Avoiding the clipboard [Was: Security question]
I just installed the beta and so far it looks like you have the start of a nice Android app. Thank you for following the platform's design conventions.
That being said, I'm curious if you have plans to secure the user against malicious applications monitoring the clipboard contents with an OnPrimaryClipChangedListener? It looks like you're just shoving the passwords straight into the system clipboard at the moment.
This is pretty insecure as demo'd by this project I whipped up: https://github.com/twaddington/Android-Clipboard-Monitor
Would love to hear the team's thoughts on this as I'm eager to find a way to securely utilize a password manager on Android.
Comments
-
One possible solution would be for your application to support a
PICK_PASSWORDintent of some sort. Applications could build an intent with this action that would launch the 1Password Android app. The user could then unlock the application and pick an existing password. You would then return the chosen password in the activity result and the calling application could populate a password field with that result. This obviously would require tighter integration with applications but has the advantage of only exposing the data to the calling application instead of all installed applications.0 -
Hi @twaddington,
Thanks for explaining a bit about how Android’s copy clipboard system works. I am going to pass this information onto our developers and get their perspective on this. They will be better at explaining our current design. You may even get a direct response from them, so keep an eye out! ;)
Thanks for the feedback. Please continue to keep us posted if you have any other thoughts to share.
0 -
Thanks @twaddington.
Both of your suggestions are excellent, and at this point all I can say is that we will continue to look for ways to (a) minimize the use of the clipboard and (b) try to better protect anything we put there. It's too early to say what those might shape up to, but please continue to post suggestions like this.
Cheers,
-j
–-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
http://agilebits.com0 -
Thanks for the replies @jpgoldberg and @saad. I think one thing you could do is simply help educate users about the risks they face with the Android clipboard. If you trust all the applications you've installed on your phone, then there's no problem. However, I think this is rarely the case with most users.
I'd be interested in helping out if you're interested in experimenting with the tighter app integration approach I mentioned. I work on a fairly popular financial application and it would be great to integrate with some sort of
PICK_PASSWORDstandard or help contribute to the drafting of one.0 -
I, personally, would love some sort of intent created to pass encrypted passwords between apps. Not only a
PICK_PASSWORDor similar that apps can request, but also aLOGIN_WITH_PASSWORDtype of intent so that the user could select an item from 1Password and have it launch an app that listens to the intent. The second would be trickier to implement, I suppose, and you'd have to convince other app vendors to handle this correctly, but it could make the whole process of logging in a whole bunch easier.Sadly, I doubt Google will ever support it in Chrome for Android, but we can dream.
0 -
Curious to know if the developers have any thoughts on this yet. I'd be happy to get a private response if you don't want your thoughts to be made public until they're more fully formed. Thanks!
0 -
@twaddington: We appreciate your enthusiasm in this particular matter, thank you. As of right now, our developers and security experts are continuing to investigate into this further.
We will directly contact you if we need any assistance. If you have any other thoughts you would like to share, please let us know here or via email at support+androidbeta@agilebits.com
I will update this thread when more information becomes available.
0 -
Thanks! Appreciate the response.
0 -
No problem! I will keep you posted if there's any updates. :)
0 -
there's some fresh discussion on this @ discussions.agilebits.com/discussion/comment/114535
0 -
:)
0
