Apple Using a 'Device Trust Score' to Identify and Prevent Fraud on iTunes and App Stores

MacRumors

macrumors bot
Original poster
Apr 12, 2001
48,701
10,113



With the release of iOS 12, tvOS 12, and watchOS 5 yesterday, Apple made some quiet changes to its iTunes and App Store privacy policy on iOS devices and the Apple TV.

Newly updated language in the iTunes and App Store privacy policy states that Apple is using a new device trust score to help identify and cut down on fraud.


Apple says that information about how you use your device, including the approximate number of phone calls or emails you receive is used to compute the device trust score when you make a purchase.
To help identify and prevent fraud, information about how you use your device, including the approximate number of phone calls or emails you send and receive, will be used to compute a device trust score when you attempt a purchase. The submissions are designed so Apple cannot learn the real values on your device. The scores are stored for a fixed time on our servers.
This warning shows up on both iOS devices and the Apple TV, which can't send emails or make phone calls, so it appears to be blanket wording Apple is using for all of its iTunes and App Store privacy updates.

Apple has always been committed to protecting users from fraud, and the trust score is a new anti-fraud technique introduced in iOS 12. Like many of Apple's data collection practices, the trust score has been designed with user privacy in mind.

Data used to calculate the trust score is on-device and related to usage patterns rather than the content of communications (Apple won't know who you called or emailed or what you talked about), and when sent to Apple, the trust score is encrypted and stored for a short period of time.

Apple does not receive information beyond the score itself because the data used to determine the trust score is stored on device, as previously mentioned. A single trust score number Apple uses actually contains data from thousands of accounts, which protects your individual data and prevents Apple from seeing a single user's device usage patterns.

Apple says the new iTunes and App Store trust scores are used solely to identify and prevent fraud and have no other purpose.

Apple uses many anti-fraud techniques, but malicious entities are always aiming to circumvent fraud measures, so Apple has to develop new fraud detection methods to protect customers and assess overall transactions for potential fraud. The trust score will help Apple better separate legitimate transactions from fraudulent transactions, cutting down on the number of false positives.

According to Apple, a lot of work went into building a trust score that provides the company with the tools to detect fraud while also protecting user privacy.

Apple's iTunes Store & Privacy documentation was updated on September 17, just after the iOS 12 release, and prior to then, it did not include the bit about creating a trust score.

There are few other changes that have been made to the document, and the new section joins a pre-existing policy where Apple says that it collects device information, location information, download and purchase history and other interactions with its stores to prevent fraud.

Article Link: Apple Using a 'Device Trust Score' to Identify and Prevent Fraud on iTunes and App Stores
 

jeremiah256

macrumors 65816
Aug 2, 2008
1,281
982
Southern California
I’d like to know more about this trust score. I rarely communicate via phone call, yet I have several email accounts attached to my Mail app, including a Yahoo! spam account I use with untrustworthy sites.
 
  • Like
Reactions: !!!

az431

macrumors 68000
Sep 13, 2008
1,530
4,449
Portland, OR
Absolutely baffled by this! Seems a little too intrusive to me.
As stated in the article, Apple does not collect the actual content in the emails and calls.

The combination of few phone calls/emails and downloading of multiple apps is indicative of a review farm (fraud). The higher the app download to call/email ratio, the lower the trust score.

Unique identifiers are no longer used for privacy reasons. This avoids the use of unique identifiers while collecting data relevant to identifying fraud.
 

GrumpyMom

macrumors G3
Sep 11, 2014
8,690
12,408
I tried to read this notice when it popped up when I went to download some message stickers I bought but it crashed my phone. Thanks MR for posting it here. Thanks @az431 for explaining what this mess is all about. I never heard of a review farm before.
 

happyslayer

macrumors 6502a
Feb 3, 2008
921
433
Glendale, AZ
I think this might mean that they look at your user activity—emails and calls—so if someone stole your password/ID and tried to buy stuff as you Apple could look at the device being used and compare the numbers. If a crook is using a device with substantially different numbers maybe it flags it as potential fraud.

How this might work if you get a new device and don’t restore a backup, though, is beyond me.

Just a guess though.
 
  • Like
Reactions: iapplelove

vicviper789

macrumors regular
Jun 5, 2013
179
918
This is unsettling. I primarily use text and maybe make one phone call a month. I also don't use the iOS mail app.

Sounds like some features created to make China happy...
 

