Last week, Google announced a crackdown on apps that do not use Accessibility Services for its intended purpose. This was specifically intended to counter a “toast overlay” attack. While a good security move, it seemingly put popular apps like password managers at risk of no longer functioning.
Fortunately, Google is giving services like LastPass an exemption for the moment as it works towards a long-term solution with Autofill in Oreo.
Android 8.0 introduced Autofill services that handle inputting credit cards, logins, and addresses into forms in apps. There is a first-party “Autofill with Google” service built-in, but consumers can choose from other third-party apps that support the API.
However, with Oreo at .3% marketshare as of last week, the Oreo solution has a long way to go. In the interim, with the looming Accessibility Services removal, LastPass is working with Google so that there will be no impact for end users of the password manager.
LastPass is working with Google and to confirm, there is no immediate impact to our Android users.
In a blog post today, Google notes that they are “actively working with 1Password, Dashlane, Keeper, and LastPass to help them with their implementations towards becoming certified on Android.”
Google has plans to certify password managers with a curated section on the Play Store. In fact, the Autofill service options in system Settings will feature a direct link to that upcoming Google Play category.
Meanwhile, the in-house Autofill with Google solution is working on expanding support for what kind of data gets saved, as well as improved field detection.