Robocallers are a massive problem in the U.S. At YouMail, we estimate there were 30 billion robocalls in the past year, so it’s no wonder that they’re the #1 consumer complaint to the FTC and the FCC.
One way to stop robocalls is for consumers to download and use high-quality robocall blocking apps.
Unfortunately, these apps are only as good as the capabilities of the underlying handset. And Apple’s iOS makes it difficult for apps to stop calls from illegal or spoofed numbers and all but impossible to use white lists or very dynamic blacklists. On top of that, it makes it difficult for users to give apps the permissions they need to work.
The end result?
On average, if you have an iPhone, you’re going to be bothered by robocalls much more than if you have an Android phone.
Our data shows that iPhone users get 22% more scam calls, 32% more payment reminders calls, and 25% more telemarketing calls.
Why is that? And what can be done about it?
The Core iOS Approach: A Block List
The iOS approach is based on a block list. Apps provide the iPhone a list of numbers to block, and when a call comes in the iPhone uses that list to decide whether to ring the phone or to decline the call.
Sounds simple enough, but this approach fails miserably to address caller ID spoofing – where scam robocallers simply pick any number they want for the caller ID. Apps want to block any number that’s inherently illegal (invalid area code or prefix between 000-200) – but that’s around 7.6 billion different numbers. It’s silly to do that as a massive list instead of a simple rule. It’s not just theoretical, either. The scammers love picking completely random numbers, like this one.
It gets worse. There are about 2.4 billion legal numbers in the US and Canada. Of that set, an estimated 300-600 million are in use at any one time. That leaves 1.8-2.1 billion more numbers that should never be making calls – which are constantly changing as numbers go in and out of service. So a list of numbers or a simple rule won’t work, and determining if a number is in service generally requires real-time dips in various databases.
In theory, carriers could address this at the network level. The FCC has given permission for wireless carriers to block certain calls. There is also a path to have authenticated caller ID – which in theory stops number spoofing. However, it’ll take time for most carriers to roll out call blocking and caller ID authentication, and they aren’t required to, only allowed to, so there will always be carriers that lag behind. In the meantime, iPhone users are all but defenseless against these blatantly illegal calls.
Finally, spoofing is not the only problem. There’s a growing body of consumers who want more than black lists. We hear constantly from our users that they only want incoming calls from their contacts or known “good numbers”. But blacklists are inherently designed around bad numbers, so there’s no easy way to provide a good number list – and a white list can be very large too. More generally, having a block list puts severe constraints on the creativity of app developers – and who knows which clever app developer will find a great solution no one thought of if the handsets put fewer constraints on them.
Implementation Issues with the iOS Approach
Not only is a block list insufficient, but the iOS implementation is flawed.
The basic idea is that an app supplies an initial block list when the user gives the app permission to block calls. As things change, the app can then update the block list by replacing it.
This is fine if the block list is a few hundred numbers. However, the YouMail list of just the legal numbers exhibiting bad behavior in calls to users in our base over the past 30 days is well over 500,000 numbers, and changes moment by moment, such as when we get new data on a given number we have never seen before.
That’s a ton of numbers to load, and these numbers have to be added one at a time in iOS, eating up processing and battery life with every update. And there are lots of updates, as the list of bad numbers constantly changes. Each hour, we spot up to 5000 new numbers with bad behavior or previously bad numbers now behaving well. And this is on top of any numbers a given user may individually decide should be blocked going forward. That means, at least once/hour, the app has to wipe out and regenerate the entire block list – which means apps have to wake up frequently and do a lot of work to keep the list up to date.
It can’t get worse, right? But if that weren’t bad enough, iOS makes users jump through hoops to turn on blocking: leave the app, go to settings, go to phone, go to blocked and caller ID settings, give the given app permission.
That’s a lot of work. Over half of our users fail – despite our guiding them on what to do – and then are disappointed when the phone rings with “IRS Scam” calling.
Further, once they’ve successfully granted the permission, the users have to watch a spinner for a decent amount of time for the block list to load, with that time getting longer as the block list gets bigger.
So How Could This Be Done Better?
One straightforward alternative is similar to what Android does.
- Let apps register to be woken up when a call comes in, with iOS notifying the app when a call comes in, letting the app grab the calls it wants to handle specially – such as suppressing the ringer, hanging up, or sending to voicemail). This dramatically increases flexibility, while providing constraints that limit bad behavior. And apps generally can’t behave badly, since the disposition of calls appears in the call log, providing visibility into what the app did.
- Add a “call answering” permission, so an app can’t get ahold of calls without the user specifically giving them that permission. This can be a standard permission like push notifications or contact list access, which users are used to.
There are, of course, other approaches, but something along these lines would dramatically improve the ability of apps to move beyond blacklists, or instead efficiently maintain and manage their own internal blacklists. Further, it would make it dramatically easier for users to use and be protected by apps that would prefer to make server-based decisions to handle all calls a user might have.
In theory, Apple’s block list approach is well-intentioned: it is designed to minimize risk to the user by preventing apps from silently taking over their calls and doing bad things.
However, the unintended side effect is that iPhone users wind up getting exposed to far more unwanted and scam phone calls, which are not only annoying but carry substantial risks.
So unless Apple wants to see the gap keep increasing – and iPhone users get more and more robocalls than their Android brethren – it is time for the Apple to step up and makes changes that support a vibrant and effective call blocking app ecosystem. But in the mean time, the easiest way for iPhone users to get fewer robocalls is to switch to Android and start using a good calling app (like YouMail).