🍒 Add Biometric logging (#5645 )

🍒[PM-24206] Fix filtered verification code search (#5622 )
🍒 [PM-24205] Fix Fido2CredentialStore to save new credentials correctly (#5604 )
2026-05-11 10:54:26 -05:00 · 2025-08-05 12:22:52 -05:00 · 2025-07-30 17:18:30 +00:00 · 2025-07-28 20:35:06 +00:00 · 2025-07-28 20:32:35 +00:00 · 2025-07-25 14:31:24 -05:00
1104 changed files with 93285 additions and 15088 deletions
--- a/.github/workflows/build-authenticator.yml
+++ b/.github/workflows/build-authenticator.yml
@@ -32,6 +32,7 @@ env:
 permissions:
  contents: read
  packages: read
+  id-token: write

 jobs:
  build:
@@ -39,6 +40,15 @@ jobs:
    runs-on: ubuntu-24.04

    steps:
+      - name: Log inputs to job summary
+        run: |
+          echo "<details><summary>Job Inputs</summary>" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo '```json' >> $GITHUB_STEP_SUMMARY
+          echo '${{ toJson(inputs) }}' >> $GITHUB_STEP_SUMMARY
+          echo '```' >> $GITHUB_STEP_SUMMARY
+          echo "</details>" >> $GITHUB_STEP_SUMMARY
+
      - name: Check out repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

@@ -113,9 +123,18 @@ jobs:
          bundle install --jobs 4 --retry 3

      - name: Log in to Azure
-        uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
+        uses: bitwarden/gh-actions/azure-login@main
        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-android
+          secrets: "BWA-AAB-KEYSTORE-STORE-PASSWORD,BWA-AAB-KEYSTORE-KEY-PASSWORD,BWA-APK-KEYSTORE-STORE-PASSWORD,BWA-APK-KEYSTORE-KEY-PASSWORD"

      - name: Retrieve secrets
        env:
@@ -159,6 +178,9 @@ jobs:
          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
          --name authenticator_play_store-creds.json --file ${{ github.workspace }}/secrets/authenticator_play_store-creds.json --output none

+      - name: AZ Logout
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Verify Play Store credentials
        if: ${{ inputs.publish-to-play-store }}
        run: |
@@ -213,18 +235,18 @@ jobs:
        run: |
          bundle exec fastlane bundleAuthenticatorRelease \
          storeFile:${{ github.workspace }}/keystores/authenticator_aab-keystore.jks \
-          storePassword:'${{ secrets.BWA_AAB_KEYSTORE_STORE_PASSWORD }}' \
+          storePassword:'${{ steps.get-kv-secrets.outputs.BWA-AAB-KEYSTORE-STORE-PASSWORD }}' \
          keyAlias:authenticatorupload \
-          keyPassword:'${{ secrets.BWA_AAB_KEYSTORE_KEY_PASSWORD }}'
+          keyPassword:'${{ steps.get-kv-secrets.outputs.BWA-AAB-KEYSTORE-KEY-PASSWORD }}'

      - name: Generate release Play Store APK
        if: ${{ matrix.variant == 'apk' }}
        run: |
          bundle exec fastlane buildAuthenticatorRelease \
          storeFile:${{ github.workspace }}/keystores/authenticator_apk-keystore.jks \
-          storePassword:'${{ secrets.BWA_APK_KEYSTORE_STORE_PASSWORD }}' \
+          storePassword:'${{ steps.get-kv-secrets.outputs.BWA-APK-KEYSTORE-STORE-PASSWORD }}' \
          keyAlias:bitwardenauthenticator \
-          keyPassword:'${{ secrets.BWA_APK_KEYSTORE_KEY_PASSWORD }}'
+          keyPassword:'${{ steps.get-kv-secrets.outputs.BWA-APK-KEYSTORE-KEY-PASSWORD }}'

      - name: Upload release Play Store .aab artifact
        if: ${{ matrix.variant == 'aab' }}
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -33,6 +33,7 @@ env:
 permissions:
  contents: read
  packages: read
+  id-token: write

 jobs:
  build:
@@ -40,6 +41,15 @@ jobs:
    runs-on: ubuntu-24.04

    steps:
+      - name: Log inputs to job summary
+        run: |
+          echo "<details><summary>Job Inputs</summary>" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo '```json' >> $GITHUB_STEP_SUMMARY
+          echo '${{ toJson(inputs) }}' >> $GITHUB_STEP_SUMMARY
+          echo '```' >> $GITHUB_STEP_SUMMARY
+          echo "</details>" >> $GITHUB_STEP_SUMMARY
+
      - name: Check out repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

@@ -121,9 +131,18 @@ jobs:
          bundle install --jobs 4 --retry 3

      - name: Log in to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        uses: bitwarden/gh-actions/azure-login@main
        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-android
+          secrets: "UPLOAD-KEYSTORE-PASSWORD,UPLOAD-BETA-KEYSTORE-PASSWORD,UPLOAD-BETA-KEY-PASSWORD,PLAY-KEYSTORE-PASSWORD,PLAY-BETA-KEYSTORE-PASSWORD,PLAY-BETA-KEY-PASSWORD"

      - name: Retrieve secrets
        env:
@@ -160,6 +179,9 @@ jobs:
          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
          --name app_play_prod_firebase-creds.json --file ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json --output none

+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Validate Gradle wrapper
        uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1

@@ -207,48 +229,48 @@ jobs:
      - name: Generate release Play Store bundle
        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' }}
        env:
-          UPLOAD_KEYSTORE_PASSWORD: ${{ secrets.UPLOAD_KEYSTORE_PASSWORD }}
+          UPLOAD-KEYSTORE-PASSWORD: ${{ steps.get-kv-secrets.outputs.UPLOAD-KEYSTORE-PASSWORD }}
        run: |
          bundle exec fastlane bundlePlayStoreRelease \
          storeFile:app_upload-keystore.jks \
-          storePassword:${{ env.UPLOAD_KEYSTORE_PASSWORD }} \
+          storePassword:${{ env.UPLOAD-KEYSTORE-PASSWORD }} \
          keyAlias:upload \
-          keyPassword:${{ env.UPLOAD_KEYSTORE_PASSWORD }}
+          keyPassword:${{ env.UPLOAD-KEYSTORE-PASSWORD }}

      - name: Generate beta Play Store bundle
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
        env:
-          UPLOAD_BETA_KEYSTORE_PASSWORD: ${{ secrets.UPLOAD_BETA_KEYSTORE_PASSWORD }}
-          UPLOAD_BETA_KEY_PASSWORD: ${{ secrets.UPLOAD_BETA_KEY_PASSWORD }}
+          UPLOAD-BETA-KEYSTORE-PASSWORD: ${{ steps.get-kv-secrets.outputs.UPLOAD-BETA-KEYSTORE-PASSWORD }}
+          UPLOAD-BETA-KEY-PASSWORD: ${{ steps.get-kv-secrets.outputs.UPLOAD-BETA-KEY-PASSWORD }}
        run: |
          bundle exec fastlane bundlePlayStoreBeta \
          storeFile:app_beta_upload-keystore.jks \
-          storePassword:${{ env.UPLOAD_BETA_KEYSTORE_PASSWORD }} \
+          storePassword:${{ env.UPLOAD-BETA-KEYSTORE-PASSWORD }} \
          keyAlias:bitwarden-beta-upload \
-          keyPassword:${{ env.UPLOAD_BETA_KEY_PASSWORD }}
+          keyPassword:${{ env.UPLOAD-BETA-KEY-PASSWORD }}

      - name: Generate release Play Store APK
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
        env:
-          PLAY_KEYSTORE_PASSWORD: ${{ secrets.PLAY_KEYSTORE_PASSWORD }}
+          PLAY-KEYSTORE-PASSWORD: ${{ steps.get-kv-secrets.outputs.PLAY-KEYSTORE-PASSWORD }}
        run: |
          bundle exec fastlane assemblePlayStoreReleaseApk \
          storeFile:app_play-keystore.jks \
-          storePassword:${{ env.PLAY_KEYSTORE_PASSWORD }} \
+          storePassword:${{ env.PLAY-KEYSTORE-PASSWORD }} \
          keyAlias:bitwarden \
-          keyPassword:${{ env.PLAY_KEYSTORE_PASSWORD }}
+          keyPassword:${{ env.PLAY-KEYSTORE-PASSWORD }}

      - name: Generate beta Play Store APK
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
        env:
-          PLAY_BETA_KEYSTORE_PASSWORD: ${{ secrets.PLAY_BETA_KEYSTORE_PASSWORD }}
-          PLAY_BETA_KEY_PASSWORD: ${{ secrets.PLAY_BETA_KEY_PASSWORD }}
+          PLAY-BETA-KEYSTORE-PASSWORD: ${{ steps.get-kv-secrets.outputs.PLAY-BETA-KEYSTORE-PASSWORD }}
+          PLAY-BETA-KEY-PASSWORD: ${{ steps.get-kv-secrets.outputs.PLAY-BETA-KEY-PASSWORD }}
        run: |
          bundle exec fastlane assemblePlayStoreBetaApk \
          storeFile:app_beta_play-keystore.jks \
-          storePassword:${{ env.PLAY_BETA_KEYSTORE_PASSWORD }} \
+          storePassword:${{ env.PLAY-BETA-KEYSTORE-PASSWORD }} \
          keyAlias:bitwarden-beta \
-          keyPassword:${{ env.PLAY_BETA_KEY_PASSWORD }}
+          keyPassword:${{ env.PLAY-BETA-KEY-PASSWORD }}

      - name: Generate debug Play Store APKs
        if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
@@ -420,9 +442,18 @@ jobs:
          bundle install --jobs 4 --retry 3

      - name: Log in to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        uses: bitwarden/gh-actions/azure-login@main
        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-android
+          secrets: "FDROID-KEYSTORE-PASSWORD,FDROID-BETA-KEYSTORE-PASSWORD,FDROID-BETA-KEY-PASSWORD"

      - name: Retrieve secrets
        env:
@@ -445,6 +476,9 @@ jobs:
          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
          --name app_fdroid_firebase-creds.json --file ${{ github.workspace }}/secrets/app_fdroid_firebase-creds.json --output none

