iOS 27 lets apps detect real-time scam risks for users

▼ Summary
– Apple’s new iOS 27 Trust Insights framework detects social engineering scams by analyzing on-device behavioral signals like interaction patterns and timing.
– The framework assigns a medium or high risk level to alert apps, which can then add warnings, delays, or verification steps.
– Trust Insights does not inspect content from Photos, Messages, or Mail; it discards raw data and sends only a single output value to Apple’s servers.
– Users can disable the framework in Settings, but a cooldown period may prevent immediate deactivation to protect against coached users.
– Initially, Trust Insights covers five operation categories: payment, account, resourceUse, communication, and other, with developer feedback requested for improvement.
Apple is rolling out a new anti-scam framework in iOS 27 designed to help apps detect and disrupt social engineering attacks in real time, whether they occur through voice calls, text messages, emails, or other channels. Here is what you need to know.
The newly unveiled Trust Insights framework gives apps the ability to receive alerts when a user may be actively manipulated into a scam. Apple notes that social engineering fraud is particularly difficult to catch automatically because the victim is often performing the actions themselves, “authenticated and legitimately.”
As threats like tech support scams, authority impersonation, and family emergency fraud have surged, especially with the rise of accessible AI deepfakes, Apple is taking a more proactive stance. The new system operates primarily on-device, analyzing “interaction patterns, timing, context, and basic sensor data.”
When the framework detects behavior consistent with a scammer coaching a user through a process, it assigns a medium or high risk level. This allows an app to introduce warnings, delays, or extra verification steps before the transaction completes.
Apple emphasizes that Trust Insights does not inspect the content of Photos, Messages, or Mail. Instead, it examines behavioral signals locally, discards the raw data immediately, and transmits only a single output value to Apple’s servers. That value can then be cross-referenced with the user’s Apple Account information and checks for unusual activity before the final risk assessment is returned.
Users can disable Trust Insights in Settings, but Apple warns there may be a cooldown period designed “to protect users who may have themselves been coached into turning it off.”
Initially, the framework covers five core operation categories as outlined in the WWDC session:
- .payment: any exchange of assets, content, or money, including in-game purchases.Apple encourages developers to submit feedback through Feedback Assistant if their use case falls under .other. The company also asks developers to report how Trust Insights affected each transaction and, when possible, flag cases later confirmed as fraud to help refine the system over time.





