"TheEndless" wrote:
I'll take a stab/guess at that... since private channels aren't reviewed by Roku, it's possible someone could develop a malicious channel (e.g., a fake Netflix or Amazon channel with the sole purpose of capturing usernames and passwords.. or worse). Allowing a user to install those channels easily via a screen that makes it look like it's officially available in the channel store could lead to very bad things, for both unsuspecting users and Roku.
If such a malicious channel existed, and an attacker had gained access to the victim's PC (or other device), couldn't they just as easily launch the user's browser to the add channel screen there (eg:
https://owner.roku.com/Add/ACETV)? ie: whether the malicious code launched the Add Channel screen on the Roku/TV, or launched the Add Channel screen on the PC/Browser, the risk is the same as far as I can tell. I don't see how launching the channel store screen poses any more of a risk. In both cases, the attacker has to first gain access to run code on a device on the user's network, present an Add Channel option to the victim, and get the victim to agree to do so.
