Autopaste 1Password data within apps for under Lollipop Android versions.
Hi Everyone,
I have read the recent blog post about why 1Password engineering team decided to limit support for in-app autopasting of 1Password data to Android 5 only (skipping clipboards criteria). However, I believe not adding this optionality to pre-Lollipop Android versions is actually sweeping the clipboard problem "under the rug", so to speak. I don't know for sure about other 1Password for Android users, but I constantly copy-paste data from 1Password to use while login into apps and websites, and I can only assume other 1Password users are doing the same thing. This means, the decision to not include autopaste functionality in 1Password for Android versions under Lollipop is not solving the clipboard problem, it just makes the use of 1Password less comfortable.
What do you guys and gals think, wouldn't it be better if we (people not using Lollipop) were given an option (accompanied with a security message) to enable autopaste functionality at our own risk?
I would love to hear an official response from 1Password support.
Thanks!
Comments
-
Not an official response, but hey ho...
I do see you point of view, and held it myself for a bit. The way to understand this is to think about how a normal user would see it. If you loaded up and browser and were offered the option to use 1Password data to login, would you assume that the clipboard was being used in the process? Most wouldn't I suspect.
It comes down to security conscious people wanting to understand the risks. Forcing manual copy and paste makes it completely explicit that you are in fact using the clipboard. Having an auto-fill system that uses the clipboard in the background is, as you pointed out, no more or less risky but the user is unaware of the risk.
I suspect that this is why they don't want to add autofill without a non-clipboard way to do it.
0 -
Hi Richard,
That's exactly the reason I said there should be a warning message explaining the risks of auto-fill under Pre-Lollipop Android versions.
This way, we have the explanation, the choice and the personal responsibility.0 -
Hi @mjeshurun
Thanks for the feedback! We would love to see autofilling available on pre-Lollipop versions. You are correct that there is likely a risk to be taken using the clipboard anyway.
However, I second @RichardPayne. We make software that encrypts and protects peoples' valuable data. Anything on the clipboard can be sniffed or accessed by other installed apps, which makes the clipboard a risky place for the data that we're protecting. Even with a warning message, we would still be actively putting sensitive information into a compromised place. Streamlining the process, even with a warning message, could give way to the idea of "well they wouldn't do it if it wasn't safe."
While I think you make a great point, and would personally love this feature on my older Android, this is currently a risk we are not comfortable taking.
Please let us know if you have any other suggestions! We really appreciate hearing your ideas. :)
0