Don't disable the clipboard on sensitive data #117
Comments
|
See also #106. |
|
I will close this issue. |
|
Why? |
|
Due to the reference from Sjord. This requirement was created due to the attack vector that other apps are able to read the clipboard. Please read the issue #106. |
|
Sure, but my argument was about password fields. Don't really care about credit card fields or whatever is mentioned there, although you may also use a password manager for this and thus may not disable any clipboard feature. Generally, mocking with clipboard is non-sense as it was e.g. done "30 years" ago for "copyright protection" or whatever… As for this issue here the reasons still stand:
|
|
The problem is that some apps disclose clipboard data. On the other hand, you could say that preventing pasting does nothing to prevent that, since the password has already been copied before the user notices that. I would remove this rule. Copy-pasting passwords is a security risk that apps can't really solve. Disabling pasting is not a real solution, especially because users don't understand why this is done. Allowing pasting and displaying a message saying "copy-pasting may expose your password to other apps" may be better. |
|
I agree with rugk and Sjord - nothing prevents from copying the password to the clipboard and making harder for users to use password managers will result in choosing weak passwords (from my own experience) |
|
Indeed we have two risks: One, which cannot really be prevented in a good way and only affects users with rogue apps installed (and it's more or less the user's fault, if they copy passwords then) and another that affects many users, which may tend to use weak passwords and you can effectively "prevent" it (i.e. allow users a chance to do it properly) by just not limiting any password paste etc. I am very certain, which risk is greater, more realistic and should better be tackled. |
|
Hi @rugk, thanks for bringing this up again. Users will copy their password or other information only to find that they cannot paste it. So the recommendation we are having is not helping and only making the user experience worse and you are right saying that users might choose simple passwords because of that. So it actually has a bad side-effect to other security controls (password strength). Let's remove this requirement totally from the MASVS, as I do not see any technical control on how to mitigate the attack of reading the clipboard. I think I read a while back that on iOS only apps in the foreground can read the clipboard, but couldn't find any ressource for that just now. Has anybody else information about this? |
|
Ok. Done f91213c |
|
Thanks guys for the input! |
|
Just got the time to have a look at the conversation. Good choice folks.
disabling clipboard has only added to negatives for larger masses so its
right choice in removing it from requirements.
…On Wed, Jul 4, 2018 at 2:50 PM Sven ***@***.***> wrote:
Ok. Done f91213c
<f91213c>
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#117 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAOdK2BHBl3iU9m7aQYLd_bUB_fdnn6Lks5uDIjwgaJpZM4SHAtn>
.
|
No, please don't. That prevents many password managers from working (not all of them support Android 8's new APIs). So if the result is users use
12345as a password (with the result that everyone can login) instead of a good password copied and saved from their password manager (with the potential that other apps may access it), then you've done more harm than good.originally posted at muellerberndt/android_app_security_checklist#2
The text was updated successfully, but these errors were encountered: