During the development of our research, we have found important challenges when geolocating the destination of outgoing communications in mobile applications.
We started asking an API named ipStack for the geographic location of several domains. This brings with itself some mistakes.
The first one is asking for a domain instead of an IP. It is essential to extract the IP because domains are registered in a country, but they may have servers working in other countries, and connect to our closest servers. This is due to several reasons. A service provider might have several IP addresses assigned to the same domain (to achieve redundancy or efficiency). Furthermore, DNS servers use several algorithms to publish these IP addresses associated with the domain. One basic example of an algorithm is Round-Robin, which sequentially assigns an IP to a request. If it has two IPs and three requests. The first request will see the first IP, the second will see the second, and the third will see the first again.
But as the exigence grows, these algorithms become more complex and consider other features such as our location, the density of requests, or where most requests come from, assigning us our nearest IP.
Going back to our point, if we try to geolocate api.mapbox.com, a commercial database such as ipStack will locate it in the US. However, if we first extract the IP address we are connecting to with nslookup (188.8.131.52), the result dramatically changes and the commercial databases locate the IP in Spain.
IP assignment variations
After detecting “strange cases”, we started researching how the IP assignments variated. We need to know it because maybe for two users working with an application, depending on traffic issues, one user’s data is kept in the EU borders, whereas the data of the other user is traveling outside the EU borders without his acknowledge. We designed an experiment testing the domain firebaseinstallation.googleapis.com during a day. The experiment had this structure:
In the chart below there is an extract of what we found:
The full result of the experiment can be consulted by clicking here. It confirms our thoughts: we are assigned several IP addresses depending on the moment, and these IPs might be situated in more than one country. Therefore, we cannot confirm that one domain is particularly situated for us in one or another country. Not even for the same user and the same mobile phone at different times of the day. We need to stick to a particular slot of time with a particular IP address.
We must take to work with IP addresses and never directly with domains. It is essential to consider that the results related to domain geolocation depend on many issues, explained in this post, and we have to map our locations with a certain IP in a certain time because it is subjected to variations.