Google recently issued a statement announcing action against the IPIDEA proxy network, citing software embedded across millions of mobile phones, home computers, and Android devices. According to Google, this software allowed consumer devices to be enrolled into proxy networks without clear user awareness, with their IP addresses later resold and misused by cybercriminals and threat actors. Google then moved to disrupt IPIDEA’s proxy infrastructure and limit its ability to operate at scale.
What do Google’s actions actually mean, who is affected, and how can we avoid similar risks when choosing a proxy provider? As a professional proxy provider, IPcook shares insight into this incident and outlines how to choose safe, compliant proxy services.
In January 2026, Google’s Threat Intelligence Group announced coordinated actions to disrupt a large residential proxy network linked to the IPIDEA proxy ecosystem. Google said the action was taken after identifying the network as being fueled by malware, with large numbers of consumer devices enrolled without users’ informed awareness and subsequently used to route proxy traffic at scale.
Rather than targeting individual applications, the operation focused on disabling the IPIDEA proxy network’s underlying infrastructure, limiting its ability to aggregate and control consumer-grade IP addresses across the proxy ecosystem. Related actions included:
Taking down domain names tied to IPIDEA’s control infrastructure, disrupting coordination points used to manage proxy nodes.
Removing or restricting access to backend control infrastructure, cutting off the network’s ability to maintain command channels to enrolled devices.
Identifying and restricting Android applications containing related proxy software, blocking a primary distribution path for onboarding new devices.
Google described the response as a network-level intervention combining legal authorization, platform enforcement, and intelligence collaboration with external security partners. As part of this process, Google Play Protect began identifying and restricting Android applications containing the related software components. More than 600 Android applications and over 3,000 Windows programs were linked to this network’s control infrastructure.
According to Google, IPIDEA operators controlled at least 19 residential proxy services presented as independent offerings, while Google’s investigation found that the underlying infrastructure allowed traffic to be routed through devices linked to the BadBox 2.0 malware ecosystem. Check the list of brands below.
If you are currently using any of these services, we recommend considering a more reliable provider.
Brand | Domain |
922 Proxy | 922proxy.com |
360 Proxy | 360proxy.com |
ABC Proxy | abcproxy.com |
Cherry Proxy | cherryproxy.com |
Door VPN | doorvpn.com |
Galleon VPN | galleonvpn.com |
IP2World | ip2world.com |
Luna Proxy | lunaproxy.com |
PIA S5 Proxy | piaproxy.com |
PY Proxy | pyproxy.com |
Radish VPN | radishvpn.com |
Tab Proxy | tabproxy.com |
Other VPN-labeled applications |
Access to the IPIDEA Proxy Network Is Now Blocked
Despite the presence of multiple brands, these services were linked to centralized infrastructure attributed to IPIDEA operators in Google’s reporting. Following the disruption, domains associated with these services became inaccessible in multiple regions. At the same time, platform-level restrictions across Google-managed services significantly limited application distribution and commercial promotion activities linked to the network, further constraining its operational reach.
For businesses using these proxies for ongoing operations, the incident introduced immediate uncertainty around service continuity, routing reliability, and long-term risk exposure.
The IPIDEA incident involved the collection of residential IPs through applications with limited transparency and without obtaining clear user consent. This case shows that compliance risks in this field are primarily determined by individual provider practices, not by residential proxy itself.
This does not mean that residential proxies are inherently unsafe or that compliant proxies are difficult to find. Many legitimate residential proxy providers operate through transparent and lawful sourcing models, such as establishing contractual partnerships with licensed internet service providers or securing explicit user consent through transparent agreements.
Before choosing any provider, take time to know where their IPs come from and whether their sourcing methods are transparent and lawful. At IPcook, this commitment is clearly defined in our Terms of Service, which set a zero-tolerance policy toward IP abuse and illegal activity. Our residential proxies are sourced through lawful, consent-based channels, and our policies prohibit the collection or exploitation of end-user personal data.
Discover exactly how our service ensures both security and reliability below.
Compliance Driven Access Controls from IPcook
Rigorous App Vetting: Every partner application is reviewed and approved by our team prior to integration, guaranteeing adherence to our standards.
Explicit User Consent: Every residential IP resource is sourced only after obtaining clear, informed, and active consent from the end-user within the app.
Secure & Isolated Access: Authorized IPs are accessed exclusively through our managed infrastructure, with strict channel isolation for each client to ensure security and prevent unauthorized use.
With the Ipidea network and its affiliated brands taken offline, one reality is clear: proxy stability now determines whether your business can keep running safely. For cross-border sellers, e-commerce operators, and data collection, choosing the wrong proxy today means account risk, data disruption, and forced migration tomorrow.
IPcook is a safe and compliant Ipidea proxy alternative for long-term use.
Real Residential IPs with Verifiable, Compliant Origins
IPcook provides authentic household residential IPs sourced directly from global ISPs and telecom operators. No bundled apps and no hidden device enrollment. Every proxy comes from a transparent and compliant source aligned with platform requirements.
IP Abuse Prevention Controls
Traffic is routed through carrier-direct connections, creating a managed pathway that limits the anonymity and instability common in unregulated P2P networks. This delivers low latency, stable sessions, and up to 99.9% uptime.
Network That Supports Long-Term, Stable Operations
Stable IP sessions and independently operated global nodes support continuous use across e-commerce, social accounts, and data scraping workflows, even as enforcement actions reshape the proxy landscape.
Dedicated Resources with Full Usage Control
Each residential proxy comes with exclusive bandwidth and no IP sharing. A professional dashboard and 24/7 expert support provide control and fast response when stability and compliance matter most.
The disruption of the IPIDEA proxy network serves as a stark warning to IP providers: IPs must be sourced and sold in full compliance with legal standards. As a fully compliant IP provider, IPcook works with legitimate global telecom carriers and ISPs to legally acquire IP resources. We maintain a strict zero-tolerance policy toward any illegal use of IP addresses.
