Google fixes Android TV bug that allowed access to Gmail

Google fixes Android TV bug that allowed access to Gmail
27 Apr 2024

Google has addressed a security flaw in its Android TV operating system, that could have allowed unauthorized users to access the Gmail accounts of TV owners.

The vulnerability, initially discovered earlier this year, enabled malicious individuals to install Google Chrome on an Android TV device, and subsequently gain access to the owner's Google/Gmail account.

A solution is currently being implemented across all Google TV and Android TV devices.

Solution for the remaining devices
Security enhancement

"Most Google TV devices running the latest versions of software already do not allow this depicted behavior," a representative from Google informed 404 Media.

The tech giant is currently rolling out a fix for remaining devices.

Speaking to 9to5Google, Google notes that in the future, installing Google Chrome on Android TV and Google TV will not automatically use the login token for opening Gmail or Google Drive on the device.

This will significantly reduce unauthorized access to sensitive account information.

Update is being distributed
Availability

Google has confirmed that this security firmware is being distributed through an app update, ensuring that even older devices will benefit from this change.

The company also emphasized the importance of keeping software updated as a key part of maintaining security.

The vulnerability was initially exposed by YouTuber Cameron Gray, who demonstrated how one could exploit it to gain unauthorized access to Gmail accounts.

Google's pledge to rectify the vulnerability
Response

Initially, when Senator Ron Wyden's office brought this issue to Google's attention, the company responded by stating it was expected behavior and not a security concern.

However, after facing increasing pressure, Google pledged to rectify this vulnerability.

For users concerned about their privacy, they might consider using a separate "family" Google account to sign into Android TV devices.

This would ensure personal viewing history and sensitive data remain secure, while still allowing access to services like YouTube TV.