Free Smart TV Apps Turn Devices Into Residential Proxies for AI Scraping, Researchers Say
9 min. read 
Published on
Free apps on smart TVs and mobile devices can turn consumer hardware into residential proxy nodes for web scraping, according to new research from Include Security and independent researcher Buchodi.
The Include Security research focuses on Bright Data’s SDK, a software kit that app developers can embed as a monetization option. When enabled, the SDK can use a user’s IP address and internet connection to fetch public web data for Bright Data’s proxy network.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
The finding matters because smart TVs are often plugged in, connected to Wi-Fi, and left unattended for long periods. That makes them attractive exit nodes for residential proxy traffic, especially as AI companies and data providers look for ways to collect public web content at scale.
How the Bright Data SDK fits into free apps
Bright Data says its SDK gives app users a choice: see ads or opt in to share idle device resources as part of the Bright Data network. In its residential IP explanation, the company says users can opt out at any time and that the SDK does not collect user data.
Researchers argue that the consent experience can still be weak on connected TVs. A TV remote makes long notices harder to read, and users may not fully understand that their home internet connection could carry third-party web scraping traffic.
The Hacker News reported that Bright Data disputes the way the issue has been described. The company said its opt-in screen is explicit, names Bright Data, links to its privacy policy and license, and lets users opt out while continuing to use the app.
| Area | What researchers found | Why it matters |
|---|---|---|
| Smart TVs | Connected TVs can act as residential proxy exit nodes | They are often always connected and lightly monitored |
| Consent | Researchers say TV-based consent can be hard to understand | Users may not realize how their connection will be used |
| Network traffic | The SDK can relay public web requests through a home IP address | The traffic appears to come from the user’s internet connection |
| Detection | Researchers identified SDK-related domains and app binary indicators | Consumers and enterprises can block or monitor the behavior |
Why smart TVs are useful as proxy nodes
Smart TVs have several traits that make them useful for proxy networks. They usually stay at the same home IP address, use broadband rather than mobile data, and remain connected even when nobody actively watches them.
The The Verge previously reported that Bright Data’s SDK appeared in some smart TV apps and that platform policies had started to shift against background proxy SDKs. The report said Bright Data no longer supported Roku, Android TV, and Fire TV after policy changes, while Samsung Tizen and LG webOS remained listed as supported smart TV platforms.
Bright Data still maintains a Samsung Tizen SDK page that includes documentation for developers. The page includes questions about app revenue, platform support, TV behavior, and whether an app can generate money while a Samsung TV is turned off.
The research found technical monitoring concerns
Include Security said the SDK opened a persistent peer tunnel and used infrastructure tied to Bright Data’s older Luminati branding. Researchers also said the SDK’s traffic left detectable network fingerprints through domains related to brdtnet.com and luminatinet.com.
The researchers also found that the iOS version could bind traffic to a physical Wi-Fi or cellular interface. In their testing, that meant the peer tunnel did not cross a configured VPN, even though other app traffic did.
That behavior is important for enterprise security teams. A company may think mobile traffic passes through a VPN or inspection layer, but some SDK traffic may use a different network path if the app and operating system allow it.
- Consumers may see higher bandwidth use if a participating app relays traffic.
- Home IP addresses may appear in third-party scraping logs.
- Enterprise teams may miss traffic that bypasses VPN-based inspection.
- Smart TV app stores may need clearer rules for proxy SDK disclosures.
Bright Data says the network is opt-in
Bright Data presents the SDK as a consent-based alternative to advertising. In its Trust Center, the company says users voluntarily opt in, can opt out, and share idle resources in exchange for a smoother or ad-free app experience.
Bright Data also says its SDK focuses on public web data and does not collect personal data or browsing history. In updated coverage, the company said the SDK reaches only approved domains, uses only the device’s IP address, and runs on average around 50 MB per day on Wi-Fi.
The company also points to compliance reviews and third-party audits. Still, the debate is not only about whether consent exists. The harder question is whether the average smart TV user clearly understands the trade-off when accepting a free app’s monetization prompt.
| Bright Data’s position | Researchers’ concern |
|---|---|
| Users opt in and can opt out | TV consent dialogs may not explain the proxy role clearly enough |
| The SDK uses public web data requests | The user’s home IP still carries third-party scraping traffic |
| The SDK does not collect browsing history | Device status and network behavior still create monitoring concerns |
| Apps can use the SDK as an ad alternative | Users may not expect a free TV app to monetize their bandwidth |
App partner lists need careful interpretation
The research identified a Bright Data partner manifest that included several companies tied to connected TV, mobile, and app ecosystems. However, Include Security warned that the manifest should not be read as proof that every currently shipping app from every listed publisher contains the SDK.
That distinction matters. A partner list can show that an integration existed or may have existed, but confirming whether a specific current app contains the SDK requires per-app verification.
According to earlier reporting, major TV platforms have already tightened rules around proxy SDKs. Google, Amazon, and Roku introduced policies that limit or ban background proxy behavior in apps, while Samsung and LG drew continued attention because Bright Data’s materials still referenced their TV platforms.
How users can reduce the risk
Consumers should start by reviewing free apps installed on smart TVs, especially games, screensaver apps, and free streaming-style apps that ask users to accept alternative monetization terms.
Users can also check router-level DNS logs for traffic to domains linked to Bright Data’s SDK. Security researchers named brdtnet.com, luminatinet.com, bright-sdk.com, and related subdomains as useful detection points.
For households, blocking known SDK hostnames at the router, through a DNS filtering tool, or through a parental-control DNS service can reduce unwanted proxy behavior. Users should also uninstall TV apps they do not recognize or no longer use.
- Review free smart TV apps and remove anything unnecessary.
- Read consent prompts before choosing an ad-free or fewer-ads option.
- Check router DNS logs for unusual proxy-related domains.
- Use router-level DNS filtering for devices that lack local security tools.
- Keep smart TV firmware and apps updated.
Enterprise teams should look beyond laptops
For companies, the issue goes beyond living-room TVs. The same SDK model can appear in mobile apps, desktop apps, and unmanaged devices that connect to business networks.
Enterprise teams should monitor DNS and TLS metadata for Bright SDK-related traffic, especially from corporate phones or devices that handle sensitive work. Include Security also recommended scanning managed devices for app binary symbols tied to the SDK.
Bright Data’s own description says the SDK works when a user opts in, the device is connected to the internet, and the device is idle and plugged in or above a battery threshold. Security teams should not assume this behavior only affects consumer televisions.
Why AI scraping changed the stakes
Residential proxies are not new, but AI has made large-scale public web collection more valuable. Scrapers that use data center IP addresses often run into anti-bot systems, rate limits, and blocks. Residential IP addresses can make automated requests look more like normal household traffic.
Bright Data says its network supports legitimate use cases. The company’s ethical data practices page says SDK usage goes through compliance, security, and partner reviews.
Still, smart TV users may not expect a free app to participate in the AI data supply chain. The controversy now centers on transparency, consent design, and whether platform owners should allow background proxy SDKs in apps whose main purpose has nothing to do with proxy services.
What smart TV owners should watch next
Samsung and LG users should pay close attention to app permissions, app updates, and unusual router activity. Bright Data’s developer documentation shows that connected TV support has been part of the company’s SDK strategy, even as other platforms have tightened their rules.
The key takeaway is simple: free apps may not only show ads or collect viewing analytics. Some may also monetize device resources and home internet access through proxy networks.
Users who want the safest option should remove unknown free TV apps, avoid vague consent prompts, and block proxy-related domains at the router. Platform owners and app developers should make any bandwidth-sharing model clear before a user agrees to it.
FAQ
Researchers found that some apps using Bright Data’s SDK can turn smart TVs and other devices into residential proxy nodes. That means the device can relay public web data requests through the user’s home internet connection when the SDK is enabled.
The research does not describe a Samsung or LG TV hack. It focuses on apps and SDK integrations that can use a device as part of a residential proxy network after a user accepts a consent flow.
A residential proxy routes internet requests through a real household IP address instead of a data center IP address. Companies use this for web scraping, testing, ad verification, and other data collection tasks, but it can raise privacy and transparency concerns when consumer devices supply the IP address.
You can review installed apps, check your router’s DNS logs, and look for traffic to domains associated with Bright Data’s SDK, such as brdtnet.com, luminatinet.com, and bright-sdk.com. Removing unused free apps and using router-level DNS filtering can reduce the risk.
Yes. Bright Data says its SDK is opt-in, that users can opt out, and that it does not collect personal data or browsing history. Researchers argue that the consent experience may still be unclear for many smart TV users.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages