Nearly Half of LG Smart TV Apps Contain Residential Proxy SDKs
5 hours ago
- #data-privacy
- #smart-tv-security
- #proxy-networks
- Nearly half of LG Smart TV apps (2,058 out of 6,038 scanned) contain proxies that sell users' IP addresses, with many appearing as harmless apps like screensavers or games.
- Smart TVs are ideal proxy hosts because they're rarely audited, stay online for years, and use one-time consent prompts that users may forget, creating a significant consent gap.
- Proxy SDKs are embedded in apps by proxy companies themselves (like Bright Data) to monetize internet connections quietly, often as the app publisher, making the IP address the product.
- Unlike Amazon and Roku, which ban such proxy services, LG and Samsung lack clear public policies, allowing these apps to thrive on webOS and Tizen platforms.
- Proxy apps pose security risks by potentially accessing private local network devices (e.g., routers, cameras) if filtering fails, as seen in botnets like Kimwolf.
- Methodology involved scanning actual app packages for SDK fingerprints, with proxy vendors emphasizing consent, KYC processes, and technical controls, but users lack verification means.
- Platforms should enforce clear policies, require transparent disclosure, and give users ongoing control, as one-time consent doesn't ensure understanding, especially with minors involved.