+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Validate Gradle wrapper
        uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1

@@ -499,7 +533,7 @@ jobs:
          echo "Version Number: $VERSION_CODE" >> $GITHUB_STEP_SUMMARY
      - name: Generate F-Droid artifacts
        env:
-          FDROID_STORE_PASSWORD: ${{ secrets.FDROID_KEYSTORE_PASSWORD }}
+          FDROID_STORE_PASSWORD: ${{ steps.get-kv-secrets.outputs.FDROID-KEYSTORE-PASSWORD }}
        run: |
          bundle exec fastlane assembleFDroidReleaseApk \
          storeFile:app_fdroid-keystore.jks \
@@ -509,14 +543,14 @@ jobs:

      - name: Generate F-Droid Beta Artifacts
        env:
-          FDROID_BETA_KEYSTORE_PASSWORD: ${{ secrets.FDROID_BETA_KEYSTORE_PASSWORD }}
-          FDROID_BETA_KEY_PASSWORD: ${{ secrets.FDROID_BETA_KEY_PASSWORD }}
+          FDROID-BETA-KEYSTORE-PASSWORD: ${{ steps.get-kv-secrets.outputs.FDROID-BETA-KEYSTORE-PASSWORD }}
+          FDROID-BETA-KEY-PASSWORD: ${{ steps.get-kv-secrets.outputs.FDROID-BETA-KEY-PASSWORD }}
        run: |
          bundle exec fastlane assembleFDroidBetaApk \
          storeFile:app_beta_fdroid-keystore.jks \
-          storePassword:"${{ env.FDROID_BETA_KEYSTORE_PASSWORD }}" \
+          storePassword:"${{ env.FDROID-BETA-KEYSTORE-PASSWORD }}" \
          keyAlias:bitwarden-beta \
-          keyPassword:"${{ env.FDROID_BETA_KEY_PASSWORD }}"
+          keyPassword:"${{ env.FDROID-BETA-KEY-PASSWORD }}"

      - name: Upload F-Droid .apk artifact
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
--- a/.github/workflows/crowdin-pull.yml
+++ b/.github/workflows/crowdin-pull.yml
@@ -13,6 +13,7 @@ jobs:
    permissions:
      contents: write
      pull-requests: write
+      id-token: write
    strategy:
      matrix:
        include:
@@ -28,10 +29,19 @@ jobs:
      - name: Checkout repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

-      - name: Login to Azure - CI Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"

      - name: Retrieve secrets
        id: retrieve-secrets
@@ -40,12 +50,15 @@ jobs:
          keyvault: "bitwarden-ci"
          secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"

+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Generate GH App token
        uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
        id: app-token
        with:
-          app-id: ${{ secrets.BW_GHAPP_ID }}
-          private-key: ${{ secrets.BW_GHAPP_KEY }}
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}

      - name: Download translations for ${{ matrix.name }}
        uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2 # v2.7.0
--- a/.github/workflows/crowdin-push.yml
+++ b/.github/workflows/crowdin-push.yml
@@ -13,14 +13,17 @@ jobs:
    runs-on: ubuntu-24.04
    permissions:
      contents: read
+      id-token: write
    steps:
      - name: Check out repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Log in to Azure
-        uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
+        uses: bitwarden/gh-actions/azure-login@main
        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}

      - name: Retrieve secrets
        id: retrieve-secrets
@@ -40,6 +43,9 @@ jobs:
          upload_sources: true
          upload_translations: false

+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Upload sources for Authenticator
        uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2 # v2.7.0
        env:
--- a/.github/workflows/github-release.yml
+++ b/.github/workflows/github-release.yml
@@ -21,6 +21,7 @@ jobs:
    runs-on: ubuntu-24.04
    permissions:
      contents: write
+      id-token: write

    steps:
      - name: Check out repository
@@ -115,6 +116,23 @@ jobs:
            find $ARTIFACTS_PATH -type f
          fi

+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-android
+          secrets: "JIRA-API-EMAIL,JIRA-API-TOKEN"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Get product release notes
        id: get_release_notes
        env:
@@ -122,8 +140,8 @@ jobs:
          ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
          _VERSION_NAME: ${{ steps.get_release_info.outputs.version_name }}
          _RELEASE_TICKET_ID: ${{ inputs.release-ticket-id }}
-          _JIRA_API_EMAIL: ${{ secrets.JIRA_API_EMAIL }}
-          _JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
+          _JIRA_API_EMAIL: ${{ steps.get-kv-secrets.outputs.JIRA-API-EMAIL }}
+          _JIRA_API_TOKEN: ${{ steps.get-kv-secrets.outputs.JIRA-API-TOKEN }}
        run: |
          echo "Getting product release notes"
          product_release_notes=$(python3 .github/scripts/jira-get-release-notes/jira_release_notes.py $_RELEASE_TICKET_ID $_JIRA_API_EMAIL $_JIRA_API_TOKEN)
--- a/.github/workflows/publish-github-release.yml
+++ b/.github/workflows/publish-github-release.yml
@@ -1,12 +1,36 @@
-name: Publish GitHub Release as newest
+name: Publish Password Manager and Authenticator GitHub Release as newest

 on:
  workflow_dispatch:
+  schedule:
+    - cron: '0 3 * * 1-5'
+
+permissions:
+  contents: write
+  id-token: write
+  actions: read

 jobs:
-  stub:
-    runs-on: ubuntu-24.04
-    name: Stub
-    steps:
-      - name: Stub
-        run: echo "This is a stub job to trigger the workflow."
+  publish-release-password-manager:
+    name: Publish Password Manager Release
+    uses: bitwarden/gh-actions/.github/workflows/_publish-mobile-github-release.yml@main
+    with:
+      release_name: "Password Manager"
+      workflow_name: "publish-github-release.yml"
+      credentials_filename: "play_creds.json"
+      project_type: android
+      check_release_command: >
+        bundle exec fastlane getLatestPlayStoreVersion package_name:com.x8bit.bitwarden track:production
+    secrets: inherit
+
+  publish-release-authenticator:
+    name: Publish Authenticator Release
+    uses: bitwarden/gh-actions/.github/workflows/_publish-mobile-github-release.yml@main
+    with:
+      release_name: "Authenticator"
+      workflow_name: "publish-github-release.yml"
+      credentials_filename: "authenticator_play_store-creds.json"
+      project_type: android
+      check_release_command: >
+        bundle exec fastlane getLatestPlayStoreVersion package_name:com.bitwarden.authenticator track:production
+    secrets: inherit
--- a/.github/workflows/publish-store.yml
+++ b/.github/workflows/publish-store.yml
@@ -0,0 +1,159 @@
+name: Publish to Google Play
+run-name: "Promoting ${{ inputs.product }} ${{ inputs.version-code }} from ${{ inputs.track-from }} to ${{ inputs.track-target }}"
+on:
+  workflow_dispatch:
+    inputs:
+      product:
+        description: "Which app is being released."
+        type: choice
+        options:
+          - Password Manager
+          - Authenticator
+      version-name:
+        description: "Version name to promote to production ex 2025.1.1"
+        type: string
+      version-code:
+        description: "Build number to promote to production."
+        required: true
+        type: string
+      rollout-percentage:
+          description: "Percentage of users who will receive this version update."
+          required: true
+          type: choice
+          options:
+            - 10%
+            - 30%
+            - 50%
+            - 100%
+          default: 10%
+      release-notes:
+        description: "Change notes to be included with this release."
+        type: string
+        default: "Bug fixes."
+        required: true
+      track-from:
+        description: "Track to promote from."
+        type: choice
+        options:
+          - internal
+          - Fastlane Automation Source
+        required: true
+        default: "internal"
+      track-target:
+        description: "Track to promote to."
+        type: choice
+        options:
+          - production
+          - Fastlane Automation Target
+        required: true
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GITHUB_ACTION_RUN_URL: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+
+permissions:
+  contents: read
+  packages: read
+  id-token: write
+
+jobs:
+    promote:
+      runs-on: ubuntu-24.04
+      name: Promote build to Production in Play Store
+
+      steps:
+        - name: Log inputs to job summary
+          run: |
+            echo "<details><summary>Job Inputs</summary>" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo '```json' >> $GITHUB_STEP_SUMMARY
+            echo '${{ toJson(inputs) }}' >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            echo "</details>" >> $GITHUB_STEP_SUMMARY
+
+        - name: Check out repo
+          uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+        - name: Configure Ruby
+          uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0
+          with:
+            bundler-cache: true
+
+        - name: Install Fastlane
+          run: |
+            gem install bundler:2.2.27
+            bundle config path vendor/bundle
+            bundle install --jobs 4 --retry 3
+
+        - name: Log in to Azure
+          uses: bitwarden/gh-actions/azure-login@main
+          with:
+            subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+            tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+            client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+        - name: Get Azure Key Vault secrets
+          id: get-kv-secrets
+          uses: bitwarden/gh-actions/get-keyvault-secrets@main
+          with:
+            keyvault: gh-android
+            secrets: "PLAY-BETA-KEYSTORE-PASSWORD,PLAY-BETA-KEY-PASSWORD"
+
+        - name: Retrieve secrets
+          env:
+            ACCOUNT_NAME: bitwardenci
+            CONTAINER_NAME: mobile
+          run: |
+            mkdir -p ${{ github.workspace }}/secrets
+            mkdir -p ${{ github.workspace }}/app/src/standardRelease
+
+            az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+            --name play_creds.json --file ${{ github.workspace }}/secrets/play_creds.json --output none
+
+            az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+            --name authenticator_play_store-creds.json --file ${{ github.workspace }}/secrets/authenticator_play_store-creds.json --output none
+
+        - name: Log out from Azure
+          uses: bitwarden/gh-actions/azure-logout@main
+
+        - name: Format Release Notes
+          run: |
+            FORMATTED_MESSAGE="$(echo "${{ inputs.release-notes }}" | sed 's/  /\n/g')"
+            echo "RELEASE_NOTES<<EOF" >> $GITHUB_ENV
+            echo "$FORMATTED_MESSAGE" >> $GITHUB_ENV
+            echo "EOF" >> $GITHUB_ENV
+        - name: Promote Play Store version to production
+          env:
+            PLAY_KEYSTORE_PASSWORD: ${{ steps.get-kv-secrets.outputs.PLAY-BETA-KEYSTORE-PASSWORD }}
+            PLAY_KEY_PASSWORD: ${{ steps.get-kv-secrets.outputs.PLAY-BETA-KEY-PASSWORD }}
+            VERSION_CODE_INPUT: ${{ inputs.version-code }}
+            VERSION_NAME: ${{inputs.version-name}}
+            ROLLOUT_PERCENTAGE: ${{ inputs.rollout-percentage }}
+            PRODUCT: ${{ inputs.product }}
+            TRACK_FROM: ${{ inputs.track-from }}
+            TRACK_TARGET: ${{ inputs.track-target }}
+          run: |
+            if [ "$PRODUCT" = "Password Manager" ]; then
+              PACKAGE_NAME="com.x8bit.bitwarden"
+            elif [ "$PRODUCT" = "Authenticator" ]; then
+              PACKAGE_NAME="com.bitwarden.authenticator"
+            else
+              echo "Unsupported product: $PRODUCT"
+              exit 1
+            fi
+
+            VERSION_CODE=$(echo "${VERSION_CODE_INPUT}" | tr -d ',')
+
+            decimal=$(echo "scale=2; ${ROLLOUT_PERCENTAGE/\%/} / 100" | bc)
+
+            bundle exec fastlane updateReleaseNotes \
+              releaseNotes:"$RELEASE_NOTES" \
+              versionCode:"$VERSION_CODE"
+
+            bundle exec fastlane promoteToProduction \
+              versionCode:"$VERSION_CODE" \
+              versionName:"$VERSION_NAME" \
+              rolloutPercentage:"$decimal" \
+              packageName:"$PACKAGE_NAME" \
+              releaseNotes:"$RELEASE_NOTES" \
+              track:"$TRACK_FROM" \
+              trackPromoteTo:"$TRACK_TARGET"
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,14 +0,0 @@
-
-name: Publish
-
-on:
-  workflow_dispatch:
-
-jobs:
-    publish:
-      runs-on: ubuntu-24.04
-      name: Promote build to Production in Play Store
-
-      steps:
-        - name: TEST STEP
-          run: exit 0
--- a/.github/workflows/scan-ci.yml
+++ b/.github/workflows/scan-ci.yml
@@ -13,6 +13,7 @@ jobs:
    permissions:
      contents: read
      security-events: write
+      id-token: write

