1Password Accounts are NOT supported on Android prior to 5.0. That's a bummer!


1Password Accounts are NOT supported on Android prior to 5.0. Screenshots are attached. That's a bummer!

How come?

1P Family trial seems to be turning into dumping for no apparent reason my perfectly good (yes I do mean perfectly good) HTC One Dual SIM (M7CDUG), S-OFF and rooted, stripped of bloatware and happily running customized Android 4.2.2. That's several hundred $ worth of investment. No I am not dumping it.

1Password Version: 6.7.3
Extension Version: Not Provided
OS Version: Android 4.2.2
Sync Type: Not Provided


  • BenBen AWS Team

    Team Member

    Hi @D.B.

    Jelly Bean is almost 6 years old now and is no longer supported by Google. In general we do not support operating systems that are no longer supported by their vendors. Running an OS that is no longer updated, especially one that is rooted, would not be recommened. In doing some research it appears the HTC One is capable of running a more modern OS, and so the only recommendation I can offer here woud be to update to the latest supported version (which appears to be v5 Lollipop).


  • Hi Ben, in case you're wondering - I have some 200 hundred - TWO HUNDRED! - application running flawlessly on what you consider an obsolete version of Android. Does this ring a bell? (Those from Windows world should recall Windows XP's longevity by now.)

    "Not being supported by Google" -- makes no difference to me the user as long as my applications run flawlessly and more or less securely. (Disagree about "securely"? Tell me exactly then how vulnerable I am, open bug IDs would do.)

    "HTC One is capable of running a more modern OS" - I'm sure it is however I do not care - the point is not in running the latest rev of "something" but running what serves me well. There are computers to serve us, people, not people to serve those computers.

    Also, you are not reading my original post: mine runs custom version with bloatware removed, rooted and S-OFF. It takes quite substantial amount of effort to make OEM's version of Android do what one wants it to do. I am not willing to go through this exercise over and over again when each major/minor rev of Android, that's obvious.

    Out of curiosity, what API calls you happen to use that makes 1P incompatible with Android prior to 5.0?
    I guess none. Correct me if I'm wrong.

    Very (I do mean very) disappointed with you AgileBits how you treat your long time paying customers.

  • brentybrenty

    Team Member
    edited April 2018

    @D.B.: I'll grant it may not matter to you, but it matters in the context of security — and that's the world 1Password lives in. We're grateful that you've supported us in the past, and also if you want to now or in the future; but we're not going to be enablers of bad security hygiene for all 1Password users just because you're our customer and you've chosen this path for yourself.

    As far as vulnerabilities, take your pick. There are hardware issues based on ubiquitous Qualcomm chipsets, those targeting browser, OS, and even MMS, over the years since Android 5 was released, and plenty just within the last two years. Google is good about patching the OS, but only for reasonably recent versions; and often the hardware vendors simply never get around to pushing them out to their customers anyway. We both knew what we were signing up for in that regard when we bought into the Android ecosystem: "with great power comes great responsibility", as they say.

    So while you're certainly entitled to use whatever device/OS/browser you want to, keep in mind that at the same time you're the one limiting yourself here. 1Password.com depends on security features — especially web technologies — that simply didn't exist in earlier versions of Android, and we're not going to weaken its security just so we can support OSes and hardware that have long since been discontinued both in terms of sales and also vendor support. 1Password.com didn't drop support for outdated hardware/software; it simply can't ever work there. If it did, we'd have built it years sooner.

    Ultimately if you want to go it your own way that's fine. But accept that that decision comes with tradeoffs. There's a lot of new stuff that's come since then which you just can't benefit from, not just 1Password. You just can't have it both ways.

    ref: KWF-28849-595

  • primeprime
    edited April 2018

    One of the main things, if your OS is no longer supported (getting security updates), it’s wise to get a new device. I just read this today

    Older androids are not getting software updates due to which they are more susceptible to cyber-attack.

    Windows XP still works, but it lost support in 2014, and should not be used.

    "Not being supported by Google" -- makes no difference to me the user as long as my applications run flawlessly and more or less securely. (Disagree about "securely"? Tell me exactly then how vulnerable I am, open bug IDs would do.)

    Well for one, you’re vulnerable to Meltdown and Spectre, and two: KRACK. This is just off of the top of my head.

    @Ben and @brenty know what they are talking about. Myself, I teach people how to better protect their on line accounts. I tell people in my classes, keep your software and operating system up to date, and if that device can’t get updates, you need to buy a new one. It’s extremely important these days.

  • brentybrenty

    Team Member

    @prime: I knew there was a fairly recent big one, but could not think of KRACK off the top of my head. Thank you!

    I guess that was just the tail end of last year. It's an interesting example, because a single vulnerable device gives an attacker a way into the network even if everything else is patched. I was glad at how fast both the vendors of devices I was using at the time and my router were patched, but that's not going to be the case with older stuff. :(

    Google shipped WebCrypto in the desktop version of Chrome at the end of 2014. Mobile is much father behind, and the browser technologies available to apps are limited by what's built into the OS. So while 1Password for Android itself can work on a JellyBean device, 1Password.com depends on that and other technologies that are simply not available there — much like Google's autofill and fingerprint APIs did not exist there.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file