Comments (69)
Got around the blocker and started working on this in the autofill
branch. https://github.com/bitwarden/mobile/tree/autofill
Check out this quick demo :)
from mobile.
@JaceHensley We do use the APIs provided by Google. Just the C# version of them.
15.4 is now available for Xamarin, so we'll start looking at this again hopefully sometime soon.
from mobile.
Yes, we are beginning to work on this again now.
from mobile.
Looks like there is some support being added to Xamarin.Android
recently. I'll start looking into it more now but don't expect something to be available as soon as O lands.
from mobile.
Xamarin will have official Android 8.0 support in v15.4, so we're waiting on that before we start working on this.
from mobile.
@Moxville I feel like that is a moot point. It assumes a malicious app on the phone. If you have a malicious app, you can pretty easily get someone to put info in there.
from mobile.
I've made significant progress on this task over the past 2 days. Most of the work is now done. Expect a beta test next week.
from mobile.
This is now live through our beta channel on the play store. Please post any feedback or problems in this issue. Blog post: https://blog.bitwarden.com/bitwarden-the-oreo-autofill-framework-2a8b2e04f29e
from mobile.
Great work! Is there any possibility to save the matching mobile app to the entry? Not to search correct entry everytime. LastPass was doing something like this... :-)
from mobile.
This is now rolling out to production.
from mobile.
Yes, we plan to add support for this as soon as the API is available in Xamarin.Android.
from mobile.
@kspearein I'd love to help test on Android. You should setup a beta channel if you haven't already.
from mobile.
Password Managers using Android Oreo’s Autofill API are Potentially Vulnerable to Data Leakage
https://www.xda-developers.com/password-manager-autofill-api-data-leak/
https://github.com/commonsguy/AutofillFollies/blob/master/WHITE_PAPER.md
Just sharing the links.
from mobile.
@tehspaceg That's true, but it's still good to take some precautions where possible. Like partitioning data, and checking that the app that's being filled is actually the one associated with the entry, as the article suggests.
EDIT: Also it might be wise to wait for "best practices" from Google.
from mobile.
Any updates on this? It seems Xamarin has released sample code how to handle this: https://developer.xamarin.com/samples/monodroid/android-o/AutofillFramework/
from mobile.
I think he means if you saved a site in the web browser, it uses url. The
search appears to do pattern matching. Maybe when an item in the mobile app
is identified for autofill, add a field automatically (or prompt to do so)
that contains the package name.
On Wed, Nov 22, 2017, 8:14 AM Kyle Spearrin [email protected]
wrote:
@hrach https://github.com/hrach Not sure what you mean. When you save a
new site it should use the mobile app's package name.—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#57 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AHqNg8qGsKDEKM4lmX8tYJyLsO5omeNNks5s5B4wgaJpZM4M6u-a
.
--
-Geran
from mobile.
I see, yes, there is room for improvement there which has been the case for autofilling on android for some time now.
from mobile.
Android O is likely to drop within a week or two. Any updated plans on this?
from mobile.
Looking forward to this!
from mobile.
@kspearrin This article was recently posted on developer.xamarin.com.
Can't wait for this to happen!
from mobile.
@nicosemp Yep, I've been trying to get 15.4 preview 2 working but am having a hard time with it...
from mobile.
Blocked by this issue: https://bugzilla.xamarin.com/show_bug.cgi?id=56740
Looks like I'll have to wait for preview 3
from mobile.
I'm running O on my Nexus 6P, as well. Would be happy to test this if/when it ends up in a beta branch I can install without having to compile myself.
from mobile.
Running Android O on OnePlus 3 OxygenOS, more than willing to test!
from mobile.
Wouldn't best practices be to use the APIs provided by Google?
from mobile.
can I help with this? is there a specific branch where things are being done? I saw a branch but it got the last commit 2 months ago so i'm not sure
from mobile.
I merged that branch into master and starting working on it more.
See https://github.com/bitwarden/mobile/tree/master/src/Android/Autofill
Feel free to stop by our Gitter channel if you want to discuss specifics of how you can contribute to this feature.
from mobile.
With the latest update, When BitWarden is trying to fill a form, my default notification sound is firing constantly.
I can reproduce it every single time. Regardless of whether BitWarden is my autofill or not.
from mobile.
@wjbeckett Are you also using the autofill accessibility service? Sounds odd since our autofill framework implementation does nothing with notifications.
from mobile.
@kspearrin ah. yes that's what is doing it.
Disable the accessibility service, and it stops.
