Hey AgileBits beta Android team,
I emailed [email protected] yesterday about a fairly severe/critical security flaw in the Android beta which allows for a persistent bypass of authentication to access login/password information from anywhere in Android OS.
It's possible after unlocking the database for the first time to trigger a scenario in which all logins/passwords are available via the autofill suggestions without any further password or biometric. The problem can only be cleared with a phone reboot or by force stopping 1Password.
I never received an auto response and became concerned that the email wasn't received because I didn't initiate it from within the app.
I've now reproduced the flaw on two different phones and two different versions of Android.
Figured I would receive a response back pretty quickly given the severity. I can imagine an exploit hypothetically trying to skim an entire database with this persistent authentication bypass.
Can someone get in touch?
I have additional information to provide but can't do so until I receive a response with the ticket ID.