Apple's new anti-fraud Trust Score: Separating facts from FUD

News
By Rene Ritchie
last updated

Apple Montreal
Apple Montreal (Image credit: Rene Ritchie/iMore)

Apple recently updated iTunes and some of the language contained in the updated privacy policy that came with it a sent a part of the internet into sensationalize-first, ask questions later mode. You know, like normal.

What Apple's doing shouldn't be cast as scary or even concerning, though. The company, one of the biggest online service providers in the world, is simply adding greater defensive depth to the security procedures it uses to protect us and, yes, itself, from fraudulent transactions.

Here's the deal.

Don't want to read? Watch the video and subscribe now for more!

What's all the fuss about?

Apple just recently updated its iTunes Store Privacy page , to include the following language:

To help identify and prevent fraud, information about how you use your device, including the approximate number of phone calls or emails you send and receive, will be used to compute a device trust score when you attempt a purchase. The submissions are designed so Apple cannot learn the real values on your device. The scores are stored for a fixed time on our servers.

Some publications saw the new language, or saw other publications that saw the new language, and raced to get it up as fast as possible, but without much in the way of context or clarity.

And, getting Apple into a headline that's even the slightest bit controversial or scary pretty much guarantees instant virality...

Why is Apple adding new protections to the iTunes Store, security is already annoying!

I hear ya. But, people get defrauded on the internet all the time and Apple's trying to make sure iTunes and iTunes users — including iTunes music, movies, and TV shows, App Store apps and games, Apple Music, and Apple Books, are better protected against that fraud.

Because it's a cat-and-mouse game, with types of fraud and countermeasures constantly changing and evolving, Apple is always trying new ways to detect, prevent, and protect iTunes transacations.

It's an incredibly difficult and complex task, though, so sometimes bad changes still get through and sometimes good charges get flagged incorrectly.

With iOS 12, Apple has added a new type of protection: A numeric device trust score.

What's a numeric device trust score?

It's a score that's computed using strong privacy protections, on your iPhone, iPad, and other devices, and used to help make sure the only one making purchases on your iTunes account is you.

So this is done on-device? Apple isn't sucking up all your data?

The numeric device trust score is computed on your device and all the data used to compute it remains on your device and is never sent to Apple or anyone else to compute on the cloud.

Once the numeric device trust score is computed, it's encrypted, sent to Apple, and retained by Apple for a limited period of time.

Apple doesn't get the data, only the resulting trust score?

Correct. Apple only gets the number. Not any of the email or call or any other sampling data your device used to generate it.

Can't Apple just reverse engineer the number and pop out all the original data anyway?

No, It's a single number amid a large pool of accounts and there's no way to work back the math and extract any of the original components.

Does Apple do anything with the trust score besides fraud detection?

Nope. Fraud detection is the only reason the trust scores exist and the only thing they're used for.

How does the trust score work exactly?

If someone else tries to use your account or payment method and their trust score doesn't match yours, it escalates anti-fraud detection procedures.

The hope is, it's just one more layer of protection that keeps bad actors out while still letting you in.

So, why all this fuss again?

Apple has made privacy a top-down, first-class priority for the entire company. As part of that, it's rolling out a lot more documentation and disclosure. Many companies keep their anti-fraud protections proprietary and so you never see them or have any reason to think about them.

Apple is making these measure public and since anything Apple does attracts a huge amount of attention, so have these measures.

But, because Apple has this stance on privacy and is going through all of these disclosures, it's also making damn sure everything, including the anti-fraud protections, are done in a way that respect and preserve privacy.

And we're seeing all these headlines...?

Because headlines.

Where can we learn more?

Right here: [http://www.apple.com/privacy]

And if you have any questions, drop them in the comments.

VECTOR | Rene Ritchie

○ Video: YouTube
○ Podcast: Apple | Overcast | Pocket Casts | RSS
○ Column: iMore | RSS
○ Social: Twitter | Instagram

Rene Ritchie
Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.