How does the issuance of mobile addresses work? How to adapt the software?

How to get the IP addresses of mobile devices?

Each user accessing the Internet via the network of a mobile operator, receives an IPv4 address of the form XXX.XXX.XXX.XXX

There are only 4.5 billion IPv4 addresses in the world and all of them were distributed between organizations in 2011.

Mobile operators have only a few thousand unique IPv4 addresses (about 4000-8000 per operator), while operators have millions of subscribers.

(MTS, about 77 million subscribers, Megaphone about 74 million subscribers, Beeline about 58 million subscribers, Tele2 about 38 million subscribers according to the data of 2016)

Every year, on average, 30 million smartphones are being sold in Russia.

What does all of this mean?

This means only one thing: for thousands of subscribers there are only a few addresses.

In reality, THOUSANDS of subscribers at the same time get IDENTICAL external, public, WHITE IPv4. Exactly this address is determined by servers of social networks such as (Instagram, VK, Avito, Facebook, Youtube, Search engines, ReCapture systems and others).

Operators distribute addresses from their PULL (IPv4 networks leased by telecoms operators) using NAT technology, i.e. the user's device, which is connected to the operator’s network, receives the internal address of the operator (unique in the operator’s network) and uses the Internet along with other users through one of the IPv4 white pool addresses.

When does the external IPv4 address of the mobile device change?

Contrary to a mistaken opinion, the external address does not change when moving from a base station to a base station. It can change only when the network is lost or when switching from one network mode to another (for example, 4G-3G-2G).

At all other times, the external address, regardless of the user's location, does not change within the same region, but when moving from region to region, there will still be a loss of connection, and therefore a change of the external IP.

How do services separate bots and multi-accounts from real users?

A real user cannot perform actions according to an algorithm, his actions are randomized and related to psychology:

1. Typical user behavior per day:

Open Instagram, scroll down, “like” something, leave a comment, close for a few hours. (During the action, the address usually does not change).

2. The sequence of changes in the address of a group of users cannot be the same, many users use the same address, but these users are constantly changing, respectively, accounts must change with all device identifiers.

3. Today, mobile apps transmit to target servers not only information about user actions in the app, but also a lot of service data, such as device number and model, screen resolution (canvas), operating system type, time zone, connected network, etc.

4. If the data, read from the device, does not coincide with the data that can be obtained from public sources about the IP address, then accounts that perform actions with suspicious service data will get under suspicion. With mobile addresses, you cannot get under suspicion, because the address is shared between tens of thousands of ordinary users.

4. Besides, according to the fingerprint of the network stack of a specific operating system, it can be determined from which operating system the connection was perfomed. (Passive OS Fingerprint)

5. Any modern service (for example, Facebook, immediately determines whether the mobile operator’s NAT or the address of another provider or the data center’s IP address is used). Only mobile addresses have the highest degree of trust on the part of the service, as there are many people using them, but few addresses.

How does he do it? It is very simple, according to the databases of autonomous stations (AS / Whois). With their help, the owner of the white IP address can be easily determined.

An ordinary user does not use Facebook / Instagram via Amazon IPs (AWS) or other datacents (It makes sense ;))

What does all of this mean?

This means that when developing software for bots and setting up automation of actions, it is necessary to consider:

1. Behavioral features of users (for example, on average, one user spends about 2 minutes on Instagram per session).

2. The transfer of service information about the device from which the original app should be launched.

3. The coincidence of the User-agent and Passive OS fingerprint (Well, it cannot be so that a normal, average user runs “Firefox” (“Windows” version) on “Linux”).

4. The coincidence of user’s information (biography, language) with geolocation of the IP address.

5. The coincidence of the time zone of the device and the time zone of the IP address.

6. Should not be detected the use of a proxy or VPN via Flash, JavaScript, WebRTC.

7. Do not forget to clear the system data and cache, cookies and fingerprints, when using multiple accounts.

8. Control the connection “account - IP address” and change the address along with the change of accounts, it is desirable to randomize the delay action. (The artificial intelligence of modern bot detection systems determines similar algorithms and blocks accounts).