Managing piracy and malware – the twin threats to open platforms

The wave of pay TV operators buying into Android TV has turned into an unstoppable tide. In 2016, just a handful of operators were using Android TV, but in 2019 that number is 140 and rising with over half the growth in the last 12 months. Rethink TV recently brought forward its prediction that over 99 million devices would be running the system before the end of 2022 globally, by six months.

Yet the very attraction to pay TV operators of a platform that gives its users freedom to access apps carries with it a security risk that they have never had to deal with before – malicious apps invading their pristine set-top environment.

Android TV itself is as secure as any proprietary middleware, arguably more so (in fact, the specifications are very defined and Google drives patches faster than anyone) However, according to Bruce Curtin, Product Manager, Irdeto, “The threat emerging to blindside operators comes from malicious apps side-loaded via USB or from the app store attacking the STB. This is a new phenomenon for pay TV providers who have never had to deal with the issue in a closed platform.”

This is in addition to the classical content piracy posed by users sideloading a Kodi-style plug-in to obtain premium content without subscription. Google can and does monitor app activity and removes offenders.

But pay TV operators launching with Operator Tier – designed for devices that are managed and distributed by them – need to take responsibility too. Kodi-style apps being misused for piracy and malware disguised as legitimate apps need to be controlled on operators’ set-top boxes, beyond what Google is doing with the app store. And all of this must be done with the goal of retaining the user’s freedom to access the open app store while staying on HDMI.

The key is to find a way of not breaking the paradigm that Google operates under for Android TV or the pact that operators are making with their subscribers; namely the ability to access whatever content, game or service app they like on a user-friendly, powerful platform.

With this in mind, Curtin states that “A blanket denial of apps like Kodi or Kodi add-ons will not work. It will only send the consumer to another service provider. There has to be a flexible way of blocking only apps or add-ons that are associated with piracy or malicious activities, without diminishing the overall consumer experience for that operator.”

An example he gives is that it would be useful to anticipate which apps or plug-ins are trending in the run up to a specific event (the worldwide debut of a major episodic series or am international sports tournament). Operators can then set up policies beforehand for illegitimate apps or add-ons and stay in control.

Pay TV must evolve to survive but operators have to balance the latitude offered by the open source approach of Android TV and RDK with the need to finesse the user experience while protecting their ecosystems and business models alike.