Google responds:

“We take our users’ privacy extremely seriously. While we investigate this bug, we have disabled the ability to remotely cast via the Google Assistant or view photos from Google Photos on Android TV devices.”

Google spokesperson

That's really bad !

considering this doesn't happen on [all] other atv's seems like UUID was reused, perhaps by the OEM or elsewhere (runtime deployment of assistant/ambient/backdrop), to make it seem like every copy of a tv looks like a 'single' tv.

​

should definitely be part of the CDD/CTS, if it's a firmware problem, and if it is, OTA reprovisioning is gonna be a pain.

​

if it's a runtime deployment, you're still gonna piss a lot of people off if you expire all these tokens and require setting it back up.

How a serious bug like this be unnoticed for this time? Nobody in the world using androidtv?