1. Home
  2. / Science and Technology
  3. / Your Cell Phone Seemed Normal, But It Was Being Used By Others Worldwide: Google Unravels Technical Scheme That Turned Over 9 Million Android Devices Into Hidden Residential Internet Proxies
Reading time 3 min of reading Comments 0 comments

Your Cell Phone Seemed Normal, But It Was Being Used By Others Worldwide: Google Unravels Technical Scheme That Turned Over 9 Million Android Devices Into Hidden Residential Internet Proxies

Written by Caio Aviz
Published on 05/02/2026 at 01:26

Science and Technology

Google News
Celular Android exibindo rede de conexões enquanto operação do Google monitora e desmonta esquema global de proxy oculto em aplicativos
Imagem ilustrativa representa a investigação do Google que identificou milhões de celulares Android usados como proxies ocultos por meio de aplicativos comuns.
  • Reação
  • Reação
  • Reação
  • Reação
  • Reação
  • Reação
10 pessoas reagiram a isso.
Reagir ao artigo

Google-Led Investigation Reveals How Common Apps Exploited Phones to Relay Third-Party Data Without User Consent in One of the Largest Operations Ever Identified on Android

A globally impactful technical operation was recently revealed after months of in-depth analysis. Since 2025, experts from Google identified the largest dismantling ever recorded of a residential proxy network based on Android devices, affecting over 9 million phones in different countries.

Initially, the traffic appeared normal. However, progressively, the investigation showed that millions of devices were being used, silently, as relay points for third-party data, without any knowledge on the part of the users.

According to the technical findings, the infrastructure was linked to the Chinese company IPIDEA, which was indicated as responsible for the development and distribution of the system that supported the operation.

ARTICLE CONTINUES BELOW
See also
Recomendado para você
macaé energy Plataforma FPSO offshore com estrutura industrial de petróleo e gás em alto-mar destacando integração energética e novos projetos de FPSOs
Oil and Gas

Major Oil, Gas, and Energy Event Will Take Place in Brazil: Macaé Energy Will Gather Petrobras, Equinor, Prio, Among Other Suppliers and Energy Executives for Business, Networking, and Employment Opportunities

The Technical Agenda and the Fair in the City of Macaé Should Boost Discussions on Investments, Energy Transition, and Development of the Oil, Gas, and Energy Chain in the National...
Paulo Nogueira
1

Technical Structure Exploited Common Apps

First, IPIDEA inserted software development kits (SDKs) into hundreds of free apps, such as simple games and widely distributed utility tools. Then, after installation, the phones began to route external traffic, working as internet exit nodes.

In this way, the real identity of those sending the data was masked, while the traffic appeared to come from legitimate residential connections. Additionally, since the system utilized permissions already present in the Android architecture, it did not exhibit classic infection behaviors.

Consequently, it did not behave like traditional malware, making its identification by conventional security systems more difficult and extending its presence on devices.

Why the System Remained Invisible for So Long

Initially, the data volume seemed compatible with normal use. However, over time, Google researchers observed anomalous traffic coming from common residential IP addresses, which triggered internal technical alerts.

From this point on, deeper analyses revealed that the system operated in a grey area of digital security, where advanced technical practices did not immediately exceed the legal limits of malicious code.

However, still in 2025, the scenario worsened. The infrastructure of IPIDEA was hacked by criminals, who took control of the system and created the Kimwolf botnet, later used in distributed denial-of-service (DDoS) attacks.

Why Industries Are Leaving the Capitals, Avoiding High Urban Costs and Transforming the Interior of Brazil into the New Center of Factories, Jobs, and Investments?

Investigation Identifies Hundreds of Affected Apps

During the investigation, Google identified over 600 apps containing the IPIDEA code. In response, Play Protect was updated to automatically block these libraries within the official store.

Despite this, experts warn that users who install apps through alternative stores or APK files remain vulnerable. In this context, the origin of the app became a critical risk factor.

Furthermore, the case highlights how apparently legitimate data network and analysis operations can evolve into unauthorized exploitation, without adequate transparency to the end user.

Alert on Mobile Security and Digital Privacy

Digital security experts have been reinforcing, since 2025, a clear guideline: downloading apps from outside official sources significantly increases risks to privacy and the integrity of the home connection.

According to technical analyses, installing apps from unknown sources amounts to taking unnecessary risks with personal data and network infrastructure, as invisible functions may operate in the background for extended periods.

In light of this episode, which exposed structural flaws in the modern mobile ecosystem, to what extent do digital convenience and silent exposure still go hand in hand in users’ routines?

Inscreva-se
Notificar de
guest
0 Comentários
Mais recente
Mais antigos Mais votado
Feedbacks
Visualizar todos comentários
Tags
Caio Aviz

Escrevo sobre o mercado offshore, petróleo e gás, vagas de emprego, energias renováveis, mineração, economia, inovação e curiosidades, tecnologia, geopolítica, governo, entre outros temas. Buscando sempre atualizações diárias e assuntos relevantes, exponho um conteúdo rico, considerável e significativo. Para sugestões de pauta e feedbacks, faça contato no e-mail: avizzcaio12@gmail.com.

Share in apps
0
Adoraríamos sua opnião sobre esse assunto, comente!x