Perhaps a silly question as I do not have a lot of experience with software like this, but:
What prevents Lastpass, bitwarden or any other third-party to update their software (and/or compromise the download server) to synchronize all information un-encrypted in a new version which is auto-updated by the user?
I currently use KeePassX, and synchronize this file with a secure server myself since I feel uncomfortable with having software that handles the encryption also controlling the synchronizing service.
Two fixes:
1) find an opensource one, compile it yourself, verify it's behavior, install it yourself
2) find one that works without using network, don't approve adding network permissions ever, run it in a jail without network, on android you can deny the network permission.
This works again random software companies, but not against google.
What prevents Lastpass, bitwarden or any other third-party to update their software (and/or compromise the download server) to synchronize all information un-encrypted in a new version which is auto-updated by the user?
I currently use KeePassX, and synchronize this file with a secure server myself since I feel uncomfortable with having software that handles the encryption also controlling the synchronizing service.