Google has moved to sever internet access for a Chinese firm, Ipidea, after alleging the company controlled a widespread cyber capability embedded in consumer devices. Using a federal court order, the company removed dozens of Ipidea-owned domains from the internet, an action that Google says effectively took both public-facing websites and back-end infrastructure offline.
The takedown, performed on Wednesday, follows claims by Google - a unit of Alphabet (NASDAQ:GOOGL) - that Ipidea clandestinely installs unwanted and potentially hazardous software across a broad array of devices, including phones, personal computers, and Android hardware. In parallel with the domain removals, Google has started expunging hundreds of apps tied to Ipidea from Android devices.
Google expects the combined measures to disconnect more than nine million Android devices from Ipidea’s network. The company has described Ipidea’s operation as a large-scale "residential proxy" network - a service that leverages apps installed on internet-connected devices such as media players, PCs, and mobile phones to provide network access to customers seeking more anonymous internet routing.
Security experts characterize such networks as renting out device bandwidth and internet paths to third parties. In many cases described by Google, the owners of the devices providing that access are unaware their devices are being used in this manner, according to the company’s claims.
The recent action ties back to legal proceedings initiated last year, when Google filed suit against operators of a separate network that it said encompassed more than 10 million internet-connected devices with residential proxy software secretly pre-installed. The court order that enabled Wednesday’s domain takedowns was issued in that earlier case after Google identified connections between that previously litigated network and Ipidea.
The company’s coordinated approach - combining legal remedies to seize domains with technical measures to remove associated apps from Android devices - is intended to disrupt both the visible web presence and the underlying infrastructure the company says supported the proxy service. Google has not provided further technical details about the specific mechanisms by which the software operated beyond stating the software was installed on a wide range of consumer devices.
Beyond the immediate removals, the situation highlights tensions around residential proxy networks, device security, and the challenges of policing software distributed through apps across diverse hardware. The longer-term legal and technical outcomes were not described in the information released about Wednesday’s actions.