iOS 8 has an incredible feature coming called App Extensions, and we’re thrilled to say we have a 1Password extension ready for developers to use right in their apps! In apps that gain support for our extension, you will no longer have to copy and paste passwords from 1Password. Yes, it really is a game changer, and you can see it in action for yourself.
Naturally, this new-fangled way for apps to interact in iOS 8 is leading people to ask how we do this in a secure manner:
- Are we really letting third-party apps poke around inside of your 1Password data?
- Answer: No, that is not how extensions work.
- Can these third party apps ask 1Password for your PayPal password?
- Answer: Well, they can ask, but you decide if they should get what they ask for.
- Can they trick you into entering your 1Password Master Password into something that isn’t 1Password?
- Answer: The very same mechanisms that prevent that today apply to application extensions.
I will elaborate on all of this below. But to summarize, all of my points and these safeguards in both iOS extensions and 1Password are built on an important design principle: Nothing happens without your explicit action.