> For the complete documentation index, see [llms.txt](https://docs.keeper.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.keeper.io/release-notes/mobile/android/older/android-version-14.3.0.md). # Android Version 14.3.0 ## Features & Benefits * Support for BreachWatch Business customers * App Launcher Shortcuts * Android Q Autofill Night Mode support ## Security Update This update addresses a potential security vulnerability on the Android application related to installation of a malicious 3rd party Android application. For the exploit to be realized, a sequence of conditions would be required which in turn, would impact the Keeper Android application. No customer reported being affected by this issue. ### Reporting Sequence The security researcher’s findings were reported via Keeper's Bugcrowd Public Vulnerability Disclosure Program on May 18, 2019. The issue disclosed in the report was accepted and validated on May 20, 2019. The fixes were completed and submitted for publication to the Google Play app store on June 21, 2019 in version 14.3.0. ### Summarized Findings in the Security Researcher’s Report A rogue 3rd party malicious application installed on the user's device could monitor events on the Keeper application and wait for certain conditions to capture a user's record login and password, when the user uses the "Copy to clipboard" feature. The researcher pointed out that while Keeper had FLAG\_SECURE enabled at the application level, this flag must be enabled on all app fragments to address this potential vulnerability. ### Keeper’s Security Team’s Response In order for this potential vulnerability to result in an exploit of the user’s password for a website, the following conditions would need to exist: 1\. User installs malicious 3rd party Android application\ 2\. User opens Keeper app and opens password record\ 3\. User taps on "eyeball" to display the plain text password\ 4\. User taps on password field to copy to clipboard\ \ Result: The "Toast" message containing the password could be read by the malicious application. ### Resolution Added FLAG\_SECURE to all app fragments to prevent 3rd party malicious application from monitoring clipboard events when the user taps "eyeball" to show password and taps password field to copy to clipboard. Special thanks to [**phosphore**](https://bugcrowd.com/phosphore) Bugcrowd researcher for the detailed report and validation of the fix. ## Bug Fixes & Improvements * Removed KitKat support * Improved user account switching between KeeperChat and Keeper * Crash when clicking "Protect your business" promotion --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.keeper.io/release-notes/mobile/android/older/android-version-14.3.0.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.