How worried should we be about the “AutoSpill” credential leak in Android password managers?
by Dan Goodin from Ars Technica - All content on (#6H432)
Enlarge / Close up of hand holding smartphone and screen applications with unlocking mobile phones. Concept of technological safety. (credit: Getty Images)
By now, you've probably heard about a vulnerability named AutoSpill, which can leak credentials from any of the seven leading password managers for Android. The threat it poses is real, but it's also more limited and easier to contain than much of the coverage to date has recognized.
This FAQ dives into the many nuances that make AutoSpill hard for most people (yours truly included) to understand. This post wouldn't have been possible without invaluable assistance from Alesandro Ortiz, a researcher who discovered a similar Android vulnerability in 2020.
Q: What is AutoSpill?