Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the AI industry.

The company, the successor to Luminati, operates what it calls the largest residential proxy network in the world, advertised at more than 400 million residential IPs. Part of that supply comes from this SDK, shipped inside free apps behind an opt-in screen and described as a consent-sourced pool of 150 million-plus IPs.

The findings, published June 5 by Include Security and independent researcher Buchodi, matter because the scraping comes from the user's home IP, not the customer's. The immediate risk is not a hacked account or stolen data; it is that a home connection and its bandwidth get used as someone else's scraping infrastructure.

A connected TV is close to ideal for that: usually plugged in, on a fast connection, effectively unmetered, and unwatched.

The deepest technical evidence is from the iOS SDK; the smart-TV reach rests on Bright Data's platform support, its public partner list, and earlier reporting. The research found the peer channel that carries scraping jobs has no real authentication, and on iOS, its traffic bypasses a configured VPN.