Android is a highly desirable operating system for hybrid Set-Top-Boxes due to its popularity among consumers. This popularity is due in part to its functionality & excellent user experience, generously specified devices, and wide selection of apps. Android OS and Android TV are therefore attractive to pay-TV operators who want to enhance their combined broadcast-OTT service offerings, and increase competitiveness by meeting consumer demand for a wider range of entertainment services than what is typically available in today’s broadcast-OTT operations.
Providing an Android-based hybrid STB is, however, quite a challenge. The requirements set by Google for licensing Android for use with Google Play and GMS, as well as using the logo, imply the inclusion of a number of features that increase STBs’ exposure to attacks. They are in many ways a classic case of function requirements conflicting with established industry security requirements and practices. The highly desirable functionality comes with a price tag in the form of increased business risk.
This paper discusses the threats to security in Android-based STBs posed by the combined broadcast-OTT environment and by Google’s requirements, and how these security issues can be handled.