Researchers scanned 6,038 smart‑TV apps on LG and Samsung, finding 2,058 that embed residential proxy proxy SDKs. The apps masquerade as clocks, fish tanks, or games, but route the TV’s home‑network traffic through third‑party servers. This hidden traffic lets companies monetize users’ IP addresses without visible ads.

Because smart TVs stay powered and connected for years, owners rarely audit them like PCs. A single consent prompt during setup can vanish behind the remote’s menu, after which the SDK continues to run. Bright Data, Massive, and Honeygain appear both as SDK providers and app publishers, turning the TV into a cheap proxy farm.

The risk extends beyond public‑IP theft. If a proxy permits private‑address traffic, a TV could expose router panels, NAS devices, or cameras to the internet. January 2026 reports show botnets using residential proxies to tunnel into local networks. Bright Data’s sample blocks common private ranges, but other SDKs lack such safeguards, leaving owners blind to potential breaches.

LG and Samsung have yet to issue a public policy against such SDKs, unlike Amazon’s Device Abuse Policy or Roku’s recent bans. Until manufacturers enforce stricter app‑review gates, consumers must rely on manual audits or third‑party scanners. The silent proxy network on smart TVs represents a growing security blind spot that can transform household devices into unintended VPNs.