iPhone Safari · on demand
Command a fleet of real iPhones.
Spin up real iPhones in the cloud — each with its own identity, its own history, its own corner of the world. Drive them by hand, by code, or by AI. To every website, they're just people on phones.
One profile · 20-minute sessions · no card required.
// workspace
Profiles
Sessions
Recipes
Proxies
// folders
📁 E-commerce
📁 Social ops
📁 QA suite
iPhone 17 · 🇳🇱 AMS · SOCKS5
iPhone 17 · 🇺🇸 NYC · WireGuard
iPhone 15 Pro · 🇯🇵 TYO · SOCKS5
iPhone 17 · 🇩🇪 FRA · SOCKS5
Real WebKit
The engine every iPhone ships
iOS 18.7 / 26.x
Safari versions Apple still ships
3 SDKs
TypeScript · Python · Go
SOCKS5 + VPN
Configurable per profile
iPhone Safari · on demand
Indistinguishable iPhone Safari. Programmable from any language.
Run a real iPhone browser in the cloud that every website treats as a genuine iPhone — never a bot, never an emulator. Built for scraping, testing, and automation that has to pass as a real mobile user. Drive it from TypeScript, Python, Go, or the desktop app.
One profile · 20-minute sessions · no card required.
import { Driftstack } from '@driftstack/sdk';
const ds = new Driftstack({ apiKey: process.env.DRIFTSTACK_API_KEY });
const session = await ds.sessions.create({
archetype: 'iphone17_ios18_7_safari26_4',
label: 'target-flow',
});
try {
await ds.sessions.navigate(session.id, { url: 'https://target.example' });
await ds.sessions.capture(session.id, { kind: 'screenshot' });
const state = await ds.sessions.getState(session.id);
console.log(state.url, state.title);
} finally {
await ds.sessions.destroy(session.id);
}Comparison
Not another anti-detect browser.
Anti-detects patch a desktop browser to lie about itself. Driftstack runs the real thing — actual WebKit on Apple-shipped iOS versions — so there's nothing to detect.
| Capability | Typical anti-detect | Driftstack |
|---|---|---|
| Mobile fingerprint | spoofed desktop UA | real WebKit, real iOS |
| Where it runs | your machine | cloud + live control |
| Detection surface | stealth-patch bundle to spot | no runtime JS patching at all |
| Automation | clunky local RPA | 3 SDKs · AI agent · API |
Full tier-by-tier and tool-by-tool detail on the comparison page.
How it works
Three steps to a real iPhone in the cloud.
Pick an iPhone profile
Start with the default iPhone, or create your own. Each profile is a persistent identity that remembers its logins, cookies, and history across every run.
Start a session
Spin up a real iPhone Safari browser in the cloud — one click in the desktop app, or one API call. No hardware to buy, nothing to install.
Drive it your way
Click around yourself, or automate it from TypeScript, Python, or Go. Every website it visits sees a genuine iPhone — never a bot.
Two ways to drive it
Code it precisely, or just describe what you want.
Engineers drive sessions directly with the SDK (see the hero example). Everyone else can open the dashboard, type the task in plain English, and watch the agent execute it live — with the option to export the result as code anytime.
or ⚡ Quick Session
The desktop app is the cockpit: organize profiles in folders, launch with one click, and pop any session out into its own floating device window. Engineers get the same power from the SDK — no agent overhead on repeat runs.
What sets us apart
Use cases
Anywhere mobile Safari fidelity decides the outcome.
QA + testing
Mobile-Safari coverage
Run end-to-end tests against the exact engine your iOS users run. Same rendering, same JavaScript timing, same quirks — so the bug you reproduce in CI is the same bug your users hit in production.
Data collection
Mobile-first scraping
Many sites serve different content to mobile Safari than to desktop Chrome. With Driftstack, your scraper sees what an iPhone visitor would see — no behind-the-scenes redirects to "please use our app" pages.
Account workflows
Multi-account operations
Keep separate identities on services that lock down by device fingerprint. Persistent profiles let each account look like its own physical phone, every session, every time.
Egress
Route every byte the way you need.
Full proxy + VPN tunnelling per profile — not just HTTP. UDP flows, WebRTC datachannels, and QUIC stay on your egress path so detection systems see one consistent network identity per session.
SOCKS5
UDP + WebRTC + QUIC
Full SOCKS5 UDP-ASSOCIATE so WebRTC media + QUIC sessions stream over your proxy, not a leaky direct path. The harness reports egress capabilities live so you know when a proxy quietly drops UDP.
