Security Researchers: Apple iCloud Feature Enables $65 Million Scam

Tim Cook CEO of Apple laughing
Stephanie Keith/Getty

According to new research shared exclusively with Gizmodo, there are thousands of bots pretending to be Apple users browsing the web and looking at advertisements. The bots cost advertisers $65 million in wasted ads that never reach human users.

Gizmodo reports that according to exclusive research shared with the publication, thousands of online bots are pretending to be Apple users and browsing the web viewing advertisements.

Using a privacy feature called Private Relay, ad fraudsters are exploiting an enormous amount of traffic to advertise to bots, resulting in advertisers losing millions of dollars, according to researchers.

Apple has claimed that this tool has “built-in fraud detection” and that advertising platforms can place their faith in it, but researchers say the fraud has gotten worse since they first reported it to the company months ago.

The report found that criminals have been taking advantage of Apple’s Private Relay tool, which allows users who subscribe to iCloud+ to enable Private Relay to hide their web browsing activity and assign their device a dummy IP address to prevent tracking.

According to the ad tech firm Pixalate, which authored the study, the problem will cost US advertisers $65 million in 2022 alone. 90 percent of web traffic that looks like it is coming from Private Relay is, in reality, fraudulent, the study finds.

Apple users are not directly affected by the issue detailed in the report, according to researchers. Instead, ad fraudsters are impersonating Apple users. According to Pixalate, a publisher and tech firm, Apple’s reputation and the intricacies of ad tech are being exploited to sneak bad traffic past publishers and tech officials.

Amit Shetty, vice president of product at Pixalate, commented: “Apple says you can trust that connections through Private Relay are secure and free of fraud, so scammers are just presenting their traffic as coming from Apple. It seems like they’re just hoping people are going to put the traffic on ‘allow lists’ because it’s considered to be safe.”

Read more at Gizmodo here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan


Please let us know if you're having issues with commenting.