> Heck, they haven't even exposed it unless you are a megacorp.
Cell phones surface the SHAKEN/STIR attestation status to the user via a checkmark in the telephone UI.
If you want to programmatically act on that data to filter calls... Android provides access to the attestation level via the android.telecom.CallScreeningService API. (I can't speak to what iOS provides.) For VoIP, many providers will also either pass along the attestation level in the SIP headers or by appending some text to the Caller ID string.
IMO the attestation level isn't really actionable data though. A legitimate call may come through missing attestation for reasons that are not malicious. Similarly for things like B2B, the calls themselves may be attested and legal, but I'd still want to block them. We really need to be able to get the entire payload.
If end users could directly and simply block carriers that waste their time by delivering shit calls, this entire issue would have worked itself out years ago. I just don't think that the current strategy of having the FCC yell big numbers at foreigners is really doing all that much...
Cell phones surface the SHAKEN/STIR attestation status to the user via a checkmark in the telephone UI.
If you want to programmatically act on that data to filter calls... Android provides access to the attestation level via the android.telecom.CallScreeningService API. (I can't speak to what iOS provides.) For VoIP, many providers will also either pass along the attestation level in the SIP headers or by appending some text to the Caller ID string.