I suppose I should log a bug for this then? Happening in all apps and Chrome.
from mobile.
@wjbeckett I just reproduced it on my end here as well. I'll look into a fix. No need for a new issue.
from mobile.
@kspearrin Perfect! Thanks mate.
from mobile.
@kspearrin Also seeing that when trying to Autofill in the PayPal app, the BitWarden autofill form appears, I tap it, unlock my vault, select the entry I want to autofill with, and then nothing happens. It doesn't fill in the username/password fields.
from mobile.
@wjbeckett I see. Not sure why this is only happening with PayPal app. Will have to investigate more. Unlocked vault can still fill it correctly.
from mobile.
@wjbeckett I just tested it and it looks like everything is being done correctly to perform the autofill, but it just doesn't work with that app. Additionally, I even tried 1Password and LastPass apps and they do not autofill with PayPal correctly either. 🤷♂️
from mobile.
Do you guys know how 1Password is doing auto-fill within Chrome?
from mobile.
I’m using 1password on my Nexus 5X with android 8.0 and the autofill service doesn’t work in chrome at all...??
from mobile.
I'm on Pixel 2 XL with 8.0 with Chrome 62.0.3202.84 and 1Password 6.7.BETA-3.
Only noticed it appearing around a week ago.
from mobile.
I am running the exact same versions and do not see it working on a few websites that I have tried. Can you give me an example website that it works on?
from mobile.
Actually, I think they might be "faking it", do you have Accessibility turned on for 1Password? It doesn't "autofill" in Chrome if I turn that off but it still autofills in apps.
from mobile.
@ragingsheep Yes, that is their accessibility service doing it in Chrome. Their UX is just the same on both methods.
from mobile.
@hrach Not sure what you mean. When you save a new login it should use the mobile app's package name.
from mobile.
Implementation works well in most cases a few issues I've found not sure if these are specific to Bitwarden or not:
Google Find Devices (Device manager) doesn't prompt autofill
Amazon Shopping app log in doesn't prompt auto fill
Twitter and some other apps working fine so great job getting this out. Way better than lastpass buggy separate app version i tested a while back.
Samsung Galaxy S8 Oreo beta 3
from mobile.
I suspect the main limitation is in those apps. I'm fairly certain
bitwarden is just calling the API, if the target app doesn't work with the
API, it won't work.
On Fri, Nov 24, 2017, 10:19 AM BigNickBurgess [email protected]
wrote:
Implementation works well in most cases a few issues I've found not sure
if these are specific to Bitwarden or not:Google Find Devices (Device manager) doesn't prompt autofill
Amazon Shopping app log in doesn't prompt auto fillTwitter and some other apps working fine so great job getting this out.
Way better than lastpass buggy separate app version i tested a while back.Samsung Galaxy S8 Oreo beta 3
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#57 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AHqNgzuMWVVDE9mgoq5QV-ZEQPm_O5ssks5s5t5cgaJpZM4M6u-a
.
--
-Geran
from mobile.
Some apps use web views for their login forms. I don't think these work with the Autofill Framework yet. I know Amazon is one I tested.
from mobile.
@kspearrin I mean a situation when the app package name doesn't match the domain, or there is some SSO which I'd like to attach to the app.
Also, I've encountered a bug, when I click an input, it prints the vault is locked. When unlocked, I've returned to the app, but the input shows still the same message that vault is locked.
Third, It also suggest something in my (Nova) launcher search field - is there any way how not to show it here?
from mobile.
- You can correct those with https://blog.bitwarden.com/new-feature-equivalent-domains-dd29aa462bb7
- Can you please let me know what app this is happening in? We saw the same thing in the PayPal app and there wasn't anything we could do there.
- I can add that app to the exclusion list.
from mobile.
- Thanks :) Didn't know.
- Sygic Travel, but I think know the pattern, after unlocking and pressing the back take me back to the app and then it show it's still locked.
from mobile.
@hrach If you are unlocking you must select the item to fill from the app UI. If you just press back you will end up with nothing if the app immediately locks back again. That is expected.
from mobile.
If I open the Bitwarden app (after pressing back, leaving my app and launching Bitwarden), it isn't locked. That's the reason why I was confused.
from mobile.
Ok, what is your lock option set at?
from mobile.
These two:
- lock after 15 minutes
- unlock after fingerprint
from mobile.
If you go to 'features' you still have to have always scan/scan when password field focused/persist notification selected. Does this affect battery or anything when Oreo autofill is enabled? Can these be disabled when Oreo autofill active or can the accessibility and oreo autofill api be run simultaneously?
