An Android TV Bug Is Exposing Your Photos to Strangers

Posted on March 4, 2019 by Mehedi Hassan in Android, Google with 5 Comments

Google has discovered a massive bug in Android TV. The company’s Google Home app used to manage Android TV’s linked accounts feature is letting people access other users’ data.

The issue, which only seems to affect some Android TVs, allows you to view and access data of other users with the same TV. A Twitter user first discovered the bug on their Vu Android TV, allowing them to view other users under the Linked Accounts on Google Home app with the same TV (via Ars Technica):

And that is not a huge problem — but things are about to get really worse. On TVs that allow you to show pictures in the ambient mode screensaver, you can literally use photos from strangers and access the photos without their knowledge. Because their accounts appear as part of your other accounts within the Google Home app, you can literally get access to these people’s photos without them knowing. And that means these users can also access your own photos on Google Photos. The bug allowed users to view the profile pictures of other users, without having any connection with them. Although it was originally reported that you were able to access someone’s photos from Google Photos, it turns out that you can only see their profile pictures. Still, with Google refusing to comment on how widespread the issue is, or how exactly it’s affecting users, the whole situation is quite concerning.

Yikes.

The manufacturer of the Android TV stated that the issue was due to a software malfunction on the Google Home app, and it’s not a problem with its own TVs. Google first tried to blame the issue on the TV manufacturer, even going as far as telling the user to reach out to the TV manufacturer about the issue. The company later accepted defeat and disabled the Google Photos integration on Android TV devices as it looks into fixing the issue.

Update: the story was updated with a correction regarding how the flaw only exposes your profile pictures. 

Tagged with ,

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (5)

5 responses to “An Android TV Bug Is Exposing Your Photos to Strangers”

  1. jgraebner

    ARS posted an update clarifying that only the profile picture was viewable for accounts that weren't intentionally shared. While that is still bad, it is a much more minor bug than originally reported.

  2. dontbe evil

    google security... ROTFL


    they're too busy trying to find security flaws in competitors SW

  3. Rob_Wade

    Well, this isn't an issue that bothers millennials. They pretty much trot out everything on social media anyway.

  4. alextrab

    If you have Android TV Box than you should install Relax TV, you will get more than 50000 live IPTV

Leave a Reply