Making Dating Safer: Increasing User Authenticity with iOS DeviceCheck
Introduced in iOS 11, iOS DeviceCheck is an Apple innovation, a way to guarantee your app is running on a valid Apple device while maintaining absolute user privacy. This feature enables a wide spectrum of applications, including toggling promotional offers on a certain device, linking purchases to specific user accounts, auditing devices for fraudulent activity, and making it far more difficult for abusive users to return to your application.
Our Use Case
The Meet Group implemented iOS DeviceCheck primarily to prevent bad actors from returning to our mobile applications after our moderation team removes their accounts due to spam, scam, or other abuse signals in their behavior. This is aligned with our Commitment to Safer Dating and specifically to our 2020 goals for Device Blocking, for now only available on iOS.
- iOS DeviceCheck allows storing 2 bits of information per device, thus enabling up to 4 different states for each device ( 00, 01, 10, and 11 ).
- TMG currently uses only 1 bit, which defines whether the device should be permitted to log into our services. We check this bit on every attempt to sign up or log in, and we set it to “don’t allow” when a device is determined to be associated with an abusive user account.
- Importantly, iOS DeviceCheck never identifies the physical device to us; it simply tells us the status of that bit
The reason for using 2 tokens for 2 different actions is simple, DeviceCheck tokens are single-use tokens, so once we read bits from apple using token A, it becomes obsolete and we need to use token B to write bits.
Why This Matters
While app makers are generally eager to attract as many users as possible, there are some cases where they need to be able to limit their app’s availability for the wellbeing of the product or service. Similar to a retailer wanting to block a device that has been known to use stolen credit cards, dating and social networking services are eager to block devices that have previously made fake profiles, sent bad content like spam or attempted scams, or proved otherwise disruptive to the community (e.g. hate speech or sexual harassment).
There previously hasn’t been a platform-approved way for apps to reliably block these bad actors while simultaneously guaranteeing the privacy of smartphone users. But with iOS DeviceCheck, Apple continues to prevent apps from tracking its users at the device level, while enabling anonymized blocking of select devices.
Within days of deploying DeviceCheck to stop devices that had previously violated the app’s Terms of Service, The Meet Group observed an abrupt double-digit-percent reduction in abuse reports received, demonstrating a clear improvement to the user experience for the vast, well-behaved majority of our community. In the following weeks, there was an equally large reduction in-app store reviews complaining of abuse on the app. Thanks to DeviceCheck, we’re finally able to keep known-bad-devices off of our app, resulting in a more authentic online community with much less abuse.
DeviceCheck had an immediate impact on stopping fake account creation and continues to have a consistent impact.
Blocking devices on login attempts has been especially useful for stopping large attacks using devices to attempt fake logins.
In summary, using the platform-provided DeviceCheck functionality has
- Prevented on average 3k logins per day from known bad devices
- Prevented on average 12k new sign-ups per day from known bad devices
- Blocked on a single day 7.5 million malicious logins
TMG Implementation Details
The architecture requires a server-side implementation to manage the calls to Apple DeviceCheck, indicated by TMG API. The server-side implementation, simplified below, is a bridge between the client, Apple, and our internal moderation systems.
Apple’s DeviceCheck system perfectly protects being able to identify specific devices, but with that also comes the inability to easily unblock a device. To unblock a device we work with our users and once verified we set an internal mechanism to unblock a device for a specific user on their next valid login. TMG API will indicate to the device to get a write token, then with this token, we will reset the bit to zero, effectively unblocking the device.
Platforms Provide Security and Privacy
The platforms we run on, like iOS, are not isolated environments that we can ignore; they are part of the value we provide to our users. DeviceCheck is a great example of security and privacy which is included in the platform. Both Apple and Google have been doing more to protect users and we are excited to be working towards similar capability on Android with SafetyNet. The new Attestation and Verify Apps API will provide a new level of safety protecting our community from the abuse of malicious Android devices.