Don't disable the clipboard on sensitive data

[rugk]

The clipboard is deactivated on text fields that may contain sensitive data.

No, please don't. That prevents many password managers from working (not all of them support Android 8's new APIs). So if the result is users use 12345 as a password (with the result that everyone can login) instead of a good password copied and saved from their password manager (with the potential that other apps may access it), then you've done more harm than good.

[muellerberndt]

Hi @rugk, definitely a valid point. This list reflects the OWASP MASVS, so I suggest you take the discussion on the MASVS repo!