iOS 27 Adds Trust Insights to Detect Scams Before They Happen

Apple is introducing Trust Insights, a new framework in iOS 27 that allows apps to detect when a user may be actively falling victim to a scam. Announced at WWDC 2026 in June, the framework runs primarily on-device, analyzing interaction patterns, timing, context, and basic sensor data to identify signs of social engineering without inspecting the contents of Photos, Messages, or Mail. When Trust Insights detects suspicious activity, it can assign a medium or high risk level, enabling apps to add warnings, introduce transaction delays, or request additional verification steps before a user completes a potentially fraudulent action.

iOS 27

Social engineering scams have proliferated in recent years, particularly as AI deepfakes have become more accessible, enabling criminals to impersonate executives, romantic partners, or authority figures with convincing video calls and voice synthesis. These attacks exploit a fundamental detection gap: when a user is being coached or deceived into performing a legitimate action, traditional fraud systems cannot intervene because the user is authenticated and the action itself is genuine. Trust Insights addresses this by shifting focus from content analysis to behavioral patterns, catching the coaching attempt before the transaction completes.

How Trust Insights works

The framework analyzes five categories of operations where users are most vulnerable to coercion or deception:

  • .payment: Any exchange of assets, content, or money, including in-game purchases.
  • .account: Updating account details or security information.
  • .resourceUse: Requests to costly or constrained infrastructure, such as AI inference.
  • .communication: Sending messages, submitting forms, or signing documents.
  • .other: A fallback category for operations that do not fit the above categories.

Trust Insights returns a risk assessment by combining behavioral signals analyzed on-device with information from the user’s Apple Account and checks for unusual account activity. Because the system runs locally on the device, Apple does not collect or share these behavioral signals with external parties, preserving the privacy commitment that distinguishes Apple’s approach from competitors who may require more invasive data collection for equivalent fraud detection.

Users can disable Trust Insights in Settings, though Apple intends to implement a cooldown period designed to protect users who may have themselves been coached into turning off the protection. This reflects the recognition that social engineering can extend to disabling security features, and that autonomy without safeguards can paradoxically expose vulnerable users to further harm.

Trust Insights represents the next phase in Apple’s evolving approach to fraud prevention. During WWDC 2025, Apple introduced two major spam protection tools coming to iOS 26, including a feature where callers are prompted by an automated voice to state their name and reason for calling, with responses transcribed in real time for review on the Lock Screen. Trust Insights builds on this foundation by moving beyond reactive filtering of incoming threats to active, behavioral monitoring of user intent during sensitive transactions.

Developer engagement is critical to the system’s effectiveness. Apple is asking developers to report how Trust Insights affected each transaction and, when possible, flag cases later confirmed as fraud to help improve the underlying detection models over time.

For developers of banking apps, payment services, and communication platforms, Trust Insights provides a structured way to add friction at moments of genuine risk without penalizing legitimate transactions. A banking app, for instance, could receive a high-risk signal from Trust Insights when a user attempts an unusual wire transfer under time pressure, then respond with additional authentication or a brief delay that allows the user to reconsider without blocking the transaction outright.

Trust Insights operates entirely on-device and never scans message or photo content, meaning Apple gains no visibility into personal communications while still offering behavioral protection. The explicit cooldown period on disabling the feature acknowledges that scam victims are often manipulated into lowering their own defenses. By analyzing the pattern of user behavior rather than the content of messages or the identity of callers, Apple addresses a detection gap that traditional fraud systems have struggled with for years.

via 9to5Mac

About the Author

Imran Hussain is the founder and editor of iThinkDifferent, which he launched in 2008 to cover Apple news, reviews, and how-to guides. He has spent over 15 years writing about iOS, macOS, and the wider Apple ecosystem, with a focus on hands-on guides - installing developer betas, troubleshooting, and walking through new features on his own devices. Based in Dubai, he also loves to cover photography, gaming, and the tech industry more broadly on his social media profiles.

Leave a comment