    steps:
      - name: Check out repo
@@ -20,14 +21,31 @@ jobs:
        with:
          fetch-depth: 0

+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "CHECKMARX-TENANT,CHECKMARX-CLIENT-ID,CHECKMARX-SECRET"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Scan with Checkmarx
        uses: checkmarx/ast-github-action@ef93013c95adc60160bc22060875e90800d3ecfc # 2.3.19
        with:
          project_name: ${{ github.repository }}
-          cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
+          cx_tenant: ${{ steps.get-kv-secrets.outputs.CHECKMARX-TENANT }}
          base_uri: https://ast.checkmarx.net/
-          cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
-          cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
+          cx_client_id: ${{ steps.get-kv-secrets.outputs.CHECKMARX-CLIENT-ID }}
+          cx_client_secret: ${{ steps.get-kv-secrets.outputs.CHECKMARX-SECRET }}
          additional_params: |
            --report-format sarif \
            --filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
@@ -43,17 +61,36 @@ jobs:
    runs-on: ubuntu-24.04
    permissions:
      contents: read
+      id-token: write

    steps:
+
      - name: Check out repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          fetch-depth: 0

+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "SONAR-TOKEN"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Scan with SonarCloud
        uses: sonarsource/sonarqube-scan-action@aa494459d7c39c106cc77b166de8b4250a32bb97 # v5.1.0
        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_TOKEN: ${{ steps.get-kv-secrets.outputs.SONAR-TOKEN }}
        with:
          args: >
            -Dsonar.organization=${{ github.repository_owner }}
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -28,6 +28,7 @@ jobs:
      contents: read
      pull-requests: write
      security-events: write
+      id-token: write

    steps:
      - name: Check out repo
@@ -35,16 +36,33 @@ jobs:
        with:
          ref: ${{  github.event.pull_request.head.sha }}

+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "CHECKMARX-TENANT,CHECKMARX-CLIENT-ID,CHECKMARX-SECRET"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Scan with Checkmarx
        uses: checkmarx/ast-github-action@ef93013c95adc60160bc22060875e90800d3ecfc # 2.3.19
        env:
          INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
        with:
          project_name: ${{ github.repository }}
-          cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
+          cx_tenant: ${{ steps.get-kv-secrets.outputs.CHECKMARX-TENANT }}
          base_uri: https://ast.checkmarx.net/
-          cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
-          cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
+          cx_client_id: ${{ steps.get-kv-secrets.outputs.CHECKMARX-CLIENT-ID }}
+          cx_client_secret: ${{ steps.get-kv-secrets.outputs.CHECKMARX-SECRET }}
          additional_params: |
            --report-format sarif \
            --filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
@@ -64,6 +82,7 @@ jobs:
    permissions:
      contents: read
      pull-requests: write
+      id-token: write

    steps:
      - name: Check out repo
@@ -72,10 +91,27 @@ jobs:
          fetch-depth: 0
          ref: ${{  github.event.pull_request.head.sha }}

+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "SONAR-TOKEN"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Scan with SonarCloud
        uses: sonarsource/sonarqube-scan-action@aa494459d7c39c106cc77b166de8b4250a32bb97 # v5.1.0
        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_TOKEN: ${{ steps.get-kv-secrets.outputs.SONAR-TOKEN }}
        with:
          args: >
            -Dsonar.organization=${{ github.repository_owner }}
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-3.3.1
+3.4.2
--- a/9
+++ b/9
@@ -7,3 +7,12 @@ gem 'time'

 plugins_path = File.join(File.dirname(__FILE__), 'fastlane', 'Pluginfile')
 eval_gemfile(plugins_path) if File.exist?(plugins_path)
+
+# Since ruby 3.4.0 these are not included in the standard library
+gem 'abbrev'
+gem 'logger'
+gem 'mutex_m'
+gem 'csv'
+
+# Starting with Ruby 3.5.0, these are not included in the standard library
+gem 'ostruct'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -5,27 +5,28 @@ GEM
      base64
      nkf
      rexml
+    abbrev (0.1.2)
    addressable (2.8.7)
      public_suffix (>= 2.0.2, < 7.0)
    artifactory (3.0.17)
    atomos (0.1.3)
    aws-eventstream (1.4.0)
-    aws-partitions (1.1113.0)
-    aws-sdk-core (3.225.1)
+    aws-partitions (1.1131.0)
+    aws-sdk-core (3.226.3)
      aws-eventstream (~> 1, >= 1.3.0)
      aws-partitions (~> 1, >= 1.992.0)
      aws-sigv4 (~> 1.9)
      base64
      jmespath (~> 1, >= 1.6.1)
      logger
-    aws-sdk-kms (1.104.0)
+    aws-sdk-kms (1.106.0)
      aws-sdk-core (~> 3, >= 3.225.0)
      aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.189.0)
+    aws-sdk-s3 (1.193.0)
      aws-sdk-core (~> 3, >= 3.225.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.5)
-    aws-sigv4 (1.12.0)
+    aws-sigv4 (1.12.1)
      aws-eventstream (~> 1, >= 1.0.2)
    babosa (1.0.4)
    base64 (0.3.0)
@@ -34,6 +35,7 @@ GEM
    colored2 (3.1.2)
    commander (4.6.0)
      highline (~> 2.0.0)
+    csv (3.3.5)
    date (3.4.1)
    declarative (0.0.20)
    digest-crc (0.7.0)
@@ -58,10 +60,10 @@ GEM
      faraday (>= 0.8.0)
      http-cookie (~> 1.0.0)
    faraday-em_http (1.0.0)
-    faraday-em_synchrony (1.0.0)
+    faraday-em_synchrony (1.0.1)
    faraday-excon (1.1.0)
    faraday-httpclient (1.0.1)
-    faraday-multipart (1.1.0)
+    faraday-multipart (1.1.1)
      multipart-post (~> 2.0)
    faraday-net_http (1.0.2)
    faraday-net_http_persistent (1.2.0)
@@ -71,7 +73,7 @@ GEM
    faraday_middleware (1.2.1)
      faraday (~> 1.0)
    fastimage (2.4.0)
-    fastlane (2.227.2)
+    fastlane (2.228.0)
      CFPropertyList (>= 2.3, < 4.0.0)
      addressable (>= 2.8, < 3.0.0)
      artifactory (~> 3.0)
@@ -165,20 +167,21 @@ GEM
    httpclient (2.9.0)
      mutex_m
    jmespath (1.6.2)
-    json (2.12.2)
-    jwt (2.10.1)
+    json (2.13.0)
+    jwt (2.10.2)
      base64
    logger (1.7.0)
    mini_magick (4.13.2)
    mini_mime (1.1.5)
-    multi_json (1.15.0)
+    multi_json (1.17.0)
    multipart-post (2.4.1)
    mutex_m (0.3.0)
    nanaimo (0.4.0)
-    naturally (2.2.2)
+    naturally (2.3.0)
    nkf (0.2.0)
    optparse (0.6.0)
    os (1.1.4)
+    ostruct (0.6.3)
    plist (3.7.2)
    public_suffix (6.0.2)
    rake (13.3.0)
@@ -230,12 +233,17 @@ PLATFORMS
  ruby

 DEPENDENCIES
+  abbrev
+  csv
  fastlane
  fastlane-plugin-firebase_app_distribution
+  logger
+  mutex_m
+  ostruct
  time

 RUBY VERSION
-   ruby 3.3.1p55
+   ruby 3.4.2p28

 BUNDLED WITH
-   2.6.6
+   2.6.9
--- a/README.md
+++ b/README.md
@@ -52,6 +52,16 @@

    Please avoid mixing formatting and logical changes in the same commit/PR. When possible, fix any large formatting issues in a separate PR before opening one to make logical changes to the same code. This helps others focus on the meaningful code changes when reviewing the code.

