Katarzyna Petru
SmartTube, a popular alternative to YouTube on Android TV, Google TV, and Fire TV, has officially been recognised as infected with malware. The issue concerns versions installed manually (sideloading), as the application is not available in official stores.
The creator of SmartTube confirmed in a conversation with AFTVNews that malware entered the application in November. The infection affected both new installations and updates marked with versions 30.43 and 30.47. The culprit was the developer's computer, which became infected during work, leading to a replacement of the digital signature and contamination of the build. Worse still, there are also various forks of SmartTube that may be compromised.
Google responded by mass-blocking or removing SmartTube on selected devices. The company reminds that sideloaded applications do not undergo any security procedures – and that is precisely why Google plans to significantly restrict manual installation of APKs in the future.
What to do now?
Although it has not been revealed exactly what type of malware infiltrated the application and what its capabilities may be, experts from AFTVNews recommend taking the matter seriously. Simply uninstalling will not be enough. The recommendation is unequivocal:
restore the device to factory settings.
This applies to any hardware on which SmartTube was installed:
Chromecast with Google TV, Google TV Streamer, Nvidia Shield, Nokia and Strong streaming boxes, TCL Google TV, Philips Google TV, Sony Google TV, and many others. Since SmartTube may have had privileged access to Google and YouTube accounts, it is also advisable to monitor account activity for a few days to ensure that no unusual logins, subscriptions, or changes to settings have occurred.
The creator assures that the latest version SmartTube 30.56 is now free of threats, but if the application was on the device previously – a full reset is necessary. This is the first high-profile case of infection in a popular sideloaded application on televisions, which shows one thing: if we bypass official sources, the risk is real, and the consequences can be more serious than just a non-functioning application.
