Skip to main content
DRIFTSTACK

Command a fleet of real iPhones.

Spin up real iPhones in the cloud — each with its own identity, its own history, its own corner of the world. Drive them by hand, by code, or by AI. To every website, they're just people on phones.

One profile · 20-minute sessions · no card required.

us-retail-qa Live
market.example.com 🔒
amsterdam-shopper Live
shop.example.com 🔒
jp-market Idle
New Tab

🇺🇸 New York · 🇳🇱 Amsterdam · 🇯🇵 Tokyo — each on its own connection

4 iPhones in your fleet each with its own identity all healthy

Real iPhones in the cloud, ready in seconds.

Websites can tell when a browser is pretending to be a phone. Driftstack doesn't pretend — every session runs on the real thing.

A real iPhone, not a lookalike

Built from Apple's WebKit source code — the engine inside every iPhone's Safari, the same one your iOS users run

Looks human to every website

The hidden 'device photos' sites take to spot fakes (canvas + WebGL hashes) match millions of real iPhones — not a new unique value per session like every other API

Drive it three ways

From code — TypeScript, Python, or Go — or point-and-click from the dashboard. Same engine either way

Any country you need

Bring your own proxy or VPN, attached per profile

Three steps to a real iPhone in the cloud.

Pick an iPhone profile

Start with the default iPhone, or create your own. Each profile is a persistent identity that remembers its logins, cookies, and history across every run.

Start a session

Spin up a real iPhone Safari browser in the cloud — one click in the desktop app, or one API call. No hardware to buy, nothing to install.

Drive it your way

Click around yourself, or automate it from TypeScript, Python, or Go. Every website it visits sees a genuine iPhone — never a bot.

Built for the work you actually do.

Run many accounts, safely apart

Keep separate identities on services that recognize your device by its fingerprint — the traits a website can measure about a browser. Persistent profiles let each account look like its own physical phone, every session, every time. More →

Test on the real thing

Run your automated tests — the kind that click through your site like a real user — against the exact engine your iOS users run. Same rendering, same JavaScript timing, same quirks — the bug you reproduce is the bug your users hit. More →

See what iPhone users see

Many sites serve different content to mobile Safari than to desktop Chrome. With Driftstack, your scraper sees what an iPhone visitor would see — no redirects to "please use our app" pages. More →

Point and click — or just say what you want.

The desktop app keeps every iPhone one click away — folders, tags, floating device windows. And when a task is repetitive, type it in plain English and the built-in AI agent drives while you watch.

DRIFTSTACK · cloud Connected
4 live · 98% proxy health + New profile
amsterdam-shopper Live
🇳🇱 NL
us-retail-qa Live
🇺🇸 US
jp-market Idle
🇯🇵 JP
de-pricing Live
🇩🇪 DE
uk-checkout Live
🇬🇧 GB
+ New
profile

The desktop app is the cockpit: organize profiles in folders, launch with one click, and pop any session out into its own floating device window. Engineers get the same power from code (the SDK — our ready-made programming library): once a task is scripted, repeat runs skip the AI agent entirely — none of its cost, none of its wait.

One iPhone among millions.

Most tools dress up a desktop browser to look like a phone — and websites have gotten very good at spotting the costume. Driftstack doesn't wear one. It runs the same browser Apple ships on every iPhone, so there's nothing fake to find — your session lands in the iPhone bucket with millions of others.

Pixel-exact

The same hashes, bit for bit

Canvas and WebGL hashes identical to real-device hashes. Not approximate, not "within tolerance" — identical.

Real families

The iPhones your users hold

iPhone 15 Pro, iPhone 16 Pro, and the current iPhone 17 lineup — on iOS 18.7 / Safari 26.4, and Safari 26.5 as it rolls out.

Engine-deep

Fixed in the engine, not a wrapper

If any measurable signal differs from the real phone, it's a launch-blocking bug — and we fix it in the browser engine itself. Other tools paper over their tells by injecting "stealth" JavaScript into the page; detection systems know how to spot those scripts. Driftstack injects nothing, so there's nothing to find.

What detection systems see

Same signals as a physical iPhone. Not "close enough".

Detection systems read hundreds of small signals. A typical stealth browser fakes its one-line introduction (the user-agent string) but leaks its real engine in how it draws, renders 3D, and processes sound — the canvas, WebGL, and audio fingerprints. Driftstack runs Apple's WebKit, so every signal returns the exact iPhone value — not approximate.

