PSA: Keep people away from your Android TV, or they could hack your email
An Android TV security loophole lets users access the email and other Google services of the signed-in Google account.
JoriPress
- Android TV stores Google account login without any security measures, which can be ordinarily abused with browser apps to log into Google services.
- Google mentions that it has fixed the loophole on newer devices running the latest Google TV and is fixing it for other older devices.
If you own a smart TV or a smart TV stick at home, there’s a good chance it runs Android TV or Google TV (which is still Android TV under the hood with a content recommendation layer on top). If it does, you shouldn’t be leaving people unsupervised around the TV, as a rather glaring Android TV loophole allows anyone to view all your Google account data and even compromise your account if you’ve signed into Android TV.
YouTuber Cameron Gray spotted this loophole earlier in the year, and 404 Media brought it back to the limelight with their report. According to these findings, Android TV’s lack of security protection makes it the perfect device to snoop into any signed-in email addresses. You do need physical access to the TV, and a mouse and keyboard would make the process easier, but it’s still quite possible for a bad actor to take undue advantage of this loophole to compromise Google accounts present on the TV.
