@dalias I'd wish for them to enforce policies, but they get Ad- and IAP-revenue, so why bother.

Also, these "Sdks" probably have kill-switches (or rather, delayed activation) built-in, to not immediately contact their C&C servers.

@luksfarris @utf_7

Probably terms of use, but this is so shady, that I doubt anyone would even bother disclosing this.
Best you can do: Monitor network traffic, and use DNS block lists for these known proxy services.

They definitely won't ask you for consent.
The only way to know an app _doesn't_ use these services is checking for the "requires internet access"-flag in AppStores, but that is basically futile, as most apps require internet access for … something.

@utf_7 @osm_tech

This gets ugly really fast, if you want to see the full extent: <https://alternativeto.net/software/netnut-proxy-network/> for a list of _known_ residential proxy-providers.

@utf_7 @osm_tech

App developers can embed some "Sdk" into their apps or games.
The developer receives money.
The "Sdk"-provider proxies requests through these apps and games, to gain residential IPs.
And scrapers can buy these services, to tunnel their requests from residential IPs.