A Twitter complaint by a Vu television customer may have revealed a large data leak from tech giant Google, through its Android TV platform. Chennai-based Prashanth M tweeted on Sunday that when he accessed his Vu Android TV through the Google Home app on his smartphone, it displayed a long list of people whom he had never heard of as ‘linked accounts’. A screen-recording he made of the app showed what seem to be hundreds of accounts linked to his television.
These included ‘Vu Technologies’, ‘Pune Vu’, and ‘Testing Account’, but also the names of many individuals (some with their profile pictures as well).
“They’re definitely accounts of people who have tried signing in to Vu TV,” Prashanth told HuffPost India. “Because I saw my friend’s name — he also owns the same TV — and my wife’s, who has also accessed the TV from the Google Home app.”
When you buy an Android TV, you have to set it up to connect to your home Internet through the Google Home app, and you can link your accounts at that time. It appears that a bug links all the accounts which have done this together, although thankfully the data being exposed here seems limited.
There’s a second list of names that shows up in the screensaver settings. People’s names seem to appear on this list when they enable sharing images from their Google Photos account for screensavers on the Android TV.
“If I enable the option to see my Google Photos in the Ambient Mode screensaver, my name started appearing in the second list to my wife,” Prashanth said.
The good news is that no data beyond the name of the account is being shared. “I don’t see the photos, only the accounts are listed,” Prashanth confirmed.
However, even this is a shocking breach of privacy, and at first, Google appeared to try passing the buck. During a conversation between Prashanth and Google’s social media team, the latter first tried to establish what the issue was, but after a few tweets, told him to reach out to the TV’s manufacturer, and asked him to let them know how it goes.
When HuffPost India reached out to Google and Vu, both companies said they were looking into the matter, and issued fairly standard statements.
Vu said: “We were recently notified that there was a malfunction of Google Home App in some of the Android TVs. After verifying the incident we have informed our customers that it was not an issue of Vu Television but it was software malfunction of the Google Home App.”
“We take your privacy very seriously. Vu has a long-standing commitment to protecting the privacy of the personal information that our customers entrusts to us.”
Google replied to say that they are investigating internally, and later issued a statement: “We take our users’ privacy extremely seriously. While we investigate this bug, we have disabled the ability to remotely cast via the Google Assistant or view photos from Google Photos on Android TV devices.”
Since then, a few other customers have also come forward to share similar experiences on other devices. Aarjith Nandakumar, from Kerala, had the same experience on an iFFalcon television, as did Shaishav Gandhi from Vadodara. Prakash Reddy P from Hyderabad also experienced the same bug on a Marq TV, while Kunwar Shekhar Singh from Bengaluru shared that a TCL television in his office had also shown the same bug. Apparently, a reset to factory settings solved the issue for at least some of these cases.
However, this makes it clear that the problem is widespread, and although Google has disabled the ability to view Google Photos on Android devices, that doesn’t actually solve the problem. While many of the other brands might be smaller or local to India, the fact that one TCL user also shared this problem means that it’s not limited to the country, as TCL is a global brand with a strong presence in markets such as the United States.
We’ve all gotten used to smartphones that are always online, but it’s worth asking if the same is really necessary for our televisions. Poised in prime position in our homes, televisions are being used to gather our personal data in order to better serve us with advertisements. This isn’t some conspiracy theory but a truth acknowledged by the companies themselves.
And not only are they snooping on you, as this latest leak shows, they’re prone to messing up. Just a few months ago, an Amazon Echo user received 1,700 audio recordings of a stranger through “human error”. Earlier, it sent the recording of a couple’s conversation to one of the husband’s employees.
It’s nice to be able to turn on the TV and just press a button to get all your favourite Netflix shows but maybe we need to think more about the tradeoffs that are involved in making this happen, so that we’re making informed decisions.