Password managers on Android not secure

I came across an app when I was testing password managers on Android, it is called Clipcaster and you can find it here:

https://f-droid.org/repository/browse/?fdfilter=clipcaster&fdid=com.actisec.clipcaster.

What it does is monitor your clipboard activity which almost all password managers use to copy paste the login info into the sites, with few exceptions like Lastpass (sometimes the info is collected).

The app does not require any permission whatsoever so you can imagine the risk of using password managers with other apps installed on your device with full network access permission. Any malicious app can see the username and password when you use the clipboard, make a copy and send it to their servers.

Lastpass does not seem to have the problem, but some sites still require Lastpass to use the clipboard to get the username and password typed in.

This is a known issue. You will start to see in apps the ability for apps to talk to password managers Mailchimp as an example does it. Currently this risk of having weak passwords and reused passwords is greater than the clipboard vulnerability. But as you say it should be noted that it is an issue. My view of phones is that its a best efforts approach anyway given we have limited options and lots of privacy issues.