Recently, I got a new Android Pixel phone and used the cloud backup to install my apps while setting up. Once they were all downloaded, the first one I would need to set up and login would be 1password. I had pulled my secret key to set up the application, but there was no need because the Google cloud backup had it. All I had to do was put in my password. I thought that I must have misconfigured the application to allow the key to back up. Still, there are no settings to opt out of having a third party have a copy of my supposedly private secret key, at least to what is implied in their homepage FAQs and other marketing material. This seems like a massive concession of security for convenience.
From looking at it, this also seems to be how it is handled on iOS as well.
As per 1Password documentation
From looking at it, this also seems to be how it is handled on iOS as well.
As per 1Password documentation
Encrypted copies of your Secret Key are stored in your device backups and keychains to provide data loss protection. If you have iCloud Keychain turned on and lose your Mac, iPhone, or iPad, you can restore from a backup and unlock 1Password with just your account password. It’s the same for Android backups.