According to Android Authority, Google has used a U.S. federal court order to shut down dozens of websites and backend systems belonging to a China-based firm called Ipidea. The company operated what Google believes is the world’s largest “residential proxy network,” which secretly turned millions of Android phones, computers, and smart devices into rented internet gateways. This happened when users installed free apps or games that contained hidden proxy code from Ipidea’s SDK. Google says its Play Protect system has now removed associated apps and blocked future installs, disconnecting an estimated nine million Android devices from the network. The takedown follows last year’s revelation that hackers exploited a flaw in this very network to hijack at least two million devices, creating a massive DDoS botnet called Kimwolf.
The Airbnb for your IPs
Here’s the thing: this wasn’t just some minor data leak. It was a whole infrastructure built on deception. The Wall Street Journal’s analogy of an “Airbnb for your phone’s internet” is spot-on, but with a critical twist: you never agreed to be a host. Your device’s IP address and bandwidth became a commodity, sold to whoever wanted to mask their traffic. That “whoever” could be anyone—from a sneaky advertiser to someone conducting outright criminal activity, all while making it look like it was coming from your living room. And the app developers? They were getting paid by Ipidea per install, creating a perverse incentive to bundle this junk into otherwise harmless-looking software.
A botnet waiting to happen
But the proxy risk was just the start. The real nightmare was that this centralized, covert network was a security catastrophe waiting for an exploit. Which, of course, happened. Last year, hackers didn’t just use the network; they took it over, weaponizing at least two million devices into the monstrous Kimwolf botnet. Researchers called it the most powerful they’d ever seen. Think about that. A single flaw in Ipidea’s code didn’t just expose data—it instantly created a digital artillery piece capable of knocking entire websites offline. That should send a chill down your spine. It turns your phone from a potential privacy leak into a potential cyber-weapon without your knowledge.
Skepticism and “legitimate use”
Now, Ipidea’s defense is the classic playbook move: “We oppose illegal activity; our services are for legitimate business.” They even admitted to WSJ that they used “aggressive” marketing in hacker forums but have since stopped. Come on. You don’t become the world’s largest residential proxy network by catering solely to above-board market researchers. When your entire business model relies on secretly turning consumer devices into infrastructure, and you market in shady corners of the web, the “legitimate use” claim rings hollow. Google and outside researchers are right—the risks to consumers and national security were simply too high. This wasn’t a grey area; it was a pitch-black one.
What this means for you
So, is your phone safe now that Google acted? Probably safer, but not safe. The takedown cuts off a major hub, but the underlying method—paying devs to slip shady SDKs into apps—isn’t going away. Another company will pop up. The advice remains boringly critical: be wary of free apps from unknown sources, especially utility tools, VPNs, or flashy games with too many ads. Audit your permissions and uninstall stuff you don’t use. This episode is a stark reminder that if an app is free, you and your device’s resources are very often the product being sold. And sometimes, you’re not just the product—you’re the unwitting infrastructure.