+4. Setup JDK `Version` `17`:
+
+    - Navigate to `Preferences > Build, Execution, Deployment > Build Tools > Gradle`.
+    - Hit the selected Gradle JDK next to `Gradle JDK:`.
+    - Select a `17.x` version or hit `Download JDK...` if not present.
+    - Select `Version` `17`.
+    - Select your preferred `Vendor`.
+    - Hit `Download`.
+    - Hit `Apply`.
+
 ## Theme

 ### Icons & Illustrations
--- a/annotation/build.gradle.kts
+++ b/annotation/build.gradle.kts
@@ -37,6 +37,6 @@ android {

 kotlin {
    compilerOptions {
-        jvmTarget.set(JvmTarget.fromTarget(libs.versions.jvmTarget.get()))
+        jvmTarget = JvmTarget.fromTarget(libs.versions.jvmTarget.get())
    }
 }
--- a/app/build.gradle.kts
+++ b/app/build.gradle.kts
@@ -10,6 +10,7 @@ import java.util.Properties

 plugins {
    alias(libs.plugins.android.application)
+    alias(libs.plugins.androidx.room)
    // Crashlytics is enabled for all builds initially but removed for FDroid builds in gradle and
    // standardDebug builds in the merged manifest.
    alias(libs.plugins.crashlytics)
@@ -46,26 +47,30 @@ android {
    namespace = "com.x8bit.bitwarden"
    compileSdk = libs.versions.compileSdk.get().toInt()

+    room {
+        schemaDirectory("$projectDir/schemas")
+    }
+
    defaultConfig {
        applicationId = "com.x8bit.bitwarden"
        minSdk = libs.versions.minSdk.get().toInt()
        targetSdk = libs.versions.targetSdk.get().toInt()
        versionCode = 1
-        versionName = "2025.4.0"
+        versionName = "2025.7.0"

        setProperty("archivesBaseName", "com.x8bit.bitwarden")

-        ksp {
-            // The location in which the generated Room Database Schemas will be stored in the repo.
-            arg("room.schemaLocation", "$projectDir/schemas")
-        }
-
        testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"

        buildConfigField(
            type = "String",
            name = "CI_INFO",
-            value = "${ciProperties.getOrDefault("ci.info", "\"local\"")}",
+            value = "${ciProperties.getOrDefault("ci.info", "\"\uD83D\uDCBB local\"")}",
+        )
+        buildConfigField(
+            type = "String",
+            name = "SDK_VERSION",
+            value = "\"${libs.versions.bitwardenSdk.get()}\"",
        )
    }

@@ -99,6 +104,7 @@ android {
            applicationIdSuffix = ".beta"
            isDebuggable = false
            isMinifyEnabled = true
+            isShrinkResources = true
            matchingFallbacks += listOf("release")
            proguardFiles(
                getDefaultProguardFile("proguard-android-optimize.txt"),
@@ -111,6 +117,7 @@ android {
        release {
            isDebuggable = false
            isMinifyEnabled = true
+            isShrinkResources = true
            proguardFiles(
                getDefaultProguardFile("proguard-android-optimize.txt"),
                "proguard-rules.pro",
@@ -193,7 +200,7 @@ android {

 kotlin {
    compilerOptions {
-        jvmTarget.set(JvmTarget.fromTarget(libs.versions.jvmTarget.get()))
+        jvmTarget = JvmTarget.fromTarget(libs.versions.jvmTarget.get())
    }
 }

@@ -255,11 +262,10 @@ dependencies {
    implementation(libs.kotlinx.collections.immutable)
    implementation(libs.kotlinx.coroutines.android)
    implementation(libs.kotlinx.serialization)
+    implementation(platform(libs.square.okhttp.bom))
    implementation(libs.square.okhttp)
-    implementation(libs.square.okhttp.logging)
    implementation(platform(libs.square.retrofit.bom))
    implementation(libs.square.retrofit)
-    implementation(libs.square.retrofit.kotlinx.serialization)
    implementation(libs.timber)
    implementation(libs.zxing.zxing.core)

@@ -287,7 +293,6 @@ dependencies {
    testImplementation(libs.kotlinx.coroutines.test)
    testImplementation(libs.mockk.mockk)
    testImplementation(libs.robolectric.robolectric)
-    testImplementation(libs.square.okhttp.mockwebserver)
    testImplementation(libs.square.turbine)
 }

@@ -296,8 +301,7 @@ tasks {
        useJUnitPlatform()
        maxHeapSize = "2g"
        maxParallelForks = Runtime.getRuntime().availableProcessors()
-        jvmArgs = jvmArgs.orEmpty() + "-XX:+UseParallelGC"
-        android.sourceSets["main"].res.srcDirs("src/test/res")
+        jvmArgs = jvmArgs.orEmpty() + "-XX:+UseParallelGC" + "-Duser.country=US"
    }
 }

--- a/app/schemas/com.x8bit.bitwarden.data.vault.datasource.disk.database.VaultDatabase/7.json
+++ b/app/schemas/com.x8bit.bitwarden.data.vault.datasource.disk.database.VaultDatabase/7.json
@@ -0,0 +1,252 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 7,
+    "identityHash": "4c6ad1f5268d7e8add7407201788aa2e",
+    "entities": [
+      {
+        "tableName": "ciphers",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `has_totp` INTEGER NOT NULL DEFAULT 1, `cipher_type` TEXT NOT NULL, `cipher_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "hasTotp",
+            "columnName": "has_totp",
+            "affinity": "INTEGER",
+            "notNull": true,
+            "defaultValue": "1"
+          },
+          {
+            "fieldPath": "cipherType",
+            "columnName": "cipher_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherJson",
+            "columnName": "cipher_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_ciphers_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_ciphers_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      },
+      {
+        "tableName": "collections",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `organization_id` TEXT NOT NULL, `should_hide_passwords` INTEGER NOT NULL, `name` TEXT NOT NULL, `external_id` TEXT, `read_only` INTEGER NOT NULL, `manage` INTEGER, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "organizationId",
+            "columnName": "organization_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "shouldHidePasswords",
+            "columnName": "should_hide_passwords",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "externalId",
+            "columnName": "external_id",
+            "affinity": "TEXT"
+          },
+          {
+            "fieldPath": "isReadOnly",
+            "columnName": "read_only",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "canManage",
+            "columnName": "manage",
+            "affinity": "INTEGER"
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_collections_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_collections_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      },
+      {
+        "tableName": "domains",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`user_id` TEXT NOT NULL, `domains_json` TEXT, PRIMARY KEY(`user_id`))",
+        "fields": [
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "domainsJson",
+            "columnName": "domains_json",
+            "affinity": "TEXT"
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "user_id"
+          ]
+        }
+      },
+      {
+        "tableName": "folders",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `name` TEXT, `revision_date` INTEGER NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT"
+          },
+          {
+            "fieldPath": "revisionDate",
+            "columnName": "revision_date",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_folders_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_folders_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      },
+      {
+        "tableName": "sends",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `send_type` TEXT NOT NULL, `send_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendType",
+            "columnName": "send_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendJson",
+            "columnName": "send_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_sends_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_sends_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      }
+    ],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, '4c6ad1f5268d7e8add7407201788aa2e')"
+    ]
+  }
+}
--- a/app/src/beta/AndroidManifest.xml
+++ b/app/src/beta/AndroidManifest.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools">
+
+    <application tools:ignore="MissingApplicationIcon">
+        <activity
+            android:name=".MainActivity">
+            <intent-filter android:autoVerify="true">
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+                <category android:name="android.intent.category.BROWSABLE" />
+
+                <data android:scheme="https" />
+                <data android:host="*.bitwarden.pw" />
+                <data android:pathPattern="/redirect-connector.*" />
+            </intent-filter>
+        </activity>
+    </application>
+
+</manifest>
--- a/app/src/debug/AndroidManifest.xml
+++ b/app/src/debug/AndroidManifest.xml
@@ -7,6 +7,20 @@
        <meta-data
            android:name="firebase_crashlytics_collection_enabled"
            android:value="false" />
+        <activity
+            android:name=".MainActivity"
+            tools:ignore="IntentFilterExportedReceiver">
+            <intent-filter android:autoVerify="true">
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+                <category android:name="android.intent.category.BROWSABLE" />
+
+                <data android:scheme="https" />
+                <data android:host="*.bitwarden.pw" />
+                <data android:pathPattern="/redirect-connector.*" />
+            </intent-filter>
+        </activity>
    </application>

 </manifest>
--- a/app/src/debug/res/xml/network_security_config.xml
+++ b/app/src/debug/res/xml/network_security_config.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config xmlns:tools="http://schemas.android.com/tools">
+
+    <base-config
+        cleartextTrafficPermitted="true"
+        tools:ignore="InsecureBaseConfiguration">
+        <trust-anchors>
+            <!-- Trust pre-installed CAs -->
+            <certificates src="system" />
+            <!-- Additionally trust user added CAs -->
+            <certificates
+                src="user"
+                tools:ignore="AcceptsUserCertificates" />
+        </trust-anchors>
+    </base-config>
+
+    <domain-config cleartextTrafficPermitted="false">
+        <domain includeSubdomains="true">bitwarden.com</domain>
+        <domain includeSubdomains="true">bitwarden.eu</domain>
+        <domain includeSubdomains="true">bitwarden.pw</domain>
+        <trust-anchors>
+            <!-- Only trust pre-installed CAs for Bitwarden domains and all subdomains -->
+            <certificates src="system" />
+        </trust-anchors>
+    </domain-config>
+
+</network-security-config>
--- a/app/src/debug/res/xml/provider.xml
+++ b/app/src/debug/res/xml/provider.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<credential-provider>
+    <capabilities>
+        <capability name="android.credentials.TYPE_PASSWORD_CREDENTIAL" />
+        <capability name="androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" />
+    </capabilities>
+</credential-provider>
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -81,12 +81,12 @@
                <data android:scheme="https" />
                <data android:host="*.bitwarden.com" />
                <data android:host="*.bitwarden.eu" />
-                <data android:host="*.bitwarden.pw" />
                <data android:pathPattern="/redirect-connector.*" />
            </intent-filter>
            <intent-filter>
                <action android:name="com.x8bit.bitwarden.credentials.ACTION_CREATE_PASSKEY" />
                <action android:name="com.x8bit.bitwarden.credentials.ACTION_GET_PASSKEY" />
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_GET_PASSWORD" />
                <action android:name="com.x8bit.bitwarden.credentials.ACTION_UNLOCK_ACCOUNT" />

