Video Ads Autoplaying on Homescreen
please make the setting automaticalty disabled on the filling device types: Players Tvs
Forum Discussion
IIRC Walmart ONN is just a cheap Android TV box.
That's fine, but they don't receive security updates, and if they miraculously do, not for very long, and your streaming device is absolutely an attack vector into your accounts and payment information.
Sometimes the cheapest isn't the best.
Many Android TV boxes from China have been shipped LOADED with malware. ONN is "legit" in that regard and hasn't been found with any malware but still, you're not getting a secure device or one where the manufacturer cares about your security.
Not a deal-breaker for everyone, but it is for some.
easytodobetterIt is an inexpensive android yes but it has the backing of walmart and you can make the same argument against any other competitor, or Roku itself. I don't think it stands up for a couple of reasons. First, unless you're going to roll your own media box on something like an odroid N2, pi, or something like that (I have those laying around on desks now), you're at the behest of whoever is providing updates. You're right to think this way, and I wish more people would, but I think it's a non issue.
Let me explain why...
We're trusting Roku now, and they're nearly 10x as small as walmart and 25x as small as google. This is an in-house walmart brand (don't get the knockoff on amazon) and they (onn house brand) is responsible for updates to the firmware, but google and the streaming providers are going to be responsible for the security of the underlying major OS components outside of base OS image and the individual streaming apps. The same way an android phone gets google play services updates and core component updates over the air from the app store and a samsung device gets updates on the base android install from samsung. Now ONN isn't going to use some strange fork/branch of android, it's a google TV/android tv certified device. I agree if we're talking about some rando box from alibaba, but we're not.
The bottom line is, and this is the same for roku, is the device is behind most people's ISP or home router firewall on an unrouted RFC 1918 network most likely, so the security concerns outside of local network stack exploits from other infected devices on the same network, is going to be a vector that involves TLS protected transport to "thought good call home" services such as the play store, google, and the various streaming provider's own network via their apps. In fact, the largest vector of attack would be not updating the OS in a while and running a browser on an attacker's website. That is a non-zero threat in and of itself, but I don't think that's what we're talking about.
In general, the threat surface of these devices for most people is pretty low just because they're using constantly-updated google / android services and play store apps. People are far more likely to get owned via their android phone than these boxes once you get from a reputable source. The primary threat of cheap android boxes is where you get them, IMHO.
It's not my intention to go back and forth on this subject. I just wanted to clarify for others reading these posts and deciding what to do. What to invest in next.
"a certified device" loses me, sorry. We're not talking about certifications or how big the parent company is, we're talking about companies that provide continuous security updates.
ONN is not one of them. They just rebrand things. Super cheap. Historically they've only provided a few major patches likely related more with usability.
These days, every device on your network is an attack vector and malware for streaming devices is growing rapidly. I did not say anywhere that it will "suffer the same fate" as an Alibaba device, which often comes with malware, just that unlike a mainstream device, it's less secure without regular updates.
I would argue they're just a security risk for a savings of nothing since there are similarly priced options from reputable brands that provide updates for many years.
I accept that there are people who care about this and those who don't, but I wanted to clarify a few things I disagreed with like saying roku is basically the same, they're not.
"is an inexpensive android yes but it has the backing of walmart and you can make the same argument against any other competitor, or Roku itself."
Nope.
Google, Roku, Nvidia, Amazon, Samsung, Tivo, etc, they all provide regular software updates at the OS and firmware levels to keep up with malware that I regularly track for work on websites like CVE, which will show you there's PLENTY of people getting hacked this way. It's just not AS BIG of a vector as your phone.
Roku provides software updates for devices going back quite a few years, actually, and it's one thing we shouldn't dog them for.
You're not getting that security, your device is as-is, and why those tiny little cheap SOC's (system on a chip) sell for only ~20 bucks.
I merely said some people care about that, some people don't. You sound like you don't, that's fine.
easytodobetterYou may end up being right in the long run, we will see. I would like to note that Linus Tech Tips, in a follow-up to their "don't get a cheap android TV box because they're all filled with malware etc" they made a video saying which devices they would recommend. They reviewed the onn box along side the other top offerings and the onn was their favorite. We will just have to see if I wasted money. Box gets here today. If it doesn't work out, I guess I have a new N64 emulator, lol.
easytodobetterAgree to disagree. I think it's premature to think onn, a certified device, will suffer the same fate as the alibaba devices when it is a relatively new device, has already received multiple firmware updates, and is backed by walmart. Who knows, though. I'll take the risk, and in 5 years, if there are no more updates, guess it's on to the next cheap google/android TV box that does exactly the same thing, roku will be a name of the past by then with their current behavior.
