Since the beginning of the year, there have been more and more reports on unofficial set-top boxes with Android TV, which can be found in popular online stores. So, in January, a Canadian cybersecurity expert told that his set-top box with Android TV, bought on Amazon, was supplied with a "bonus" in the form of malware. It allowed hackers to generate money by watching ads that the set-top box launched in the background without the knowledge of users.
It was about the AllWinner T95, a popular set-top box for Android 10, which is sold by hundreds of sellers on Amazon and AliExpress. It is unclear how widespread malware is in the firmware of such consoles, but another researcher found similar activity in other consoles from manufacturers RockChip and AllWinner.
Google finally responded to the messages and published an official response on the Android TV technical support forum:
Recently, we received questions about set-top boxes created using the Android Open Source Project and sold as devices with Android TV.
Some of them may also ship with Google and Play Store apps that are not licensed by Google, which means that these devices are not covered by Play Protect.
Devices based on AOSP (this is an open source version of Android) can be shipped with Google applications even without a license from Google itself. This can confuse users who are not ready to understand the differences.
The main difference comes down to the support of Google Play Protect — a set of components for online and offline protection of Android devices. If there is no protection, the device can execute malicious code, as in the example with the ad clicker.
It's easy to check whether Google Play Protect is supported on your set-top box. Launch Google Play, click on the profile icon in the upper right corner, and then — on Play Protect. The description of the function will indicate whether there is protection on the gadget.
You can also check whether the manufacturer of the set-top box is listed in the list of Android TV partners on this page.