                <category android:name="android.intent.category.DEFAULT" />
@@ -330,11 +330,19 @@
            <action android:name="android.intent.action.MAIN" />
            <category android:name="android.intent.category.HOME" />
        </intent>
+        <!-- To Query Privileged Apps -->
+        <intent>
+            <action android:name="android.intent.action.VIEW" />
+            <data android:scheme="http" />
+        </intent>
        <!-- To Query Chrome Beta: -->
        <package android:name="com.chrome.beta" />

        <!-- To Query Chrome Stable: -->
        <package android:name="com.android.chrome" />
+
+        <!-- To Query Brave Stable: -->
+        <package android:name="com.brave.browser" />
    </queries>

 </manifest>
--- a/app/src/main/assets/fido2_privileged_google.json
+++ b/app/src/main/assets/fido2_privileged_google.json
@@ -779,6 +779,42 @@
          }
        ]
      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "cz.seznam.sbrowser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "DB:95:40:66:10:78:83:6E:4E:B1:66:F6:9E:F4:07:30:9E:8D:AE:33:34:68:5E:C8:F6:FA:2F:13:81:B9:AC:F6"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.opera.mini.native",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "57:AC:BC:52:5F:1B:2E:BD:19:19:6C:D6:F0:14:39:7C:C9:10:FD:18:84:1E:0A:E8:50:FE:BC:3E:1E:59:3F:F2"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.opera.mini.native.beta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "57:AC:BC:52:5F:1B:2E:BD:19:19:6C:D6:F0:14:39:7C:C9:10:FD:18:84:1E:0A:E8:50:FE:BC:3E:1E:59:3F:F2"
+          }
+        ]
+      }
    }
  ]
 }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/AccessibilityActivity.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/AccessibilityActivity.kt
@@ -1,8 +1,11 @@
 package com.x8bit.bitwarden

+import android.app.ComponentCaller
+import android.content.Intent
 import android.os.Bundle
 import androidx.appcompat.app.AppCompatActivity
 import com.bitwarden.annotation.OmitFromCoverage
+import com.bitwarden.ui.platform.util.validate

 /**
 * An activity to be launched and then immediately closed so that the OS Shade can be collapsed
@@ -11,7 +14,16 @@ import com.bitwarden.annotation.OmitFromCoverage
@OmitFromCoverage
 class AccessibilityActivity : AppCompatActivity() {
    override fun onCreate(savedInstanceState: Bundle?) {
+        intent = intent.validate()
        super.onCreate(savedInstanceState)
        finish()
    }
+
+    override fun onNewIntent(intent: Intent) {
+        super.onNewIntent(intent.validate())
+    }
+
+    override fun onNewIntent(intent: Intent, caller: ComponentCaller) {
+        super.onNewIntent(intent.validate(), caller)
+    }
 }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/AuthCallbackActivity.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/AuthCallbackActivity.kt
@@ -1,10 +1,12 @@
 package com.x8bit.bitwarden

+import android.app.ComponentCaller
 import android.content.Intent
 import android.os.Bundle
 import androidx.activity.viewModels
 import androidx.appcompat.app.AppCompatActivity
 import com.bitwarden.annotation.OmitFromCoverage
+import com.bitwarden.ui.platform.util.validate
 import dagger.hilt.android.AndroidEntryPoint

 /**
@@ -21,6 +23,7 @@ class AuthCallbackActivity : AppCompatActivity() {
    private val viewModel: AuthCallbackViewModel by viewModels()

    override fun onCreate(savedInstanceState: Bundle?) {
+        intent = intent.validate()
        super.onCreate(savedInstanceState)

        viewModel.trySendAction(AuthCallbackAction.IntentReceive(intent = intent))
@@ -35,4 +38,12 @@ class AuthCallbackActivity : AppCompatActivity() {
        startActivity(intent)
        finish()
    }
+
+    override fun onNewIntent(intent: Intent) {
+        super.onNewIntent(intent.validate())
+    }
+
+    override fun onNewIntent(intent: Intent, caller: ComponentCaller) {
+        super.onNewIntent(intent.validate(), caller)
+    }
 }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/AutofillTotpCopyActivity.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/AutofillTotpCopyActivity.kt
@@ -1,10 +1,13 @@
 package com.x8bit.bitwarden

+import android.app.ComponentCaller
+import android.content.Intent
 import android.os.Bundle
 import androidx.activity.viewModels
 import androidx.appcompat.app.AppCompatActivity
 import androidx.lifecycle.lifecycleScope
 import com.bitwarden.annotation.OmitFromCoverage
+import com.bitwarden.ui.platform.util.validate
 import com.x8bit.bitwarden.data.autofill.manager.AutofillCompletionManager
 import dagger.hilt.android.AndroidEntryPoint
 import kotlinx.coroutines.flow.launchIn
@@ -26,6 +29,7 @@ class AutofillTotpCopyActivity : AppCompatActivity() {
    private val autofillTotpCopyViewModel: AutofillTotpCopyViewModel by viewModels()

    override fun onCreate(savedInstanceState: Bundle?) {
+        intent = intent.validate()
        super.onCreate(savedInstanceState)

        observeViewModelEvents()
@@ -37,6 +41,14 @@ class AutofillTotpCopyActivity : AppCompatActivity() {
        )
    }

+    override fun onNewIntent(intent: Intent) {
+        super.onNewIntent(intent.validate())
+    }
+
+    override fun onNewIntent(intent: Intent, caller: ComponentCaller) {
+        super.onNewIntent(intent.validate(), caller)
+    }
+
    private fun observeViewModelEvents() {
        autofillTotpCopyViewModel
            .eventFlow
--- a/app/src/main/kotlin/com/x8bit/bitwarden/AutofillTotpCopyViewModel.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/AutofillTotpCopyViewModel.kt
@@ -7,12 +7,12 @@ import com.bitwarden.vault.CipherView
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.autofill.util.getTotpCopyIntentOrNull
 import com.x8bit.bitwarden.data.platform.util.launchWithTimeout
+import com.x8bit.bitwarden.data.vault.manager.model.GetCipherResult
 import com.x8bit.bitwarden.data.vault.repository.VaultRepository
 import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockData
 import com.x8bit.bitwarden.data.vault.repository.util.statusFor
 import dagger.hilt.android.lifecycle.HiltViewModel
 import kotlinx.coroutines.flow.first
-import kotlinx.coroutines.flow.mapNotNull
 import javax.inject.Inject

 /**
@@ -55,19 +55,13 @@ class AutofillTotpCopyViewModel @Inject constructor(
                }

                // Try and find the matching cipher.
-                vaultRepository
-                    .ciphersStateFlow
-                    .mapNotNull { it.data }
-                    .first()
-                    .find { it.id == cipherId }
-                    ?.let { cipherView ->
-                        sendEvent(
-                            AutofillTotpCopyEvent.CompleteAutofill(
-                                cipherView = cipherView,
-                            ),
-                        )
+                when (val result = vaultRepository.getCipher(cipherId = cipherId)) {
+                    GetCipherResult.CipherNotFound -> finishActivity()
+                    is GetCipherResult.Failure -> finishActivity()
+                    is GetCipherResult.Success -> {
+                        sendEvent(AutofillTotpCopyEvent.CompleteAutofill(result.cipherView))
                    }
-                    ?: finishActivity()
+                }
            }
    }

--- a/app/src/main/kotlin/com/x8bit/bitwarden/MainActivity.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/MainActivity.kt
@@ -1,5 +1,6 @@
 package com.x8bit.bitwarden

+import android.app.ComponentCaller
 import android.content.Intent
 import android.os.Build
 import android.os.Bundle
@@ -23,6 +24,7 @@ import com.bitwarden.annotation.OmitFromCoverage
 import com.bitwarden.ui.platform.base.util.EventsEffect
 import com.bitwarden.ui.platform.theme.BitwardenTheme
 import com.bitwarden.ui.platform.util.setupEdgeToEdge
+import com.bitwarden.ui.platform.util.validate
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityCompletionManager
 import com.x8bit.bitwarden.data.autofill.manager.AutofillActivityManager
 import com.x8bit.bitwarden.data.autofill.manager.AutofillCompletionManager
@@ -67,10 +69,11 @@ class MainActivity : AppCompatActivity() {
    lateinit var debugLaunchManager: DebugMenuLaunchManager

    override fun onCreate(savedInstanceState: Bundle?) {
+        intent = intent.validate()
        var shouldShowSplashScreen = true
        installSplashScreen().setKeepOnScreenCondition { shouldShowSplashScreen }
        super.onCreate(savedInstanceState)
-
+        window.decorView.filterTouchesWhenObscured = true
        if (savedInstanceState == null) {
            mainViewModel.trySendAction(MainAction.ReceiveFirstIntent(intent = intent))
        }
@@ -114,8 +117,15 @@ class MainActivity : AppCompatActivity() {
    }

    override fun onNewIntent(intent: Intent) {
-        super.onNewIntent(intent)
-        mainViewModel.trySendAction(action = MainAction.ReceiveNewIntent(intent = intent))
+        val newIntent = intent.validate()
+        super.onNewIntent(newIntent)
+        mainViewModel.trySendAction(action = MainAction.ReceiveNewIntent(intent = newIntent))
+    }
+
+    override fun onNewIntent(intent: Intent, caller: ComponentCaller) {
+        val newIntent = intent.validate()
+        super.onNewIntent(newIntent, caller)
+        mainViewModel.trySendAction(action = MainAction.ReceiveNewIntent(intent = newIntent))
    }

