Should I use 1password on a rooted phone?

I am considering rooting my phone, but I'm having concerns regarding
the safety of my login data. I understand that the current system with the
1password keyboard is here to prevent apps from grabbing
passwords from the clipboard. Would apps with root permissions
be able to grab passwords inserted through the 1password keyboard?

Thanks, Ben


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • mverdemverde

    Team Member

    There are many legitimate reasons to want to root your device, but you should also be aware of the risks that come along with this. Using any kind of computing device to store personal information requires a certain amount of trust. At the very least, you need to trust the hardware and the operating system that runs on it. You should also trust the apps that you install on your device. I say should here because modern operating systems provide features like permissions and sandboxing that are intended to mitigate the amount of trust that you need to place in an app.

    When you root your device, you are effectively bypassing safety measures like permissions and sandboxing in order to provide escalated privileges to the apps running on your device. This means that you need to trust the apps that you install on your devices more than you did previously. Why? Because an app with root privileges basically has unfettered access to your device. There are additional tools that you can install to manage which apps have root privileges, but the caveat is that you have to trust those tools.

    Now that I've gone on at length about all of that, let me come back to your question. Could an app with root privileges conceivably intercept a password that the 1Password Keyboard is inserting into a text field? Yes. That isn't anything specific to the 1Password Keyboard though. An app with root privileges could theoretically modify system behaviour so that it is able to intercept anything that enters the text input pipeline, thus affecting all keyboards including the system keyboard.

    In the end, it's important to recognize that rooting shifts more of the burden of managing access to resources from the OS to you. And doing so often means expanding your circle of trust.

    That was probably more of a long-winded explanation than you were looking for, but I hope that helps!

  • Thank you for your detailed answer, it is in line with what I expected (and feared :P).

  • dtearedteare Agile Founder

    Team Member

    Thanks for the great answer @mverde!

    I for one would completely recommend against a rooted device. There are scenarios where I would be tempted to do so, but because of the security concerns, I've always resisted those temptations.

This discussion has been closed.