SmallAtom Posted April 16, 2020 Report Share Posted April 16, 2020 Hi, I know that EnPass try to keep copies password as secure as possibile... and it does a good job at least securing password that are copied on clipboard using a smart trick like emptying clipboard after 30 seconds Today after an upgrade/update from google of it's GBoard I got notice of a new feature (that can be enabled and GBoard proactively instruct on let you know of the feature and how to enable it).... Such a feature is like a clipboard with evey note that reach the clipboard. So if you have every note that is being cut/copied in last 1 hour. Including password that get copy/paste from EnPass. This is a feature of GBoard and not much that EnPass can do... But still something that would be of interest and may be there are some workaround.... For me, obviously is a feature that will be kept disabled. At least until Google change something. Probably from EnPass could be interesting (if you have enought voice with Google) to impose some tweaks like ability to remove items in GBoard clipboard as well. How to reproduce: 1) latest GBoard keyboard on android (9.2.7.303045247 or better) 2) open keyboard from any app 3) tap on clipboard icon and enable clipboard 4) copy some tesxt and veryfy that it goes into clipboard by tapping again the clipboard icon 5) create a new entry in EnPass with random login text and password (we don't want to use real password for this test) 6) copy password to clipboard (tap on password and copy) 7) what a minute or so.... 8) in any textfield try to long press and do a paste (you won't see any text appear as EnPass should erase correctly the copied password from copypase bufer) 9) open gboard and select clipboard icon and voila'... your password still there and will be kept there if not manually deleted or 1 hour lapse I can produce screenshots if needed and asked Link to comment Share on other sites More sharing options...
Pratyush Sharma Posted April 17, 2020 Report Share Posted April 17, 2020 Hi @SmallAtom, Sorry for the inconvenience caused to you. Please share the following details so that we can investigate where the problem could be. On which devices and OS versions are you using Enpass? Which Enpass version are you using? Link to comment Share on other sites More sharing options...
SmallAtom Posted April 20, 2020 Author Report Share Posted April 20, 2020 No inconvenience at all, just reporting... and even not a fault of EnPass... Issue seen on: OS: Android 9 With Feb updates (OxygenOS 9.0.11 EnPass: latest avaible on play store 6.4.2.327 Google Keyboard: Lastest that I know of as with google it's hard to know what is "Latest". Should be 9.2.7.303045247 As I can tell it's all about a feature of gboard that could be usefull but can be an issue when dealing with password.... The feature can be enabled/disabled in gboard. Don't know the extent of the issue. As I know in android apps can't access clipboard while in background. Don't know about this gboard feature of advanced clipboard... I mean I don't know if the content inside can be read from other apps or can be used only inside gboard itself. I would say that's a minor issue if only gboard can access that special clipboard as there's still possibility that someone could take possession of device and take a peek (manually). As I can see it, this is inevitable (for now) but can be mitigated by disabling "adavanced clipboard" in Gboard. Some scrrens to clarify.... In this screen I had already created something just for test in EnPass with a random password... On EnPass I had done a tap on password, selected Copy and then as you see in screen I copied it... All fine as expected. Then waited 30 seconds or more. Then again I used the "paste" command (long press on entry field and then select Paste).... But as expected nothing happens as EnPass change clipboard to nothing as expected and mitigate possibility to paste password long after they are supposed to be used. Now the trick.... when keyboard is out, tap on "clipboard" incon on top of K-Y keys A screen of what gboard shows.... Will appear an history of everything pasted in last hour, including password... So you can tap on it to paste and/or read it Link to comment Share on other sites More sharing options...
Garima Singh Posted April 21, 2020 Report Share Posted April 21, 2020 Hey @SmallAtom Thanks for sharing the steps, details and also the screenshots. I understand your concern and notified the same to the concerned team as well. Thanks for the effort. Link to comment Share on other sites More sharing options...
floraolivia Posted October 29, 2020 Report Share Posted October 29, 2020 I also want to try with this GBoard application... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now