Google and its partners have disrupted the IPIDEA proxy network, one of the largest residential proxy systems globally. This operation involved legal actions to take down controlling domains, sharing intelligence about IPIDEA’s software with law enforcement and tech firms, and enhancing protections for Android users. The aim was to degrade IPIDEA’s operations, which had enrolled millions of devices into its network, by making it harder for proxy operators to secure new devices. Residential proxies like IPIDEA allow bad actors to route traffic through consumer IP addresses, masking malicious activities and complicating detection for security teams. Operators often use trojanized apps to secretly add user devices to their networks, which they then sell access to. Despite claims of privacy benefits, research shows these proxies are primarily misused for cybercrime. In just one week in January 2026, over 550 threat groups leveraged IPIDEA’s exit nodes for various attacks, including password spraying and unauthorized access to SaaS environments. The investigation revealed that many well-known proxy and VPN brands are tied to IPIDEA, indicating a network of interconnected operations. The SDKs used to embed proxy functionality into apps are key to maintaining this vast network, allowing operators to monetize devices without user consent. Many malicious apps fail to disclose their role in enrolling devices into the IPIDEA network, putting users at risk of being flagged as suspicious or blocked by internet service providers. This operation highlights the challenges in tracing and combating the misuse of residential proxies.