Android, Android TV, Google, Google Home, Google Photos, Information Security, Operating Systems, Organisations, Privacy, Security threats, Smart TV, Top News

Google Photos disables sharing on Android TV

Imagine you’re setting up your Android TV to display pictures of your cat, or your kids, or your main squeeze, in Backdrop/Ambient Mode.

But instead of photos of your trip to Belize, you see a parade of strangers: as in, Google accounts belonging to people you don’t know, including their profile pictures, all showing up as linked accounts.

That’s what happened to Twitter user Prashanth, who on Saturday posted a 44-second long clip of the accounts that streamed by when he was trying to access his Vu Android TV through the @Google Home app on his phone:

Fortunately, the strangers’ photos stayed tucked away, given that access to the photos themselves was blocked. In fact, Google Photos functionality didn’t seem to be working.

Prashanth told Android Police that he first spotted the bug on his home TV, a 55-inch Vu LED TV (model number: 55SU134) with built-in Android TV functionality, while setting up Backdrop/Ambient Mode through his Pixel 2XL phone.

He said that he double-checked the glitch by signing onto the TV with his wife’s Google account. It again showed the list, except this time Prashanth also spotted his own name and profile picture.

He couldn’t replicate the bug on his other Android TV, a Xiaomi Mi Box 3 running Android 8.0, Oreo. His Vu TV was running an older operating system: it was on Android 7.0 and hadn’t received any security updates since December 2017, though Prashanth had manually checked for them. According to Android Police, the website where he bought the TV says that its current operating system is Oreo, which suggests that the over-the-air update never arrived.

The old kick-the-TV trick

Google initially responded to Prashanth by suggesting he contact the TV manufacturer:

… A suggestion that drew the “nope, it’s not the TV” response of another user, who confirmed the same bug, this time on an Android TV-equipped set by TCL-subsidiary iFFalcon (model number 32F2A).

No more pics on Android TVs until this bug is dissected

Google thanked Aarjith Nandakumar for the additional details and, this time, said that it’s looking into the possible privacy breach. In the meantime, it’s disabled the ability to remotely cast via the Google Assistant or to view photos from Google Photos on Android TVs:

Vu Technologies sent this statement to Android Police:

We were recently notified that there was a malfunction of Google Home App in some of the Android TVs. After verifying the incident we have informed our customers that it was not an issue of Vu Television but it was software malfunction of the Google Home App. We take your privacy very seriously. Vu has a long-standing commitment to protecting the privacy of the personal information that our customers entrusts to us.

Source : Naked Security

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend