Google’s Crackdown On Accessibility Services Won’t Affect LastPass & 1Password
We reported last week about Google's crackdown on the usage of Accessibility Services for apps. This was intended for the apps that use Accessibility Services for their own purposes instead of helping users. Google decided to combat such apps by blocking the “toast overlay” attack. While it sounds good concerning security, it raised the alarm for apps like password managers that also use Accessibility Services to fetch usernames and passwords.
Initially, many thought that Google's decision will impact the future of password manager apps, but today Google clarified its stand for popular password manager apps like LastPass. Google is exempting services like LastPass as it works with Autofill in Oreo. As we detailed in our Oreo review, Android 8.0's Autofill service handles automatic filling of information like credit card details, usernames, logins, and addresses in the app fields. With Oreo, Google offered a first-party “Autofill with Google” service but it still allows users to use third-party services like LastPass that support the API.
LastPass is working with Google
Oreo currently holds 0.3 percent of market share, which means that Google's Autofill service is not available to a significant chunk of Android users. Now with Google's tab on the usage of Accessibility Services, LastPass is collaborating with Google so that its users stay unaffected from any future decision. By working with Google, LastPass is trying to save users from any sudden impact from the removal of Accessibility Services.
Google opened up about the issue in a blog post shared on the Android Developers Blog:
The Autofill API is open for anyone to implement a service. We are actively working with 1Password, Dashlane, Keeper, and LastPass to help them with their implementations towards becoming certified on Android. We will be certifying password managers and adding them to a curated section in the Play Store, which the "Add service" button in settings will link to. If you are a password manager and would like to be certified, please get in touch.
In the future, Google has plans to certify password managers by adding a dedicated section in the Play Store. Besides, the Autofill service options in system Settings will also show a direct link to the upcoming password manager apps category on the Play Store.