An Android TV Bug Is Exposing Your Photos to Strangers

Google has discovered a massive bug in Android TV. The company’s Google Home app used to manage Android TV’s linked accounts feature is letting people access other users’ data.

The issue, which only seems to affect some Android TVs, allows you to view and access data of other users with the same TV. A Twitter user first discovered the bug on their Vu Android TV, allowing them to view other users under the Linked Accounts on Google Home app with the same TV (via Ars Technica):

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

And that is not a huge problem — but things are about to get really worse. On TVs that allow you to show pictures in the ambient mode screensaver, you can literally use photos from strangers and access the photos without their knowledge. Because their accounts appear as part of your other accounts within the Google Home app, you can literally get access to these people’s photos without them knowing. And that means these users can also access your own photos on Google Photos. The bug allowed users to view the profile pictures of other users, without having any connection with them. Although it was originally reported that you were able to access someone’s photos from Google Photos, it turns out that you can only see their profile pictures. Still, with Google refusing to comment on how widespread the issue is, or how exactly it’s affecting users, the whole situation is quite concerning.

Yikes.

The manufacturer of the Android TV stated that the issue was due to a software malfunction on the Google Home app, and it’s not a problem with its own TVs. Google first tried to blame the issue on the TV manufacturer, even going as far as telling the user to reach out to the TV manufacturer about the issue. The company later accepted defeat and disabled the Google Photos integration on Android TV devices as it looks into fixing the issue.

Update: the story was updated with a correction regarding how the flaw only exposes your profile pictures. 

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 5 comments

  • jgraebner

    Premium Member
    04 March, 2019 - 1:59 pm

    <p>ARS posted an update clarifying that only the profile picture was viewable for accounts that weren't intentionally shared. While that is still bad, it is a much more minor bug than originally reported.</p>

  • dontbe evil

    05 March, 2019 - 12:49 am

    <p>google security… ROTFL</p><p><br></p><p>they're too busy trying to find security flaws in competitors SW</p>

  • Rob_Wade

    05 March, 2019 - 2:40 pm

    <p>Well, this isn't an issue that bothers millennials. They pretty much trot out everything on social media anyway.</p>

    • mestiphal

      06 March, 2019 - 9:30 am

      <blockquote><em><a href="#409243">In reply to Rob_Wade:</a></em></blockquote><p>lol I know, right, just slap a name on it can call it a new social media</p>

  • alextrab

    17 March, 2019 - 9:09 am

    <p>If you have Android TV Box than you should install <a href="https://www.relaxtv.xyz/&quot; target="_blank">Relax TV</a>, you will get more than 50000 live IPTV</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC