yuliskov
[BUG]: WANING! WARNING ⚠️⚠️
Checklist
- [x] I made sure that there are no existing issues - open or closed - which I could contribute my information to.
- [x] I have read the FAQ and my problem isn't listed.
- [x] I have taken the time to fill in all the required details. I understand that the bug report will be dismissed otherwise.
- [x] This issue contains only one bug.
Affected version
VERSION WITH OLD KEY !!
Device Type
Smart TV/Box
Affected Android
Android 12
Steps to reproduce the bug
REVOKE IMMEDIATELY THE OLD APP ACCESS TO YOUR GOOGLE ACCOUNT !!!! OTHERWISE THE ATTACKER WILL HAVE FULL ACCESS TO YOUR BROWSER ON YOUR PC!! AND BY THAT I MEAN MOVING CURSOR, OPENING TABS , READING YOUR EMAILS CLOSING TABS!! DO IT NOW EVEN IF YOU DIDN'T NOTICED NOTHING SUSPICIOUS!!! IVE BEEN THE VICTIM OF THIS ATTACK THIS EVENING, THANKFULLY I WAS IN THE ROOM AND CUT OFF THE CABLE FROM MY ROUTER!!!
Actual behavior
REVOKE IMMEDIATELY THE OLD APP ACCESS TO YOUR GOOGLE ACCOUNT !!!! OTHERWISE THE ATTACKER WILL HAVE FULL ACCESS TO YOUR BROWSER ON YOUR PC!! AND BY THAT I MEAN MOVING CURSOR, OPENING TABS , READING YOUR EMAILS CLOSING TABS!! DO IT NOW EVEN IF YOU DIDN'T NOTICED NOTHING SUSPICIOUS!!! IVE BEEN THE VICTIM OF THIS ATTACK THIS EVENING, THANKFULLY I WAS IN THE ROOM AND CUT OFF THE CABLE FROM MY ROUTER!!!
Additional information
REVOKE IMMEDIATELY THE OLD APP ACCESS TO YOUR GOOGLE ACCOUNT !!!! OTHERWISE THE ATTACKER WILL HAVE FULL ACCESS TO YOUR BROWSER ON YOUR PC!! AND BY THAT I MEAN MOVING CURSOR, OPENING TABS , READING YOUR EMAILS CLOSING TABS!! DO IT NOW EVEN IF YOU DIDN'T NOTICED NOTHING SUSPICIOUS!!! IVE BEEN THE VICTIM OF THIS ATTACK THIS EVENING, THANKFULLY I WAS IN THE ROOM AND CUT OFF THE CABLE FROM MY ROUTER!!!
What makes you think this comes from SmartTube? A hack on an Android box can't jump over to a PC in your network. If it can, then you have the security of your own network (and PC) not in order (which might be a bigger issue).
What makes you think this comes from SmartTube? A hack on an Android box can't jump over to a PC in your network. If it can, then you have the security of your own network (and PC) not in order (which might be a bigger issue).
They didn't access my PC files! They had access to my browser only! You haven't heard of AOuth token attack?
Even if I gave you full access to my Google account, you couldn't take over MY browser. But ok, your security might be less strict.
I want to know what a WANING WARNING is and what's with the all caps lol. The only way an apk can affect your pc is if you've installed via waydroid or similar on your pc, Yet they are still sandboxed.
I want to know what a WANING WARNING is and what's with the all caps lol. The only way an apk can affect your pc is if you've installed via waydroid or similar on your pc, Yet they are still sandboxed.
Did I say apk was the culprit?
I want to know what a WANING WARNING is and what's with the all caps lol. The only way an apk can affect your pc is if you've installed via waydroid or similar on your pc, Yet they are still sandboxed.
Did I say apk was the culprit?
You said the old app, Same thing, You have to install an APK to install the APP....
@qpman87 Were you using Chrome Remote Desktop?
Do you use any other remote access software connected to the affected Google Account?
