Highlight
Trust Insights is a new framework in iOS 27 that uses privacy-preserving machine learning to detect whether a user may be coached into high-risk actions. It helps apps identify social engineering attacks while keeping all device-side data local and off the network.
Core Ideas
Social engineering has become a major cybersecurity challenge in recent years. These attacks do not exploit system vulnerabilities. They exploit human psychology.
Common patterns include impersonating technical support to trick users into granting remote access, pretending to be a bank or government agency to extract sensitive information, and using AI deepfakes to fake a “family emergency” and steal money.
Attackers guide victims in real time over phone calls or chat apps. The user actively performs the actions, passes authentication, and the actions themselves are legitimate. The app cannot tell whether this is the user’s true intent or the result of coercion.
Existing security mechanisms such as multifactor authentication and biometric authentication are ineffective in this case because the person operating the app really is the user.
Apps need a new signal. It is not enough to verify “who” the person is; they also need to judge whether the action is being taken freely. That signal must protect user privacy at the same time.
The Trust Insights framework is built for this. It analyzes behavioral patterns, timing, context, and basic sensor data, but it does not touch content from Photos, Messages, or Mail. All device-side data is processed locally and discarded immediately. Only a single output value leaves the device.
Details
Framework integration
(02:11) Trust Insights is introduced in iOS 27 and is integrated entirely through Swift APIs. It does not require server-side code.
Permission configuration
(02:52) Using Trust Insights requires declaring the corresponding entitlement in Xcode.
Creating an evaluation request
(03:02) The first step is to create a parameter package that specifies the type of insight you want to request:
import TrustInsights
let request = IsLikelyBeingCoachedInsight.request(
schema: .version1,
modelVersion: .current
)
Key points:
schemaspecifies the insight schema version and is required.modelVersionis optional and supports model governance and validation.- You can specify both the current and previous versions for comparison and validation.
Configuring the evaluation context
(03:28) Create an InsightContext to tell the system what type of operation the user is performing:
let context = InsightEvaluator.InsightContext(
operationCategory: .resourceUse,
requestedEvaluations: request
)
Key points:
operationCategorydetermines which model logic applies.InsightEvaluatorcan accept multiple insight requests.
Five operation categories
(03:44) The framework provides five predefined operation categories:
| Category | Description |
|---|---|
.payment | Exchange of assets, content, or money, including in-app purchases |
.account | Updating account details or security information |
.resourceUse | Requests for expensive or restricted infrastructure, such as AI inference |
.communication | Sending messages, submitting forms, or signing documents |
.other | Fallback for operations that do not fit the categories above |
If your use case falls under .other, Apple recommends filing feedback through Feedback Assistant.
Requesting authorization and running evaluation
(03:36) Users have full control over the use of Trust Insights. Before integrating, check authorization status:
let evaluator = InsightEvaluator()
guard try await evaluator.requestAuthorization(for: context) == .authorized else { return }
let assessment = try await evaluator.requestEvaluation(context: context)
Key points:
- You must check whether the user has authorized your app to use Trust Insights.
requestEvaluationis asynchronous and may take a few seconds.- A network connection is required because evaluation involves a cloud service.
- Development environments use a sandbox; apps on the App Store use the production model.
Testing tips
(05:18) You can override insight values and errors with a custom Xcode build scheme to test different decision logic and UX variants. See the developer documentation for the available launch arguments.
Handling evaluation results
(05:37) IsLikelyBeingCoachedInsight has three possible result values:
func handleAssessment(_ assessment: InsightEvaluation<IsLikelyBeingCoachedInsight>) throws {
switch try assessment.insight.outcome.get() {
case .unknown:
// The system has no evidence of fraud risk
// But this should not be interpreted as low risk
case .medium:
// There is some evidence of coached-action risk
// Consider adding friction, extra verification, or risk score adjustment
case .high:
// There is significant evidence of coached-action risk
// Inform the user about the risk before they continue
@unknown default:
break
}
}
Key points:
.unknowndoes not mean low risk; it only means there is no evidence..mediumsuggests adding an extra verification step..highsuggests clearly informing the user about the risk.- Do not block an operation solely based on a Trust Insight.
- Handle errors at both the evaluation level and insight level independently.
Reporting feedback
(07:05) There are two types of feedback: real-time consumption feedback and offline fraud labels.
Real-time consumption feedback
Tell the system how your app responded to the insight. This is required for every evaluation request:
assessment.reportConsumption(.usedIncreasedFriction)
Six consumption values:
| Value | Description |
|---|---|
.usedReducedFriction | The insight made the operation easier |
.usedUnchangedFriction | The insight was evaluated but did not change the experience |
.usedIncreasedFriction | The insight caused an extra check or additional friction |
.notUsedNotNeeded | The user canceled, so no decision was needed |
.notUsedError | A technical failure prevented use |
.usedEvaluationOnly | Used only for internal evaluation and benchmarking |
Key points:
- Call
reportConsumptionfor every evaluation request. - If omitted, your app may be rate-limited.
Offline fraud labels
(07:22) When a transaction is later confirmed as fraud, this signal is important for model improvement:
// Submit through Apple Business Register
// Use the server-to-server API
// Include the insight identifier from the original evaluation
Key points:
- Submission may happen days, weeks, or even months later.
- Use Apple Business Register’s server-to-server API.
- Do not include PII or any information that can be used for fingerprinting.
- This is not mandatory, but it helps improve the ecosystem.
Privacy architecture
(09:27) Data minimization is a core principle of Trust Insights:
- Only the required data is processed.
- Inputs are discarded immediately after evaluation.
- All device-side data stays on the device.
- Device-side signals are not shared with Apple or third parties.
- Users can fully disable Trust Insights in Settings.
After disabling, there may be a cooldown period to prevent a user from being coached into turning it off.
App example
(11:43) Consider a user making a large transfer to someone claiming to be a doctor treating a family member:
- The app requests Trust Insights in the background.
- It receives a
.mediumresult. - The app adjusts the flow by showing a warning and adding a transaction delay.
Depending on the use case, you can also:
- Process the result on the server.
- Add a manual review step.
- Adjust risk without interrupting the user.
Key Takeaways
-
Large transfer warnings: In a P2P payment app, request Trust Insights for transactions above a threshold. For high or medium risk, show extra safety warnings and recipient verification steps.
-
Second confirmation for sensitive actions: When a user performs irreversible actions such as account deletion, data export, or remote access authorization, request Trust Insights and dynamically adjust the strictness of the confirmation flow.
-
Protection for support scenarios: If your app includes remote assistance from customer support, request Trust Insights before the user authorizes screen sharing or remote control to reduce impersonated tech support scams.
-
High-risk login protection: When a new device login or sensitive information change is detected, combine it with Trust Insights to decide whether extra identity verification is needed.
-
Friction for AI service calls: For resource-intensive AI operations such as image generation or long-text processing, request Trust Insights before the user starts. For medium or high risk, add confirmation or lower the service level.
Related Sessions
- App Attest — Verify that server requests come from legitimate app instances and combine it with Trust Insights for layered security
- Security for agentic apps — Security practices for agentic apps and the extension of trust mechanisms in the AI era
- Privacy Preserving ML — Core AI privacy-preserving machine learning and Apple’s broader on-device ML strategy
- In-App Purchase — The latest practices for in-app purchases, which can be combined with Trust Insights to protect high-value transactions
- Device Management — Enterprise device management and how to deploy security policies in enterprise environments
Comments
GitHub Issues · utterances