Fraud detection falls into many of the same pitfalls as DRM. Doing it well requires you to do a bunch of stuff that’s likely to cause binary compatibility problems down the line. In general, DTS doesn’t support such things, except for Apple provided systems.
Apropos that, Apple provides two APIs that are relevant to this:
To learn about those, see the Device Check framework docs.
Given the above, I have to be careful when answering questions like this. I’m only going to recommend things that I believe will work in the long term. If you search around on the ’net you will likely find other answers. It’s not uncommon for those answers to be based on implementation details, things that might change in the future and thus cause you compatibility problems.
Oh, one other thing. Lots of your questions are phrase as “can we”, leaving two possible interpretations:
My focus is on the first. I don’t work for App Review and can’t give you definitive answers about their policies.
So, with that in mind, let’s get back to your questions:
Can we check the presence of a telephone conversation if we are not a VOIP application?
No. You might be able to make some progress on this front with Core Telephony but that framework was specifically design for VoIP apps and is not intended to be use for fraud detection.
Can we check the presence of installed programs using Universal Link and canOpenUrl(_:) method?
Yes and no.
That API was designed to allow apps to improve their UI by disabling options that don’t make sense on specific devices. For example, it allowed apps to hide a Call This Person button on iPad. It was never intended to be used as a mechanism to survey the available apps on the system.
iOS does not, in general, have a mechanism for app A to tell whether app B is installed. There are some limited cases where canOpenUrl(_:)
works for this, but that runs counter to the overall platform goals. As such, we’re applied increasing technical restrictions to it over time. If you use it for this, you may well run into further restrictions in the future.
Can we read "SCOPED" key from CFNetworkCopySystemProxySettings() dictionary?
Well, yes, obviously. However, it sounds like you’re trying to infer the presence of a VPN from that property, which is not valid. It yields both false positives and false negatives. That is:
There isn’t a good way to check for the presence of a VPN, partly because there isn’t a good definition of a VPN. For example, is iCloud Private Relay a VPN? Well, it depends on your point of view. And the answer might change when you look at third-party relays.
You can check the interface type used for a specific outgoing network connection. I have lots of backstory to that in the various posts hung off Extra-ordinary Networking. However, I very much doubt you’ll be able to build a reliable fraud detection mechanism based on that.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"