Android and Mobile Security

Google’s Threat Intelligence Group says it has dismantled what it believes was the world’s largest residential proxy network, a scheme that quietly hijacked around 9 million Android phones, computers and smart‑home devices worldwide to route other people’s internet traffic through unsuspecting users’ home IP addresses. The network was tied to a company called IPIDEA and spread via hidden software development kits embedded in more than 600 seemingly legitimate apps—ranging from utilities to VPN tools—that enrolled devices into a proxy pool without clear disclosure. Google says that in one seven‑day period this year it saw more than 550 separate threat groups, including cybercriminal and state‑linked actors, using IP addresses from this infrastructure for activities like scraping, automated log‑in attempts and masking malicious operations. To disrupt the system, Google filed legal action in U.S. federal court to seize domains controlling the proxy network, worked with firms including Cloudflare to knock out command‑and‑control servers, and updated Android’s Play Protect so certified devices automatically detect and remove apps containing the malicious SDKs, though many affected apps were distributed outside the official Play Store. The case highlights how "free" apps and third‑party Android stores can turn everyday consumer devices into unwitting cybercrime tools, a point security researchers and privacy advocates have been hammering on social media as they warn U.S. users to avoid sideloaded software and bandwidth‑sharing apps that monetize home connections.