Clearing the Android clipboard with new advanced (stacked) clipboards


#1

My new Android 8.1 smartphone has a 7-entry clipboard stack. When a new item is placed on the clipboard, instead of replacing the current clipboard entry, the new entry is placed onto the bottom of the stack and pushes the current contents of the clipboard up the stack.

When KeeFox automatically attempts to clear the clipboard after copying a password, it does so by copying a meaningless string (***) into the clipboard. In earlier Android versions with a 1-entry clipboard, the meaningless string would replace the copied password in the clipboard, effectively erasing it from memory.

But in the new version of Android with the 7-place stack clipboard, the meaningless string only pushes the copied password up the stack, and it remains there until the phone is rebooted, or until 6 more items are copied into the clipboard, or until the clipboard entry is manually deleted using the clipboard manager.

Here’s an easy-to-implement solution to this security risk: Instead of copying the meaningless string (***) into the clipboard when it’s time to erase the copied password, why can’t KeeFox copy that meaningless string into the clipboard 10 times (or 20 times or 100 times)? As long as the string is copied at least as many times as there are spaces in the clipboard stack, doing so will have the effect of removing the previously copied password from the clipboard stack. Perhaps there can be an user setting in KeeFox for the number of times to copy the meaningless string, and it can be set to 1 for old-style flat clipboards or to anything >1 for stacked clipboards (7 in my case).

Copying the meaningless string more than once would be computationally trivial, unless it’s done thousands of times.

How about it? Can this be implemented? Having to remember to erase the password from the clipboard stack every time is a pain in the neck and a huge security risk. I know copying passwords into the clipboard is a security risk in the first place, but the key to limiting that risk is limiting the amount of time the password persists in the clipboard.


#2

If it’s possible it would be even better to entirely remove that entry from the stack. Chances are that the improvements to the clipboard also introduced a better API, that for example allows completely removing entries. Possibly just the ones that were added by the app in the first place.

I’m sadly not familiar with the available APIs, especially the APIs available to the addons, so chances are even if the native API supports it, the Firefox Addon API doesn’t.
It’s just an idea on how to implement that in a better way, if it’s possible.


#3

Any response from the developers?


#4

Any response from the developers?

Guess not.


#5

Kee does not clear the clipboard after KeePass generates a new password. It also doesn’t work on Android to the best of my knowledge (as the developer) unless a lot of magic has happened in Firefox and Android in recent years - it’s certainly not something I’ve ever thought is possible nor tested.

You’re probably thinking of a different program so maybe ask on their forum instead.


#6

You’re probably thinking of a different program

Isn’t Kee the new name for Keepass2Android?


#7

It’s the new (ish) name for KeeFox, as of around a year ago.