Apple says that information about how you use your device, including the approximate number of phone calls or emails you receive is used to compute the device trust score when you make a purchase.
To help identify and prevent fraud, information about how you use your device, including the approximate number of phone calls or emails you send and receive, will be used to compute a device trust score when you attempt a purchase. The submissions are designed so Apple cannot learn the real values on your device. The scores are stored for a fixed time on our servers.
This warning shows up on both iOS devices and the Apple TV, which can’t send emails or make phone calls, so it appears to be blanket wording Apple is using for all of its iTunes and App Store privacy updates.
Apple has always been committed to protecting users from fraud, and the trust score is a new anti-fraud technique introduced in iOS 12. Like many of Apple’s data collection practices, the trust score has been designed with user privacy in mind.
Data used to calculate the trust score is on-device and related to usage patterns rather than the content of communications (Apple won’t know who you called or emailed or what you talked about), and when sent to Apple, the trust score is encrypted and stored for a short period of time.
Apple does not receive information beyond the score itself because the data used to determine the trust score is stored on device, as previously mentioned. A single trust score number Apple uses actually contains data from thousands of accounts, which protects your individual data and prevents Apple from seeing a single user’s device usage patterns.
Apple says the new iTunes and App Store trust scores are used solely to identify and prevent fraud and have no other purpose.
Apple uses many anti-fraud techniques, but malicious entities are always aiming to circumvent fraud measures, so Apple has to develop new fraud detection methods to protect customers and assess overall transactions for potential fraud. The trust score will help Apple better separate legitimate transactions from fraudulent transactions, cutting down on the number of false positives.
According to Apple, a lot of work went into building a trust score that provides the company with the tools to detect fraud while also protecting user privacy.
Apple’s iTunes Store & Privacy documentation was updated on September 17, just after the iOS 12 release, and prior to then, it did not include the bit about creating a trust score.
There are few other changes that have been made to the document, and the new section joins a pre-existing policy where Apple says that it collects device information, location information, download and purchase history and other interactions with its stores to prevent fraud.