As Ars mentions, Google maintains that these apps are not properly checking the context of the autofill. Android's digital asset links is a secure way to verify that an app is associated with a specific web domain. As a password manager, you need to use these links to validate that the Android app you're autofilling into matches the domain that you're autofilling into.<p>If they don't do that, they are effectively leaking your credentials through negligence. Recommend staying far away from the ones that dismissed this issue as wontfix.<p><a href="https://developer.android.com/reference/android/service/autofill/AutofillService#web-security" rel="nofollow noreferrer">https://developer.android.com/reference/android/service/auto...</a>