Trends
Ad fraudsters may be spoofing iCloud private relay traffic
Pixalate, the global market-leading fraud protection, privacy, and compliance analytics platform for Connected TV (CTV) and Mobile Advertising, today released new research examining adoption of Apple’s iCloud Private Relay, technology designed to protect iCloud+ users’ privacy by obfuscating their IP address.
According to Pixalate’s research into 70 billion open programmatic ad impressions from Safari browsers between May-August 2022, 21% of Safari traffic – across both Mac OS X Safari and iOS Safari – is associated with an iCloud Private Relay IP address. However, Pixalate detected the privacy-protecting tech in only 2% of such purported Safari traffic.
Based on Apple’s explanation of iCloud Private Relay and how it is designed to function, these results appear to be unexpected and could be either an intentional misrepresentation of traffic (IVT) or a failure of the iCloud Private Relay to hide users’ true IP addresses.
“Advertisers and DSPs should be aware of the increasing use of iCloud Private Relay and the loss of transparency about the user that results from this privacy-protection technology,” said Ian Trider, VP of RTB Platform Operations at Basis. “In addition, DSPs and exchanges should be mindful of what appears to be a growing trend of bad actors spoofing iCloud Private Relay IP addresses in bid requests. Additional protection solutions may be necessary to prevent this misrepresented traffic.”
Key takeaways
- iCloud Private Relay traffic appears to be associated with around 21% of traffic analyzed by Pixalate and purported to come from Apple Devices on both mobile and desktop Safari.
- The cases where an iCloud Private Relay IP address is referenced is increasing. This number has doubled over the past 6 months (from about 10% in February 2022 to about 21% in August 2022)
- However, there appear to be discrepancies that are not in line with Apple’s description of the expected behavior of most of the traffic.
- Only around 2% of Safari traffic from Apple devices was detected as originating from an iCloud Private Relay IP and exhibiting the expected behavior of devices behind iCloud Private Relay, hinting at the actual adoption rate of the service. As such, most of the traffic purporting to be iCloud Private Relay may instead be invalid traffic (IVT).
- It appears, therefore, that fraudsters may already be trying to take advantage of the concept of iCloud Private Relay. While Pixalate is able to detect this form of IVT and protect our clients, the number of such attempts seems to be growing.
Unless iOS 16, expected to be released next month, makes significant changes that increase overall adoption of iCloud Private Relay, the actual amount of valid traffic with iCloud Private Relay / Obfuscated IP addresses may still remain relatively low.
Apple developed iCloud Private Relay as a means to allow iPhone, iPad and Mac users to connect to the internet in a secure and private manner. The use of iCloud Private Relay is significant to sellers and advertisers because it is designed to hide users’ actual IP addresses, reducing accuracy of user profiles, and could affect the bottom line of publishers and sellers. This is one of several privacy initiatives from Apple, along with the removal of 3rd party cookies and limiting Identifiers for Advertisers (IDFA). BCS Bureau