Google is addressing a privacy flaw in Android TV that could potentially allow unauthorized access to Gmail and Google Drive accounts connected to the device. This vulnerability emerged after a YouTube user demonstrated how to bypass Android TV’s restrictions to access these services, which are normally inaccessible due to the lack of Chrome browser support on the platform.
The exploit involves installing a third-party web browser named “TV Bro” on the Android TV and then sideloading the Chrome browser app (APK). To navigate Chrome on the TV, users need to connect a keyboard and mouse since the browser is not designed for use with TV remotes.
Upon learning of the security loophole through a report from Senator Ron Wyden (D-Ore.), Google initially described the issue as expected behavior. However, subsequent media coverage by 404Media prompted Google to reconsider and commit to developing a fix. Google has confirmed that most Google TV devices running the latest software versions are already immune to this issue, but a fix for remaining devices is underway.
To minimize risks, Google advises users who log into Android TVs in public or shared spaces to use secondary Google accounts that do not contain sensitive information. This precaution helps prevent potential privacy breaches until the software update is fully implemented across all devices.