Google seizes millions of Android devices from Chinese residential proxy network IPdea
Jan 30, 2026
Key Points
- Google seized dozens of domains operated by IPdea using a federal court order, taking offline over 9 million Android devices enlisted into the Chinese company's residential proxy network without clear user consent.
- IPdea marketed its proxy services to criminal marketplaces and hacker forums starting in late 2022, operating under at least 13 brand names that all went dark in Wednesday's action.
- A security flaw in IPdea's infrastructure became a weapon when hackers seized control of at least 2 million devices, built their own botnet, and launched distributed denial-of-service attacks.
Summary
Google used a federal court order to seize dozens of domains operated by IPdea, a Chinese residential proxy company. The action took offline more than 9 million Android devices that had been enlisted into IPdea's network without clear user consent. Google also removed hundreds of affiliated apps from Android devices.
Residential proxy networks are distributed services built from apps installed on internet-connected devices such as phones, tablets, IoT devices, and media players. Companies like IPdea rent access to these hijacked devices to paying customers who want to mask their identity online. Legitimate use cases exist: anonymous browsing, website data scraping, ad verification. The problem is who buys the service and why.
IPdea marketed its offerings in criminal marketplaces and to hacker collectives from late 2022 onward. The company operated under at least 13 brand names, including IPdea, 922 Proxy, PY Proxy, and 360 Proxy, all of which went offline Wednesday. Most users never knowingly joined the network. They installed mobile games or desktop software that secretly bundled residential proxy code, trading bandwidth for the app itself.
IPdea's spokeswoman acknowledged "relatively aggressive market expansion strategies and promotional activities in inappropriate venues" such as hacker forums. She claimed the company has since improved its practices and that services are "mainly applied to legitimate business scenarios."
The threat sharpened in the fall when hackers discovered a security flaw in millions of devices on IPdea's network. They seized control of at least 2 million systems, built their own botnet, and launched distributed denial-of-service attacks. A vulnerability in IPdea's infrastructure became a weapon for separate criminal actors.
Residential proxies are now a standard tool for covering tracks in fraud, state-sponsored hacking, and other serious threats. Google's action targeted the infrastructure. Enforcement against the operator itself remains less clear, though the company does have a spokeswoman willing to talk to the press.