Skip to content
Naked Security Naked Security

iTunes is assigning you a ‘trust score’ based on emails and phone calls

It's just a number to detect fraud, not a Black Mirror-esque score that's going to rate us all as social misfits unworthy of wedding invitations.

Apple plans to use “abstracted” summaries of our phone calls and emails to assign users a trust score as a way to combat fraud.
It quietly slipped the change into the iTunes Store terms and privacy disclosures last week, on Monday, at the same time it released iOS 12, tvOS 12, and watchOS 5.
(Speaking of which, please do remember that you need to turn some of the iOS 12 security enhancements on.)
According to Venture Beat, which first spotted the news about the trust scores, you can find the new provision in the iTunes Store & Privacy windows of iOS and tvOS devices.
It reads:

To help identify and prevent fraud, information about how you use your device, including the approximate number of phone calls or emails you send and receive, will be used to compute a device trust score when you attempt a purchase.
The submissions are designed so Apple cannot learn the real values on your device. The scores are stored for a fixed time on our servers.

Initially, Apple didn’t give much by way of context or clarity. Venture Beat, for one, was puzzled over the notion of using phone calls and emails to assign trust in the case of Apple TV, given that the devices don’t make calls or send emails.

Apple didn’t specify how recording and tracking the number of calls or emails coming from a user’s iPhone, iPad, or iPod Touch would help it to verify a device’s identity better than would its unique device identifier, be it hardcoded serial number or advertising identifier, or, in the case of iPhones and cellular iPads, the codes on SIM cards.
Meanwhile, on social media, people’s minds leapt to a particularly chilly episode of Black Mirror: “Nosedive,” in which people rate each other during interactions, bumping each other’s scores up or sending them into social hell, where nobody stops and helps you if you’re wandering around needing help on the side of a highway, given that anybody’s retinas will show that you’re a sub-4.0 low-life.

But Apple’s move isn’t all that nefarious. It’s got good cause to keep trying new ways to combat fraud, given the steady drumbeat of iTunes customers getting ripped off.
In June, Apple Singapore was looking into a rash of iTunes fraud, with dozens of customers getting billed for iTunes purchases they never made.
On Wednesday, an Apple spokesperson clarified the trust score, telling Venture Beat that the only data it’s going to receive after crunching our calls and email will be a numeric score, computed on-device, using the company’s “standard privacy abstracting techniques,” and retained only for a limited period, without any way to work backward from the score to user behavior.
No calls, no emails, nor any other extrapolations of the data will be shared with Apple, the spokesperson said. Content of calls and emails won’t leave your device, won’t go to Apple, and won’t go to the cloud, as in, “somebody else’s computer.”
If someone else tries to use your account, their trust score won’t match yours, so it will be one more tool in Apple’s arsenal to suss out when somebody’s trying to rip off both you and Apple. It’s also designed to reduce false positives in fraud detection.
Apple’s trying to stay a step ahead, and that’s a good thing: Keeping up with iTunes fraud is a cat-and-mouse game, and the company’s got to keep trying new ways to fight the crooks.
We’re assuming this won’t turn into a Black Mirror episode, but if it does, we’ll be sure to let you know!


Perhaps more questions than answers…
It will be interesting to see how this develops for those that don’t run app’s in parallel on multiple devices or link via cloud but run collectively to one (or more) apple ID’s…?
Good article Lisa, thank you.


I have big questions about this “ trust score” !
Big tech hasn’t been that trust worthy of late & they’ve done nothing to allay that lack of trust.
Promises from corporations that are known liars are hardly comforting.
I recently bought all apple stuff coz I thought they were better with all this stuff. Now I’m not so sure.
Their notification about the trust score is written in legalese that anybody would need a colledge degree to decipher & at least half a day to read.
It’s all a bit fishy & they’re all got way too big for their boots.
We’re talking about going analogue & dumping the lot of them.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!