Apple creates an iTunes device trust score based on your calls and emails (updated)

Apple’s promise of transparency regarding user data means that any new privacy policy update might reveal that it’s doing something new and weird with your data. Alongside yesterday’s releases of iOS 12, tvOS 12, and watchOS 5, Apple quietly updated some of its iTunes Store terms and privacy disclosures, including one standout provision: It’s now using an abstracted summary of your phone calls or emails as an anti-fraud measure.

The provision appears in the iTunes Store & Privacy windows of iOS and tvOS devices:

To help identify and prevent fraud, information about how you use your device, including the approximate number of phone calls or emails you send and receive, will be used to compute a device trust score when you attempt a purchase. The submissions are designed so Apple cannot learn the real values on your device. The scores are stored for a fixed time on our servers.

This provision is unusual for a few reasons, perhaps the least of which is that Apple TVs don’t make phone calls or send emails. As such, it’s unclear how Apple computes the device trust score for iTunes purchases made through Apple TVs, but there’s other potential “information about how you use your device” that could be scraped and abstracted.

It’s equally unclear how recording and tracking the number of calls or emails traversing a user’s iPhone, iPad, or iPod touch would better enable Apple to verify a device’s identity than just checking its unique device identifier. Every one of these devices has both hardcoded serial numbers and advertising identifiers, while iPhones and cellular iPads also have SIM cards with other device-specific codes.

Citing personal privacy concerns, Apple has said that it’s unwilling to share users’ private data, notably including phone call logs, even under foreign government demands — except under proper legal process. While transmitting and storing an abstracted number of emails or phone calls doesn’t come close to full call or email records, it’s an odd metric to rely upon as an anti-fraud measure.

The latest version of Apple’s iTunes Store & Privacy support document was released yesterday, September 17. Before that, the May 24 version made no reference to either the device trust score or using user calls and emails to compute scores.

Updated September 19 at 12:48 p.m.: An Apple spokesperson reached out to confirm that the device trust score is indeed new in iOS 12, and clarified that it was designed to detect fraud in iTunes purchases, as well as to reduce false positives in fraud detection. It apparently gives Apple a better likelihood of accurately determining whether content is being bought by the actual named purchaser, an issue that notably made headlines earlier this year.

Reiterating its commitment to user privacy, Apple says that the only data it receives is the numeric score, which is computed on-device using the company’s standard privacy abstracting techniques, and retained only for a limited period, without any way to work backward from the score to user behavior. No calls, emails, or other abstractions of that data are shared with Apple. It’s still unclear how the trust score works on the Apple TV, which has neither emails nor phone calls, but presumably uses similar metrics stored on that device.