Mobile-Origin Traffic! Most web security teams use different mobile/fixed line traffic rules and rarely speak about it publicly. It’s quite deliberate, and fraud detection systems are designed with this baked in.
If you’ve been curious about why mobile clients almost never get a CAPTCHA and office clients get one on average every five minutes, curiosity is justified. This has tangible negative impacts on clients with large web operations.
The Weird Way Mobile Networks Handle IP Addresses
Mobile operators like T-Mobile, Vodafone, and Airtel give their clients no static IP. Instead, it’s a model referred to as Carrier-Grade NAT (CGNAT), where a few thousand clients use one IP. Units on the mobile network tower (of 4G in this instance) in London could potentially use the same IP as many as 3,000 phones concurrently.
This creates problems for platform security teams. Blocking one mobile IP could mean blocking one of thousands customers. This is the specific problem early anti-fraud systems focused on, where mobile IPs were flagged for fraud detection and resulted in a lot of paying clients, losing customers.
Detection wasn’t the problem. It came down to the reclassification of mobile traffic. This is why 4G proxy traffic and regular traffic are almost indistinguishable, and why a consumer mobile network flag can flip the entire risk threshold.
Why Datacenter IPs Get Treated Like Suspects
Cloudflare and Akamai application firewalls maintain internal reputation rankings for each IP range. Datacenter IPs usually belong to ASN ranges controlled by major data centers like AWS and Google Cloud. Datacenter IPs are usually avoided since server racks are rarely filled with actual users.
Mobile IP addresses are viewed more favorably. CGNAT and Carrier Grade NAT were implemented when many mobile providers exhausted their range of IPv4 addresses, as stated in RFC 6888. They are standard among nearly all mobile networks. The platforms would forgo blocking mobile IP address ranges temporarily, as there are many more real users using some of these IP addresses.
Security by Google supports this theory. In their study, one of the top indicators as to whether users would be redirected to a challenge page or a thank you page was the connection the users were attempting to make.
The Friction Tiers Nobody Talks About
The security protocols of platforms are not applied evenly. In this event, the upper levels are reserved for datacenter traffic, and the lowest for mobile carrier traffic. Counting behavior analytics, in this event, means there are aggressive finger printing and CAPTCHAs.
This is a common situation. For Akami, increasingly more bot operators and mobile networks are all aware of the same thing. What has changed is not the IP address reputation, but the many layers of behavior and origin network versus device signals.
The reasoning for taking a tiered approach remains the same. Users are directly affected by a blocked mobile IP. A blocked datacenter IP only affects a single customer wide open to the public, who was probably committing a violation that warranted his browsing.
Where This Actually Hits Businesses
E-commerce teams are at a huge disadvantage to competing teams due to launches. Monitoring tools that use datacenter IP’s are ususally blocked or throttled, while the same requests send and complete via unrestricted mobile IP’s. The requests and the data are identical, the only difference is mobile was used.
Ad verification is a huge issue, and a common point of contention. The brands that need to know how the these ads are displayed due to market are looking for these ads as real mobile users would. A datacenter check would shift the entire ad-serving path, disallowing what would otherwise be useful verification. Ad delivery systems are dependent upon the type of ad connections, ad profiles, and ad locations to cater to the needs described within the online advertising section of the Wikipedia overview.
ALSO READ : Eurogamersonline Console vs Mobile Gaming Guide
Where This Is Headed
The gap between mobile traffic and all other types of ad traffic is not being resolved. The newer implementations of 5G are not helping the issue at all, and mobile is the more preferable method to connect. 59% of visits to the internet are due to mobile. The only thing getting worse is the focus and bias towards mobile ad traffic.
If you work in web operations, you know that connection type is a far more significant detail than most. It is a factor that separates successful requests from blocked ones. Ignoring this detail leads to more CAPTCHAs and bans, resulting in a significant loss of time. Recognizing this detail is, most of the time, the most sensible option.