A 7-signal preview. The full signal-by-signal table shows every check — see the security overview for what's live today, and the comparison page for the tool-by-tool detail.

Apple's engine. Not a Chromium copy. Driftstack runs Apple's WebKit source code itself — the same engine that ships on every iPhone. WebKit (the browser engine), Core Text (Apple's text-drawing system), and the rest of the iOS rendering pipeline produce your fingerprint the way Apple wrote them, in the order Apple intended.

Signal Stealth Chromium Driftstack User-agent spoofed real Canvas hash leaks Chromium iPhone WebGL renderer leaks Chromium Apple GPU Audio fingerprint (AudioContext) leaks Chromium iOS Core Text metrics leaks system iOS JavaScript engine timing Chrome's V8 Apple's JSCore Fingerprint across sessions 100% unique population-stable

population-stable = the same value millions of real iPhones share, unchanged from session to session. A brand-new unique hash every session is itself a tell.

It even moves like a person.

Bots move in straight lines and constant time. Driftstack's input engine doesn't: every tap, swipe and keystroke is generated from patterns of real human movement — so automated sessions read like a person holding a phone, because that's what the motion says.

Touch & scroll

Curved touch paths, momentum flicks, natural variation in how long each touch rests — no two taps land alike, and none land like a script.

Typing cadence

Per-character rhythm with natural pauses and variance — typed the way thumbs type, not the way scripts paste.

Per-profile persona

Each profile keeps its own consistent motion signature across sessions — the same "person", every visit.

Indistinguishable iPhone Safari. Programmable from any language.

Run a real iPhone browser in the cloud that every website treats as a genuine iPhone — never a bot, never an emulator. Built for scraping, testing, and automation that has to pass as a real mobile user. Drive it from TypeScript, Python, Go, or the desktop app.

driftstack-typescript-sdk
import { Driftstack } from '@driftstack/sdk';

const ds = new Driftstack({ apiKey: process.env.DRIFTSTACK_API_KEY });

const session = await ds.sessions.create({
  archetype: 'iphone17_ios18_7_safari26_4',
  label: 'target-flow',
});

try {
  await ds.sessions.navigate(session.id, { url: 'https://target.example' });
  await ds.sessions.capture(session.id, { kind: 'screenshot' });
  const state = await ds.sessions.getState(session.id);
  console.log(state.url, state.title);
} finally {
  await ds.sessions.destroy(session.id);
}

Three lines to a real iPhone session. First-party SDKs in TypeScript, Python, and Go — plus a plain HTTPS API any HTTP client can drive: Playwright tests, n8n workflows, Make.com scenarios, Zapier triggers, plain curl from a cron job.

Your own internet exit, per profile. Full control over where traffic exits (your egress) — connect your own SOCKS5 proxy (UDP included), OpenVPN, or WireGuard. And unlike anyone else, the traffic that normally slips around a proxy and gives you away — real-time connections (WebRTC) and the newer transport protocol (QUIC) — rides your tunnel too, so nothing leaks around it.

Three SDKs. One HTTPS API. Slots into anything.

SDK

TypeScript

@driftstack/sdk

SDK

Python

driftstack-sdk

SDK

Go

driftstack-go

via API

Playwright

drives sessions

via API

n8n · Make

workflow nodes

via API

curl · cron

plain HTTPS

Your fleet, kept in order.

Everything below is rendered the way you'd actually use it — because the product is the interface.

The Identity Wardrobe

Rolling out
Profiles as wearable identities: a complete iPhone — hardware, iOS, Safari, fonts, the way it draws (canvas), even the way it opens secure connections (TLS) — with its own cookies, stored data, proxy and its own way of moving. Duplicate one, template one, hand one to a teammate — the identity stays consistent for life.
jp-marketiPhone 15 Pro · idle
🇯🇵 Tokyo · own connection
us-retail-qaiPhone 17 · running
🇺🇸 New York · own connection
amsterdam-shopperiPhone 17 · agent-driven
🇳🇱 Amsterdam · own connection

Session Replay

Roadmap
Every session can record itself: video, taps, network and agent decisions on one timeline. Scrub back to the moment a flow broke, share the clip with your team, or export it as evidence that the run behaved.
00:0014 taps · 3 pages · 1 challenge12:41

Warm-up Scheduler

Roadmap
Fresh identities are suspicious identities. Schedule organic browse sessions that age a profile on a curve — light touches first, deeper flows later — so by the time it works, it has a history.

