51社区

University Community

Android vulnerability impacting password managers

Android users at 51社区 are asked to be aware of a vulnerability within the autofill functionality of Android apps.

This vulnerability, , can expose the saved credentials within the user鈥檚 mobile password managers, such as LastPass, by bypassing Android鈥檚 secure autofill mechanism.  

Until a patch is released by Google and the impacted password managers there are a few things to keep in mind to reduce risk to your passwords:

  1. Don鈥檛 stop using a password manager if the result would be adopting less secure password practices such as reusing credentials or storing passwords in insecure ways. To learn more about safe password practices, visit the Information Security Office鈥檚 Strong Passwords webpage.
  2. Exercise diligence when choosing which applications you install on your device. This best practice is applicable to all devices, not just Android. Only download apps from trusted sources and be suspicious of apps that require passwords for accounts that are not actively managed or provided by the application developer. It is also a good idea to periodically as you see fit. 
  3. One way to avoid risk associated with this vulnerability is to manually copy the needed credentials from the password manager and paste them directly into the app rather than utilizing the autofill feature. However, be aware that this will save the password to the device鈥檚 operating system clipboard, which comes with its own risks.
  4. Follow the guidance on the Information Security Office鈥檚 Smartphone Security webpage.

For more information on security best practices, be sure to visit the web guidance provided by the Information Security Office.

Published
January 5, 2024
Author
Staff reports