Skip to content
What you need to know
- Google responds to reports of unsafe Android TV boxes sold online.
- The search engine giant warns that some of these devices may contain Google apps that are not Play Protect certified.
- Google provides an easy method to determine if your set-top box is safe.
Google has finally reported malware-laden Android TV boxes being sold online, saying some of these devices may contain apps not licensed by Google.
Earlier this year, Daniel Milisic, a Canadian security consultant, discovered that an Android TV box he purchased from Amazon was loaded with malware designed to generate revenue from clicking ads in the background (via Bleeping Computer). For the average user, this clandestine activity will not be easy to detect.
The device in question was the AllWinner T95, which has four stars out of five and numerous positive reviews (via TechCrunch). The TV box also allows for customization and includes several streaming services, such as many of the leading Android TV boxes. The best part is that it only sells for $40.
However, it was discovered that the set-top box was communicating with a command and control server, awaiting further instructions. Milisic discovered that the device connected to a wider botnet spread around the world. Further investigation revealed that it was infected with a clickbot, which is used in ad click fraud campaigns.
Aside from the aforementioned Android TV box, Electronic Frontier Foundation researcher Bill Budington separately mentioned other models that perform the same fraudulent activity, such as the AllWinner T95Max, RockChip X12-Plus, and RockChip X88-Pro-10.
“We recently received inquiries about TV boxes built with Android Open Source Project being marketed to appear as Android TV OS devices,” Google said in an Android TV community post. “Some of them may also come with Google apps and the Play Store that are not licensed by Google, meaning these devices are not Play Protect certified.”
Devices built with AOSP can technically ship with Google apps, even without a license from Google. The search giant is urging users to check if their Android TV box is Play Protect certified by visiting this web page, which has a full list of its partners. If your device is from an OEM that is not on the list, it has not passed Google’s security and compatibility tests.
You can also check your box’s Play Protect certification status by opening the Google Play Store app and clicking the profile icon in the top right corner. Finally, tap on “Play Protect” to see if your device is certified for Play Protect.