OpenVPN
.ovpn per profile
Upload a standard OpenVPN config to a profile slot and every session bound to that profile dials the tunnel before launching the browser. DNS leaks blocked by default; no client-side wrapper needed.
WireGuard
.conf per profile
Paste a WireGuard interface block + peer config; sessions using the profile attach to the tunnel transparently. Modern kernel-level performance — single-digit-ms RTT overhead even on mobile-LTE-class peers.
Works with your stack
Three SDKs. One HTTPS API. Slots into anything.
First-party SDKs in TypeScript, Python, and Go. Beyond that, any
HTTP-aware tool can drive Driftstack — Playwright tests, n8n
workflows, Make.com scenarios, Zapier triggers, plain
curl from a cron job.
SDK
TypeScript
@driftstack/sdk
SDK
Python
driftstack-sdk
SDK
Go
driftstack-go
via API
Playwright
drives sessions
via API
n8n · Make
workflow nodes
via API
curl · cron
plain HTTPS
Why Driftstack works
One iPhone among millions.
Detection systems read hundreds of signals to decide who's visiting. Driftstack returns the exact ones a real iPhone returns — so your session lands in the iPhone bucket with millions of others.
Pixel-exact
The same hashes, bit for bit
Canvas and WebGL hashes identical to real-device hashes. Not approximate, not "within tolerance" — identical.
Real families
The iPhones your users hold
iPhone 15 Pro, iPhone 16 Pro, and the current iPhone 17 lineup — on iOS 18.7 / Safari 26.4, and Safari 26.5 as it rolls out.
Engine-deep
Fixed in the engine, not a wrapper
If any measurable signal differs from the real phone, it's a launch-blocking bug. We fix the browser engine itself — never a JavaScript patch a fingerprinter can spot.
Full signal-by-signal methodology at /trust/cumulative-rig.
What detection systems see
Same signals as a physical iPhone. Not "close enough".
Detection systems read hundreds of small signals. A typical stealth browser fakes the user-agent string but leaks the underlying engine in the canvas, WebGL, or audio fingerprint. Driftstack runs Apple's WebKit, so every signal returns the exact iPhone value — not approximate.
A 7-signal preview. Full signal-by-signal table at /trust/cumulative-rig — see /trust/security-overview for what's live today.
Human by design
Every tap drawn from human motion.
Bots move in straight lines and constant time. Driftstack's input engine doesn't: every tap, swipe and keystroke is generated from human motor patterns — so automated sessions read like a person holding a phone, because that's what the motion says.
Touch & scroll
Curved touch paths, momentum flicks, variable dwell — no two taps land alike, and none land like a script.
Typing cadence
Per-character rhythm with natural pauses and variance — typed the way thumbs type, not the way scripts paste.
Per-profile persona
Each profile keeps its own consistent motion signature across sessions — the same "person", every visit.
The console
Run identities like infrastructure.
Everything below is rendered the way you'd actually use it — because the product is the interface.
Identity
The Identity Wardrobe Rolling out
Profiles as wearable identities: a complete iPhone (hardware, iOS, Safari, fonts, canvas, TLS) with its own cookies, storage, proxy and behavioral persona. Duplicate one, template one, hand one to a teammate — the identity stays coherent for life.
Folders · tags · statuses · bulk ops · per-profile egress
🇯🇵 Tokyo · SOCKS5
🇺🇸 NYC · WireGuard
🇳🇱 AMS · OpenVPN
Time travel
Session Replay Roadmap
Every session can record itself: video, taps, network and agent decisions on one timeline. Scrub back to the moment a flow broke, share the clip with your team, or export it as evidence that the run behaved.
Timeline scrubbing · tap markers · agent-step annotations
Trust curve
Warm-up Scheduler Roadmap
Fresh identities are suspicious identities. Schedule organic browse sessions that age a profile on a curve — light touches first, deeper flows later — so by the time it works, it has a history.
Curve presets · per-folder schedules · runs on idle fleet capacity
Egress
Exit anywhere. Leak nowhere.
SOCKS5, OpenVPN (.ovpn) and WireGuard (.conf) per profile — and unlike anyone else, UDP, WebRTC and QUIC ride the tunnel too. Locale and timezone follow the exit geo so nothing contradicts the IP.
Per-profile binding · health checks · geo-coherent locale
Trust center
Sealed by architecture.