Similarly the Tools panel for the accessibility auto fill service should be disabled and maybe a new one added to take you to the Oreo autofill panel.
from mobile.
@BigNickBurgess Yes, we still have some work to do on the settings pages. All settings only apply to the accessibility service today. They can be run at the same time if you like.
from mobile.
@kspearrin For #3 above, anyway the exclusion list can be managed by the user. Maybe when the auto fill overlay is presented, an option to add to the exclusion list?
from mobile.
The overlay UI is not really configurable in that way. If the exclusion list is growing large then it sounds like I have some flaws in my field detection logic that needs to be revisited. Do you have other app examples that are presenting the overlay that should not be?
from mobile.
@kspearrin I think @anortiz08 is trying to solve a problem that would be better served by logic whereby if autofill is triggered, the accessibility overlay should not also pop, when they're both enabled. I suspect this is non-trivial though.
from mobile.
@pdf Yea, I am not sure how we could support that.
from mobile.
Off the top of my head, only way I can think would be to add a small delay to the accessibility pop when they're both enabled, set a var against the app id if the autofill is triggered, check that at timeout on the accessibility pop to determine whether to actually pop the accessibility overlay. This would be racey, but probably works most of the time.
Thinking about it further, using the exclusion list (or a separate internal list) to track apps when autofill is successfully triggered would allow preventing future accessibility pops for that app. This could be combined with the above strategy, or could be used to cause the first accessibility overlay to close, though the latter would be a little janky, it would only happen once per app.
from mobile.
@kspearrin Thus far I have noticed the auto fill overlay appearing in YouTube search and Nine email client when entering a pin.
from mobile.
Getting your Android app ready for Autofill
https://android-developers.googleblog.com/2017/11/getting-your-android-app-ready-for.html
from mobile.
@Moxville Yes, we already contacted Google through that form... and no reply :-/
from mobile.
@anortiz08 For some reason the Youtube Search input field has a "input type" of
Android.Text.InputTypes.ClassText | Android.Text.InputTypes.DatetimeVariationDate | Android.Text.InputTypes.DatetimeVariationTime | Android.Text.InputTypes.TextVariationPassword
TextVariationPassword
tells me that it is a password field. Not sure why it is marked this way...
from mobile.
@hrach I installed Nova launcher and the Google search field doesn't seem to suggest an autofill it in my tests?
from mobile.
@kspearrin weird. It autosuggests also in search field of Google's contacts app. I have One Plus, so the Android is not "clean"… can I help you somehow?
from mobile.
Yes, all of these fields are marked with input type TextVariationPassword
for some reason. I have added a check in the next version to filter out any fields with "Search" in them.
from mobile.
I just published build 1106 to the beta channel with more fixes and improvements.
from mobile.
Could you please update here when the app with this feature is in play
store?
from mobile.
It was released to the stable branch when he posted yesterday I believe.
If you view the 'autofill' screen in tools the links now go to the autofill API screen as well as the Accessibility version.
from mobile.
Related Issues (20)
- Android beta - email field is case sensitive on login HOT 2
- If Bitwarden is left in the background whilst viewing a vault item, that vault item would be displayed twice after launching Bitwarden anew. HOT 1
- App crashes when trying to select and delete notes of vault item HOT 3
- FIDO2 Web Authn on Android displays a wrong text in Japanese HOT 3
- non-discoverable passkey authenticatation not supported HOT 2
- Not support web browser com.tencent.mtt HOT 1
- Opening attached image should open internally HOT 1
- Bitwarden 2024.7.0 version 11080 HOT 2
- I cannot login to Bitwarden for a few days. It is showing the error "Exception message: Connection failure". HOT 17
- Switching between Bitwarden user accounts (enterprise to personal) , cant see items in my vault HOT 1
- Special characters excluded from view HOT 1
- Basic search only works on first URI for a given login item HOT 1
- Autofill dialog unreliable on modern iOS device HOT 3
- Can't scan and store passkey in iOS 18 public beta HOT 2
- Latest bitwarden mobile app version not on f-droid? HOT 3
- Autofill always shows up in Bumble chat and blocks the keyboard HOT 4
- < character not displaying in passwords HOT 2
- Password Character ">" Not Displayed in Password Preview HOT 1
- IOS-EDGE automatic filling password BUG HOT 3
- Passkey selection / confirmation dialog displays Username rather than Display name HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mobile.