Tech

Android TV gives you access to your entire account, but Google is changing that

Google

Google announced that it has fixed an embarrassing loophole in its Android TV account security system. This loophole allows an attacker with physical access to your device to gain access to your entire Google account by simply sideloading a few apps. As 404 Media reports, the issue was originally brought to his attention by Sen. Ron Wyden (D-Ore.) to his Google as part of a “review of streaming TV technology providers' privacy practices.” Google initially told the senator that the issue was expected behavior, but following media reports it changed its position and decided to issue some type of patch.

“My office is in the midst of reviewing the privacy practices of streaming TV technology providers,” Wyden told 404 Media. “As part of that investigation, my staff investigated how having unsupervised access to his Android TV set-top box for 15 minutes allowed a criminal to access the private email of the user who had set up Gmail. I discovered an amazing video demonstrated by a YouTuber.

The video in question is a PSA by YouTuber Cameron Gray that shows that if you get an Android TV device and sideload some apps, it will give you access to your current Google account. This is obvious if you know how Android works, but it's not obvious to most users looking at the limited TV interface.

At the heart of the issue is how Android handles Google Accounts. Since the OS began with mobile phones, every Android device starts with the premise that it is a private, one-person device. Google built multi-user support and guest accounts on top of that feature, but these are not part of the default setup flow, can be difficult to find, and are likely disabled on many Android TV boxes. I am. As a result, signing in to your Android TV device often gives you access to your entire Google Account.

Android has 1 million Google-centric background and sync processes, the Play Store, and a centralized Google Account system shared by nearly all Google apps. When you first start up your Android device, a guided setup will request a Google account. The Google Account is expected to be permanently present on the device as the owner's primary account. Any new Google apps you add to your device will automatically have access to this central Google Account repository. So if you set up your phone and then install Google Keep, Keep will automatically sign you in and give you access to your notes. During initial setup, you may install 10 different apps that use your Google Account, but entering your username and password over and over again can be a pain.

This centralized account system requires a lot of Google Accounts, so even if you opt out of the initial setup, any Google Account you use to sign in to Google apps will be sucked into the centralized account system. A common annoyance is that he has a Google Workspace account at work, but as a work email he logs into Gmail and deals with this useless work account appearing in Play Store, Maps, Photos, etc. It's something you have to do.

For television, this has its own caveats. You'll be forced to log in to download anything from the Play Store, but it's not obvious to the user that you're giving the device access to your entire Google account, including sensitive ones. Location history, emails, messages, and more. For the average user, the TV device only displays “TV content” such as his YouTube recommendations and some TV-specific Play Store apps, so he may not think of it as a sensitive sign-in. yeah. But just sideload a few more Google apps and you'll have access to everything. Even more confusing is Google's OAuth strategy. This strategy teaches users that things like limited access to their Google Accounts on third-party devices and sites don't work that way on Android.

In this video, Gray simply picks up an Android TV device, visits a third-party Android app site, and sideloads Chrome. Chrome automatically signs in the TV owner's Google account and has access to all passwords and cookies. This means you can access Gmail, photos, chat history, Drive files, YouTube accounts, AdSense, sites that allow Google sign-in, and parts of it. Credit card information. All of these are available in Chrome without any security checks. Individual apps like Gmail and Google Photos will also start working right away.

As Gray's video points out, Android TV devices can be dongles, set-top boxes, or code installed directly on your TV. In businesses and hotels, it can be a semi-public device. It's not hard to imagine that your TV equipment could end up in the wrong hands. For $30, he might not worry too much if he forgot his Chromecast in his hotel room, or he might forget to sign in to the hotel TV and delete his account. Or maybe you've ditched the TV and don't think twice about which account you're signed into. . If an attacker later gains access to one of these devices, it's easy to unlock your entire Google account.

Google says it has resolved the issue, but does not explain how. The company's statement in response to the 404 says, “Most Google TV devices running the latest version of the software no longer allow this depicted behavior. We are currently rolling out a fix to the remaining devices. As a security best practice, always advise your users to update their devices to the latest software.

Many Android TV devices, especially those built into TVs, are abandonware and running outdated versions of software, but Google's account system can be updated via the Play Store, so a fix is available for most devices. There is a good chance that it will be expanded.

Sources

1/ https://Google.com/

2/ https://arstechnica.com/gadgets/2024/04/google-says-its-fixing-a-nasty-android-tv-account-security-loophole/

The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos