Trusted Codes
ResourcesJuly 20267 min readENDEESFRITNL

Apple just confirmed what scam fighters have known for years: the weak point is human

This week's iOS 27 announcement matters — and it's worth understanding both what it does and what it deliberately leaves open.

At WWDC26, Apple introduced Trust Insights, a new framework in iOS 27. It lets an app ask the operating system a remarkable question at a sensitive moment: “Is this user likely being coached by someone right now?”

Think about what that means. A grandmother on the phone with someone claiming to be her grandson, being walked step by step through a bank transfer. A retiree with a “Microsoft technician” guiding him to grant remote access. The transaction itself looks perfectly legitimate — right credentials, right device, right fingerprint. The fraud isn't in the data. It's in the conversation happening next to the phone.

Apple's answer: the device observes behavioral patterns and lets an app respond with an extra check before the money moves. Banks, payment apps, and crypto wallets should be first in line to adopt it. I genuinely hope they do.

What Trust Insights is — and isn't

It is a last line of defense. It typically fires at the final moment, inside one specific app, when the victim is already deep in the scam — already convinced, already pressured, already at the transfer screen. And it comes with structural constraints:

  • Protection is only as broad as adoption — and adoption will be a patchwork. Each app must integrate the framework individually. Your primary bank may ship it; your second bank, your payment app, your crypto wallet may not. The scammer only needs to steer the victim toward the one unprotected door. As a consumer, you can't know which of your apps is covered — so the protection is real, but never guaranteed across all the ways money can leave your accounts.
  • It's Apple platforms on version 27 and newer — currently in beta. Android users, older iPhones, the web, non-Apple desktops: not covered.
  • It isn't a purely offline feature, and it isn't invisible. The framework combines on-device and cloud infrastructure, and Apple requires integrating apps to report back how each insight was used. Most importantly: you, the user, must explicitly opt in to having your behavior evaluated by each app that uses it. That's the right design for this kind of signal — but it means agreeing, app by app, to a form of behavioral monitoring.
  • It can only watch the device it runs on, at the moment of the transaction. Move the conversation elsewhere — a spoofed CEO email today, the wire transfer from a desktop tomorrow — and there is nothing to observe. Business email compromise and deepfake video meetings live entirely in that gap: the manipulation is asynchronous, the person executing the payment behaves perfectly normally, and the transaction happens on a machine iOS never sees.
  • It flags risk, not truth. It can say “something seems off.” It cannot tell you whether the person on the line is actually your grandson.

The adversary gets to study the detector

And there's a quieter problem, familiar to anyone working with AI systems. Trust Insights is a behavioral classifier — and the behavior it evaluates is exactly what the scammer scripts. Scammers operate at scale, and every blocked transfer teaches them something. Expect the playbooks to adapt: “hang up first, I'll call back after,” “no rush, do it tomorrow when you're calm.” It's the same structural weakness the industry is wrestling with in prompt injection: when the input to a security decision is partly authored by the attacker, the attacker will eventually learn to author it safely.

Detection systems don't fail all at once — they erode, script by script, as the other side adapts. A shared secret erodes differently: not at all. There is no threshold to rehearse your way under. The scammer can sound perfectly calm and coach the victim into perfectly normal behavior — and still not know the code.

Which brings us to the crux. The grandparent scam, the fake bank agent, the CEO-fraud call, the deepfake video conference — they all rest on one thing: an unverified identity claim. “It's me.” “I'm calling from your bank.” “This is your CFO.” Everything after that claim is downstream damage control.

Where Trusted Codes stands

Trusted Codes verifies the person, not the transaction — using short, human-friendly codes shared between people who trust each other. Grandmother and grandson. Customer and bank. CEO and finance team. When someone calls claiming to be family, one question settles it in seconds: “What's our code?”

And because it verifies humans rather than transactions, the properties fall out differently:

  • It stops the scam at the beginning, not the end. Before the pressure builds, before the story takes hold, before anyone opens a banking app. The premise fails, so nothing downstream happens.
  • No behavioral monitoring, no reporting. There is nothing to opt in to, because there is nothing watching you. Codes are checked on your own device; the underlying secrets never leave it, anything that syncs is end-to-end encrypted, and nothing is reported back to anyone's environment. Privacy isn't a compliance checkbox here — it's the architecture.
  • No threshold to game. A classifier can be probed and rehearsed against; a shared secret has to be obtained — and codes rotate, so yesterday's overheard code doesn't open today's door.
  • It works across every channel. Phone calls, video calls, messaging, email, in person. Landline or smartphone, iPhone or Android, desktop or mobile. One verification habit covers every harm vector at once — a deepfake voice on a video call fails the same check a phone scammer does. No waiting for each app owner to maybe ship an update. And where the deception hides in a message rather than a voice — a CEO-fraud email, a doctored invoice — the same principle extends from verifying people to verifying documents.
  • Nobody has to wait. No dependency on your bank's roadmap, no minimum OS version, no framework rollout. It works today.

Bookends, not competitors

Apple's Trust Insights catches the coached victim at the last possible moment inside a participating app. Human verification prevents the situation from arising at all, everywhere else. A bank that adopts Trust Insights will soon face a new question: the OS says our customer is being coached — now what? Blocking the transfer punishes the many legitimate cases (a daughter helping her mother with online banking, for instance — Apple itself notes that coaching isn't necessarily malicious). The graceful answer is a step-up that resolves the doubt instead of just adding friction: verify the human. And in fairness, the same scrutiny applies to us: Trusted Codes needs the app on both sides and an established connection, and no tool can vet a stranger's intentions. That is exactly why an OS-level coaching signal is welcome — it reaches situations verification alone cannot.

Apple putting an anti-coercion API into the operating system is a milestone. It says, at the highest level of the industry, that social engineering — not malware — is the defining fraud problem of this decade. The machines are increasingly secure. The conversations are not.

Protect the conversation, and you protect everything downstream.

A verification layer for human relationships

Trusted Codes works across every channel, keeps everything on your device, and is available today.