New research found that 2,058 of 6,038 apps across the LG webOS and Samsung Tizen ecosystems included residential proxy SDKs, effectively turning smart TVs into exit nodes for third-party internet traffic.
On screen, these apps look like harmless fish tanks, clocks, solitaire games, and puppies. However, under the hood, they operate as nodes in commercial residential proxy networks.
Smart TVs are ideal targets because they share home networks with other devices yet receive little security scrutiny, and their always-on nature allows abuse to go unnoticed for years without obvious signs like battery drain or visible background activity.
Spur emphasizes that this changes the consent equation; most users have no practical mental model for what it means to sell access to their residential IP. A single prompt navigated with a remote can disappear into the setup flow while the proxy keeps running indefinitely.
The economic driver is straightforward. Many of these apps are designed to be quiet, ambient, or minimally interactive, where traditional advertising would ruin the experience.
LG & Samsung TV Apps Selling IP Addresses
By embedding a proxy SDK, developers can keep the app looking clean and ad-free while monetizing the TV’s connection in the background. In some cases, this trade-off is made explicit.
Spur highlights a Pac-Man app on Tizen that frames Bright Data’s SDK as the ad-free option; decline, and you keep an ad-supported game; accept, and the app uses your TV’s network connection for web indexing.
This creates a monetization fork where the choice is effectively between watching ads or letting the app turn your IP address into part of a proxy network.
Spur’s dataset also shows that this is not only a story of independent developers integrating third-party monetization. In many instances, the proxy company itself, or an entity using its name, appears to be the publisher.
Bright Data, Bright Data Ltd, and Bright SDK together account for 367 proxy-flagged apps in the sample. At the same time, Honeygain UAB, a subsidiary of Oxylabs, appears as a publisher on additional apps.
Spur argues that these look less like ordinary apps that happen to embed a monetization SDK and more like first-party proxy inventory: thin games, screensavers, and utilities produced at scale so the SDK has somewhere to run.
Amazon’s Device and System Abuse Policy explicitly bans apps that facilitate proxy services for third parties, and Roku has reportedly blocked Bright SDK and similar proxy services, with affected apps disappearing from its store after scrutiny.
LG and Samsung, by contrast, have not published equivalent restrictions, leaving a regulatory gap that allows these proxy-enabled apps to proliferate on webOS and Tizen.
Spur warns that once a TV app can act as a proxy, the risk extends beyond someone “borrowing” your public IP.
Because the app runs on the home network, any weakness or change in the proxy provider’s filtering and policy enforcement could turn that TV into a foothold for reaching internal systems such as routers, NAS devices, printers, cameras, and developer machines.
The investigation concludes that smart TV platforms need clear policies for residential proxy SDKs, prominent disclosures, and meaningful user controls.
At the same time, consumers must recognize that even “boring” TV apps can quietly enroll their home networks in commercial proxy infrastructure powered by companies identified in Spur’s research.
