App ignores some security settings
I installed 1Password 4 Android yesterday on my devices yesterday and played with the settings a bit. I noticed that the app on all my devices ignores the automatic lock timeout. I changed it (or left it on the default value) to 10 minutes and left the app open and running overnight (7+ hours) on all my devices when I noticed it didn't lock when in the background (other app open). This morning the app was still unlocked, which is exactly the opposite of what I would expect.
All my devices are encrypted and I'm using strong passcodes and have a strong master password, but a less tech-savvy/security-aware user can easily have all his private data open to the world (or at least the one who 'found' his or her device). The security risks are quite obvious, I think. :)
I tested this on a Motorola Moto G telephone running Android 4.4.3, a Asus Nexus 7 running Android 4.4.3 and a HTC One V running Android 4.0.3. All devices are running stock ROMs and aren't rooted or otherwise modified.
Comments
-
I have the opposite problem: no matter what I set for lock time, PIN, I'm always asked for the master password every time.
0 -
I disabled Lock on exit, but even with that on the app doesn't lock when I keep it running in the foreground. Do you have Lock on exit enabled? Then you'll have to enter the master password every time after you switch to another app (or launcher) and get back. I think that's by design (but an Agile employee can propably shed some light on this) and security-wise it's exactly what I want. :)
0 -
Same thing here, security settings ignored, can't disable master password or enable PIN. The app always asks for master password.
0 -
@akamsteeg Thank you for bringing this to our attention! There was definitely an issue that prevented automatic locking from happening in certain situations. We were able to replicate the issue on our end and submit a fix to Google Play. Version 4.0.1 is now live on Google Play and should fix this issue for you. Please let us know if you encounter any other problems.
0 -
@hugoh and @Жека Банных I'm guessing that this may simply be a difference in our implementation and your expectations. The PIN Code setting overrides the need to enter your master password in all but one situation and that is when you launch 1Password.
If you close 1Password by tapping exit in the overflow menu or by swiping it from the recents list - or if the system terminates 1Password due to low memory conditions - it is cleared from memory and re-launched the next time you tap on the 1Password icon. In these cases, you will need to enter your master password regardless of whether you have the PIN Code enabled or Lock on Exit disabled.
I hope that explanation helps. Let me know if have any more questions about this.
0 -
4.0.1 solved my issue. It's now working as expected.
0 -
I am on version 4.1.1 on Android and I am seeing the opposite of this problem. I have "lock on exit" turned off but the setting appears to be ignored. Whenever I switch in and out of the 1Password app, I am prompted for my master password again. Is there some other way to disable the master password prompt (I would prefer to use the local device PIN.).
0 -
The PIN Code allows you to create a short numerical passcode to unlock your vault. With this feature enabled, every time you return back to 1Password from the background, you will only be required to enter your PIN code to access your data. The same applies for Lock on Exit. If 1Password exits from the background, your master password will be required.
There are a couple of ways to exit 1Password and prevent it from running in the background. You can do it by going into the overflow menu and selecting exit, or force exiting 1Password through your recent list of running applications. There are also times when the Android OS will exit 1Password from the background to free up system resources. It sounds like this may be what's happening in your case and that's why you're being asked for your master password every time. I would like you to do a complete restart of your device. I know it's an odd request, but there's a high possibility that it may just solve the problem.
Let me know if rebooting helps!
0
