| The auto-fill services allow the user to complete text inputs that could contain sensitive information, such as personally identifiable information (PII), without previous knowledge of the information. By allowing the use of auto-fill services, an adversary who learns a user's Samsung Android device password, or who otherwise is able to unlock the device, may be able to further breach other systems by relying on the auto-fill services to provide information unknown to the adversary. By disabling the auto-fill services, the risk of an adversary gaining further information about the device's user or compromising other systems is significantly mitigated.
Examples of apps that offer Autofill services include Samsung Pass, Google, Dashlane, LastPass, and 1Password.
SFR ID: FMT_SMF_EXT.1.1 #47 |