Amazon Fire Support For Silk Browser

bh444
bh444
Community Member

I know that we can never expect 1password in the Amazon App Store, but the website is also basically unusable in the Amazon Silk browser.

I know I can get the Google Play Store on this device, but what is the bigger security issue, using 1Password web site on the built in web browser, or side loading the google play store from some random web site, then using the 1Password app. Maybe neither.

Just looking at a vault and trying to copy a password from the web site is difficult at best. The hover over causes the keyboard to appear, covering the password and the copy button. A couple of lines of custom javascript for Silk might get all these copy buttons to appear without causing the keyboard to appear.

I was able to get my TV provider password so I can watch CNN on this cheap tablet, but just the tiniest bit of 1Password support for these devices would be appreciated.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Amazon Fire OS
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @bh444: We don't have any plans to support Kindle devices, as this is the first request we've had for that in years. If you're able to install 1Password for Android through Google Play, that should work since the package is signed and delivered by Google. The bigger concern is Silk. Unless I'm mistaken, it's still effectively performing a person-in-the-middle attack by decrypting all traffic in order to try to speed things up. If that is still the case, I wouldn't use it for anything even remotely sensitive. :blush:

  • bh444
    bh444
    Community Member

    I read a bit about the Silk browser and it's cloud acceleration. I don't believe they accelerate https/ssl traffic. Their initial wording indicated that they would. Here is an article discussing their response.

    https://www.computerworld.com/article/2499304/data-privacy/amazon-answers-some-privacy-concerns-about-new-silk-browser.html

    I turned off the cloud acceleration for all browsing in any case.

    Maybe I am the only one concerned about sideloading Google services from non-Google websites to get the Google Play store on this device. That just seems to be riskier than accessing the 1password website through the Silk browser.

    If it is totally a terrible idea to use Silk to access the 1password website, that is something that you might block.

  • bh444
    bh444
    Community Member

    Actually the 1Password/Silk behavior is not as bad as I thought. I just figured out how to hide the Silk keyboard when it pops up when it should not. The back button turns into a hide keyboard button. You have to hide the keyboard after you touch a 1password value/password, then you can copy as needed. This will suffice for me. If we agree that Silk is secure enough to access my 1Password data, then it works good enough for the few passwords that I will need to access on this device. Thanks for your support.

  • bh444
    bh444
    Community Member

    The same behavior is there when using Safari on my iphone and ipad. The keyboard should not pop up unless you are in edit mode. Seem like a bug with all touch devices.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I read a bit about the Silk browser and it's cloud acceleration. I don't believe they accelerate https/ssl traffic. Their initial wording indicated that they would. Here is an article discussing their response.

    @bh444: Thank you! Indeed, that was definitely the case for a long time. Perhaps they've backed off though, at least for secure traffic. That's good news. :)

    I turned off the cloud acceleration for all browsing in any case.

    I'm glad to hear that is an option now.

    Maybe I am the only one concerned about sideloading Google services from non-Google websites to get the Google Play store on this device. That just seems to be riskier than accessing the 1password website through the Silk browser.

    You may be right. It depends entirely of how you're installing it.

    If it is totally a terrible idea to use Silk to access the 1password website, that is something that you might block.

    Since you're able to access it without interference, it shouldn't be a problem. The important thing is having a secure end-to-end-encrypted connection to 1Password.com. And frankly, you shouldn't be able to connect at all if there's interference with that. But I didn't want to take any chances and ignore it since I don't have one here handy to test it myself. It wouldn't be possible for us to block the browser per se, as they could just spoof another anyway. But we have very strict security requirements for any browser to connect to 1Password.com, specifically the connection need to be validated point to point, and we don't support downgrading to legacy TLS/SSL versions.

    Actually the 1Password/Silk behavior is not as bad as I thought. I just figured out how to hide the Silk keyboard when it pops up when it should not. The back button turns into a hide keyboard button. You have to hide the keyboard after you touch a 1password value/password, then you can copy as needed. This will suffice for me. If we agree that Silk is secure enough to access my 1Password data, then it works good enough for the few passwords that I will need to access on this device. Thanks for your support.

