A flaw in the Android TV operating system has left a backdoor open allowing users to access, among other things, the TV owner’s Gmail inbox, but Google is rolling out a patch, and the company has now confirmed what this fix is.
The Android TV operating system, like Android on your phone, connects to a Google account at the system level. This allows certain apps, like Google Chrome, to connect to this Google account without requiring a password. This is intentional and is usually not a problem because smartphones and tablets usually have a PIN, password, or biometric protecting the apps on your device.
This is not the case with Android TV and Google TV, however.
It was first reported earlier this year, and then highlighted in a report this week, that bad actors could, in theory, download Google Chrome onto an Android TV OS device and then use it to access the Google account of the owner of the television. This isn’t so much a security exploit as a flaw that isn’t a flaw. great difficult to achieve, as long as you know how to access an APK and download the app.
Google, in a statement to 404 Mediahad previously confirmed that a fix was being rolled out to Google TV and Android TV to resolve the issue, but had not detailed what that fix was.
Most Google TV devices running the latest software versions already do not allow this described behavior. We are in the process of rolling out a fix to the rest of the devices.
Talk to 9to5Googlethe company offered a little more context.
Going forward on Google TV and Android TV, Google Chrome sideloading will no longer automatically use the Google account login token when accessing Gmail or Google Drive on the device.
So while it probably won’t prevent all means of account access through the unlocked TV, this should go a long way in preventing access to an account’s most sensitive data.
Learn more about Android TV:
Follow Ben: Twitter/XDiscussions and Instagram
FTC: We use automatic, revenue-generating affiliate links. More.
News Source : 9to5google.com
Gn tech