Profiles are client-encrypted (AES-256-GCM) before they reach us — our servers move opaque bytes. Per-tenant key isolation means a wrong account can't decrypt, by math. Nobody at Driftstack can watch your sessions.
Audited secret access · export/delete anytime · public security model
How it's built
Apple's engine. Not a Chromium copy.
Every stealth tool you've used before is a Chromium fork with a fake user-agent, or Playwright with a patch plugin layered on top. Driftstack runs Apple's WebKit source code itself — the same engine that ships on every iPhone. WebKit, Core Text, and the iOS rendering pipeline produce your fingerprint the way Apple wrote them, in the order Apple intended.
Metering
One metric. Concurrent sessions. That's it.
Concurrent means sessions running at the same time — think browser tabs. Pick a plan, get a concurrent cap, run anything inside it. No per-call markup. No per-element fees. No hourly metering that turns idle sessions into surprise overage charges. Visit 200 pages on one session for the cost of visiting one.
Privacy + compliance
EU-only by default.
Your data stays in the EU. We don't log what your sessions visit or do — only the operational metadata we need to bill (session duration, archetype, cap usage). Full data residency + sub-processor breakdown at /trust/sub-processors.
Customer-configurable egress (SOCKS5 / OpenVPN / WireGuard) — see /trust/security-overview for the current implementation state and the security posture across each proxy type.
→ stores session metadata only
→ never stores response bodies
→ EU-jurisdiction object storage
# Roadmap — customer-configurable egress
→ SOCKS5 / OpenVPN / WireGuard (not shipped)
Two ways to use it
Drive it by hand, or drive it from code.
Manual
Desktop app
A native desktop client that lets you keep 10 to 200 logged-in profiles open at once and switch between them like browser tabs. Same WebKit, same fingerprint, no code required. Built for account teams and operators who keep multiple sign-ins alive across the workday.
- → Personal $79/mo · Team $249/mo · Agency $699/mo
- → 1 / 3 / 8 concurrent sessions per tier
- → Unlimited hours within your concurrent cap
API
SDK + HTTPS
First-party SDKs in TypeScript, Python, and Go — plus a plain HTTPS API any HTTP client can drive. Built for QA pipelines, data collection, integration tests, and production automation that needs the real iPhone fingerprint.
- → API Starter $149/mo · Builder $499/mo · Scale $1,499/mo
- → 2 / 8 / 24 concurrent sessions per tier; Enterprise custom
- → Optional bundled AI assistant — or bring your own Anthropic API key (Builder+)
Not sure which fits? Both share the same engine, the same device archetypes, the same free tier. Start free, see which workflow matches yours, then subscribe.
Pricing
Two ladders. A free tier to start.
Start free — one profile, 20-minute sessions, no card required. Then choose: Manual from $79/mo if you're driving by hand in the desktop app, or API from $149/mo if your code is running sessions. Annual contracts save 20%.
Self-hosted
Run Driftstack on your own infrastructure.
For privacy, sovereignty, or sustained high-volume use. We help you pick the right hardware, deploy the control plane, and operate the fleet. Three packages, annual contracts, hands-on onboarding.
See self-hosted →When self-hosted makes sense
- → Privacy-sensitive workloads where session contents must not leave your network.
- → High-concurrency use where owned hardware costs less than an equivalent cloud subscription.
- → Full data sovereignty over recordings, screenshots, and everything sessions produce.
Who builds it
Built by engineers, not a growth team.
Driftstack is built by the people who write the WebKit patches — no SDR machine, no upsell ladder, no roadmap chosen by investors. Customer feedback goes straight to the engineers shipping the product, and support replies come from the same team.
Design partner
Direct engineer access
Design-partner customers get a Slack channel shared with the engineer who writes the code. Bug → fix → deploy in the same week, not the same quarter. No tier-1 support gauntlet.
Honest pricing
One concurrent metric
No per-call markup, no per-element fees, no opaque "credits" that expire. Concurrent cap is the only number you reason about. Annual contracts save 20% — listed, not negotiated case-by-case.
Sovereignty
Your data stays in the EU
Customer data lives in the EU, single-region. We don't log destination URLs, response bodies, or session content. The full sub-processor list is on /trust/sub-processors.
Ready when you are
See it for yourself. Free.
iPhone Safari sessions on real WebKit — one profile, 20-minute manual sessions, no card required. Plenty of room to point your workflow at it and decide on your own terms.