9 Million Android Devices Hijacked in Secret Proxy Network

Google announced that it has shut down what the company describes as the world’s largest residential proxy network. Chinese company IPIDEA is believed to be behind the network and, according to Google, around nine million Android devices were hijacked, along with computers and smart home products. The revelation was first reported by our sister publication PC-Welt.

The hijacking took place via hidden code libraries, known as SDKs, which were built into over 600 free apps and programs. When the apps were installed, the user’s device could be secretly used as an exit node in a proxy network.

This enabled cybercriminals to hide their identity, forward traffic and carry out denial-of-service (DoS) attacks, for example, without the owner noticing anything.

Thomas Deehan / Foundry

With the support of a federal court ruling in the United States, Google shut down IPIDEA’s websites and underlying systems. According to Google, this put a stop to further abuse.

At the same time, the company warns that apps from third-party stores pose a particularly high risk. Google’s own protection, Play Protect, should be able to detect and block these types of hidden SDKs, but only in apps installed via the Play Store.

IPIDEA claims that the service was intended for legitimate business purposes, but admits that the network has been abused by criminal actors.

How to protect yourself and your device

• Be wary of apps offering payment in return for sharing your unused bandwidth or your internet.
• Only download apps from official stores.
• Check the permissions requested by apps, VPNs and proxies.
• Make sure you use Google Play Protect to check your apps.
• Only buy set top boxes and other smart home devices from reputable manufacturers.