Do you see any unrecognized devices connected to your Google Account?
The other thing is you haven't shown any proof the app and google account access is the cause of your system being compromised. Without proof then you can't blame the app and your google account, Let alone Androidtv being the cause to your computer. I've repaired thousands of desktop pc's and removed tons of malware in the last 40 years, It's almost always the user either installing something they shouldn't, Clicking on links they shouldn't, Opening emails they shouldn't, visiting websites they shouldn't, Etc. As you mention your email, Might want to investigate your email further. Today even a simple PDF file can be used as malware to gain access to your system.
Can I just update the old Smarttube app on the usual way. Or do I have to deinstall it and start from scratch with version 30.59? Any further action required? Change google password?? Read something about revoke access?? I run Smarttube on an Android box with vpn And on a beamer running Android 6 with no Google playstore
@Johnberg51 Open myaccount.google.com/security Find “Your connections to third-party apps & services” Tap “See all connection” and locate YouTube TV or Google Drive Select the app → “Remove access”
thats the most important. If you have not, enable 2 FA (Passkey is the most secure). Also maybe Factory Reset your device where ST was installed, but that's maybe an overkill.
And unnstall the APP, then download the new version.
Can I enable acces to Youtube TVand Google drive again when everything is reinstalled? Can I do this just on my Android phone which has nothing to do with Smarttube
Oh my God I uninstall the old version. Download the 30.59 Install….. Prompt App not installed What is going on??? Beelink GT King running Android 9 I gave all rights for APK install
@qpman87 Were you using Chrome Remote Desktop?
Do you use any other remote access software connected to the affected Google Account?
Do you see any unrecognized devices connected to your Google Account?
I wiped out my whole ssd. changed all passwords etc etc . moved temporarily to Linux machine. There were no unrecognized devices in the google account at all. ive noticed that there is something strange with my pc since beginning November.
The other thing is you haven't shown any proof the app and google account access is the cause of your system being compromised. Without proof then you can't blame the app and your google account, Let alone Androidtv being the cause to your computer. I've repaired thousands of desktop pc's and removed tons of malware in the last 40 years, It's almost always the user either installing something they shouldn't, Clicking on links they shouldn't, Opening emails they shouldn't, visiting websites they shouldn't, Etc. As you mention your email, Might want to investigate your email further. Today even a simple PDF file can be used as malware to gain access to your system.
THe author system was infected and he clearly stated that in his statement. How do we know what that infected app, that was distributed on thousands devices and then installed in peoples homes, did behind the "doors" on their home network ? I dont pretend to be IT specialist but i never had any troubles with viruses in the past. And im not blaming the author of anything because he is a victim as Im.
@qpman87 Were you using Chrome Remote Desktop? Do you use any other remote access software connected to the affected Google Account? Do you see any unrecognized devices connected to your Google Account?
I wiped out my whole ssd. changed all passwords etc etc . moved temporarily to Linux machine. There were no unrecognized devices in the google account at all. ive noticed that there is something strange with my pc since beginning November.
Go see a doctor, maybe even a psychiatrist. Or figure out what it means to connect an application to an account with a code.
@no
@qpman87 Were you using Chrome Remote Desktop? Do you use any other remote access software connected to the affected Google Account? Do you see any unrecognized devices connected to your Google Account?
I wiped out my whole ssd. changed all passwords etc etc . moved temporarily to Linux machine. There were no unrecognized devices in the google account at all. ive noticed that there is something strange with my pc since beginning November.
Go see a doctor, maybe even a psychiatrist. Or figure out what it means to connect an application to an account with a code.
@qpman87 Were you using Chrome Remote Desktop? Do you use any other remote access software connected to the affected Google Account? Do you see any unrecognized devices connected to your Google Account?
I wiped out my whole ssd. changed all passwords etc etc . moved temporarily to Linux machine. There were no unrecognized devices in the google account at all. ive noticed that there is something strange with my pc since beginning November.
Go see a doctor, maybe even a psychiatrist. Or figure out what it means to connect an application to an account with a code.
This kind of reply is really unhelpful. It’s still unclear what exactly the malware has done and whether it has any worm-like capabilities, so users being worried about unusual behaviour on their systems is completely reasonable. Even the developers don’t have the full picture yet and are still gathering information about the incident, so presenting yourself as if everything were already clear is misleading at best. Telling someone to “see a doctor, maybe even a psychiatrist” is a personal attack, not a technical argument. If you have concrete information that show their issue is unrelated, please share those instead of attacking the person.
my 2 cents .....
-
If i was in the same boat as original poster I too would be worried, especially as their is still NO breakdown and analysis of exactly what the rouge app can/was doing, i think this should and still should be given a priority by the dev
-
i beleive the dev is a "good guy" and not a dev gone rouge, i'm willing to give him the benefit of the doubt and i have always been appreciative of his efforts in making this app for us
-
Personally, I removed the old app and installed the latest build simply because I was always using a throw away google account and only installing it on google tv dongles on a seprate secure wifi network
-
For me this is the biggie....... "The dev should not be bringing out clean apk's considering the circumstances, he should only be bringing them out now via fdroid as that is the ONLY way trust can be reassured, as a trusted independent third party will then be repackaging/checking every build. What i dont understand is the dev himself posted this sentiment as a main priority when all this flared up????
Dear people I have a serious problem I uninstalled the old version and then try to install version 30.59 I have a Beelink GT King runnen Android 9 Every time I get the prompt “app not installed” On my beamer running Android 6 I could install it without problems. I dissabled Google play protect but nothing helps I tried an older version of Smarttube on my Beelink and this I could install. Is there anyone who have an explanation for this?
Dear people I have a serious problem I uninstalled the old version and then try to install version 30.59 I have a Beelink GT King runnen Android 9 Every time I get the prompt “app not installed” On my beamer running Android 6 I could install it without problems. I dissabled Google play protect but nothing helps I tried an older version of Smarttube on my Beelink and this I could install. Is there anyone who have an explanation for this?
Hi, you can create your own issue to get more help or report a bug, this is not the right issue for that...
Dear people I have a serious problem I uninstalled the old version and then try to install version 30.59 I have a Beelink GT King runnen Android 9 Every time I get the prompt “app not installed” On my beamer running Android 6 I could install it without problems. I dissabled Google play protect but nothing helps I tried an older version of Smarttube on my Beelink and this I could install. Is there anyone who have an explanation for this?
Hi, you can create your own issue to get more help or report a bug, this is not the right issue for that...
I solved it alone together with Chatgpt, it is simple and I wonder why nobody here could give me this answer. Simply download the apk here: https://smarttubeapp.github.io/#legacy
Before I downloaded the apk here: https://github.com/yuliskov/SmartTube/releases?page=1 And this apk’s I can’t install on my Beelink, very strange.
my 2 cents .....
- If i was in the same boat as original poster I too would be worried, especially as their is still NO breakdown and analysis of exactly what the rouge app can/was doing, i think this should and still should be given a priority by the dev
- i beleive the dev is a "good guy" and not a dev gone rouge, i'm willing to give him the benefit of the doubt and i have always been appreciative of his efforts in making this app for us
- Personally, I removed the old app and installed the latest build simply because I was always using a throw away google account and only installing it on google tv dongles on a seprate secure wifi network
- For me this is the biggie....... "The dev should not be bringing out clean apk's considering the circumstances, he should only be bringing them out now via fdroid as that is the ONLY way trust can be reassured, as a trusted independent third party will then be repackaging/checking every build. What i dont understand is the dev himself posted this sentiment as a main priority when all this flared up????
Bingo!
Only way possible is if you use chrome Remote Desktop AND they have your CRD pin. You got hacked by something else.
