Security Flaws Found In Android Password Managers

Android’s perennial security headache continues after researchers uncovered multiple flaws with popular Password Managers on the platform.

Researchers TeamSIK found flaws with all top nine password manager apps that can be downloaded from the Google Play Store.

But the good news is that all the reported vulnerabilities have now been fixed by the vendors.

Password Managers

Password managers are intended to help users having to contend with remembering all the complex passwords needed today in the online world.

Enter the Password Manager app, which traditionally allows the users to access all their passwords if they enter a secret master password.

“However, can users be sure that their secrets are actually stored securely?,” asked the researchers in their blog. “Despite the vendors’ claims, is it nevertheless possible to obtain access to the stored credentials?”

“We performed a security analysis on the most popular Android password manager applications from the Google Play Store based on download count,” they wrote. “The overall results were extremely worrying and revealed that password manager applications, despite their claims, do not provide enough protection mechanisms for the stored passwords and credentials. Instead, they abuse the users’ confidence and expose them to high risks.”

The researchers found at least one security issue with nine of the most popular Android-based Password Manager apps. The apps tested include MyPasswords; Informaticore Password Manager; LastPass Password Manager; Keeper Passwort-Manager; F-Secure KEY Password Manager; Dashlane Password Manager; Hide Pictures Keep Safe Vault; Avast Passwords; and finally 1Password – Password Manager.

“We found several implementation flaws resulting in serious security vulnerabilities,” said the researchers. “Some applications stored the entered master password in plaintext or implemented hard-coded crypto keys in the program code. Consequently, attackers can easily circumvent the crypto algorithm altogether and thereby gain access to all of the user’s data.

“In other cases, we could simply access all ‘securely protected passwords/credentials’ with the help of an additional app,” they warned. “In yet another case, we could use a so-called data residue attack to access the master key of an application. In most of the cases, no root permissions were required for a successful attack that gave us access to sensitive information such as the aforementioned master password.

Poor Passwords

But the good news for Android users is that all the vendors have now patched their apps.

Password manager apps are increasingly popular download for many users nowadays. Last November LastPass announced that its tool was free to use across any device, and it allowed passwords to be synced across laptops, smartphones, and tablets.

And it should be remembered that password managers do go some way to mitigate how useless people are in general at creating secure passwords and keeping them that way.

This situation is so endemic for example that Microsoft recently took the decision to ban simple passwords on all its accounts.

Take our Internet security quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

19 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

20 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

21 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

23 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

1 day ago