Android TVs Can Expose User Email Inboxes

An attacker requires physical access, but it’s possible to sideload Chrome onto some Android TVs which then gives access to the users’ email inbox. Google says it’s now fixing the issue.
A TV remote.
Image: Jonas Leupe/Unsplash.

Some Android-powered TVs can expose the contents of users’ email inboxes if an attacker has physical access to the TV. Google initially told the office of Senator Ron Wyden that the issue, which is a quirk of how software is installed on these TVs, was expected behavior, but after being contacted by 404 Media, Google now says it is addressing the issue. 

The attack is an edge case but one that still highlights how the use of Google accounts, even on products that aren’t necessarily designed for browsing user data, can expose information in unusual ways, including TVs in businesses or ones that have been resold or given away.