Google: Malware Infected Streaming Devices Are Built on Android Open Source Project, Not Android TV
Google looks to clarify its TVOS positioning as Android-branded inexpensive CTV gadgets loaded with adware out of the box get sold on Amazon and other popular online destinations
Google said Android-branded streaming devices sold through popular e-tail channels including Amazon, and loaded with adware out of the box are powered by Android Open Source Project software and not Android TV.
"We have recently received questions regarding TV boxes that are built with Android Open Source Project and are being marketed to appear as Android TV OS devices," Google said in a blog posted late last week.
"Some of them may also come with Google apps and the Play Store that are not licensed by Google, which means that these devices are not Play Protect certified," Google added. "To help you confirm whether or not a device is built with Android TV OS and Play Protect certified, our Android TV website provides the most up-to-date list of partners. You can also take these steps to check if your device is Play Protect certified."
The devices in question, marketed under brand names like T95Max, RockChip X12 Plus and RockChip X88 Pro 10, are based on system-on-a-chip hardware from AllWinner and RockChip.
On Amazon, the T95 is listed as a "Android 10.0 TV Box. Nowhere is a distinction made between "Android Open Source Project" and "Android TV."
Ontario, Canada-based IT pro Daniel Milisic published last year on GitHub his experience with a T95, which has a four-star rating on Amazon amid 744 reviews.
Milisic said the device began connecting out of the box with a botnet network of thousands of other infected Android TV gadgets around the world. The device, he said, immediately sought out a command and control server, which downloaded additional malware to his gadget.
NEXT TV NEWSLETTER
The smarter way to stay on top of the streaming and OTT industry. Sign up below.
The malware enabled the T95 to begin conducting ad-click fraud, clicking on ads in the background.
In his GitHub post, Milisic published the script he used to "defang" what he described as a "no good, awful, nasty little ARM-powered TV/hobby box."
Milisic's findings were confirmed by Electronic Frontiers Foundation security researcher Bill Budington in this report.
Daniel Frankel is the managing editor of Next TV, an internet publishing vertical focused on the business of video streaming. A Los Angeles-based writer and editor who has covered the media and technology industries for more than two decades, Daniel has worked on staff for publications including E! Online, Electronic Media, Mediaweek, Variety, paidContent and GigaOm. You can start living a healthier life with greater wealth and prosperity by following Daniel on Twitter today!