Bright Data SDK Weaponises Consumer Smart TVs as Covert Residential Proxies for Web Scraping
Bright Data embeds a reverse-engineered SDK in free consumer applications that converts devices, particularly always-on smart TVs, into unwitting exit nodes for its residential proxy network, enabling large-scale web scraping operations marketed to AI companies without explicit user consent.
Affected
Bright Data, the commercial successor to the Luminati proxy network, has implemented a systematic approach to building infrastructure by embedding a custom SDK into free consumer applications. Reverse-engineering of this SDK reveals that it silently converts user devices, particularly always-on smart TVs which provide reliable, persistent exit nodes, into relay points for web-scraping traffic. This is not accidental resource consumption but rather a deliberate architectural choice that treats end-user devices as distributed infrastructure without meaningful informed consent.
The technical mechanism involves the SDK intercepting and forwarding HTTP requests from Bright Data's customers through the host device's network connection. A smart TV running such an app becomes a quasi-transparent proxy node, contributing bandwidth and IP reputation to Bright Data's claimed "largest residential proxy network in the world." The business model monetises this by selling access to these exit nodes to organisations conducting large-scale data harvesting, predominantly for AI training datasets. Users receive free or subsidised applications in exchange for donating their device's network resources, but the extent of usage and the commercial value extracted remains opaque.
The supply-chain risk is substantial. App store curation processes apparently failed to identify or enforce disclosure of this behaviour. iOS applications subject to App Store review guidelines should trigger red flags when they contain SDKs that exfiltrate traffic or repurpose device resources at scale, yet this infrastructure persists. Similarly, smart TV manufacturers and operating system providers have not implemented meaningful controls to restrict applications from becoming network relays. Any organisation using Bright Data's proxies remains exposed to the risk that exit node behaviour is not actually generated by willing participants but rather by unknowing device owners whose terms of service may not clearly articulate the scope of proxy operation.
Defenders and device manufacturers should: audit installed applications for known proxy or data harvesting SDKs; enforce stricter app store policies requiring explicit disclosure when applications route external traffic through user infrastructure; implement network monitoring to identify devices unexpectedly relaying traffic to third-party endpoints; and consider OS-level controls that restrict SDK permissions for network interception. For organisations using residential proxies, vendor due diligence should include verification that participating nodes have been enrolled with informed, explicit consent and that proxy usage logs are transparent to the device owner or operator.
This case illustrates a broader failure of platform governance: application store reviews focus on malware and privacy leaks to the app developer but ignore the weaponisation of user infrastructure itself. The monetisation of consumer device networks for commercial scraping is not unique to Bright Data, but its scale and the apparent invisibility of the practice within app stores suggests the problem is systemic rather than an isolated bad actor.
Sources