Google Dismantles Massive Network Operating Secretly on Millions of Android Phones

Taylor Keatsman

Published: January 29, 2026 5:35 PM ET

Google Dismantles Massive Network Operating Secretly on Millions of Android Phones

Google has announced a significant victory against cybercrime by dismantling what it considers the world’s largest residential proxy network. This operation, run by the China-based firm Ipidea, allegedly exploited millions of Android devices without their owners’ knowledge.

Details of Google’s Operation Against Ipidea

Using a US federal court order, Google successfully took down multiple websites and backend systems connected to Ipidea. This firm was accused of using everyday smartphones and computers as covert internet gateways, allowing malicious actors to route their internet traffic through them.

Impact on Android Devices

According to estimates, around nine million Android devices have been disconnected from this illicit proxy network. Many individuals ended up inadvertently joining Ipidea’s network after downloading free applications that hid proxy-related code.

Google’s Play Protect feature plays a crucial role in safeguarding users by alerting them about harmful apps and removing any that incorporate Ipidea’s software development kits (SDKs).
Despite these protective measures, the widespread availability of these SDKs means users could still unknowingly download compromised applications.

Once an SDK is embedded in an application, it turns the device into an exit node for the proxy network while still providing the app’s primary functions. This integration raises significant security concerns.

Botnet Usage and DDoS Attacks

Last year, hackers exploited vulnerabilities in devices linked to Ipidea to create a massive botnet named Kimwolf. This botnet, which took over at least two million systems, was deployed for large-scale denial-of-service (DDoS) attacks, marking it as one of the most powerful botnets ever identified.

Concerns Over Consumer Safety

While Google’s takedown represents a substantial blow to Ipidea’s operations, cyber experts caution users to remain vigilant. Installing free apps and games from unverified sources continues to pose risks.

Users are advised to review app permissions carefully.
They should also delete any apps that look unfamiliar or that they no longer use.

In light of the risks, it’s essential for consumers to practice safe browsing habits. Experts suggest that while Google’s recent actions are commendable, additional efforts are needed to ensure user security against similar threats.