Watch Over Your TV: A Security and Privacy Analysis of the Android TV Ecosystem

Authors: Marcos Tileria (Royal Holloway, University of London), Jorge Blasco (Royal Holloway, University of London)

Volume: 2022
Issue: 3
Pages: 692–710
DOI: https://doi.org/10.56553/popets-2022-0092

artifact

Download PDF

Abstract: The rapid adoption of Smart TVs has resulted in them becoming another app-based ecosystem. In this context, Android TV is one of the major players as it is widely available across multiple TV manufacturers and has a high integration with other Google products. Yet, the Android TV ecosystem has remained unexplored. This paper presents a deep analysis of the Android TV ecosystem using a large dataset of TV apps. We give an insight into the stakeholder ecosystem, including developers, streaming services, and thirdparty libraries. We analyze the behavior of TV apps in terms of sensitive data collection and communication with other devices using a pipeline of static analysis tools, network traffic collection, and verification via manual analysis. We compare the mobile and TV version of popular streaming apps and found a significant degradation of TV apps in terms of quality and different data collection practices. Our study shows that most TV apps present potentially harmful behaviors, and in most cases, these can be attributed to tracking and advertisement services. We found a prevalence of static identifiers for tracking purposes despite this not being the recommendation. This finding suggests that Google’s new policies limiting advertising identifiers will not have a tangible effect on the TV ecosystem.

Keywords: Smart TV, privacy, data leakage, tracking, advertising

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license.