A new security report has revealed something that many smart TV owners would never expect. Some free apps available on Samsung, LG, Roku, and other smart TV platforms may be quietly turning users’ devices into residential proxy nodes. This allows third parties to route web scraping traffic through home internet connections.
The research, published by Include Security, focuses on a software development kit (SDK) created by Bright Data, a company that operates one of the world’s largest residential proxy networks. According to the company, its network includes hundreds of millions of residential IP addresses spread across nearly every country. The network is used by businesses for web scraping, data collection, market research, and increasingly, AI training workloads.
The report raises serious questions about how much users really understand when they install free apps on their smart TVs and mobile devices.
According to the report, some apps include Bright Data’s SDK as a way to monetize free services. Users are typically presented with a consent screen that mentions network sharing or bandwidth usage. However, researchers argue that the disclosure is buried deep inside setup screens and is easy to overlook when navigating with a TV remote.
Once enabled, the SDK can transform a smart TV or mobile device into part of Bright Data’s residential proxy network. This allows paying customers to route their internet traffic through the user’s home connection.
Residential proxies are highly valuable because they use real household IP addresses. Unlike datacenter IPs, residential IPs appear to originate from normal internet users. This makes them useful for web scraping and data collection operations.
The idea is not new because residential proxy companies have operated for years. What makes this case notable is the scale and the type of devices involved.
Researchers say smart TVs are attractive for residential proxy networks for many reasons. Unlike smartphones, televisions are usually plugged in all the time, connected to Wi-Fi, and left in standby mode around the clock. Most users rarely monitor network activity on their TVs, and smart TVs generally lack the security tools commonly found on PCs and enterprise-managed devices.
According to Include Security, the SDK’s configuration settings indicate that devices can continue relaying traffic even while they are actively being used. Researchers also found configuration values suggesting that individual devices could relay up to 200GB of bandwidth per month over Wi-Fi.
That figure is significant. While 200GB may not impact users with unlimited broadband connections, it could become a concern in regions where internet plans still include data caps or fair usage policies.
The report identified several partners whose apps or platforms may include the SDK. Among them is PlayWorks Digital, which distributes hundreds of connected TV games across platforms including Samsung, LG, Roku, Comcast, and Sky. Researchers estimate its reach extends to roughly 250 million TV households. Other companies listed in the report include CloudTV, Viber Media, Moonfrog Labs, and Hola Networks.
This does not necessarily mean every device running these apps is participating in the proxy network. Participation depends on user consent and implementation details. However, the potential reach of the ecosystem is enormous.
One reason this story has attracted attention is its connection to AI. Modern AI companies require massive amounts of data for training models. Collecting that data often involves large-scale web scraping operations. Residential proxy networks make such scraping easier because websites are less likely to block requests coming from real residential IP addresses.
This creates an unusual situation where a smart TV sitting in a living room could indirectly become part of the infrastructure used to gather data for AI systems.
The average user may have no idea that their television is participating in such an ecosystem.
Is This Legal?
The answer depends largely on how consent is obtained.
Bright Data states that its residential proxy network operates on an opt-in model and that participants provide consent before joining the network. The company also says users are informed about how their IP addresses are used.
However, researchers argue that the real issue is whether users truly understand what they are agreeing to. A consent box buried behind multiple setup screens may satisfy legal requirements in some jurisdictions, but many would argue it falls short of meaningful transparency.
This is a debate that extends far beyond Bright Data. Over the past few years, technology companies have increasingly relied on lengthy terms of service and complex consent flows that few users actually read. As AI becomes more data-hungry, questions around informed consent are likely to become even more important.
At first, some people may dismiss this as harmless bandwidth sharing. After all, users agreed to it, and there is no evidence that personal files or private information are being accessed.
But there are broader concerns. When third-party traffic is routed through a residential IP address, that traffic appears to originate from the user’s internet connection. Security researchers and law enforcement agencies have repeatedly warned about risks associated with residential proxy networks, especially when users do not fully understand how their connections are being used.
There is also the question of trust. Most consumers buy a smart TV to watch movies, play games, or stream content. Few expect it to become part of a global data collection network operating behind the scenes.
That gap between user expectations and actual device behavior is what makes this report particularly concerning.
The findings highlight a larger issue facing the technology industry. Smart TVs are no longer simple displays. They are internet-connected computers running apps, tracking usage, serving advertisements, and increasingly participating in complex online ecosystems. Yet most consumers continue to treat them like traditional televisions.
As manufacturers and app developers search for new revenue sources, background monetization methods such as bandwidth sharing may become more common.
The Security report again states the same thing we have been listening to for years. “Free” apps are rarely free. If users are not paying with money, they may be paying in other ways, whether through advertising, data collection, device resources, or internet bandwidth.
For now, researchers recommend users review the permissions and consent settings of apps installed on their smart TVs and monitor network activity where possible. They have also published a list of domains that can be blocked at the router level to prevent participation in the proxy network.
Related Posts
