(no title)

I can tell you that any kind of "abnormal" combination of system metadata (basically sysinfo) was technically frowned upon by that team, and of course, the system was designed by that team. So, say you had a rooted Android (we had solutions for all devices out there; pretty much) - naughty boy, the system suspected you of spoofing GPS - instant reject, disabling GPS - it was not a mandatory permission in the app (and we asked for it only for some clients) – but it didn't like it, you had changed the default resolution of the system - suspicious, we also captured typing/tapping speed (not only for text entry but also for interacting with the interface) - too fast was considered weird because you were not supposed to have known our interface (because it was interact once or twice in a lifetime or years, kind of thing).

I am speaking more from memory of new joinee intros and rare discussions with the team. The team was kinda "different," so other teams just wanted to avoid them and also wanted them to stay away from other teams. So a lot of things might not sound exciting, might not be accurate either and these are not technical observations anyway.

Another aspect I just remembered. Say you had an app list (oh, we read that too) that matched with known fraudulent actors datasets, you had app(s) that showed you were not well off (we served a lot of instant loan givers around the world), you had an old phone, your OS was very old – all these things were taken into account, along with your PII (which were of course mandatory), when their backend received the data and we gave the final reco/score to the client's system in the API response.