Chromecast with Google TV HD next to remote 4

Credit: Edgar Cervantes / Android Authority
  • An Android TV security oversight left emails and other data exposed on TVs with a signed-in Google account if you sideload Google Chrome.
  • Google has fixed the issue by no longer using the login token of the Google account when Chrome is sideloaded.
  • The change will improve security for many users, though you should still maintain basic security hygiene on shared devices.

Android TV devices, even those running the Google TV layer on top, have a security oversight that exposes practically all of your Google account data if someone has access to your TV with a signed-in Google account. It’s actually intended behavior for Android, but it’s a security oversight for a form factor that isn’t always used in absolutely personal and private environments and doesn’t have further security protections. Google mentioned that it had fixed the oversight, and now, there are more details on what has changed.

Google shared with 9to5Google how it fixed the issue. On Android TV and Google TV, sideloading Google Chrome will no longer automatically use the login token for the Google account when accessing Gmail or Google Drive on the device. This change is rolling out via an app update, so older devices will get the change too.