I came across an app when I was testing password managers on Android, it is called Clipcaster and you can find it here:
What it does is monitor your clipboard activity which almost all password managers use to copy paste the login info into the sites, with few exceptions like Lastpass (sometimes the info is collected).
The app does not require any permission whatsoever so you can imagine the risk of using password managers with other apps installed on your device with full network access permission. Any malicious app can see the username and password when you use the clipboard, make a copy and send it to their servers.
Lastpass does not seem to have the problem, but some sites still require Lastpass to use the clipboard to get the username and password typed in.