Global proxy operator IPIDEA denies Google's malicious intent allegations

A Chinese company accused by Google's Threat Intelligence Group (GTIG) as operating a worldwide network of rentable proxy servers used by state-sponsored hackers is denying the allegations, saying its services are fully above board.

In a report published this week, GTIG said it had disrupted much of the infrastructure of proxy network operator IPIDEA, claiming it was used to route malicious traffic.

Applications that embed IPIDEA's software development kit (SDK) power the proxy network on Android and Windows devices, with GTIG saying users are not aware that this takes place.

Developers signing up with IPIDEA can use the SDK to monetise their applications, by providing access to residential customers' network, supposedly for purposes such as bandwidth sharing.

The company states that all applications integrating the IPIDEA SDK must clearly indicate to users in a pop-up on first startup that their devices may act as a network exit node, generating additional traffic and exposing its public IP address.

IPIDEA is part of Jiangsu Aidi Information Technology in Xuzhou City, which openly advertises access to a "self-built enterprise-level pure and compliant residential IP pool is provided by our carefully selected partners, which strictly screens more than 100 million high-quality IP resources and strictly abides by regulations."

The company claims to provide access to over 892,000 proxies in Australia, and more than 146,600 in New Zealand, in both residential and data centre settings, and offers free trials of the service.

It said the network is "trusted by the world's top 500 companies" for scenarios such as public web scraping, e-commerce platform price monitoring, cross-border industry market research and artificial intelligence data gathering.

iTNews contacted IPIDEA about GTIG's allegations, and was referred to a long, Chinese-language statement published on the company's website.

In the statement, IPIDEA said it was aware of the GTIG report that more than 550 threat groups used its exit nodes for IP address obfuscation, and acknowledged that any open network can be maliciously abused.

IPIDEA alleged it had not been contacted by GTIG about the allegations prior to the publication of the American company's report.

Furthemore, IPIDEA added that it takes active responsibility for running the proxy network, and has an automated threat protection system to prevent abuse.

As an example, IPIDEA said it had received a vulnerability report from security vendor Synthient in late December 2025 about the Kimwolf distributed denial of service (DDoS) proxy botnet using 2 million compromised Android devices via the company's network.

IPIDEA said it acted quickly to close down Kimwolf's access to its proxies.

The company said it has never and won't operate or control a botnet, or profit from such a thing. 

Specifically, the company denied allegations made by GTIG that is was the operator, controller or technology provider of the BadBox 2.0 malicious botnet with over 2 million devices, and asked to work with Google on a compliance review around the issue.

Independent security journalist Brian Krebs published research earlier this week that suggested the Kimwolf operators might have access to the BadBox 2.0 network, however.

IPIDEA said it runs a know-your-customer (KYC) system with name and ID number verification, along with facial recognition based on Alipay and WeChat's official biometric databases.

It also blacklists over 3.4 million "high risk domain names" in sensitive categories such as finance, government, military and education sectors, and keeps auditable logs of its proxy network use.

The log retention cycles are compliant with the European Union's General Data Protection Regulation (GDPR).

Nevertheless, IPIDEA admitted that some of its resellers fail to strictly implement the KYC measures and usage declaration the company is asking for.

GTIG has been contacted for comment on IPIDEA's statement.

IPIDEA's proxy network access services is not available in mainland China, the company said, for "policy reasons".