Google Shuts Down Network Secretly Running on Millions of Android Devices

Covert Network Used Millions of Devices as Internet Gateways

Technology giant Google, with a court order from a US federal court, has disabled a large-scale network that allegedly used millions of Android phones, computers, and smart devices as unauthorized 'internet gateways'. The network in question was operated by a China-based company called Ipidea and was described by Google as the world's largest 'residential proxy network'.

How Did the Proxy Network Operate?

Simply put, these types of networks allowed malicious actors to route their internet traffic through your device. This hid their real IP addresses, creating the impression they were connecting to the internet from your device. The Wall Street Journal described this system as 'an Airbnb for phone internet that the host never signed up for'.

The vast majority of users joined this network by downloading free apps, games, or desktop software that contained hidden proxy code. Once installed, the device would become an 'exit node', allowing others' traffic to pass through it. This situation carried the risk of your IP address being used to conceal suspicious or even criminal activities.

Android Play Protect Intervenes Automatically

Google stated that Android's built-in security protection, Play Protect, automatically warns users and removes apps when it detects they contain Ipidea SDKs (Software Development Kits). However, considering these SDKs were widely offered to developers and Ipidea paid per download, it was possible for users to unknowingly install risky applications.

With Google's move, it's reported that approximately nine million Android devices were removed from Ipidea's suspicious network and hundreds of apps linked to the company were taken down. Such security threats can also be precursors to large-scale cyberattacks that lead to alert fatigue in IT teams.

Previously Led to Kimwolf Botnet Attacks

The security risks of the Ipidea network are not new. Last year, cybercriminals exploited a vulnerability in millions of devices connected to this network, hijacking at least two million systems to create a massive botnet called 'Kimwolf'. Described by researchers as one of the most powerful botnets observed to date, Kimwolf was used for mass denial-of-service (DDoS) attacks to take websites offline.

A spokesperson for Ipidea, in a statement to the Wall Street Journal, claimed they are against all illegal activities and that their service is designed for legitimate business use. The spokesperson acknowledged using 'aggressive' marketing tactics in the past, including promotions on hacker forums, but said these practices have been stopped.

Experts Warn Users

Although Google's move has disabled a large portion of the Ipidea network, cybersecurity experts urge users to remain cautious. They recommend not downloading free apps and games from unknown sources, carefully reviewing app permissions, and removing unused or unrecognized applications. Similarly, responsible use of technology and security are critical for all digital ecosystems.

Google and independent researchers agree that the risks this network posed to consumers and even national security were too high to ignore. This incident once again highlights how rapid advancements in artificial intelligence and machine learning, while bringing extraordinary innovations, also bring new security and ethical challenges.