Google updates Android on TVs to fix Gmail privacy issue

Google is working on a patch that will block attackers from accessing email accounts registered on Android TV devices, The Verge reports.

The Android TV operating system, which comes pre-installed on many smart TVs, can allow people with physical access to access Gmail and other services associated with the owner’s account.

Because Android TV is still Android, the system treats the owner’s Google account login as permanent, allowing them to automatically sign in to authorized apps from the Play Store. Google doesn’t allow Chrome to be installed on Android TV, but there is a workaround that allows it to be installed, providing easy access to Gmail, Drive, and other services – as YouTuber Cameron Gray demonstrated.

In the video, Gray downloads TV Bro, a third-party browser for Android TV available on the Play Store. Using the browser, Gray finds the APK for the Chrome browser from an online archive and installs it without any problems – although the program doesn’t support TV remotes, so you need to use a keyboard and mouse at this point. But once Chrome is open, all that’s left to do is navigate to gmail.com, and you’re in.

The video was handed over to Google by Senator Ron Wyden’s office. The company responded that this was expected behavior, not a security issue. However, after increasing pressure, Google now promises to fix this loophole.

“Most Google TV devices running the latest versions of software already do not allow this depicted behavior,” a Google spokesperson said. “We are in the process of rolling out a fix to the rest of devices.”

If you think your privacy may be at risk, you should sign in with a different account on your TV. You can mark a separate account as a family account and add it to Google Family.