Back to Insights
Threats5 min read7 June 2026

Your Smart TV May Be Relaying Scraping Traffic Right Now — And You Probably Agreed to It

A reverse-engineering of Bright Data's iOS SDK reveals how consumer apps — including always-on televisions — quietly enlist household devices as exit nodes in a massive residential proxy network increasingly serving AI data demands.

EF
Elena FischerThreat Intelligence Analyst
A photorealistic wide-angle shot of a dimly lit modern living room at night, a large smart television glowing with a str

A security researcher has torn apart the iOS SDK that Bright Data embeds inside third-party consumer apps and documented, step by step, how ordinary household devices get conscripted into one of the world's largest residential proxy networks — often without users having any real understanding of what they consented to.

What Bright Data's SDK Actually Does

Bright Data, formerly known as Luminati, markets its residential proxy network as the largest of its kind. The pitch to buyers is straightforward: access to millions of genuine home IP addresses, so that outbound requests to target websites look like ordinary broadband traffic from a real household in Phoenix or Manchester or Seoul. That kind of cover is valuable for web scraping, price intelligence, ad verification, and increasingly for AI companies that need fresh, large-scale web data to train and ground their models.

The supply side of that equation gets far less attention. Real consumer devices provide it. An app developer integrates Bright Data's SDK, bundles it with a free game or a streaming utility, and the user's device becomes an exit node. Paying customers' traffic exits through that user's IP address. The target website sees a home broadband request. The user sees a free app.

The researcher's teardown documents the relay mechanics in detail: the handshake with Bright Data's infrastructure, the categories of traffic the network carries, and critically, the categories of apps doing the embedding.

Why Smart TVs Change the Risk Calculation

Televisions sit on home networks continuously. A phone goes to sleep in a pocket or gets left on a charger; a smart TV in a spare bedroom may run 24 hours a day on a fast residential connection and receive almost no security scrutiny. An SDK shipped inside a free streaming app or utility on tvOS can keep relaying scraping requests long after the household has gone to bed.

That always-on characteristic makes televisions disproportionately attractive as proxy supply. They rarely receive the kind of auditing a corporate endpoint would. There is no EDR agent on a Roku or an Amazon Fire TV. There is no IT department asking what process is generating outbound traffic at 3 a.m.

This is not a new model in concept. Residential proxy networks have operated on what critics call consent-laundering for years — burying disclosures inside EULAs spanning dozens of pages, bundling SDK agreements into VPN clients, browser extensions, and mobile utilities. Operators including Honeygain and IPRoyal run comparable pipelines. What has changed is demand. The AI sector's appetite for residential IP supply has turned proxy brokering into a growth business. Proxy availability directly affects the quality and freshness of training data, and AI firms are paying accordingly.

The Consent Problem Is Structural

Bright Data has consistently maintained that its consent flows are lawful and that it monitors for abuse. The company has won significant legal battles — including cases involving Meta and X — around the legality of scraping publicly accessible data through its network. No regulator in the EU or United States has moved against the residential-proxy model itself, though several class actions challenging SDK disclosure practices remain active in U.S. courts.

The legal defensibility of buried consent does not resolve the practical transparency problem. There is no reliable way for an ordinary consumer to determine whether a given free app embeds a proxy SDK without a researcher reverse-engineering the binary. App store review processes do not consistently flag SDK-level data sharing of this type. Disclosures in store listings rarely name the proxy broker.

What Defenders Must Understand Now

For enterprise security teams, the headline finding is that residential IP space has effectively lost its value as a trust signal. Credential stuffing campaigns, scraping operations, ad fraud rings, and inventory-hoarding bots increasingly originate from genuine home broadband addresses — including, now, smart TVs that households have largely forgotten are online. IP reputation feeds built on historical abuse records cannot keep pace with rotating residential pools of this scale. Verizon's 2024 Data Breach Investigations Report noted that web application attacks remain the most common breach pathway, and a significant share of that attack surface involves automated traffic that looks, at the IP level, completely legitimate.

Behavioral analysis and device fingerprinting now carry the load that IP reputation used to. Detecting anomalous request cadence, unusual user-agent strings, or session behavior that no human could produce matters far more than checking a blocklist.

This is also exactly the kind of threat that awareness training addresses at the root. When developers understand what they are agreeing to when they integrate a monetization SDK, and when consumers understand the real cost of "free" apps, the supply side of these proxy networks shrinks. Organizations that run security awareness programs teach employees and developers to read third-party integration agreements critically — a habit that could prevent an enterprise device from becoming an involuntary exit node.

Three Practical Steps for Security Teams

  • Audit mobile and connected-device inventories. If employees or contractors use company-adjacent networks, smart TVs and streaming sticks on those segments represent unmanaged endpoints. Treat them accordingly.
  • Move beyond IP reputation. Invest in behavioral detection rules that flag inhuman request patterns regardless of whether the source IP has a clean history.
  • Review SDK agreements in any app your organization distributes or endorses. Third-party SDKs embedded in apps you control can create liability and reputational exposure you did not explicitly accept.

The Bigger Picture

The economics driving this are durable. AI demand for web data is not declining. Proxy supply built on embedded SDKs in free consumer apps is cheap to scale. Until app stores, regulators, or class-action outcomes force more granular disclosure, the television in a user's living room may well be working a second job — routing traffic for purposes the household never knowingly approved.

For security professionals, the lesson is uncomfortable: the perimeter now includes devices that no one in your organization bought, manages, or thinks about. The attack surface has expanded into the living room.

Could Your Team Spot a Harmful SDK Agreement Before Shipping It?

  • Train developers and procurement teams to scrutinize third-party SDK terms before integration — the supply side of proxy networks depends on developers who don't read the fine print.
  • Build a security culture where 'free' is treated as a cost-benefit question, not a gift — for apps, tools, and monetization frameworks alike.
  • Use tabletop scenarios based on real SDK-based supply chain risks to make abstract threats concrete for technical and non-technical staff.

Train2Secure's awareness training modules cover third-party risk and supply chain hygiene so your teams recognize the hidden costs embedded in free integrations.

Start free — no card required

Frequently asked questions

How do I find out if an app on my smart TV is running a proxy SDK?

There is no easy consumer-facing method. App store listings rarely disclose third-party SDK integrations at this level. The most reliable detection requires binary analysis of the app — something typically done by security researchers. As a precaution, limit smart TV app installations to major, well-known streaming services and disable any app requesting broad network permissions you cannot explain.

Is using a residential proxy network illegal?

Bright Data and similar operators argue their consent flows are lawful, and courts have not ruled the residential-proxy model itself illegal. However, several U.S. class actions are challenging whether buried EULA disclosures constitute meaningful informed consent. The legal picture is still developing, particularly in EU jurisdictions under GDPR.

Why can't I just block Bright Data's IP ranges to stop this traffic?

Blocking Bright Data's infrastructure IPs would stop outbound connections from devices to their coordination servers, but it would not address the core problem: the exit traffic exits through the user's own home IP address, not through Bright Data's servers. Inbound blocking at a target website is similarly difficult because the traffic appears to come from millions of different residential addresses.

Does this affect corporate networks, or only home users?

Primarily home users supply the proxy capacity, but enterprises are affected as defenders. Automated traffic arriving from legitimate-looking residential IPs is harder to filter, making web application defenses that rely on IP reputation less effective. Enterprises should also audit any apps distributed to employees that may contain third-party monetization SDKs.

Ready to Reduce Your Human Cyber Risk?

Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.

train2secure analytics dashboard showing training completion stats and user progress