Google is tightening security in its Chrome web browser for Android by preventing third party apps from injecting Javascript code into the web browser. For the most part that’s probably a good thing.

Unfortunately the move means that you won’t be able to use LastPass or other third-party apps to auto-fill usernames, passwords, or other information in the Chrome browser anymore.

8/25 Update: LastPass found a solution, and the latest version of the app now work with the latest versions of Chrome again. 

The original article continues below. 

lastpass

LastPass is an online service that lets you create, store, and auto-fill passwords. Many folks use the same password for dozens of sites, but a password manager like LastPass helps you create unique, difficult-to-guess passwords for each website or service you use. You just need to remember your LastPass login details.

The team behind LastPass offers add-ons for desktop browsers including Chrome, Firefox, Internet Explorer, Opera, and Safari. There are also add-ons for the Dolphin and Firefox web browsers for Android. But the mobile version of Chrome doesn’t support add-ons or extensions… so earlier this year the LastPass team released an update to their standalone Android app designed to let you auto-fill forms in Chrome without one.

But starting with Chrome 37 beta for Android, that function no longer works. You can continue to use the feature for a while by sticking with Chrome 36 stable… but eventually Google will update the stable channel and Javascript injection will no longer be supported.

Maybe Google will add support for plugins to Chrome for Android one day. Until then I’ll just keep using Firefox or Dolphin for Android.

via /r/Android

 

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,543 other subscribers

12 replies on “Google Chrome for Android is dropping LastPass auto-fill support (but gaining better security)”

  1. Letting android apps inject JavaScript into pages as you browse is a security disaster waiting to happen. I’m a web UI developer and I had no idea you could do that on Android. I’m shocked you could do that on Android.

    1. It should be possible but you should have to manually give an app permission. A one-time blanket permission for an app should work.

  2. trying to migrate completely away from chrome and Google after Snowden revelations

  3. Forgive me for my confusion – but does this only apply to Phones and Tablets or to desktops/laptops/Chromebooks as well?

  4. Best part of this article is where it was mentioned that the LastPass team has a standalone Android app. You don’t need Chrome at all.
    I use the LastPass standalone app and it also fills in passwords for locally installed apps as well.

  5. I suspect that the recent password hacking debacle will get Google’s attention, assuming of course that enough of the masses actually decide to address this risk by using Lastpass.

  6. The LastPass keyboard is inaccurate and ugly. I don’t want to have to switch keyboards every time I want to log in, so I won’t be using Chrome anymore. Good job, Google. You just made it LESS secure because people who think it is worth it will continue to use Chrome and just reuse passwords because LastPass will be so difficult to use.

  7. You could also use keepass for android which provides a keyboard plugin for inserting your passwords. It won’t autofill all forms but can insert your password for you.

    1. I use Keepass2Android (better than KeepassDroid) due to its quick unlock feature. I love it. But it’s simply not as seamless as Lastpass is on the desktop. I haven’t used LastPass on Android because I don’t want to support a subscription model. But I believe it’s not as awkward to use. The 2 things that make it a pain to use password managers on Android is that, unlike on the desktop, there is no seamless way that a site is automatically recognized and an entry (or a list) of entries are displayed to auto fill the userId/password fields.

      With Keepass, you have to first switch from the browser to Keepass, find the entry for the site, switch back to the browser, click on the user Id field, switch the keyboard, Fill in the user Id from the user Id button. click on the password field. Fill in the password from the keyboard button. Switch the keyboard again back to the normal one. Click on the login button. Extremely cumbersome. Most folks are going to give up and user a common or a small set of common passwords. I couldn’t convince my wife to use KeePass.

      1. Wow, you do not have to do all that. Simply use the notification shortcuts.

Comments are closed.