TikTok fingerprinting on US mobile IPs: a 2026 teardown

What's in scope

This is an operator-level reading of TikTok's US-facing integrity stack as of Q2 2026, based on observed behavior across real rotation. It is not a leaked spec, not insider info, and not exhaustive. Treat it as a working model that matches the behavior we see; update your own understanding as yours diverges.

The model covers:

• Mobile IP reputation signals
• Carrier-ASN + BGP path weighting
• Device + advertising-ID correlation windows
• What shifted between 2024 and 2026

The high-level stack

TikTok's US integrity pipeline appears to combine at least four signal layers into a composite "is this session credible" score:

1. IP reputation — per-IP and per-ASN history signals, including whether the IP has been observed hosting TikTok scraping or inauthentic content behavior in the prior 90 days.
2. Carrier-ASN class — whether the IP announces from a US mobile carrier ASN with a clean BGP path to TikTok's edge.
3. Device fingerprint — a device-level identity signal spanning IDFA/AAID, UA + capability fingerprint, and TikTok-app-specific canvas/WebGL signals on web.
4. Behavioral pattern — interaction timing, scroll patterns, engagement lifecycle, correlated against "real user" baselines.

Each layer feeds a composite score, and the score gates actions — content posting, comment posting, profile edits, login — with different thresholds per action.

What shifted in 2024–2026

Three meaningful shifts from the 2024 baseline:

The 14-day identity correlation window

Pre-2025, TikTok's identity correlation was shorter — a few days at most. The August 2025 iOS app update extended it: advertising ID, device fingerprint, and carrier-ASN + route now correlate across a rolling 14-day window. An identity that flips between T-Mobile Chicago and Verizon Atlanta inside that window is scored "unstable identity" and starts hitting captcha on content posting.

This is the single biggest operational implication of the 2025 change. It reshaped what "a good mobile rotation" looks like: not many carriers on many DMAs per account, but one carrier + one DMA held consistently over the 14-day window per account.

Carrier-ASN + route, not just ASN

Before 2025, announcing from a carrier ASN (T-Mobile AS21928, Verizon AS22394) was enough to clear the carrier-class check. TikTok inspected the source ASN and called it done.

After the 2025 integrity rollout, TikTok's stack inspects both the source ASN and the BGP path. A T-Mobile AS21928 IP that announces from a non-carrier path (rebrokered mobile IPs, common on cheap mobile proxy pools) fails the path inspection and gets scored "announced ASN, unexpected route." These don't get hard-blocked but do get shadow-scored — content reach drops, recommendations stop surfacing.

This is the check that kills laundered mobile pools. Proxaro's T-Mobile exits route through the legitimate T-Mobile core — you can verify the BGP path back to peeringdb's AS21928 peering records. Laundered pools can't.

DMA-aware gating on content creator features

TikTok's 2025 creator-economy push added DMA-aware gating on some creator features — specific monetization eligibility, certain live- streaming abilities, regional brand-partnership programs. These gates read the exit's resolved DMA (not just country or state) and grant or deny the feature accordingly.

For creator-adjacent automation, this means DMA-pinned rotation — not just country-pinned — is the only way to reliably reach creator features.

What the stack weights, ranked

From most-weighted to least (operator's working estimate):

1. Device fingerprint stability — a device fingerprint that changes between sessions is the biggest red flag. Operators who randomize device fingerprints between accounts get hit here.
2. Carrier-ASN + route match — clean carrier path vs laundered.
3. Identity correlation over 14d — stable IP + stable device over the rolling window.
4. Behavioral interaction lifecycle — is this session acting like a real-user session in terms of timing, taps, scroll behavior?
5. IP-history reputation — has this specific IP been associated with TikTok scraping in the last 90d?
6. Account-age + engagement history — older accounts with real engagement carry weight.
7. Geo resolution (DMA / city) — matters for DMA-gated features.

Practical implications for operators

Pin carrier and DMA; hold them

The 14-day correlation window forces a rotation strategy: each account on your farm should be pinned to a single carrier + single DMA for at least 14 days, preferably longer. Rotate between accounts on different carrier/DMA combinations, not within an account.

On Proxaro's Carrier plan, you can set X-PX-Carrier: t-mobile and X-PX-Dma: 602 to pin an account's rotation for the full 14-day window. Use X-PX-Session: sticky-20m for the in-session hold.

Prefer T-Mobile for US mobile content ops

T-Mobile's subscriber volume and TikTok's training-data bias make T-Mobile AS21928 the statistically-most-common US mobile signal. Verizon works. AT&T works. T-Mobile is the default pick unless you have a specific reason to pick something else. See the T-Mobile carrier page.

Don't mix device fingerprints across sessions

Device fingerprint stability matters more than IP stability. Keep the device (UA, canvas, WebGL, IDFA/AAID, screen resolution, OS version) stable per account for weeks. Rotating device fingerprints between sessions fails more often than rotating IPs does.

Validate the BGP path if you're using a non-Proxaro pool

For any mobile proxy pool you're using, validate the BGP path from your exit IP back to T-Mobile's core. A simple traceroute-plus-whois check tells you whether the announcement is clean (consistent AS_PATH terminating at AS21928) or laundered (announcement via a third-party AS). Anything other than a clean carrier path will fail TikTok's 2025 route check.

Use 5G standalone when native IPv6 helps

TikTok accepts IPv6 from T-Mobile 5G SA subscribers and the IPv6-first experience sometimes reveals content or features that IPv4 doesn't. See our 5G pool.

What TikTok doesn't weight as heavily as people think

A few misconceptions worth correcting:

• "TikTok blocks proxies." TikTok doesn't block carrier-ASN mobile traffic en masse. It scores it. Clean carrier mobile clears the score; laundered mobile doesn't.
• "Residential proxies work the same as mobile." They don't. Residential IPs (Comcast, Spectrum) read as "desktop user" to TikTok's mobile-first stack. They're fine for mobile-web TikTok but get scored differently from carrier-mobile for app-equivalent traffic.
• "Port-based residential pools (sticky 24h+) are safer." They aren't, not for TikTok. Real residential DHCP cycles the public IP every few hours. A Comcast IP that stays static for 72 hours looks less-human than one that rotates every 2–4 hours.

Longer-term trajectory

Two things to watch for 2026+:

• Web and app stack convergence. TikTok's web experience is moving toward full parity with the mobile app. The integrity gates on web are now converging with app. If you're building automation around a web-only loophole, plan on that loophole closing in 2026-27.
• ML-driven fingerprint clustering. TikTok's integrity team is almost certainly moving from rule-based fingerprint matching toward ML cluster-based similarity detection. The operational implication: fingerprint stability alone won't be enough; coherent behavioral-persona stability over time will matter more.

References

• Cloudflare Radar TikTok traffic reports (2025 Q3-Q4)
• peeringdb.com — AS21928 T-Mobile USA path verification
• Public research on mobile-app integrity detection (ACM CCS 2024-25)

For the carrier-specific breakdown, see T-Mobile, Verizon, and AT&T. For the workflow pattern, see the sneaker drop post.