December 7, 2023 By Usman Qureshi
Numerous widely-used mobile password managers have unintentionally leaked user credentials due to a flaw in the autofill feature of Android apps, TechCrunch is reporting.
Dubbed “AutoSpill,” this vulnerability bypasses Android’s secure autofill mechanism, allowing exposure of stored credentials.
Researchers from IIIT Hyderabad uncovered and presented this vulnerability at Black Hat Europe.
When Android apps load a login page in WebView, password managers get confused about where to input the user’s login information.