The Ad Fraud and Compliance (AFAC) research team at Pixalate has found a multi-million dollar ad fraud or invalid traffic (IVT) scam connected to iCloud Private Relay. Using a widespread “iP64” exploit, scammers have cost advertisers more than $65 million in 2022 in the United States.
In iOS 15, Apple introduced iCloud Private Replay as part of iCloud+ subscription that protects users’ privacy when browsing the web via Safari. The privacy feature hides users’ IP addresses and shares their approximate location, instead of the precise location to offer a more safer and secure browsing experience that is more private than VPNs.
Unfortunately, ad fraudsters have been exploiting the trust ensured by Apple’s iCloud Private Relay IP Addresses and aided by the “opacity of the ad tech supply chain.”
iP64 ad fraud scheme inserts iCloud Private Relay IPv6 and IPv4 addresses into ad request
Calling this ad fraud scheme “iP64”, the report details that scammers insert iCloud Private Relay IPv6 and IPv4 addresses into ad requests to fake the true source of the traffic. It is estimated that over 90% of iCloud Private Relay (iCPR) traffic may be invalid which is costing advertisers heavy losses.
- Pixalate estimates that the iP64 ad fraud exploit may cost U.S. advertisers $65+ million in 2022. To see how we arrived at this estimate.
- According to Pixalate’s data, 21% of Safari traffic claims to come from iCloud Private Relay (iCPR) IPs – but more than 90% of that appeared to be spoofed.
- Ad fraudsters may be trying to take advantage of misplaced scope of trust in the safety of iCloud Private Relay IP addresses.
Researchers suggest that the digital ad industry should block all iCloud Private Relay IP addresses as a defense against such attacks while developing an understanding of supply chains that deliver iCPR traffic and working with affected sellers.
We believe that the best way to fight this type of IVT is to have a good understanding of the Supply Chain, analyze the sources of this form of IVT and work with those sellers to reduce potentially misrepresented traffic.