure are converging on the same requirement: synthetic media abuse tools must be treated as platform liabilities, distinct from content moderation. For decision-makers, the 18-month implementation window for governance infrastructure is open now. For investors, this inflection redefines platform liability buckets. For professionals, synthetic media abuse policy becomes a core competency. Watch the next threshold: when the first platform announces dedicated synthetic media governance infrastructure, others will follow within 60 days.
