According to a string of tweets by an Android TV user, he could access all the accounts linked to an Android TV device.
Highlights:
- Potential bug gives access to all accounts connected to Android TV
- It can also allow users to display photos of these linked account on the platform
- Google has launched a probe into the issue
UPDATE: After Google, Vu Televisions have responded to the issue. "Vu Televisions were recently informed about a malfunction of the Google Home App in an Android TV. After verifying the incident Vu Televisions informed Google who has confirmed it was a software malfunction of the Google Home App. We thank our customer who brought this to our notice, and we can confirm that Google is rectifying their fault immediately. Vu Televisions is known for its excellent and responsive customer service, and is the only television brand with an ISO 9001 service center," the company said.
Bugs have been infamous for leaking out private data in public domain, and in a latest development, Google’s Android ecosystem is at the centre of a controversy. A twitter user has found that he has access to all the accounts connected to an Android TV (Android OS modified for TVs) device as well as to the Google Photos app linked to these accounts. What’s horrifying is that he has the power to display personal photos of those those account holders on Android TV through the Ambient Mode screensaver settings.
Brought to the fore by Twitter user prashanth, the bug was claimed to be found in Android TV and the Google Home app. When the user tried to access his VU Android TV device through the Google Home app, he could check out the linked accounts of a lot of users. Earlier it was thought that the the issue was only in the TVs manufactured by VU, however, another user claimed that the bug is not restricted to the manufacturer, but may be related to Android TV, Google accounts or the Google Home app.
When I access my Vu Android TV through the @Google Home app, and check the linked accounts, it basically lists what I imagine is every single person who owns this television. This is shocking incompetence. pic.twitter.com/5DGwrArsco
— prashanth (@wothadei) 3 March 2019
The Twitter user claims that he reset the Android TV, which prevented them from accessing any image on Google Photos, even their own. There are possibilities that the toggle shown in the video may be “enabled”, but the photos of strangers weren’t actually shown, and just the accounts were listed. Nonetheless, it is a matter of privacy concern that should not be overlooked. Reportedly, This VU TV runs Android 7 and has not received any security patches since 2017.
Oh my god. Private @googlephotos of strangers are being shown to me in the ambient mode screensaver.
SERIOUSLY WHAT THE FUCK?! @Google @GoogleIndia pic.twitter.com/VbMmb3B2Qp
— prashanth (@wothadei) 3 March 2019
Meanwhile, Google has responded to the issue and has launched an investigation into the matter. “We take our users’ privacy extremely seriously. While we investigate this bug, we have disabled the ability to remotely cast via the Google Assistant or view photos from Google Photos on Android TV devices,” Google was quoted as saying. There is very little news about the Android TV updates and patches. However, Google has already announced that it will bring the Android 9 Pie update for Android TV.
Related Read:
Adiantum is Google’s latest security innovation to enable encryption on less powerful devices
Follow Us
Digit NewsDesk
Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile
