Open source SmartTube YouTube client removed after security breach, new install needed

Open source YouTube client for TVs, SmartTube, recently had its digital signature exposed, causing Google and Amazon to auto uninstall or disable the app on Fire TV and Android TV devices. This creates a major risk because the exposed signature could let attackers distribute malicious updates under the developer’s name, and Google Play Protect responded by disabling affected installs for user safety.

In response, the developer abandoned the compromised signing key and generated a new one, which forced SmartTube to adopt a new app identifier. Existing installations are now deprecated and will not receive further updates, though users are not required to remove them. A new SmartTube build is already available, but it must be sideloaded and fully reconfigured as a separate installation.

Because the new version is not yet on the SmartTube GitHub page, installation requires the Downloader app and either code 28544 for the stable channel or 79015 for beta. The developer warns users not to disable Google Play Protect, emphasizing that this is a real security risk rather than a conflict with Google. The old SmartTube version will remain on devices as inactive software while the new, securely signed build becomes the only supported option.