Check the status of iCloud Private Relay

Question

meacod OP

Created Sep ’21

Replies 3

Boosts 0

Views 2.7k

Participants 4

Hello all,

I'd like to understand if we have a mechanism for an app to understand if a user has activated iCloud Private Relay in iOS 15.

Private Relay introduces some unexpected behaviour in my application, and I'd like to prompt/warn users of this fact if and when they make the choice to activate this feature.

I understand if the device is supervised this feature can be controlled, but my app mainly runs in an unsupervised context so that is largely not useful for me.

Answered by in 688354022

Hello fonstok. You don't state what your app does that causes it issues with Apple Private Relay, nor what kind of issues your app is having. It's unusual that your app would need to worry about the type of network it's on. What are these unexpected behaviors?

I would suspect you'll want to update the app to handle Apple Private Relay rather than trying to warn users about it.

If you're a network admin and you have audit policies in place, or you rely on a unique IP address, you will want to review Prepare Your Network or Web Server for iCloud Private Relay.

—jasonag.

Boost

Answer 1

OP

Apple

Sep ’21

Accepted Answer

Hello fonstok. You don't state what your app does that causes it issues with Apple Private Relay, nor what kind of issues your app is having. It's unusual that your app would need to worry about the type of network it's on. What are these unexpected behaviors?

I would suspect you'll want to update the app to handle Apple Private Relay rather than trying to warn users about it.

If you're a network admin and you have audit policies in place, or you rely on a unique IP address, you will want to review Prepare Your Network or Web Server for iCloud Private Relay.

—jasonag.

0

Answer 2

Povlhp OP

Sep ’21

You can check if the user is accessing your backend from one of the listed egress IP addresses.

But you should not worry about network infrastructure as jason says. You request web resources, and gets them. And your backend should handle multiple users behind the same IP. This is pretty normal. Use session cookies to track users.

Denial-of-service mitigations like throttling requests based on IP is impossible with carrier grade NAT and has been for a long time. One ISP might already have 65000 users using the same IP to access your site. To do the throttling you need to implement something else. Say an access token (cookie) on which to track # of requests. And then have some progressive delay in issuing tokens to the same IP address. Say issue first one immediately. Next request from same IP would have to wait a random time say up to 1s, then if a new request within 1s, way between 1 and 2s etc. You would assume visitors from same IP to trickle in, so the admission delay would usually not be a big issue.

0

Answer 3

lbc OP

Oct ’21

I'm running into another case where it would be good to know if iCloud Private Relay is enabled: It breaks port 80 traffic for my PacketTunnelProvider. There are others also reporting this, e.g. https://developer.apple.com/forums/thread/687630

It would be better to have a fix specifically for that issue, but lacking that, I can at least implement a fallback if there was some way to programmatically detect if Private Relay was enabled.

0