34% of LG and Samsung TV Apps Hide Residential Proxy SDKs

Your smart TV might be moonlighting as a proxy server. Research from Spur Intelligence reveals that 34.1% of apps on LG and Samsung smart TV platforms embed residential proxy SDKs, silently routing third-party traffic through home networks without meaningful user awareness.

The researchers scanned 6,038 apps across LG webOS and Samsung Tizen platforms. Of those, 2,058 contained residential proxy software—code that lets paying customers route web requests through your home IP address while you watch Netflix.

The Numbers

The prevalence varies significantly by platform:

• LG webOS: 42.5% of apps contain proxy SDKs
• Samsung Tizen: 26.9% of apps contain proxy SDKs

The primary vendor behind this infrastructure is Bright Data, a data-collection company that markets access to "150M+ residential IP addresses" sourced through its consent-based SDK program. The company embeds proxy functionality inside free apps, offering developers monetization in exchange for routing traffic through user devices.

How It Works

Smart TVs make ideal proxy endpoints for several reasons. They're always connected, rarely powered off completely, and sit behind residential IP addresses that are harder for websites to block than datacenter IPs.

When a user installs an app containing the Bright Data SDK, the proxy functionality activates in the background. Traffic from Bright Data's paying customers—typically companies performing web scraping, price monitoring, or ad verification—gets routed through the TV's network connection. The traffic appears to originate from a residential broadband subscriber, evading detection systems designed to block bot traffic.

The exchange is framed as consensual: users get free app content, developers get revenue, and Bright Data gets proxy endpoints. But the consent mechanism is buried in terms of service that virtually no one reads, and the security implications extend far beyond the individual TV.

The Real Risk

In January 2026, KrebsOnSecurity reported on Kimwolf, a botnet that exploited residential proxy networks to tunnel into local networks behind proxy endpoints. Attackers used proxy access not just for public-web traffic, but to reach devices on the same LAN as the proxy node.

This transforms a privacy nuisance into a security threat. Your smart TV becomes a potential entry point into your home network—not because the TV itself was hacked, but because it legitimately routes external traffic through your router as part of its normal operation.

The attack surface expands further when considering what else sits on a typical home network: work laptops, IoT devices, network storage with personal files. A proxy endpoint on the TV provides a foothold that traditional perimeter security never anticipated.

Who's Responsible

Bright Data maintains that its SDK requires explicit consent and operates transparently. The company argues that users who install apps with proxy functionality have agreed to the arrangement, even if they didn't read the terms carefully.

But the consent model strains credibility when 42% of LG TV apps include this functionality. Users installing a weather app or streaming widget have no reason to expect they're also enrolling their home network in a commercial proxy service.

App store operators face pressure to enforce clearer disclosure. Currently, neither LG nor Samsung requires prominent labeling of apps that include residential proxy SDKs. The proxy functionality hides behind generic permissions like "network access"—technically accurate but practically useless for informed consent.

Detection and Mitigation

Identifying affected apps is difficult without reverse-engineering each installation. Some indicators:

• Unusual network activity when the TV is idle
• Higher-than-expected bandwidth usage without corresponding content consumption
• Unknown outbound connections visible in router logs

For users concerned about their exposure, the most reliable mitigation is network segmentation. Place smart TVs on a separate VLAN or guest network, isolating them from devices containing sensitive data. This doesn't prevent the proxy traffic, but it limits what an attacker could reach if they pivoted through a proxy connection.

Organizations with employees working from home should consider this attack surface when assessing remote work security. The BYOD risks we covered with browser extensions extend to home network devices that enterprise security teams have no visibility into.

Why This Matters

The smart TV proxyware discovery illustrates a broader tension in consumer technology: free apps aren't free. When developers need revenue and users won't pay, the alternative is often monetizing access to user resources—whether that's attention (ads), data (tracking), or infrastructure (proxy traffic).

The security implications compound as these arrangements scale. With millions of smart TVs potentially serving as proxy endpoints, the residential proxy market gains infrastructure that's difficult to map, harder to block, and legally ambiguous to challenge.

For readers wanting to understand how threat actors exploit this type of infrastructure for credential theft and account compromise, our phishing examples guide covers how residential proxies help attackers evade geographic and behavioral detection.