Free Apps Are Quietly Turning Smart TVs into Web-Scraping Proxies for the AI Industry
Bright Data, formerly Luminati, runs the largest residential proxy network in the world — and a researcher has now mapped how consumer apps and always-on smart TVs become its silent infrastructure.
Key Takeaways
|
An always-on box in the living room is close to an ideal scraping relay — plugged in, on a fast unmetered line, and unwatched — and the AI industry's demand for residential IPs is what now pulls it into service.
NETANYA — A security researcher has reverse-engineered the iOS software development kit (SDK) that Bright Data embeds in consumer apps and documented how it turns devices — including always-on smart TVs — into exit nodes that relay web-scraping traffic for a data business the company markets heavily to the AI industry. Bright Data, the successor to the proxy firm Luminati, operates what it calls the largest residential proxy network in the world, advertised at more than 400 million residential IPs; part of that supply, according to the research, comes from this SDK, shipped inside free apps behind an opt-in screen and described as a consent-sourced pool of more than 150 million IPs.
The findings were published June 5, 2026 by the firm Include Security and an independent researcher using the handle Buchodi, and amplified the following day by The Hacker News and SC Media. The angle is not a hacked account or stolen data: the scraping comes from the user's home IP rather than the customer's, so a household connection and its bandwidth get used as someone else's scraping infrastructure. One caveat up front — the deepest technical evidence is the iOS SDK teardown by a single research effort, and the smart-TV reach rests on Bright Data's platform support, its public partner list, and earlier reporting rather than device-by-device confirmation. The picture is consistent across sources, but the core claim still awaits wider independent replication.
| At a Glance | |
|---|---|
| Field | Details |
| Company | Bright Data — data-collection and proxy firm headquartered in Netanya, Israel; the successor to Luminati, which grew out of Hola VPN |
| Network | What Bright Data calls the largest residential proxy network in the world, advertised at 400 million-plus residential IPs; a 150 million-plus pool described as consent-sourced via the SDK |
| Research | Reverse-engineering of Bright Data's iOS SDK, published June 5, 2026 by Include Security and independent researcher "Buchodi" |
| Mechanism | An SDK shipped inside free apps, behind an opt-in screen, that turns the device into an exit node relaying web-scraping jobs over the user's home internet connection |
| Reach | Mobile devices and connected TVs; researchers cite Bright Data's platform support and public partner list, including makers of smart-TV apps |
| Key findings | The peer channel carrying scraping jobs reportedly has no real authentication; on iPhones the traffic bypasses a configured VPN; loaded settings allow up to 200 GB of relayed traffic per month |
| Status | Single technical teardown awaiting broader independent confirmation; Bright Data says its exit nodes opt in through a consent screen |
How the SDK Works
According to the research, when an app carrying the SDK opens, it contacts one of Bright Data's servers, which hands over operating instructions without robustly verifying who is asking. From there, the server can direct the device to fetch pages from other websites over the user's home internet connection. In effect, the consumer device becomes an exit node: the outbound scraping requests appear to originate from an ordinary residential connection rather than a datacenter.
The researchers describe the channel that carries those scraping jobs as lacking the usual security checks — weaker, in their characterization, than the controls built into most malware. On iPhones specifically, they report the relayed traffic slips past a configured VPN, and that much of the SDK's activity does not surface in the tools security teams normally use to monitor app behavior. The device can reportedly keep relaying in the background while someone is watching the screen or on a call, as long as the battery is not low.
The research also flags a consent gap. In one Roku app named Petflix, the opt-in screen reportedly said the app would use the device and its connection "occasionally," while the settings the SDK loaded allowed up to 200 GB of relayed traffic a month — and in a few countries, including Uzbekistan and Oman, far higher, with the device cleared to keep working almost until the battery runs flat. The SDK can also reportedly tie a person's phone and computers running the same vendor's apps together as one user. The CyberSignal has not independently verified these per-app figures, which come from the single teardown.
Why Smart TVs Are the Perfect Exit Node
A connected TV is close to ideal for relaying scraping traffic. It is usually plugged in rather than running on a battery, sits on a fast home connection that is effectively unmetered, and spends long stretches switched on but unwatched — precisely the conditions a proxy operator wants in an exit node: stable power, abundant bandwidth, and an owner unlikely to notice background activity.
The smart-TV reach is where the evidence is thinner than the iOS teardown, and the researchers are explicit about that. Bright Data publishes its list of app partners on a public page that includes makers of smart-TV apps such as PlayWorks Digital, CloudTV, and Longvision. But the researchers caution that appearing on the partner list only shows a company worked with Bright Data at some point — not that its app ships the SDK today, and certainly not that any specific television is relaying traffic right now. Each app would have to be checked individually. The smart-TV framing rests on platform support and the partner list, layered on top of the directly observed iOS behavior.
The platform landscape has also shifted. Google, Amazon, and Roku have since moved to restrict background proxy SDKs, and Bright Data dropped those platforms, according to the reporting — though it is still listed as supporting Samsung's Tizen and LG's webOS, the operating systems behind two of the most common smart-TV brands.
The AI Industry's Hidden Data-Collection Layer
None of this is new in shape — only in scale, and in who is buying. Bright Data is the successor to Luminati, the paid proxy service that grew out of Hola VPN. In 2015, Hola was caught selling its free users' bandwidth as exit nodes through Luminati. The same business model now runs on the always-on box in the living room; what changed is the customer.
Anti-bot defenses from providers such as Cloudflare and DataDome block scrapers coming from datacenter IP addresses, so operators that need to scrape at scale route their traffic through residential connections instead — connections that look like ordinary people browsing the web. That demand has surged alongside the AI industry's appetite for fresh training data and for scraping that can bypass anti-scraping defenses. The pattern is not isolated to consent-based networks: Brian Krebs reported in October 2025 that proxies drawn from botnets such as Aisuru are fueling large-scale AI data harvesting, and Google said in January 2026 it had dismantled the criminal IPIDEA proxy network. Those operations hijack consumer devices outright; Bright Data says its exit nodes opt in through a consent screen. That consent is the line between the two — and whether it is meaningful is the open question. For a broader view of how the AI boom is reshaping both offense and defense online, see The CyberSignal's explainer on how AI is used in cyberattacks.
What Users and Platform Owners Can Do
According to the research, the relay traffic is straightforward to spot and block at the network level. On a home network, the simplest step is to block the web addresses the SDK uses to connect, using a router-level filtering tool such as Pi-hole or NextDNS. The researchers identify the main connection domains as proxyjs.brdtnet.com, proxyjs.luminatinet.com, proxyjs.bright-sdk.com, clientsdk.bright-sdk.com, and clientsdk.brdtnet.com, and say blocking them stops a device from acting as a relay without affecting Bright Data's paid service, which runs on separate addresses.
Organizations that manage staff phones can also scan their fleets for apps that carry the SDK. There is a catch: on a mobile connection, the relay traffic sidesteps office Wi-Fi, so a network-level block alone will not always catch it, and because Bright Data could change how the SDK connects, any blocklist needs ongoing maintenance rather than a one-time entry.
Open Questions and Ongoing Investigation
Several pieces of this story remain unconfirmed, and they matter to how seriously any individual household should take it. The research does not establish which specific apps embed the SDK today versus which merely appear on Bright Data's historical partner list, nor does it quantify how much relayed traffic flows through televisions specifically. It is not public whether Apple was notified about or reviewed the iOS SDK behavior, whether Bright Data's AI-industry customers are named or anonymous, or whether the user disclosure is buried in end-user license agreements or absent altogether. Bright Data's own response to the specific technical findings is not reflected in the reporting reviewed for this article.
The honest framing is that this is a single, detailed technical teardown corroborated by Bright Data's public materials and by earlier journalism, but not yet independently replicated at scale. The direction is clear — the residential-proxy economy is being pulled hard by AI-scraping demand, and consumer devices are the supply — but which devices, how much traffic, and how informed the consent really is are exactly the questions a wider round of investigation will need to settle. Until then, the prudent read is that the always-on screen in the living room is a plausible piece of someone else's scraping infrastructure, and that blocking the relay domains costs nothing to anyone who would rather it not be.
