Apple Using a 'Device Trust Score' to Identify and Prevent Fraud on iTunes and App Stores

With the release of iOS 12, tvOS 12, and watchOS 5 yesterday, Apple made some quiet changes to its iTunes and App Store privacy policy on iOS devices and the Apple TV.

Newly updated language in the iTunes and App Store privacy policy states that Apple is using a new device trust score to help identify and cut down on fraud.


Apple says that information about how you use your device, including the approximate number of phone calls or emails you receive is used to compute the device trust score when you make a purchase.
To help identify and prevent fraud, information about how you use your device, including the approximate number of phone calls or emails you send and receive, will be used to compute a device trust score when you attempt a purchase. The submissions are designed so Apple cannot learn the real values on your device. The scores are stored for a fixed time on our servers.
This warning shows up on both iOS devices and the Apple TV, which can’t send emails or make phone calls, so it appears to be blanket wording Apple is using for all of its iTunes and App Store privacy updates.

Apple has always been committed to protecting users from fraud, and the trust score is a new anti-fraud technique introduced in iOS 12. Like many of Apple’s data collection practices, the trust score has been designed with user privacy in mind.

Data used to calculate the trust score is on-device and related to usage patterns rather than the content of communications (Apple won’t know who you called or emailed or what you talked about), and when sent to Apple, the trust score is encrypted and stored for a short period of time.

Apple does not receive information beyond the score itself because the data used to determine the trust score is stored on device, as previously mentioned. A single trust score number Apple uses actually contains data from thousands of accounts, which protects your individual data and prevents Apple from seeing a single user’s device usage patterns.

Apple says the new iTunes and App Store trust scores are used solely to identify and prevent fraud and have no other purpose.

Apple uses many anti-fraud techniques, but malicious entities are always aiming to circumvent fraud measures, so Apple has to develop new fraud detection methods to protect customers and assess overall transactions for potential fraud. The trust score will help Apple better separate legitimate transactions from fraudulent transactions, cutting down on the number of false positives.

According to Apple, a lot of work went into building a trust score that provides the company with the tools to detect fraud while also protecting user privacy.

Apple’s iTunes Store & Privacy documentation was updated on September 17, just after the iOS 12 release, and prior to then, it did not include the bit about creating a trust score.

There are few other changes that have been made to the document, and the new section joins a pre-existing policy where Apple says that it collects device information, location information, download and purchase history and other interactions with its stores to prevent fraud.


Top Rated Comments

(View all)
Avatar
12 weeks ago

Absolutely baffled by this! Seems a little too intrusive to me.


As stated in the article, Apple does not collect the actual content in the emails and calls.

The combination of few phone calls/emails and downloading of multiple apps is indicative of a review farm (fraud). The higher the app download to call/email ratio, the lower the trust score.

Unique identifiers are no longer used for privacy reasons. This avoids the use of unique identifiers while collecting data relevant to identifying fraud.
Rating: 10 Votes
Avatar
12 weeks ago
I’m not pushing conspiracy theories here but just hear me out...

Isn’t this oddly timed considering China is starting to use that social score system?
Rating: 5 Votes
Avatar
12 weeks ago

I thought Apple recently said that customers are not the product? :rolleyes: (or am I remembering that wrong?)

No, you’re misapplying the concept to make it say something it isn’t. So you registered today just to say it?
Rating: 4 Votes
Avatar
12 weeks ago
Absolutely baffled by this! Seems a little too intrusive to me.
Rating: 3 Votes
Avatar
12 weeks ago
It does sound like it's an attempt to distinguish between "real" people and mischievous users.
Rating: 3 Votes
Avatar
12 weeks ago
Great, now the scammers will just up the spam calls and texts so they look like “real” users.
Rating: 2 Votes
Avatar
12 weeks ago
I know that some statistic about ATM use helped identify terrorist bank accounts back in the day. So these useful correlations of seemingly unrelated things do exist.
Rating: 2 Votes
Avatar
12 weeks ago
I wonder if this checks the number of phone calls and emails to iTunes support requesting refunds etc.
Rating: 2 Votes
Avatar
12 weeks ago
I thought Apple recently said that customers are not the product? :rolleyes: (or am I remembering that wrong?)
Rating: 1 Votes
Avatar
12 weeks ago
I’d like to know more about this trust score. I rarely communicate via phone call, yet I have several email accounts attached to my Mail app, including a Yahoo! spam account I use with untrustworthy sites.
Rating: 1 Votes
[ Read All Comments ]