1Browser and security

gian
gian
Community Member
in iOS

Hi all!

First, thanks for the great product. Can’t live without 1password.. :)

Today I made an access to my old email trough 1browser and unfortunately i open one email that I think it was phishing...

now my question is: could my data have been compromised via this built-in 1browser?

what are the differences between safari and 1browser in terms of security ?

Many thanks !

Comments

  • Ben
    Ben

    Hi @gian

    what are the differences between safari and 1browser in terms of security ?

    I'm not aware of any. 1Browser is essentially just Safari wrapped in 1Password's UI (as is the case with all browsers on iOS).

    now my question is: could my data have been compromised via this built-in 1browser?

    Did you click any links or open any attachments from said email? If not, I wouldn't suspect so.

    Ben

  • gian
    gian
    Community Member
    edited December 2020

    Hi @Ben !

    Thanks for the response...

    unfortunately I was lost in thought so now I don't know.

    if i clicked them is there any risk?

    the risk would have been the same then also from safari?

    EDIT:
    I forgot to tell...
    The phishing email was not about 1password, but a generic phishing money prize.

  • gian
    gian
    Community Member
    edited January 2021

    I have not received any more answers ...
    but I think I was alarmed for nothing.
    Thanks for the help :)

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for the update @gian, this is nice to hear :) And on behalf of Ben, you are welcome!

    If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

  • gian
    gian
    Community Member

    Thanks for the response @ag_ana .
    My last question is still unanswered ...
    Having been a long time since I opened that email, I think there is no need to be alarmed.
    But if there were any suggestions about it I would be happy :) !!

  • ag_ana
    ag_ana
    1Password Alumni

    @gian:

    I have forwarded your question directly to our security team :+1: We will post back as soon as possible when we have an update. I think it will be difficult to say for certain without knowing exactly what link you clicked, and what website this was, but it doesn't hurt to try :)

  • gian
    gian
    Community Member

    Thanks @ag_ana .

    As i said I was lost in thought and I don't remember well if I clicked any link and if so what it was.

    So mine was a question for informational purposes only to know if these emails could be a threat to the vaults on the device. ;)

  • Lars
    Lars
    1Password Alumni

    @gian - hi, sorry again for the delay. Lars from the Security Team here. I'm glad to hear you've noticed no other issues since that questionable email. To answer your question specifically, there's a very strict separation between the webview (1Browser) and the internal code and data of the 1Password application. Unless you clicked on a link that resulted in actual filling of data that you would have been able to see, nothing would have been exposed. If you don't remember filling in any forms on the resulting page, and nothing unusual has happened since that time, your 1Password data are likely as safe as it always was. However, if you're still worried about other aspects of your device security besides 1Password - general malware, etc - I'd suggest taking it to the Apple store or a qualified technician for malware analysis.

  • gian
    gian
    Community Member

    Hi @Lars ,
    Many thanks for the explanation :)
    if I am not mistaken then, in the worst case, a password would only be exposed if it had been auto-filled.
    Right ?

  • Ben
    Ben

    Correct. :)

    Ben

This discussion has been closed.