    Likewise, thanks for the additional info! It does sound like that's workable. :)

    The same behavior is there when using Safari on my iphone and ipad. The keyboard should not pop up unless you are in edit mode. Seem like a bug with all touch devices.

    Can you tell me the exact steps you're taking and where? I'm not seeing this on Android or iOS, but I may be looking in the wrong place.

  • bh444
    bh444
    Community Member

    I simply created a vault with a single password and opened up the vault. The single item is shown in the right hand panel as expected. I touch the username, the keyboard comes up, i touch the password, the keyboard comes up, I touch the URL, and it launched in a new tab. The strange part is that in horizontal mode, the first touch triggers the bad behavior. In vertical mode, a single touch works fine, it is the 2nd touch that triggers the bad event. I can send you a video if you can't reproduce that. I bet you held your phones in vertical mode while looking into this. I did this on safari and iphone and ipad, as well as chrome on my ipad.

  • AGAlumB
    AGAlumB
    1Password Alumni

    The 1Password.com web interface isn't designed for mobile browsers, and they are missing a lot stuff that desktop browser have. But I think I know what you're talking about, and we'll see if there's a way we can improve it without making it worse for others.

  • NateS
    NateS
    Community Member

    I am very interested in this discussion, because I am considering getting a new Kindle Fire and installing 1Password on it through the well-published hack that allows for installation of Google Play Store thus allowing download and installation of any of the apps in the Play Store. I am on the subscription or "membership" plan. Is there any reason why that would not be secure or not work?
    Is it still working for bh444?

  • NateS
    NateS
    Community Member
    edited October 2018

    PS - I would not be using the Silk browser for signing into sites, but the standalone apps most institutions have. For those others, I would/could use the Chrome browser downloaded via Google Play Store. And, as I said above, I am on the subscription or "membership" plan. Is there any reason why that would not be secure or not work?

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited October 2018

    I am very interested in this discussion, because I am considering getting a new Kindle Fire and installing 1Password on it through the well-published hack that allows for installation of Google Play Store thus allowing download and installation of any of the apps in the Play Store. I am on the subscription or "membership" plan. Is there any reason why that would not be secure or not work?

    Is it still working for bh444?

    @NateS: Thank for getting in touch. I don't know the answer, as we don't have these devices to test with, as they're not supported. But perhaps @bh444 can chime in. :)

    PS - I would not be using the Silk browser for signing into sites, but the standalone apps most institutions have. For those others, I would/could use the Chrome browser downloaded via Google Play Store. And, as I said above, I am on the subscription or "membership" plan. Is there any reason why that would not be secure or not work?

    I don't believe it would be possible to fill using 1Password no matter what, but if you can get the app running on the device you could at least copy and paste — or potentially use the 1Password.com web interface in the browser to do so, if the app is not an option.

  • NateS
    NateS
    Community Member

    Thanks for your reply. If it won't autofill then I will rule it out. I would not be satisfied with copy and paste. Thanks.

  • bh444
    bh444
    Community Member

    I have not side-loaded Google Play or Chrome, but just use the Amazon OS and apps available. I use it for media consumption at mostly at home. 1password.com/Silk works good enough in that environment.

    The 1password.com website still pops up the keyboard when using the site to copy passwords on my Fire and works fine for the few passwords I need on my Fire (like media/magazine subscriptions, tv provider for TV anywhere, Netflix, Amazon content, etc).

    Note that the back button in Silk turns into a down arrow that will hide the keyboard which makes the keyboard popups annoying but perfectly manageable. So I see no reason to not have a Fire tablet. You might have to type in your Amazon password to get started, but the rest you can use from 1password.com.

    I would recommend the Fire 8 HD or better. The 7" one I have was really slow.

    I too have considered side-loading Google Play but I have iOS devices too so it isn't my primary device. I did do this on my 7" one and it worked fairly well but I don't know if I ever trusted it with important passwords. I just can't remember exactly how I had it set up with 1password. There was a time there when you could side-load a 1password beta before they moved to the Google Play store. I can say that I didn't have any issues with any apps that I downloaded from Google Play so I don't see why 1Password wouldn't work perfectly well.

    From a security perspective, I think it is about trusting the side-load process and that once you side-load Google Play, it will automatically keep itself updated to the latest and most secure version. I sure with Amazon would just support this, but there is a reason why these things are $100 less than similar Samsung devices. I think you have to make your own security call on this. I'm not qualified and I doubt that 1Password would guarantee it because it just isn't supported.

    I have a family plan, and if I did side-load, I would set up a guest account with access to a shared vault so that only the passwords I need on the Fire. That would be no banking, etc. passwords are on the Fire. I think I would trust the side-loading process enough to do it in this scenario. Not sure about banking, etc.

    I have to say that I am really an iOS guy and while the Fire is nice, the way 1Password integrates into the latest iOS version is just awesome.

    Good luck.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @NateS: I hear you. There are probably some decent Android tablets or Chrome OS devices that would work, so long as they support Android apps.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @bh444: Thank you for that! Very helpful. I'm glad that 1Password.com helps a bit. Cheers! :)

  • bh444
    bh444
    Community Member
    edited October 2018

    @NateS: I just saw your comment about cut/paste. You for sure need an iOS 12 device. No more cutting or pasting even in standalone apps!

  • bh444
    bh444
    Community Member

    I looked up the 1Password notes about autofilling and it looks like 1Password on Android 8 supports same sort of filling in for apps and web as it does in iOS 12. Fire OS 5.6.20 is based on Android 5.1.1 Lollipop according to the internet.

  • NateS
    NateS
    Community Member

    bh, I've been a Mac person since 1984 and am typing this on a MacBookPro, but I have tried to use my signif/other's iPad many, many times and I just DETEST iOS, which she keeps up to date and absolutely LOVES using. I personally find iOS so counter-intuitive and, well "unMaclike" When it comes to cell phones, I have always used Androids and I love the way 1Password works on my new Moto X4, especially with the fingerprint access.
    The one thing I am jealous of is how lightweight her iPad is and that is what got me started on thinking about getting one of those certified refurb Fire 10s Amazon was offering a few days ago for only $100 for our daily news ritual and paying bills, etc. (Including of course buying more stuff on Amazon.)
    But I am getting discouraged with the thought that 1Password might not be fully secure when used on a Fire. That hadn't occurred to me until I joined and read this thread.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Indeed, we can't ever recommend side loading software for security reasons, though some people are happy doing that.

    I rather like my Moto x4 too. I have been less than pleased with Amazon's devices, though they're handy for streaming YouTube.

    It's interesting that Android has become more iOS-like over time, and iOS has become more Android-like (which had an Autofill feature first) over time — though I doubt the two will ever truly meet in the middle. I guess I'm a bit of an OS nerd, because I enjoy playing with both. Cheers! :)

  • NateS
    NateS
    Community Member

    brenty, this leads me to a followup question. If I rule out the Kindle Fire and consider for example something like an ASUS Chromebook Flip …Google Play Store Ready to run Android apps, which says: "With the Google Play Store, you can access a rich library of apps, games, music, movies, TV, books, magazines, and more, all from your Chromebook" can I expect that I will be able to download and install the Android version of 1Password and use it the same way I do on my Moto X4, with auto insertion?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @NateS: Not 100% sure about autofill, but I know that drag and drop works on Chrome OS. (1Password X was created in large part to work on Chrome OS, so you may want to check that out too.) Now, I am not familiar with those specific devices, but if they claim to support Android apps from the Google Play store I think that's a safe bet. 1Password for Android isn't designed specifically for that, but with Google's recent push for Android apps to run on Chrome OS, we've also put some work into making 1Password a good experience in that environment. I hesitate to say "go for it" only because OEMs sometimes take liberties which can cause compatibility issues on Android devices. But we've had good results here with Android on Chrome OS, and given that's now something Google has chosen to support and promote officially, we'd appreciate any feedback on 1Password there too. :)

This discussion has been closed.