Jessica Lares

macrumors G3
Oct 31, 2009
9,272
777
Near Dallas, Texas, USA
I would think the "fixed time" would be like a month and besides calls, texts, and email, it'd be how many times you've launched the camera app and some other general features/gestures most of us use on a daily basis within that month - like swiping away an X amount of notifications or how much the keyboard and Safari get used.
 
Last edited:

gnasher729

macrumors P6
Nov 25, 2005
16,957
3,855
I wonder if this checks the number of phone calls and emails to iTunes support requesting refunds etc.
That would be entirely stupid, because iTunes support would _know_ that you requested a refund. I know it's a cheap putdown but please think.
[doublepost=1537344693][/doublepost]
I thought Apple recently said that customers are not the product? :rolleyes: (or am I remembering that wrong?)
Yes, but some people are not customers.
 

emulate

macrumors newbie
Sep 18, 2018
4
3
No, you’re misapplying the concept to make it say something it isn’t. So you registered today just to say it?
Indeed, I'm a 3-post wonder.

The point I was trying to make was, the gathering of more and more personal information on its users, further eroding privacy, I find a troubling practice.

Which is precisely why (amongst other reasons) I refuse to touch any google products (which raise serious privacy and security concerns in my eyes).

I'm a person who by principle likes my privacy, and I don't like the direction technology is taking... integrating everything more and more on the internet.

(these days, you can't even apply for a job at most places except online).

I don't like the trends I am seeing with that. I'm not singling out Apple, but any company (*cough* google *cough*) that takes more and more of our privacy away.

Secondly, on a side but slightly unrelated note, I do not like any product (I'm not a fan of smartphones), software or hardware, that requires an internet connection to activate and use said product that I PURCHASED. Which is why, out of principle, when Microsoft rolled out XP back in the day with it's draconian product activation scheme, I promptly jumped ship and found and embraced linux.

(consequently, I also back in 2008 bought a white plastic macbook at a local Apple store, and the only concern I had was "do Macintosh computers require any sort of 'activation' like Windows XP does?", and when the Apple employee told me no, I bought it then and there).

Point being, I am troubled and dislike how everything is integrated with the web these days, and more and more companies wanting to peek more and more into my life. I don't care if it's google, apple, microsoft or any company, I simply don't like it.

And with google, you are the product. I just hope (but I see it though) that Apple resists the temptation to follow suit with other companies.
 

Glockworkorange

Suspended
Feb 10, 2015
2,511
4,176
Chicago, Illinois
Indeed, I'm a 3-post wonder.

The point I was trying to make was, the gathering of more and more personal information on its users, further eroding privacy, I find a troubling practice.

Which is precisely why (amongst other reasons) I refuse to touch any google products (which raise serious privacy and security concerns in my eyes).

I'm a person who by principle likes my privacy, and I don't like the direction technology is taking... integrating everything more and more on the internet.

(these days, you can't even apply for a job at most places except online).

I don't like the trends I am seeing with that. I'm not singling out Apple, but any company (*cough* google *cough*) that takes more and more of our privacy away.

Secondly, on a side but slightly unrelated note, I do not like any product (I'm not a fan of smartphones), software or hardware, that requires an internet connection to activate and use said product that I PURCHASED. Which is why, out of principle, when Microsoft rolled out XP back in the day with it's draconian product activation scheme, I promptly jumped ship and found and embraced linux.

(consequently, I also back in 2008 bought a white plastic macbook at a local Apple store, and the only concern I had was "do Macintosh computers require any sort of 'activation' like Windows XP does?", and when the Apple employee told me no, I bought it then and there).

Point being, I am troubled and dislike how everything is integrated with the web these days, and more and more companies wanting to peek more and more into my life. I don't care if it's google, apple, microsoft or any company, I simply don't like it.

And with google, you are the product. I just hope (but I see it though) that Apple resists the temptation to follow suit with other companies.
Sooo.....you’re not using and iPhone or Mac?
 

leehelm

macrumors newbie
Sep 20, 2018
1
0
What exactly are the ramifications of a bad trust rating? How will you know if you have one and are being unjustly effected? Can you appeal a bad rating? Can you opt out?

(tongue in cheek comment) How about giving us a way to give a corporation a Trust Rating in iOS? Also publish the national average of these corporate ratings to try and influence how they operate. I'm sure Apple will be trusted more than Google... for now at least.

The demise of the individual will be when governments and big business are totally melded together.
 

JosephAW

macrumors 68030
May 14, 2012
2,960
3,405
I was just about to install iOS 12 on my 5S until I saw this report online. I have deferred updating until this trust value can be viewed and understood by their installbase.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.