Bug report - reopened app briefly shows open information before asking for password
If I open the app and open an item, then switch to another app, then reopen 1pwd, it briefly shows the item that was previously open before asking for the password. The information could be sensitive and could be captured. The iOS version doesn't do this.
1Password: 7.9.2 from Google Play
Device: Lenovo TB-X306F running Android 11
Comments
-
Hey @pstq, thank you for reaching out to us and for reporting this behaviour! When I followed your steps on my own Android device, the item was shown for perhaps a fourth of a second, so brief that I was unable to capture or read anything within the item.
Could you create a screen recording so I can make sure I'm replicating the correct steps? Make sure to blur out any personal information or simply create a test item to showcase this.
0 -
1/4 of a second sounds about right. Long enough to capture on video.
I haven't been able to work out how to edit the video yet, but I was at least able to prove I could freeze it at the instant it displays the information. I also later found it had stopped happening. I think perhaps having a lot of apps open affects it.
I was able to make it happen again by closing all apps.
I opened and unlocked 1pwd
Opened an item
Went to the home screen
Went back to 1pwd
I saw the item briefly before it asked for the passwordI had to enable screenshots in the advanced settings before I could record this, so an "attacker" would have to record with another device's camera.
0 -
Hi @pstq. Thanks for reporting this. When 1Password for Android locks, the lock screen is shown on top after you launch 1Password. This means that you may indeed see the previous screen for a split second before the lock screen is shown. We have an open issue regarding this behavior, so that our development team can look into it. ref: dev/android/onepassword-android#1355
0
