Google says a bug is erroneously showing security alerts for TiVO devices

Google says that a bug on its side is responsible for showing scary security alerts to owners of TiVO streaming dongles.

The security alerts have been popping up for at least two weeks. They occur after the installation process of TiVO Stream 4K USB dongles.

The process requires users to set up and link a Google account on the device in order to receive access to the official Play Store and install streaming apps.

For the past two weeks, TiVO Stream 4K owners say that as soon as they link their account on the device, Google sends them an alert warning in their inboxes, warning that the device has extensive access to their personal data and that Google has not verified the device/app developer.

In addition, the message also urges users to unlink their account from the device, an advice that some users have followed. This operation renders the devices almost useless, according to online reviews, since the dongles run a version of the Android TV operating system, and they need access to a Google account to work correctly.

Google is working on a fix

“We are aware of a bug that triggers the notification when users link their Google account to certain Android TV devices for casting,” a Google spokesperson told ZDNet in an email today. “This is not a security vulnerability and user data is not at risk.

“We are working on a fix,” the spokesperson added.

“In the meantime, we do not recommend users to remove access as it will limit functionality of their Android TV device.”

No details have been shared about the exact nature of the bug, but while answering customer support requests on the company’s forum this week, a TiVO spokesperson described the problem as “a UI issue only,” adding that TiVo has not been provided with additional access to users’ Google accounts as a result of this bug, as the message suggests.