Researchers have discovered that nearly half of all apps available on LG Smart TVs include residential proxy SDKs, a finding that raises significant privacy and security concerns for millions of households. The study, which analyzed hundreds of applications from LG's content store, found that these software development kits can redirect internet traffic through users' home networks without their knowledge.

A residential proxy SDK allows app developers to route network requests through the IP addresses of real home internet connections. This makes the traffic appear as if it originates from ordinary consumers rather than data centers. While these tools have legitimate uses such as content delivery testing, their presence in smart TV apps is often tied to ad fraud, geo-spoofing and data harvesting.

The Scope of the Problem

The analysis covered more than 1,000 apps across LG's Smart TV platform. Of those, approximately 45 percent contained at least one residential proxy SDK. The most common SDKs identified include those from Luminati, Oxylabs and Smartproxy, all companies known for providing residential proxy networks. Many of these apps had millions of downloads each, meaning a large number of LG TV owners are likely affected.

Smart TVs are particularly attractive targets for such SDKs because they remain connected to the internet constantly and are rarely restarted. This allows the proxy software to operate persistently, using the home's IP address for extended periods. The device's always on nature also makes it harder for users to detect unusual network activity.

Why This Matters

For consumers, the presence of these SDKs means their home internet connection may be used to mask fraudulent or otherwise suspicious online activity. This can lead to a variety of consequences:

  • IP Blacklisting: If the IP address is used for spam or malicious campaigns, it could be blocked by websites and services, preventing legitimate access to email, banking or streaming platforms.
  • Bandwidth Drain: Proxy traffic consumes data bandwidth, potentially slowing down other internet activities and increasing costs for households with data caps.
  • Legal Exposure: Users could inadvertently become participants in fraud schemes, risking legal scrutiny if law enforcement traces illegal traffic back to their home IP.

Beyond individual impacts, the widespread adoption of residential proxy SDKs in consumer electronics highlights a broader industry trend: the commodification of home networks as infrastructure for ad tech and cybercrime. Regulators have begun to take notice, with the Federal Trade Commission and European data protection authorities examining similar practices in mobile apps and IoT devices.

What LG and App Developers Should Do

The burden of responsibility falls on both the platform owner and third party developers. LG has a content review process for its app store, but these SDKs were apparently approved despite their data collection capabilities. Greater transparency and stricter enforcement of privacy policies could help. For app developers, the use of such SDKs without clear disclosure to users violates most app store guidelines and may run afoul of data protection laws such as the GDPR and CCPA.

Consumers can take some steps to protect themselves. Regularly reviewing app permissions, monitoring network traffic for unusual connections and keeping the TV firmware updated are advisable. However, without a comprehensive audit of every app's code, users have limited visibility into what these SDKs are doing. The discovery serves as a reminder that smart TVs are not just entertainment devices but also networked computers capable of transmitting data in ways that may surprise their owners.