If my password manager can detect and save passwords from apps/sites, how can I be sure other apps won’t do the same thing?
You can’t. At very minimum your operating system and keyboard of choice can see anything you type or paste (anywhere). Any anti virus app. Probably your browser or individual app that you’re using. Plus anything else you allow overlay privileges – e.g screen readers, password managers, scraping apps.
Browsers and phones have security blocks in place to prevent programs and extensions from accessing things they shouldn’t. Pay attention to the permissions of things you install. Chrome extensions will say things like “can see and change data on any site you visit.” For phone apps like LastPass you have to explicitly give them accessibility permission to see and keep track of text inputs in other apps.
That being said, keyloggers and other spyware can keep track of these things regardless of permissions because they exploit the system.
As others have mentioned: you can’t.
A way around this is using virtual system to execute questionable software. You can for example use https://www.virtualbox.org/ to run a virtual windows/linux/… whatever you need installation.
This virtual operating system is shielded from your main computer which provides several benefits and some drawbacks:
– Viruses and similar only infect the virtual system
– Programs in the virtual system cannot access files/data/… in your main operating system unless you specifically enable that
– You can run different versions of operating systems simultaneously
– You can easily create snapshots and roll back to them any time
– There is a performance loss, especially noticeable in games
– Not all hardware is supported/fully useable in the virtual machine
– It needs extra hard drive space
You can’t, generally. Any program you install can do just about everything you can. As such, the main methods of defence against apps misbehaving are a) don’t install things if it can be avoided, and b) use open source software where possible.
We live in an era where there are various patchwork fixes to most glaring dangers, like, antivirus software, that protect user just enough from consequences of their own actions that the whole world won’t go down in flames, but I do recommend anyone trying to take a step back and just take steps protecting their devices on their own. Don’t run code you haven’t checked yourself, or have some other reason to trust. Meaning, open source software if possible, and that only if you cannot avoid installing the app.