Search results for

All search results
Best daily deals

Affiliate links on Android Authority may earn us a commission. Learn more.

Google fixes Android TV security oversight with this change

Sideloading Chrome will no longer automatically use the login token, meaning you will have to sign in again.
By

Published onApril 29, 2024

Chromecast with Google TV HD next to remote 4
Edgar Cervantes / Android Authority
TL;DR
  • An Android TV security oversight left emails and other data exposed on TVs with a signed-in Google account if you sideload Google Chrome.
  • Google has fixed the issue by no longer using the login token of the Google account when Chrome is sideloaded.
  • The change will improve security for many users, though you should still maintain basic security hygiene on shared devices.

Android TV devices, even those running the Google TV layer on top, have a security oversight that exposes practically all of your Google account data if someone has access to your TV with a signed-in Google account. It’s actually intended behavior for Android, but it’s a security oversight for a form factor that isn’t always used in absolutely personal and private environments and doesn’t have further security protections. Google mentioned that it had fixed the oversight, and now, there are more details on what has changed.

Google shared with 9to5Google how it fixed the issue. On Android TV and Google TV, sideloading Google Chrome will no longer automatically use the login token for the Google account when accessing Gmail or Google Drive on the device. This change is rolling out via an app update, so older devices will get the change too.

This change will not completely prevent all means of account access through Android TV. However, it fixes the basic oversight that caused the problem and made it easy to exploit. Since the login token is no longer carried over to sideloaded Chrome, users will likely have to sign in again if they are accessing these services through the browser, which adds a layer of authentication that wasn’t present before.

It does make things a little inconvenient, but there likely aren’t that many people out there using Android TV to sideload Chrome only to access Gmail or Google Drive. Most users aren’t going to be affected, so it’s a good change.

That being said, you should still exercise basic security hygiene with Android TV devices. Do not sign into your personal Google account on shared TV devices outside of places you trust, even if you intend to sign out later. On shared TV devices, it makes sense to use dummy TV accounts to keep your recommendation feeds and viewing history separated.

Got a tip? Talk to us! Email our staff at news@androidauthority.com. You can stay anonymous or get credit for the info, it's your choice.
You might like