I'm working on a Chromecast custom receiver that shows private information on the TV. After building a prototype, we realized the client (web, phone, whatever) could connect to a rogue device acting as a Chromecast and intercept anything intended to be sent to our receiver. Is there a way to mitigate this kind of attack? Is there anything built into the platform we can use to get a secure connection between the client and the Chromecast?
First, the connection is secure (as long as it is done by Cast SDK) and secondly, cast SDK checks and validates that it is talking to a genuine Cast device.