anti-fraud, Apple, fraud, Information Security, iOS, iTunes, Privacy, Top News

iTunes is assigning you a ‘trust score’ based on emails and phone calls

Apple plans to use “abstracted” summaries of our phone calls and emails to assign users a trust score as a way to combat fraud.

It quietly slipped the change into the iTunes Store terms and privacy disclosures last week, on Monday, at the same time it released iOS 12, tvOS 12, and watchOS 5.

(Speaking of which, please do remember that you need to turn some of the iOS 12 security enhancements on.)

According to Venture Beat, which first spotted the news about the trust scores, you can find the new provision in the iTunes Store & Privacy windows of iOS and tvOS devices.

It reads:

To help identify and prevent fraud, information about how you use your device, including the approximate number of phone calls or emails you send and receive, will be used to compute a device trust score when you attempt a purchase.

The submissions are designed so Apple cannot learn the real values on your device. The scores are stored for a fixed time on our servers.

Initially, Apple didn’t give much by way of context or clarity. Venture Beat, for one, was puzzled over the notion of using phone calls and emails to assign trust in the case of Apple TV, given that the devices don’t make calls or send emails.

Apple didn’t specify how recording and tracking the number of calls or emails coming from a user’s iPhone, iPad, or iPod Touch would help it to verify a device’s identity better than would its unique device identifier, be it hardcoded serial number or advertising identifier, or, in the case of iPhones and cellular iPads, the codes on SIM cards.

Meanwhile, on social media, people’s minds leapt to a particularly chilly episode of Black Mirror: “Nosedive,” in which people rate each other during interactions, bumping each other’s scores up or sending them into social hell, where nobody stops and helps you if you’re wandering around needing help on the side of a highway, given that anybody’s retinas will show that you’re a sub-4.0 low-life.

But Apple’s move isn’t all that nefarious. It’s got good cause to keep trying new ways to combat fraud, given the steady drumbeat of iTunes customers getting ripped off.

In June, Apple Singapore was looking into a rash of iTunes fraud, with dozens of customers getting billed for iTunes purchases they never made.

On Wednesday, an Apple spokesperson clarified the trust score, telling Venture Beat that the only data it’s going to receive after crunching our calls and email will be a numeric score, computed on-device, using the company’s “standard privacy abstracting techniques,” and retained only for a limited period, without any way to work backward from the score to user behavior.

No calls, no emails, nor any other extrapolations of the data will be shared with Apple, the spokesperson said. Content of calls and emails won’t leave your device, won’t go to Apple, and won’t go to the cloud, as in, “somebody else’s computer.”

If someone else tries to use your account, their trust score won’t match yours, so it will be one more tool in Apple’s arsenal to suss out when somebody’s trying to rip off both you and Apple. It’s also designed to reduce false positives in fraud detection.

Apple’s trying to stay a step ahead, and that’s a good thing: Keeping up with iTunes fraud is a cat-and-mouse game, and the company’s got to keep trying new ways to fight the crooks.

We’re assuming this won’t turn into a Black Mirror episode, but if it does, we’ll be sure to let you know!


Source : Naked Security

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend