Mobile carriers do not give each phone its own public IP address. There are not enough IPv4 addresses to go around. Instead, hundreds or thousands of devices share a single public IP through a system called carrier-grade NAT (CGNAT). Every major carrier operates this way — T-Mobile, AT&T, Verizon, Vodafone, Jio.
Quick Summary TLDR
Quick Summary TLDR
- 1Mobile carriers assign shared public IPs to thousands of users simultaneously through CGNAT — there are not enough IPv4 addresses for individual assignments.
- 2A high mobile IP fraud score reflects the aggregate behavior of the entire CGNAT pool behind that address, not any individual device.
- 3Fraud scores fluctuate constantly as carriers rotate CGNAT assignments — a device can go from a clean IP to a dirty one without changing anything.
- 4Less congested carriers with larger IPv4 allocations produce cleaner IPs because fewer devices share each public address.
- 5Toggling airplane mode forces a new CGNAT assignment and usually changes the fraud score.
When a fraud scoring tool like IPQualityScore or Scamalytics flags a mobile IP, it is scoring the aggregate behavior of every device behind that shared address — not any one user. A carrier IP fraud score of 72 does not mean the person checking it is suspicious. It means the CGNAT pool behind that IP has accumulated enough negative signals from the collective traffic of thousands of users to trigger a high rating.
How Mobile IPs Are Actually Assigned
When a phone connects to a 4G or 5G network, the carrier's Packet Data Network Gateway (PGW) assigns it a private IP address, typically from the 10.0.0.0/8 range. A device might get something like 10.47.132.88 internally. That address is not routable on the public internet.
To reach websites, APIs, or anything external, traffic from that private address passes through a CGNAT gateway that translates it to a public IP. One public IPv4 address might have thousands of devices behind it at any given moment. Each device gets mapped to a different port range on that shared public IP. From the outside, all of those devices look like the same source.
How Carrier-Grade NAT (CGNAT) Works
CGNAT is a massive translation layer between the carrier's internal network and the public internet. RFC 6888 defines the common requirements for carrier-grade NATs, and RFC 6598 reserves the 100.64.0.0/10 address range specifically for CGNAT use within carrier networks. The technology was first deployed in mobile networks around 2000 to handle GPRS address demand.
Research from CAIDA confirms that thousands of autonomous systems use CGN today — many IPs publicly attributable to a carrier actually represent large subscriber pools, not individual connections. Each carrier's autonomous system (ASN) governs how those pools are allocated and announced to the broader internet.
The number of users sharing a single public IP varies by carrier size, region, and how aggressively the carrier has consolidated its IPv4 pools:
| Carrier Type | Devices Per Public IP | IP Rotation | Pool Size |
|---|---|---|---|
| Tier 1 US Carrier (Verizon, AT&T) | 500–1,500 | Every few hours | Large |
| Tier 1 European Carrier | 500–1,000 | Every few hours | Large |
| MVNO / Budget Carrier | 2,000–4,000+ | Every session | Small |
| Enterprise Mobile Plan | 50–200 | Sticky / static | Dedicated allocation |
Why Fraud Scores on Mobile IPs Are Inherently Noisy
Fraud detection tools like IPQualityScore, Scamalytics, and MaxMind work by tracking behavioral signals associated with an IP address: account signup volume, chargeback history, spam database presence, and automated traffic patterns.
For a residential broadband IP assigned to a single household, this model works reasonably well. One IP, one household, relatively stable behavior profile.
For a mobile IP behind CGNAT, the model breaks down. A single public IP shared by 1,200 subscribers in a metro area accumulates behavioral signals from all of them. If even 1% of those users trigger fraud signals — bots, throwaway accounts, compromised devices — that activity gets attributed to the shared IP address. The carrier IP fraud score climbs, and every other user on that same IP inherits the elevated score.
Cloudflare published research on this problem, documenting how IP-based security decisions applied to CGNAT addresses create "significant collateral damage" — particularly affecting users in developing regions where IPv4 scarcity forces carriers to pack more users behind fewer IPs. Their analysis showed that rate limiting decisions applied to CGNAT IPs disproportionately affected legitimate users, and that customers were more likely to rate-limit IPs that Cloudflare identified as CGNAT addresses.
Cloudflare's approach involves analyzing port allocation patterns and TTL values to estimate whether an IP is behind CGNAT before applying blocking rules. Spamhaus has documented the same operational challenge: CGNAT places many customers behind a single IP, making traffic attribution at the individual level structurally impossible. Most fraud scoring tools have not adopted this kind of nuance — they still treat every IP as if it maps to a single actor.
Why This Matters for IP Intelligence APIs
The IPQualityScore Proxy Detection API returns a connection_type field (Cellular, Corporate, Hosting) alongside risk scores. A connection_type of "Cellular" with a high risk score is almost always a CGNAT congestion signal, not an individual threat indicator. Factor this in when interpreting API results.
What a High Mobile IP Fraud Score Actually Means
A fraud score of 75 on a mobile IP means the public IP address — shared by potentially thousands of people — has accumulated enough negative signals from the collective pool to trigger a high rating. It does not mean the individual user checking it is suspicious.
Mobile IPs also rotate. Carriers reassign public IPs from their CGNAT pools constantly — sometimes every few hours, sometimes every session. A user can get a clean IP at 9 AM and a dirty one by noon without changing anything on their device.
Check any mobile IP using the IP address checker to see the carrier, ASN, connection type classification, and whether the IP is flagged. Then toggle airplane mode and check again — the IP will likely change, and the fraud score with it. That inconsistency is CGNAT rotation in action.
For a deeper look at how proxy type affects detection signals more broadly, see datacenter vs residential vs mobile proxies.
Less Congested Carriers Produce Cleaner IPs
Budget carriers and MVNOs tend to have smaller IPv4 allocations relative to their subscriber base. More users behind fewer public IPs. Their CGNAT pools predictably carry higher fraud scores on average.
Tier 1 carriers with larger IPv4 allocations spread their subscribers across more public addresses, producing lower per-IP congestion and cleaner fraud scores. Among US carriers specifically, Verizon tends to produce cleaner IPs than T-Mobile for this reason — Verizon has a larger IPv4 allocation relative to its subscriber base, fewer devices per CGNAT pool, and a more premium subscriber profile that generates less behavioral noise.
This is also why carrier selection matters for mobile proxy infrastructure. Proxies running on Verizon specifically benefit from less congested CGNAT pools that produce IPs with lower baseline fraud scores. A Verizon IP shared among 500 devices scores differently from a budget MVNO IP shared among 4,000. The carrier is the variable, not the proxy.
| Factor | Budget MVNO | T-Mobile | Verizon |
|---|---|---|---|
| IPv4 allocation size | Small | Large | Large |
| Devices per public IP | 2,000–4,000+ | 800–1,500 | 500–1,000 |
| Typical fraud score range | High | Moderate | Low–Moderate |
| Subscriber density per pool | Very high | High | Moderate |
Troubleshooting a High Mobile IP Fraud Score
How to Reset Your Mobile IP with Airplane Mode
Cycling the radio forces a new PDP context, which usually triggers a fresh CGNAT assignment with a different public IP. Toggle airplane mode on, wait a few seconds, then toggle it off. Check the new IP's fraud score before proceeding.
Check the IP before starting sensitive tasks. A quick lookup on IPQualityScore or the IP address checker takes a few seconds and shows whether the current CGNAT assignment landed on a clean or congested pool.
Switch carriers if consistently flagged. If a carrier's IPs are consistently scoring high, the carrier's CGNAT pools are congested. This is a carrier-level infrastructure problem, not something that can be fixed on the device side. Premium carriers with larger IPv4 allocations produce better results.
Do Not Assume the Device Is Compromised
A high mobile IP fraud score does not indicate malware, hacking, or unauthorized activity on the device. It indicates that the shared public IP behind the CGNAT has accumulated negative signals from other users on the same pool. Toggling airplane mode to get a new CGNAT assignment is the correct first step.
For professionals who need a consistent, known-clean mobile IP regardless of which CGNAT pool the device lands on, understanding dedicated vs shared mobile proxies explains why dedicated infrastructure eliminates this variable entirely.
FAQ
1Why does my mobile IP have a high fraud score even though I have not done anything wrong?
Because the fraud score applies to the shared public IP, not to any individual device. Thousands of users share that IP through CGNAT. The score reflects their collective behavior, not yours.
2Does using a VPN fix a high mobile IP fraud score?
It trades one shared IP problem for another. VPN IPs come from datacenter ranges shared by thousands of VPN users, and those ranges are heavily flagged by platforms. The fraud score may be different, but the underlying issue — shared IP, aggregate scoring — is the same.
3Is a high fraud score on my mobile IP a security risk?
No. A high fraud score does not mean the device is compromised or being monitored. It means the CGNAT pool behind the current public IP has accumulated negative behavioral signals from other users sharing that address. Toggling airplane mode to get a new IP assignment usually changes the score.
4Why do fraud scores on mobile IPs fluctuate throughout the day?
Carriers rotate CGNAT assignments. Each time the device gets a new public IP from the carrier's pool, it inherits whatever fraud score that particular IP has accumulated. Peak usage hours tend to produce higher scores because more users are active on the same pools.
5Can I get a dedicated mobile IP from my carrier?
Some carriers offer static or dedicated IP assignments on enterprise plans, but these are not available on consumer plans. For use cases where a clean, consistent mobile IP matters — development testing, account management, research — dedicated mobile proxy infrastructure provides carrier-grade IPs without the CGNAT congestion of consumer pools.
6Why does carrier choice affect fraud scores?
Carriers with larger IPv4 allocations relative to their subscriber base spread users across more public addresses, resulting in fewer devices per CGNAT pool. Fewer devices per pool means less behavioral noise per IP and lower aggregate fraud scores. Verizon's pools typically score cleaner than budget MVNOs for this reason.
7How does CGNAT relate to IPv6?
CGNAT exists because IPv4 addresses ran out. IPv6 solves this by providing enough addresses to assign a unique public IP to every device on the planet. But IPv6 adoption is uneven — India and the US lead at 60-70% of traffic, while much of Africa, the Middle East, and parts of Europe remain below 20%. Even on dual-stack networks where IPv6 is available, many platforms and APIs still resolve to IPv4, so CGNAT stays in the path. Realistically, CGNAT will remain the dominant mobile IP assignment architecture for years regardless of IPv6 progress, because the long tail of IPv4-only services keeps carriers from decommissioning their NAT infrastructure.
Wrapping Up
A high mobile IP fraud score is a reflection of CGNAT pool congestion, not personal compromise. Mobile carriers assign shared public IPs to thousands of users through carrier-grade NAT, and fraud scoring tools that treat each IP as a single actor produce misleading results on these shared addresses.
The one variable most people overlook is the carrier itself. Less congested carriers with larger IPv4 allocations spread subscribers across more public addresses, producing cleaner IPs at the pool level. If fraud scores are consistently high on a given carrier, no amount of airplane mode toggling fixes a structurally congested pool.
Consistent Mobile IPs Without CGNAT Noise
VoidMob's dedicated mobile proxies run on premium carriers with carrier-native DNS and configurable fingerprints — no shared CGNAT pools, no inherited fraud scores.