TouchPal keyboard for Android safes passwords in plain text for a long time visible for everybody

Philipp
Philipp
Community Member

I use other keyboards than the original Android keyboard sometimes. So I also tested "TouchPal" but in combination with 1Password it is really bad. This keyboard has a special cache for copied text. You find the option called "clip board". There you can see the last 5 copied texts. So here you can also see copied passwords from the 1Password safe in plain text. They will not deleted after 90 seconds, they are also visible after days.

I hope "SwiftKey" and "Swype" don't do this also, but at the moment I have not found this. Do you know about this problem?

Comments

  • Hey @Philipp‌. Thank you for sharing your findings with us about TouchPal keyboard. We are not able to alter the behaviour of applications that listen to and record your clipboard. The system clipboard is shared among all applications as part of the Android operating system and it looks like TouchPal is listening for clipboard events and maintaining a clipboard history.

    Because of the potential for other apps to snoop on the contents of the clipboard, we try to limit usage of the clipboard as much as possible. Until recently, the only universal mechanism for filling passwords into other apps and browsers has been to use the clipboard. With the advent of new accessibility APIs in Android 5.0 (Lollipop), we are now able to offer auto-filling in third-party applications without requiring the use of the clipboard. This new feature is available in our current beta version of 1Password if you are running Lollipop.

    Let me know if you have any questions. :)

This discussion has been closed.