    override fun onResume() {
--- a/app/src/main/kotlin/com/x8bit/bitwarden/MainViewModel.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/MainViewModel.kt
@@ -6,6 +6,7 @@ import androidx.lifecycle.SavedStateHandle
 import androidx.lifecycle.viewModelScope
 import com.bitwarden.ui.platform.base.BaseViewModel
 import com.bitwarden.ui.platform.feature.settings.appearance.model.AppTheme
+import com.bitwarden.ui.platform.resource.BitwardenString
 import com.bitwarden.ui.util.Text
 import com.bitwarden.ui.util.asText
 import com.bitwarden.vault.CipherView
@@ -22,13 +23,12 @@ import com.x8bit.bitwarden.data.credentials.manager.BitwardenCredentialManager
 import com.x8bit.bitwarden.data.credentials.util.getCreateCredentialRequestOrNull
 import com.x8bit.bitwarden.data.credentials.util.getFido2AssertionRequestOrNull
 import com.x8bit.bitwarden.data.credentials.util.getGetCredentialsRequestOrNull
+import com.x8bit.bitwarden.data.credentials.util.getProviderGetPasswordRequestOrNull
 import com.x8bit.bitwarden.data.platform.manager.AppResumeManager
-import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
 import com.x8bit.bitwarden.data.platform.manager.SpecialCircumstanceManager
 import com.x8bit.bitwarden.data.platform.manager.garbage.GarbageCollectionManager
 import com.x8bit.bitwarden.data.platform.manager.model.AppResumeScreenData
 import com.x8bit.bitwarden.data.platform.manager.model.CompleteRegistrationData
-import com.x8bit.bitwarden.data.platform.manager.model.FlagKey
 import com.x8bit.bitwarden.data.platform.manager.model.SpecialCircumstance
 import com.x8bit.bitwarden.data.platform.repository.EnvironmentRepository
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
@@ -68,7 +68,6 @@ private const val ANIMATION_REFRESH_DELAY = 500L
 class MainViewModel @Inject constructor(
    accessibilitySelectionManager: AccessibilitySelectionManager,
    autofillSelectionManager: AutofillSelectionManager,
-    featureFlagManager: FeatureFlagManager,
    private val addTotpItemFromAuthenticatorManager: AddTotpItemFromAuthenticatorManager,
    private val specialCircumstanceManager: SpecialCircumstanceManager,
    private val garbageCollectionManager: GarbageCollectionManager,
@@ -85,9 +84,6 @@ class MainViewModel @Inject constructor(
    initialState = MainState(
        theme = settingsRepository.appTheme,
        isScreenCaptureAllowed = settingsRepository.isScreenCaptureAllowed,
-        isErrorReportingDialogEnabled = featureFlagManager.getFeatureFlag(
-            key = FlagKey.MobileErrorReporting,
-        ),
        isDynamicColorsEnabled = settingsRepository.isDynamicColorsEnabled,
    ),
 ) {
@@ -106,12 +102,6 @@ class MainViewModel @Inject constructor(
            .onEach { specialCircumstance = it }
            .launchIn(viewModelScope)

-        featureFlagManager
-            .getFeatureFlagFlow(key = FlagKey.MobileErrorReporting)
-            .map { MainAction.Internal.OnMobileErrorReportingReceive(it) }
-            .onEach(::sendAction)
-            .launchIn(viewModelScope)
-
        accessibilitySelectionManager
            .accessibilitySelectionFlow
            .map { MainAction.Internal.AccessibilitySelectionReceive(it) }
@@ -217,17 +207,6 @@ class MainViewModel @Inject constructor(
            is MainAction.Internal.ThemeUpdate -> handleAppThemeUpdated(action)
            is MainAction.Internal.VaultUnlockStateChange -> handleVaultUnlockStateChange()
            is MainAction.Internal.DynamicColorsUpdate -> handleDynamicColorsUpdate(action)
-            is MainAction.Internal.OnMobileErrorReportingReceive -> {
-                handleOnMobileErrorReportingReceive(action)
-            }
-        }
-    }
-
-    private fun handleOnMobileErrorReportingReceive(
-        action: MainAction.Internal.OnMobileErrorReportingReceive,
-    ) {
-        mutableStateFlow.update {
-            it.copy(isErrorReportingDialogEnabled = action.isErrorReportingEnabled)
        }
    }

@@ -325,6 +304,7 @@ class MainViewModel @Inject constructor(
        val createCredentialRequest = intent.getCreateCredentialRequestOrNull()
        val getCredentialsRequest = intent.getGetCredentialsRequestOrNull()
        val fido2AssertCredentialRequest = intent.getFido2AssertionRequestOrNull()
+        val providerGetPasswordRequest = intent.getProviderGetPasswordRequestOrNull()
        when {
            passwordlessRequestData != null -> {
                authRepository.activeUserId?.let {
@@ -415,6 +395,19 @@ class MainViewModel @Inject constructor(
                    )
            }

+            providerGetPasswordRequest != null -> {
+                // Set the user's verification status when a new GetPassword request is
+                // received to force explicit verification if the user's vault is
+                // unlocked when the request is received.
+                bitwardenCredentialManager.isUserVerified =
+                    providerGetPasswordRequest.isUserPreVerified
+
+                specialCircumstanceManager.specialCircumstance =
+                    SpecialCircumstance.ProviderGetPasswordRequest(
+                        passwordGetRequest = providerGetPasswordRequest,
+                    )
+            }
+
            getCredentialsRequest != null -> {
                specialCircumstanceManager.specialCircumstance =
                    SpecialCircumstance.ProviderGetCredentials(
@@ -460,7 +453,8 @@ class MainViewModel @Inject constructor(
                            message = emailTokenResult
                                .message
                                ?.asText()
-                                ?: R.string.there_was_an_issue_validating_the_registration_token
+                                ?: BitwardenString
+                                    .there_was_an_issue_validating_the_registration_token
                                    .asText(),
                        ),
                    )
@@ -495,15 +489,12 @@ data class MainState(
    val theme: AppTheme,
    val isScreenCaptureAllowed: Boolean,
    val isDynamicColorsEnabled: Boolean,
-    private val isErrorReportingDialogEnabled: Boolean,
 ) : Parcelable {
    /**
     * Contains all feature flags that are available to the UI.
     */
    val featureFlagsState: FeatureFlagsState
-        get() = FeatureFlagsState(
-            isErrorReportingDialogEnabled = isErrorReportingDialogEnabled,
-        )
+        get() = FeatureFlagsState
 }

 /**
@@ -548,13 +539,6 @@ sealed class MainAction {
            val cipherView: CipherView,
        ) : Internal()

-        /**
-         * Indicates the Mobile Error Reporting feature flag has been updated.
-         */
-        data class OnMobileErrorReportingReceive(
-            val isErrorReportingEnabled: Boolean,
-        ) : Internal()
-
        /**
         * Indicates the user has manually selected the given [cipherView] for autofill.
         */
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/AuthRequestNotificationManagerImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/AuthRequestNotificationManagerImpl.kt
@@ -9,7 +9,8 @@ import androidx.core.app.NotificationCompat
 import androidx.core.app.NotificationManagerCompat
 import com.bitwarden.annotation.OmitFromCoverage
 import com.bitwarden.data.manager.DispatcherManager
-import com.x8bit.bitwarden.R
+import com.bitwarden.ui.platform.resource.BitwardenDrawable
+import com.bitwarden.ui.platform.resource.BitwardenString
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.auth.util.createPasswordlessRequestDataIntent
 import com.x8bit.bitwarden.data.autofill.util.toPendingIntentMutabilityFlag
@@ -48,14 +49,14 @@ class AuthRequestNotificationManagerImpl(
                    NOTIFICATION_CHANNEL_ID,
                    NotificationManagerCompat.IMPORTANCE_DEFAULT,
                )
-                .setName(context.getString(R.string.pending_log_in_requests))
+                .setName(context.getString(BitwardenString.pending_log_in_requests))
                .build(),
        )
        if (!notificationManager.areNotificationsEnabled(NOTIFICATION_CHANNEL_ID)) return
        // Create the notification
        val builder = NotificationCompat.Builder(context, NOTIFICATION_CHANNEL_ID)
            .setContentIntent(createContentIntent(data))
-            .setContentTitle(context.getString(R.string.log_in_requested))
+            .setContentTitle(context.getString(BitwardenString.log_in_requested))
            .setContentText(
                authDiskSource
                    .userState
@@ -63,10 +64,10 @@ class AuthRequestNotificationManagerImpl(
                    ?.get(data.userId)
                    ?.profile
                    ?.email
-                    ?.let { context.getString(R.string.confim_log_in_attemp_for_x, it) }
-                    ?: context.getString(R.string.confirm_log_in),
+                    ?.let { context.getString(BitwardenString.confim_log_in_attemp_for_x, it) }
+                    ?: context.getString(BitwardenString.confirm_log_in),
            )
-            .setSmallIcon(R.drawable.ic_notification)
+            .setSmallIcon(BitwardenDrawable.ic_notification)
            .setColor(Color.White.value.toInt())
            .setAutoCancel(true)
            .setTimeoutAfter(NOTIFICATION_DEFAULT_TIMEOUT_MILLIS)
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/UserLogoutManagerImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/UserLogoutManagerImpl.kt
@@ -1,11 +1,10 @@
 package com.x8bit.bitwarden.data.auth.manager

