Security concern: Gboard Incognito mode

mzman
mzman
Community Member

Gboard, the most popular keyboard for Android, stores and learns entered text. For some time now it has had an Incognito Mode, which avoids storing text when requested by an app:
https://www.androidpolice.com/2017/07/14/gboard-6-4-brings-incognito-mode-marshmallow-nougat-small-changes-apk-download/

Apparently, 1Password does not ask for this mode when requesting a Master Password. I think this could be a big oversight on Android. Without this mode, master passwords might be stored, perhaps insecurely, and in some cases even uploaded to Google.

Am I right? Can AgileBits chime in on this? Other secure apps, like Signal, do request the Incognito mode from Gboard.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @mzman. 1Password uses secure input fields to prevent other apps from seeing what you're typing into the Master Password fields. Here's a bit more info on security from our knowledgebase:

    1Password uses secure input fields to prevent other tools from knowing what you type in the 1Password apps. This means that your personal information, including your Master Password, is protected against keyloggers.

    I hope this helps! Let us know if you have more questions. Thanks!

  • @mzman I'm glad to see that you're thinking about the security of the keyboard. It is a critical piece of software that is intimately involved in almost everything you do on your device, so I definitely advise only installing keyboards from trustworthy developers.

    As @peri mentioned above, we specifically mark the Master Password field in 1Password as a password field. This indicates to the active keyboard that it should not store or transmit any of the keystrokes entered into this field. In the case of Gboard, Google provides specific assurance of this in the privacy section of their Gboard support document:

    What Gboard doesn't send to Google
    • Anything you type other than your searches, like passwords or chats with friends, isn't sent.
    • Saved words on your device aren’t sent. You can delete saved words any time.

    While Incognito Mode definitely serves a purpose (and is something that we may consider adding to 1Password in a future update), it doesn't add any additional protection of password fields beyond the behaviour that keyboards should already be observing. In other words, if a keyboard is not respecting the "password" flag on the text field, it is unlikely that the keyboard will handle Incognito Mode correctly either.

    If you'd like anecdotal evidence to support my assertion that our approach isn't an oversight, you can check and confirm that Gboard is not set to Incognito Mode when you sign into your Google accounts, nor when you unlock your device. I hope that helps to assuage your concerns!

  • @mzman We only mark PIN and password fields as such in 1Password. Although I can't make any promises about if or when we might apply the incognito mode flag in 1Password, it is certainly something that I plan to review with my team. Thanks for sharing the reasoning behind your suggestion!

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thank you so much for your feedback on this. It's an important discussion to have. :)

This discussion has been closed.