Exit anywhere. Leak nowhere.

Live
Attach your own exit to each profile — a SOCKS5 proxy, OpenVPN (an .ovpn file), or WireGuard (a .conf file). Unlike anyone else, the traffic that usually slips around a proxy (UDP, WebRTC, QUIC) rides the tunnel too. The phone's language and clock follow the exit's location, so nothing contradicts the address a website sees.

Simple to pay for. Hard to snoop on.

One metric. Concurrent sessions. That's it.

Concurrent means sessions running at the same time — think browser tabs. Pick a plan, get a concurrent cap, run anything inside it. No per-call markup. No per-element fees. Visit 200 pages on one session for the cost of visiting one.

EU-hosted by default.

Your account data lives on EU servers. We don't log what your sessions visit or do — only the operational metadata we need to bill: how long a session ran, which iPhone model + iOS + Safari combination it used (its archetype), and how much of your concurrent cap it used. Where data lives, and every outside company that handles it for us, is on the sub-processor page.

Customer-configurable egress — attaching your own internet exit (a SOCKS5 proxy, OpenVPN, or WireGuard) to each profile — is live; swapping the proxy on a session that's already running is on the roadmap. See the security overview for the current implementation state.

Answered by the people who build it.

Design-partner customers get a Slack channel shared with the engineer who writes the code. Bug → fix → deploy in the same week, not the same quarter. No first-line ticket queue to fight through before you reach someone who can actually fix it.

Built by engineers, not a growth team.

Driftstack is built by the people who write the WebKit patches — no cold-outreach sales team (SDRs), no upsell ladder, no roadmap chosen by investors. Customer feedback goes straight to the engineers shipping the product, and support replies come from the same team.

Design partner

Direct engineer access

Design-partner customers get a Slack channel shared with the engineer who writes the code. Bug → fix → deploy in the same week, not the same quarter.

Honest pricing

One concurrent metric

No per-call markup, no per-element fees, no opaque "credits" that expire. The concurrent cap is the only number you ever have to think about. Annual contracts save 20% — listed, not negotiated case-by-case.

Sovereignty

Your account data stays in the EU

Account data — profiles, audit logs, session metadata — lives in one EU region; uploaded files use Cloudflare's storage network, which can replicate outside the EU. We don't log destination URLs, response bodies, or session content. Every outside company that handles data for us (our sub-processors) is listed on the sub-processor page.

Drive it by hand, or drive it from code.

Start free — one profile, 20-minute sessions, no card required. Then pick one of two plan ladders, depending on how you work: Manual if a person drives the sessions, API if your code does. Annual contracts save 20%.

Manual

Desktop app

A desktop app you install on your computer that lets you keep 10 to 200 logged-in profiles open at once and switch between them like browser tabs. Same WebKit, same fingerprint, no code required. Built for account teams and operators who keep multiple sign-ins alive across the workday.

  • Personal $79/mo · Team $249/mo · Agency $699/mo
  • 1 / 3 / 8 concurrent sessions per tier
  • Unlimited hours within your concurrent cap
See Manual pricing →

API

Drive it from code

First-party SDKs in TypeScript, Python, and Go — plus a plain HTTPS API any HTTP client can drive. Built for QA pipelines, data collection, integration tests, and production automation that needs the real iPhone fingerprint.

  • API Starter $149/mo · API Builder $499/mo · API Scale $1,499/mo
  • 2 / 8 / 24 concurrent sessions per tier; Enterprise custom
  • AI assistant on every API tier — connect your own Anthropic key and pay Anthropic directly, no Driftstack markup; an optional bundled assistant (no key needed) comes with API Builder and up
See API pricing →

Two ladders. A free tier to start. Manual from $79/mo if you're driving by hand; API from $149/mo if your code is running sessions. A person clicking → Manual. Code calling → API.

See pricing

Run Driftstack on your own infrastructure.

For privacy, full control, or sustained high-volume use. We help you pick the right hardware, install the coordination software that runs it all (the control plane), and operate the fleet. Three packages, annual contracts, hands-on onboarding.

See self-hosted →

See it for yourself. Free.

iPhone Safari sessions on real WebKit — Apple's own browser engine — one profile, 20-minute manual sessions, no card required. Plenty of room to point your workflow at it and decide on your own terms.

Start free