-import android.content.Context
-import android.widget.Toast
 import androidx.annotation.StringRes
+import com.bitwarden.core.data.manager.toast.ToastManager
 import com.bitwarden.core.data.repository.util.bufferedMutableSharedFlow
 import com.bitwarden.data.manager.DispatcherManager
-import com.x8bit.bitwarden.R
+import com.bitwarden.ui.platform.resource.BitwardenString
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.auth.manager.model.LogoutEvent
 import com.x8bit.bitwarden.data.auth.repository.model.LogoutReason
@@ -27,15 +26,15 @@ import timber.log.Timber
 */
@Suppress("LongParameterList")
 class UserLogoutManagerImpl(
-    private val context: Context,
    private val authDiskSource: AuthDiskSource,
    private val generatorDiskSource: GeneratorDiskSource,
    private val passwordHistoryDiskSource: PasswordHistoryDiskSource,
    private val pushDiskSource: PushDiskSource,
    private val settingsDiskSource: SettingsDiskSource,
+    private val toastManager: ToastManager,
    private val vaultDiskSource: VaultDiskSource,
-    dispatcherManager: DispatcherManager,
    private val vaultSdkSource: VaultSdkSource,
+    dispatcherManager: DispatcherManager,
 ) : UserLogoutManager {
    private val scope = CoroutineScope(dispatcherManager.unconfined)
    private val mainScope = CoroutineScope(dispatcherManager.main)
@@ -49,7 +48,7 @@ class UserLogoutManagerImpl(
        Timber.d("logout reason=$reason")
        val isExpired = reason == LogoutReason.SecurityStamp
        if (isExpired) {
-            showToast(message = R.string.login_expired)
+            showToast(message = BitwardenString.login_expired)
        }

        val ableToSwitchToNewAccount = switchUserIfAvailable(
@@ -71,7 +70,7 @@ class UserLogoutManagerImpl(
        Timber.d("softLogout reason=$reason")
        val isExpired = reason == LogoutReason.SecurityStamp
        if (isExpired) {
-            showToast(message = R.string.login_expired)
+            showToast(message = BitwardenString.login_expired)
        }
        authDiskSource.storeAccountTokens(
            userId = userId,
@@ -81,6 +80,7 @@ class UserLogoutManagerImpl(
        // Save any data that will still need to be retained after otherwise clearing all dat
        val vaultTimeoutInMinutes = settingsDiskSource.getVaultTimeoutInMinutes(userId = userId)
        val vaultTimeoutAction = settingsDiskSource.getVaultTimeoutAction(userId = userId)
+        val pinProtectedUserKey = authDiskSource.getPinProtectedUserKey(userId = userId)

        switchUserIfAvailable(
            currentUserId = userId,
@@ -102,6 +102,10 @@ class UserLogoutManagerImpl(
                vaultTimeoutAction = vaultTimeoutAction,
            )
        }
+        authDiskSource.storePinProtectedUserKey(
+            userId = userId,
+            pinProtectedUserKey = pinProtectedUserKey,
+        )
    }

    private fun clearData(userId: String) {
@@ -117,7 +121,7 @@ class UserLogoutManagerImpl(
    }

    private fun showToast(@StringRes message: Int) {
-        mainScope.launch { Toast.makeText(context, message, Toast.LENGTH_SHORT).show() }
+        mainScope.launch { toastManager.show(messageId = message) }
    }

    private fun switchUserIfAvailable(
@@ -136,7 +140,7 @@ class UserLogoutManagerImpl(
        // Check if there is a new active user
        return if (updatedAccounts.isNotEmpty()) {
            if (currentUserId == currentUserState.activeUserId && !isExpired) {
-                showToast(message = R.string.account_switched_automatically)
+                showToast(message = BitwardenString.account_switched_automatically)
            }

            // If we logged out a non-active user, we want to leave the active user unchanged.
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/di/AuthManagerModule.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/di/AuthManagerModule.kt
@@ -1,6 +1,7 @@
 package com.x8bit.bitwarden.data.auth.manager.di

 import android.content.Context
+import com.bitwarden.core.data.manager.toast.ToastManager
 import com.bitwarden.data.manager.DispatcherManager
 import com.bitwarden.network.service.AccountsService
 import com.bitwarden.network.service.AuthRequestsService
@@ -107,23 +108,23 @@ object AuthManagerModule {
    @Provides
    @Singleton
    fun provideUserLogoutManager(
-        @ApplicationContext context: Context,
        authDiskSource: AuthDiskSource,
        generatorDiskSource: GeneratorDiskSource,
        passwordHistoryDiskSource: PasswordHistoryDiskSource,
        pushDiskSource: PushDiskSource,
        settingsDiskSource: SettingsDiskSource,
+        toastManager: ToastManager,
        vaultDiskSource: VaultDiskSource,
        vaultSdkSource: VaultSdkSource,
        dispatcherManager: DispatcherManager,
    ): UserLogoutManager =
        UserLogoutManagerImpl(
-            context = context,
            authDiskSource = authDiskSource,
            generatorDiskSource = generatorDiskSource,
            passwordHistoryDiskSource = passwordHistoryDiskSource,
            pushDiskSource = pushDiskSource,
            settingsDiskSource = settingsDiskSource,
+            toastManager = toastManager,
            vaultDiskSource = vaultDiskSource,
            vaultSdkSource = vaultSdkSource,
            dispatcherManager = dispatcherManager,
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/model/PolicyInformation.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/model/PolicyInformation.kt
@@ -1,5 +1,6 @@
 package com.x8bit.bitwarden.data.auth.repository.model

+import com.bitwarden.network.model.SyncResponseJson
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable

--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/auth/util/PasswordlessRequestDataUtils.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/auth/util/PasswordlessRequestDataUtils.kt
@@ -4,7 +4,7 @@ import android.content.Context
 import android.content.Intent
 import com.x8bit.bitwarden.MainActivity
 import com.x8bit.bitwarden.data.platform.manager.model.PasswordlessRequestData
-import com.x8bit.bitwarden.data.platform.util.getSafeParcelableExtra
+import com.bitwarden.ui.platform.util.getSafeParcelableExtra

 private const val NOTIFICATION_DATA: String = "notificationData"

--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/accessibility/di/AccessibilityModule.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/accessibility/di/AccessibilityModule.kt
@@ -4,6 +4,7 @@ import android.content.Context
 import android.content.pm.PackageManager
 import android.os.PowerManager
 import android.view.accessibility.AccessibilityManager
+import com.bitwarden.core.data.manager.toast.ToastManager
 import com.bitwarden.data.manager.DispatcherManager
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityAutofillManager
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityAutofillManagerImpl
@@ -89,6 +90,7 @@ object AccessibilityModule {
        accessibilityAutofillManager: AccessibilityAutofillManager,
        launcherPackageNameManager: LauncherPackageNameManager,
        powerManager: PowerManager,
+        toastManager: ToastManager,
    ): BitwardenAccessibilityProcessor =
        BitwardenAccessibilityProcessorImpl(
            context = context,
@@ -96,6 +98,7 @@ object AccessibilityModule {
            accessibilityAutofillManager = accessibilityAutofillManager,
            launcherPackageNameManager = launcherPackageNameManager,
            powerManager = powerManager,
+            toastManager = toastManager,
        )

    @Singleton
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/accessibility/processor/BitwardenAccessibilityProcessorImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/accessibility/processor/BitwardenAccessibilityProcessorImpl.kt
@@ -5,7 +5,8 @@ import android.os.PowerManager
 import android.view.accessibility.AccessibilityEvent
 import android.view.accessibility.AccessibilityNodeInfo
 import android.widget.Toast
-import com.x8bit.bitwarden.R
+import com.bitwarden.core.data.manager.toast.ToastManager
+import com.bitwarden.ui.platform.resource.BitwardenString
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityAutofillManager
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.LauncherPackageNameManager
 import com.x8bit.bitwarden.data.autofill.accessibility.model.AccessibilityAction
@@ -26,6 +27,7 @@ class BitwardenAccessibilityProcessorImpl(
    private val accessibilityAutofillManager: AccessibilityAutofillManager,
    private val launcherPackageNameManager: LauncherPackageNameManager,
    private val powerManager: PowerManager,
+    private val toastManager: ToastManager,
 ) : BitwardenAccessibilityProcessor {
    override fun processAccessibilityEvent(
        event: AccessibilityEvent,
@@ -110,13 +112,10 @@ class BitwardenAccessibilityProcessorImpl(
                )
            }
            ?: run {
-                Toast
-                    .makeText(
-                        context,
-                        R.string.autofill_tile_uri_not_found,
-                        Toast.LENGTH_LONG,
-                    )
-                    .show()
+                toastManager.show(
+                    messageId = BitwardenString.autofill_tile_uri_not_found,
+                    duration = Toast.LENGTH_LONG,
+                )
            }
    }

--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/builder/FillResponseBuilderImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/builder/FillResponseBuilderImpl.kt
@@ -10,6 +10,7 @@ import com.x8bit.bitwarden.data.autofill.util.buildDataset
 import com.x8bit.bitwarden.data.autofill.util.buildVaultItemDataset
 import com.x8bit.bitwarden.data.autofill.util.createTotpCopyIntentSender
 import com.x8bit.bitwarden.data.autofill.util.fillableAutofillIds
+import timber.log.Timber

 /**
 * The default implementation for [FillResponseBuilder]. This is a component for compiling fulfilled
@@ -22,12 +23,9 @@ class FillResponseBuilderImpl : FillResponseBuilder {
        saveInfo: SaveInfo?,
    ): FillResponse? =
        if (filledData.fillableAutofillIds.isNotEmpty()) {
+            Timber.w("Autofill request constructing FillResponse")
            val fillResponseBuilder = FillResponse.Builder()
-
-            saveInfo
-                ?.let { nonNullSaveInfo ->
-                    fillResponseBuilder.setSaveInfo(nonNullSaveInfo)
-                }
+            saveInfo?.let { nonNullSaveInfo -> fillResponseBuilder.setSaveInfo(nonNullSaveInfo) }

            filledData
                .filledPartitions
@@ -52,12 +50,7 @@ class FillResponseBuilderImpl : FillResponseBuilder {

            fillResponseBuilder
                // Add the Vault Item
-                .addDataset(
-                    filledData
-                        .buildVaultItemDataset(
-                            autofillAppInfo = autofillAppInfo,
-                        ),
-                )
+                .addDataset(filledData.buildVaultItemDataset(autofillAppInfo = autofillAppInfo))
                .setIgnoredIds(*filledData.ignoreAutofillIds.toTypedArray())
                .build()
        } else {
@@ -66,6 +59,7 @@ class FillResponseBuilderImpl : FillResponseBuilder {
            // with a presentation view. Neither of these make sense in the case where we have no
            // views to fill. What we are supposed to do when we cannot fulfill a request is
            // replace [FillResponse] with null in order to avoid this crash.
+            Timber.w("Autofill request has no fillable ids")
            null
        }
 }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/builder/FilledDataBuilderImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/builder/FilledDataBuilderImpl.kt
@@ -9,6 +9,7 @@ import com.x8bit.bitwarden.data.autofill.model.FilledData
 import com.x8bit.bitwarden.data.autofill.model.FilledPartition
 import com.x8bit.bitwarden.data.autofill.provider.AutofillCipherProvider
 import com.x8bit.bitwarden.data.autofill.util.buildFilledItemOrNull
+import timber.log.Timber

