The researcher adapted the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including the ever-present smart TVs, into gateways that transmit business web traffic for data Bright Data Markets is the best in the AI industry.
The company, which succeeded Luminati, operates what it calls the largest residential proxy network in the world, with more than 400 million residential IPs advertised. Part of that offer comes from this SDK, moved within the free apps behind the login screen and described as a pool of 150 million licenses and IPs.
The findings, published on June 5 by security firm and independent researcher Buchodi, are significant because the scrubbing is from the user’s home IP, not the customer’s. The current risk is not a hacked account or stolen data; that the home connection and its bandwidth are used as someone else’s scraping infrastructure.
Connected TV comes close to qualifying for that: it’s often connected, with a fast connection, poorly calibrated, and unwatchable.
Deep technical evidence from the iOS SDK; smart-TV access is based on the support of the Bright Data platform, in its list of public partners, and previous reporting. Research has found that the peer channel that handles the scraping operations has no real authentication, and on iOS, its traffic goes through the configured VPN.
Inside the tunnel is a peer
When the application is opened, the SDK contacts one of the Bright Data servers, which gives its instructions without checking who is asking. From there, the server can tell the device to go and download pages from other websites, using the user’s home internet connection to do it.
The researcher found that the channel running those operations lacked standard security checks, and described it as weaker than the controls built into the malware.
On iPhones, the researcher found that this traffic bypasses the VPN, and that much of what the app does is invisible to the tools that security teams typically use to monitor apps. The device can also continue transmitting in the background while someone is watching the screen or on the phone, as long as the battery is not low.
The clearance gap
The login screen does not match what the SDK allows. On Roku’s other app, Petflix, the screen said it would use the device and its connection “occasionally.”
The settings uploaded by the SDK allow up to 200 GB of traffic per month. In a few countries, including Uzbekistan and Oman, the limits are set much higher, and the device is cleared to continue working almost until the battery runs low. The SDK can also integrate a person’s phone with computers running the same company’s applications, treating them as a single user.
Bright Data publishes its list of program partners on a page that can be accessed by anyone, and includes smart-TV app makers such as PlayWorks Digital, CloudTV, and Longvision. The researcher notes that being on the list only indicates the company that worked with Bright Data at a certain time, not that its operating system includes the SDK today. Each will need to be tested individually.
An old model, driven by AI demand
None of this is new in form, only in scale. Bright Data is the successor to Luminati, a paid proxy service that spun off from Hola VPN. In 2015 Hola was caught selling its free users’ bandwidth as Luminati exit nodes, for $20 per gigabyte. The same model now works in an open box in the living room.
What has changed is the consumer. Anti-bot protections from Cloudflare, DataDome, and others block scrapers from datacenter IPs, so AI scrapers route through residential connections instead.
Krebs reported in October 2025 that proxies from botnets like Aisuru fueled AI data harvesting on a large scale, and Google dismantled the IPIDEA proxy network for hackers in January. Those activities hijack consumer devices; Bright Data says its exits go through a consent screen. That concession is a line between the two, and whether it makes sense is an open question.
Lowpass, produced by The Verge, first revealed the smart-TV angle in February, and this is a breakdown of the technology. Google, Amazon, and Roku have since limited backend proxy SDKs, and Bright Data has abandoned those platforms, though it still counts Samsung’s Tizen and LG’s webOS.
What to do
It is easy to detect and block traffic. On a home network, a simple step is to block the web addresses that the SDK uses to connect, with a router-level tool like Pi-hole or NextDNS.
The main ones are proxyjs.brdtnet.com, proxyjs.luminatinet.com, proxyjs.bright-sdk.com, clientsdk.bright-sdk.com, and clientsdk.brdtnet.com. According to research, blocking this stops the device from acting as a relay without affecting Bright Data’s premium service, which operates on separate addresses.
Companies that own employee phones can also scan apps that run the SDK. One catch: on a mobile connection, the traffic sidesteps the Wi-Fi office, so the network block alone will not always catch it. Light Data may also change how the SDK connects in the future, which could mean any blocklists need to be updated.
