Pixalate Study Finds Ad Fraudsters May Be Spoofing iCloud Private Relay Traffic

Pixalate, the global market-leading fraud protection, privacy, and compliance analytics platform for connected TV (CTV) and mobile advertising, released new research examining the adoption of Apple's iCloud private relay, a technology designed to protect iCloud+ users' privacy by obfuscating their IP address.

According to Pixalate's research into 70 billion open programmatic ad impressions from Safari browsers between May-August 2022, 21% of Safari traffic - across both Mac OS X Safari and iOS Safari - is associated with an iCloud private relay IP address. However, Pixalate detected the privacy-protecting tech in only 2% of such purported Safari traffic.

Based on Apple's explanation of the iCloud private relay and how it is designed to function, these results appear to be unexpected and could be either an intentional misrepresentation of traffic (IVT) or a failure of the iCloud private relay to hide users' true IP addresses.

"Advertisers and DSPs should be aware of the increasing use of iCloud private relay and the loss of transparency about the user that results from this privacy-protection technology," said Ian Trider, VP of RTB platform operations at Basis. "In addition, DSPs and exchanges should be mindful of what appears to be a growing trend of bad actors spoofing iCloud private relay IP addresses in bid requests. Additional protection solutions may be necessary to prevent this misrepresented traffic."

To view Pixalate's full study, please visit here.