Copy & Paste clipboards (or “pasteboards” as they are called on Mac and iOS) can be dangerous places for secrets if you have malicious software running on your device. On most operating systems – mobile and desktop alike – most running applications can read from the system clipboard. When you copy a secret to the system clipboard, a malicious process may be able to read and steal that secret.
This, by the way, is not news, but it is good that it has made the news. It helps people be aware of clipboard usage, and it gives me the opportunity to talk a bit about what we have been doing over the years about this.
We have always worked to reduce how much people need to depend on system clipboards when using 1Password. The details differ from system to system, and each operating environment gives us different ways to help reduce clipboard use. On the Mac and Windows PCs we have the 1Password Browser Extensions communicate with 1Password so that web form filling can avoid the clipboard. 1Password for Windows also uses auto-type to reduce clipboard activity. 1Password 5 on iOS offers 1Browser and integration with other apps through App Extensions.
But today I will reveal a few things that our 1Password for Android beta testers know.
Aside: Before I get to that discussion, I should point out (as I often do), that the single best defense against a malicious program running on your machine or device is to keep your systems up to date with all software and system updates. It is also important to be careful in what you install on your system. 1Password can offer some significant defenses against malware on your system, but you have to help keep your systems free of malware.
1Password 4 for Android already has a simple built-in browser. This allows you to go directly from your Login item in 1Password to the web page, filling the data without the clipboard. Our iOS users are already familiar with 1Browser, and this is shaping up on Android.
Lollipop provides clipboardless sweetness
Of course, web pages aren’t the only thing that people need to fill passwords into, and sometimes people may wish to use something other than the browser built in to 1Password. In the current Beta release of 1Password for Android, we used the latest security and accessibility features in Android 5 (Lollipop) to allow 1Password to fill into other apps without making use of the clipboard.
Starting with Lollipop, we have a way to fill password data into other apps without using the clipboard. Perhaps it would be best to just quote what Nik, our Happiness Engineer, had to say in the beta newsletter just a couple of weeks ago:
Wondering why app and browser filling requires OS 5.0? Me too! So I asked our developers. It turns out that the only way for us to do this in earlier versions of Android OS was to use copy/paste accessibility APIs, meaning that any clipboard manager or malicious app could listen to clipboard events and collect login credentials as they were filled.
In Lollipop, 1Password can fill your information directly, without using the clipboard. Therefore, it isn’t possible for a third party to obtain your passwords by snooping on what 1Password’s doing.
Prior to Lollipop, it would be possible to get this kind of app-filling, but it would have relied on the clipboard under the hood. Because using the clipboard involves known risks, we feel that we should make it clear when copy/paste is being used and minimize it’s use wherever possible. As a result, we decided to focus on a Lollipop-only implementation of our filling feature
If you have an Android device with Lollipop installed and would like a sneak peek, I invite you to sign up for our Android beta.
Clipboards may always be with us
As you can see, we are working to reduce dependency on system clipboards when using 1Password. This is an on-going process. Browser integration on the desktops was something we started with back when the very first versions of 1Password was released for the Mac nearly eight years ago. Later, we introduced our own browser into 1Password for iOS, and much more recently encouraged 1Password integration for other iOS 8 apps using App Extensions. Along the way, we introduced auto-type in 1Password for Windows and a web browser into 1Password for Android. As you’ve learned here, we have in-app filling in our Android Beta, making use of the latest features of Android 5.0, Lollipop.
But while we are progressively reducing the need for copy and paste to a system clipboard, we are a long way from eliminating the need to use these. This is why I must repeat my advice to keep your system free of malicious software.
What I would like to see is a clipboard that could only be read when the user explicitly chooses to paste. This is something that has been suggested a number of times before, but has not be implemented on the most popular operating systems. I suspect that there is a reason for that, but if you know, I eagerly await your insights in the comments.
Jeffrey Goldberg
Principal Security Architect
Tweet about this post