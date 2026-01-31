Google has taken a huge leap forward in better securing millions of Android phones around the world. The company did so by disrupting what it calls the "largest residential proxy network in the world," a proxy network known as IPIDEA. Google reported in a new blog post that an order issued by a U.S. federal court has taken down dozens of different domains that helped power the IPIDEA backend.

The network, which was previously flagged for letting the malicious Kimwolf botnet use around 2 million of its devices, is believed to have infected millions of devices around the world through the installation of free games, VPN apps, and even desktop software that had the IPIDEA SDKs (software development kits) running within them. It has gained widespread distribution thanks to the efforts of the bad actors behind it, which have touted these shady SDKs as a way for developers to monetize their own applications. These developers are paid based on app installs once the SDK is integrated into the code, which is often enticing for small and mid-size developers.

The entire system builds off of something called a residential network proxy, which essentially allows the bad actors behind the project to utilize any device that the system is installed on as a proxy, which basically means the bad actors could make the internet traffic appear as if it were coming from the infected device instead of their own. The disruption of IPIDEA is huge, as Android's ability to sideload applications can make it easy to install free apps and games that might be infected with the SDK.