Sorry, Apple, but your fix for phone spam isn’t good enough

Unwanted calls to mobile phones are by no means a new nuisance. But my company, Hiya, tracks call blocking, and we’ve noticed a meteoric rise in fraudulent activity — a 65% year-over-year growth in the number of spam calls our users receive. Just one example: Thieves have bilked some $36.5 million out of 6,400 victims this year with an IRS-based scam. Callers claim to be from the IRS and ask for money to be wired to make up for back taxes.

Above: Share of scam and fraud calls among all unwanted calls received by Hiya users.

Growth in phone spam can be explained easily as an economics equation. The value for the spammer conducting the scam has gone up and the cost to conduct the scam has gone down. Loose regulations and convoluted technology has made it easier for the bad actors to perpetuate this fraud. This is compounded by the fact that the cost of making calls in this day and age is quickly approaching zero.

Phone calling is also a lucrative medium for scammers, since it is now the only unprotected line available to users. Other avenues such as email, websites, malware, and phishing are much better protected than they used to be.

Against this backdrop, it’s encouraging that Apple has finally acknowledged the phone spam problem, inching closer towards giving consumers more control of who calls them. At the Worldwide Developers Conference this month, Apple outlined plans to include a new “Call Directory extension” in iOS10 that will let app developers build anti-spam features. While that’s an improvement over the phone scam protection that Apple has offered before, it still leaves consumers dangerously vulnerable. Apple needs to begin offering the same protection that Alphabet/Google does on Android.

Apple’s closed environment

From the beginning, Android has been an open system, where, with the user’s permission, an app can register to be notified when a call is received. When this happens, apps can take the incoming phone number and contact their services to determine the name and spam classification of the caller. Then a customized interface is created leveraging Draw-on-top APIs to display this information right on the screen while the phone is ringing. This has never been possible on iOS.

Similar to other aspects of iOS, the phone platform prior to iOS 10 has been completely closed to apps. The workaround for developers has been to populate the address book with known spam phone numbers. The catch is that you can only add about 1,000 phone numbers per contact before it starts severely degrading performance. So, the way to get the edge as an anti-spam app is to come up with the best 1,000 numbers, those that are most harmful.

iOS 10’s CallKit Directory Extension makes this process a little more streamlined. Developers still do not have access to call notifications. Apps cannot do live Caller ID or spam check. But they can now provide two lists that the phone app checks when a call comes in: Blocking List (list of numbers to block) and Identification List (list of numbers to identify). While Apple has not officially announced the size of these lists, I gleaned from the WWDC developer session on CallKit and from talks with Apple developers during Support Hours that the number is north of 100,000 (at least, that’s the number Apple is shooting for; it may change between beta 1 and final release).

This is a big improvement, but it doesn’t address the fact that criminals frequently generate new numbers. There are also some six billion+ mobile phone numbers in existence. In such a dynamic environment, stockpiling even the worst one 100,000 numbers isn’t a fix.

A persistent problem

Ideally, Apple would offer the same kind of technology that Google does, which would go a long way towards thwarting this menace. To really root it out, though, protection measures need to be implemented inside the mobile operator network. Network-based protection is the only way to protect landlines, which often get more spam calls and have no option of downloading a protection app.

There is some progress in this area, but it’s been slow going. For instance, last year, the FCC gave the nation’s phone companies the authority to block phone numbers from robocallers if consumers request it. (While not all phone scams come from robocallers, many originate that way.)

Despite the ruling, telecoms have been slow to embrace the measure. Responding to the move, the U.S. Telecom Association, a trade group representing landline providers, lamented that, “Unfortunately, there is no single technological solution to solving this problem, particularly given the recent widespread abuse of spoofed numbers by robocallers.”

Another reason for hope is the so-called Robocop Act, a proposal Congresswoman Jackie Speier of California introduced in April that has languished in committee since then. (New York Sen. Chuck Schumer introduced a Senate version of the bill in June.)

While the government action is encouraging, as criminals increasingly turn to phone-based scams to rob and terrorize U.S consumers, don’t hold your breath waiting for the government and the telecoms to solve this. At the moment, handset providers offer the best defense against phone spam. Apple’s enhancement for iOS10 is a step in the right direction but is still far from what consumers need. Maybe we’ll get it in iOS11.

Mayur Kamat is Vice President of Communications Experience at Hiya. Prior to Hiya, he was part of the founding team of Google Hangouts and also drove product and business strategy for Google Voice and its integration with Hangouts.