Google fixes Android TV security monitoring with this change – Android Authority

Android TV devices, even those running the Google TV layer on top, have security monitoring that exposes virtually all of your Google account data if someone gains access to your TV with a signed-in Google account . This is actually intended behavior for Android, but it is security monitoring for a form factor that is not always used in absolutely personal and private environments and does not have additional safety protections. Google mentioned that it fixed the oversight, and now there are more details on what changed.

Google shared with 9to5Google how he solved the problem. On Android TV and Google TV, Google Chrome sideloading will no longer automatically use the Google Account login token when accessing Gmail or Google Drive on the device. This change is rolling out via an app update, so older devices will also benefit from the change.

This change will not completely prevent all means of account access through Android TV. However, it fixes the basic oversight that caused the problem and makes it easier to exploit. Since the login token is no longer transferred to downloaded Chrome, users will likely need to log in again if they access these services through the browser, which adds a layer of authentication that wasn’t present before.

This makes things a little inconvenient, but there probably aren’t many people using Android TV to sideload Chrome just to access Gmail or Google Drive. Most users won’t be affected, so it’s a good change.

That being said, you should still practice basic security hygiene with Android TV devices. Don’t sign in to your personal Google account on shared TV devices outside of trusted locations, even if you intend to sign out later. On shared TV devices, it makes sense to use dummy TV accounts to separate your recommendation feeds and viewing history.