A newly published security analysis has raised concerns about how Bright Data’s software development kit (SDK) operates within consumer applications. According to researchers, the SDK can transform devices such as smartphones and smart TVs into residential proxy nodes that relay web-scraping traffic for Bright Data’s commercial data collection network.
The findings suggest that users who install apps containing the SDK may unknowingly contribute their internet bandwidth and home IP addresses to large-scale web scraping operations, many of which serve organizations involved in artificial intelligence and data gathering.
How the Bright Data Network Works
Bright Data, formerly known as Luminati, operates one of the world’s largest residential proxy networks. The company advertises access to hundreds of millions of residential IP addresses, allowing customers to route internet traffic through real consumer devices rather than traditional data center servers.
Researchers found that devices running apps integrated with Bright Data’s SDK can receive instructions from Bright Data’s infrastructure and be used to retrieve content from websites. As a result, web requests appear to originate from a user’s home internet connection rather than from the paying customer conducting the scraping operation.
This setup makes residential devices particularly valuable because websites often trust traffic from residential IP addresses more than traffic coming from cloud hosting providers.
Why Smart TVs Are Attractive Targets
Smart TVs present an ideal environment for residential proxy services. Unlike smartphones, they typically remain connected to power, operate on high-speed internet connections, and often stay online for extended periods.
Because many users rarely monitor network activity on their televisions, these devices can function as persistent proxy endpoints without drawing attention. Researchers note that always-on devices provide a stable infrastructure for routing web requests around the clock.
Security Concerns Raised by Researchers
The investigation focused primarily on the iOS version of Bright Data’s SDK. Researchers claim that communication channels used to deliver scraping tasks lack strong authentication controls, potentially allowing instructions to be issued without comprehensive verification.
Additional findings suggest that some traffic generated by the SDK may bypass VPN configurations on iOS devices. Researchers also reported that much of the SDK’s activity may not appear in standard monitoring tools commonly used by security teams.
According to the analysis, devices can continue processing proxy traffic in the background even while users are actively using their phones, provided battery-saving restrictions do not intervene.
Questions About User Consent
One of the central concerns highlighted in the report involves the gap between user-facing consent screens and the SDK’s operational capabilities.
In one cited example involving a Roku application, users were informed that their device and internet connection would only be used “occasionally.” However, researchers claim the SDK configuration permits significantly higher bandwidth usage, potentially reaching hundreds of gigabytes per month under certain settings.
The report also states that the SDK can associate multiple devices belonging to the same user when they run applications from the same publisher, allowing activity to be grouped under a single profile.
Bright Data maintains that participation in its network is based on user consent through opt-in mechanisms. However, researchers argue that the clarity and scope of that consent deserve closer examination.
The Evolution of the Residential Proxy Industry
The business model itself is not new. Bright Data traces its roots to Luminati, a service that emerged from the Hola VPN ecosystem. More than a decade ago, controversy arose when users discovered that bandwidth from free VPN users was being sold as part of a commercial proxy network.
Today, demand for residential proxies has increased significantly due to the rise of AI training and data collection operations. Many websites use advanced anti-bot systems to block scraping traffic originating from cloud servers, making residential IP addresses more valuable than ever.
As a result, companies seeking large-scale data collection increasingly rely on residential proxy networks to access publicly available web content.
Platform Restrictions and Industry Response
Major technology platforms have begun tightening restrictions on applications that use background proxy functionality.
Google, Amazon, and Roku have reportedly introduced measures limiting such SDK behavior, prompting Bright Data to discontinue support for some of those platforms. However, researchers note that support remains available for certain smart TV operating systems, including Samsung’s Tizen and LG’s webOS.
The findings have reignited discussions about transparency, informed consent, and the responsibilities of app developers that integrate third-party monetization SDKs.
How Users Can Protect Their Networks
Users concerned about residential proxy activity can take several steps to reduce potential exposure.
Monitoring installed applications and reviewing permission settings is a good starting point. Network-level filtering solutions such as Pi-hole or NextDNS can also be configured to block domains associated with Bright Data’s SDK infrastructure.
Organizations managing employee devices may consider scanning applications for embedded SDK components and implementing additional monitoring controls. However, security experts note that mobile network traffic may bypass traditional corporate network protections, making comprehensive visibility more challenging.
As residential proxy networks continue to grow alongside AI-driven data collection, transparency around how consumer devices are used will likely remain a major topic within the cybersecurity community.
