"Android Password Managers: A Critical Look at the AutoSpill Vulnerability"
AutoSpill is a vulnerability in Android that can leak credentials from popular password managers. It occurs when a credential stored in a password manager is autofilled into a third-party app, exposing the credentials to that app. The affected password managers include Google Smart Lock, Dashlane, 1Password, LastPass, Enpass, Keepass2Android, and Keeper. However, the threat is limited to specific scenarios where the third-party app allows users to log in with different account credentials or when a malicious app exploits WebView content. AutoSpill does not pose a threat when autofilling credentials for accounts managed by the app developer or service.