 /**
 * The maximum amount of filled partitions the user will see. Viewing the rest will require opening
@@ -34,6 +35,7 @@ class FilledDataBuilderImpl(
    private val autofillCipherProvider: AutofillCipherProvider,
 ) : FilledDataBuilder {
    override suspend fun build(autofillRequest: AutofillRequest.Fillable): FilledData {
+        Timber.d("Autofill request constructing FilledData")
        val isVaultLocked = autofillCipherProvider.isVaultLocked()

        // Subtract one to make sure there is space for the vault item.
@@ -84,7 +86,7 @@ class FilledDataBuilderImpl(
                                )
                            }
                    }
-                    ?: emptyList()
+                    .orEmpty()
            }
        }

--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/builder/SaveInfoBuilderImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/builder/SaveInfoBuilderImpl.kt
@@ -4,6 +4,7 @@ import android.service.autofill.FillRequest
 import android.service.autofill.SaveInfo
 import com.x8bit.bitwarden.data.autofill.model.AutofillPartition
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
+import timber.log.Timber

 /**
 * The primary implementation of [SaveInfoBuilder].This is used for converting autofill data into
@@ -18,6 +19,7 @@ class SaveInfoBuilderImpl(
        fillRequest: FillRequest,
        packageName: String?,
    ): SaveInfo? {
+        Timber.d("Autofill request constructing SaveInfo -- ${fillRequest.id}")
        // Make sure that the save prompt is possible.
        val canPerformSaveRequest = autofillPartition.canPerformSaveRequest
        if (settingsRepository.isAutofillSavePromptDisabled || !canPerformSaveRequest) return null
@@ -26,6 +28,7 @@ class SaveInfoBuilderImpl(
        // in Compat mode since they show as masked values.
        val isInCompatMode = (fillRequest.flags or
            FillRequest.FLAG_COMPATIBILITY_MODE_REQUEST) == fillRequest.flags
+        Timber.d("Autofill request isInCompatMode=$isInCompatMode -- ${fillRequest.id}")

        // If login and compat mode, the password might be obfuscated,
        // in which case we should skip the save request.
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/di/ActivityAutofillModule.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/di/ActivityAutofillModule.kt
@@ -8,9 +8,9 @@ import androidx.lifecycle.lifecycleScope
 import com.x8bit.bitwarden.data.autofill.manager.AutofillActivityManager
 import com.x8bit.bitwarden.data.autofill.manager.AutofillActivityManagerImpl
 import com.x8bit.bitwarden.data.autofill.manager.AutofillEnabledManager
-import com.x8bit.bitwarden.data.autofill.manager.chrome.ChromeThirdPartyAutofillEnabledManager
-import com.x8bit.bitwarden.data.autofill.manager.chrome.ChromeThirdPartyAutofillManager
-import com.x8bit.bitwarden.data.autofill.manager.chrome.ChromeThirdPartyAutofillManagerImpl
+import com.x8bit.bitwarden.data.autofill.manager.browser.BrowserThirdPartyAutofillEnabledManager
+import com.x8bit.bitwarden.data.autofill.manager.browser.BrowserThirdPartyAutofillManager
+import com.x8bit.bitwarden.data.autofill.manager.browser.BrowserThirdPartyAutofillManagerImpl
 import com.x8bit.bitwarden.data.platform.manager.AppStateManager
 import dagger.Module
 import dagger.Provides
@@ -29,9 +29,9 @@ object ActivityAutofillModule {
    @ActivityScoped
    @ActivityScopedManager
    @Provides
-    fun provideActivityScopedChromeThirdPartyAutofillManager(
+    fun provideActivityScopedBrowserThirdPartyAutofillManager(
        activity: Activity,
-    ): ChromeThirdPartyAutofillManager = ChromeThirdPartyAutofillManagerImpl(
+    ): BrowserThirdPartyAutofillManager = BrowserThirdPartyAutofillManagerImpl(
        context = activity.baseContext,
    )

@@ -39,19 +39,19 @@ object ActivityAutofillModule {
    @Provides
    fun provideAutofillActivityManager(
        @ActivityScopedManager autofillManager: AutofillManager,
-        @ActivityScopedManager chromeThirdPartyAutofillManager: ChromeThirdPartyAutofillManager,
+        @ActivityScopedManager browserThirdPartyAutofillManager: BrowserThirdPartyAutofillManager,
        appStateManager: AppStateManager,
        autofillEnabledManager: AutofillEnabledManager,
        lifecycleScope: LifecycleCoroutineScope,
-        chromeThirdPartyAutofillEnabledManager: ChromeThirdPartyAutofillEnabledManager,
+        browserThirdPartyAutofillEnabledManager: BrowserThirdPartyAutofillEnabledManager,
    ): AutofillActivityManager =
        AutofillActivityManagerImpl(
            autofillManager = autofillManager,
-            chromeThirdPartyAutofillManager = chromeThirdPartyAutofillManager,
+            browserThirdPartyAutofillManager = browserThirdPartyAutofillManager,
            appStateManager = appStateManager,
            autofillEnabledManager = autofillEnabledManager,
            lifecycleScope = lifecycleScope,
-            chromeThirdPartyAutofillEnabledManager = chromeThirdPartyAutofillEnabledManager,
+            browserThirdPartyAutofillEnabledManager = browserThirdPartyAutofillEnabledManager,
        )

    /**
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/di/AutofillModule.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/di/AutofillModule.kt
@@ -16,15 +16,14 @@ import com.x8bit.bitwarden.data.autofill.manager.AutofillEnabledManager
 import com.x8bit.bitwarden.data.autofill.manager.AutofillEnabledManagerImpl
 import com.x8bit.bitwarden.data.autofill.manager.AutofillTotpManager
 import com.x8bit.bitwarden.data.autofill.manager.AutofillTotpManagerImpl
-import com.x8bit.bitwarden.data.autofill.manager.chrome.ChromeThirdPartyAutofillEnabledManager
-import com.x8bit.bitwarden.data.autofill.manager.chrome.ChromeThirdPartyAutofillEnabledManagerImpl
+import com.x8bit.bitwarden.data.autofill.manager.browser.BrowserThirdPartyAutofillEnabledManager
+import com.x8bit.bitwarden.data.autofill.manager.browser.BrowserThirdPartyAutofillEnabledManagerImpl
 import com.x8bit.bitwarden.data.autofill.parser.AutofillParser
 import com.x8bit.bitwarden.data.autofill.parser.AutofillParserImpl
 import com.x8bit.bitwarden.data.autofill.processor.AutofillProcessor
 import com.x8bit.bitwarden.data.autofill.processor.AutofillProcessorImpl
 import com.x8bit.bitwarden.data.autofill.provider.AutofillCipherProvider
 import com.x8bit.bitwarden.data.autofill.provider.AutofillCipherProviderImpl
-import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
 import com.x8bit.bitwarden.data.platform.manager.PolicyManager
 import com.x8bit.bitwarden.data.platform.manager.ciphermatching.CipherMatchingManager
 import com.x8bit.bitwarden.data.platform.manager.clipboard.BitwardenClipboardManager
@@ -59,12 +58,8 @@ object AutofillModule {

    @Singleton
    @Provides
-    fun providesChromeAutofillEnabledManager(
-        featureFlagManager: FeatureFlagManager,
-    ): ChromeThirdPartyAutofillEnabledManager =
-        ChromeThirdPartyAutofillEnabledManagerImpl(
-            featureFlagManager = featureFlagManager,
-        )
+    fun providesBrowserAutofillEnabledManager(): BrowserThirdPartyAutofillEnabledManager =
+        BrowserThirdPartyAutofillEnabledManagerImpl()

    @Singleton
    @Provides
@@ -93,7 +88,6 @@ object AutofillModule {
    @Singleton
    @Provides
    fun providesAutofillTotpManager(
-        @ApplicationContext context: Context,
        clock: Clock,
        clipboardManager: BitwardenClipboardManager,
        authRepository: AuthRepository,
@@ -101,7 +95,6 @@ object AutofillModule {
        vaultRepository: VaultRepository,
    ): AutofillTotpManager =
        AutofillTotpManagerImpl(
-            context = context,
            clock = clock,
            clipboardManager = clipboardManager,
            authRepository = authRepository,
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/AutofillActivityManagerImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/AutofillActivityManagerImpl.kt
@@ -2,9 +2,9 @@ package com.x8bit.bitwarden.data.autofill.manager

 import android.view.autofill.AutofillManager
 import androidx.lifecycle.LifecycleCoroutineScope
-import com.x8bit.bitwarden.data.autofill.manager.chrome.ChromeThirdPartyAutofillEnabledManager
-import com.x8bit.bitwarden.data.autofill.manager.chrome.ChromeThirdPartyAutofillManager
-import com.x8bit.bitwarden.data.autofill.model.chrome.ChromeThirdPartyAutofillStatus
+import com.x8bit.bitwarden.data.autofill.manager.browser.BrowserThirdPartyAutofillEnabledManager
+import com.x8bit.bitwarden.data.autofill.manager.browser.BrowserThirdPartyAutofillManager
+import com.x8bit.bitwarden.data.autofill.model.browser.BrowserThirdPartyAutofillStatus
 import com.x8bit.bitwarden.data.platform.manager.AppStateManager
 import kotlinx.coroutines.flow.launchIn
 import kotlinx.coroutines.flow.onEach
@@ -14,21 +14,22 @@ import kotlinx.coroutines.flow.onEach
 */
 class AutofillActivityManagerImpl(
    private val autofillManager: AutofillManager,
-    private val chromeThirdPartyAutofillManager: ChromeThirdPartyAutofillManager,
+    private val browserThirdPartyAutofillManager: BrowserThirdPartyAutofillManager,
    autofillEnabledManager: AutofillEnabledManager,
    appStateManager: AppStateManager,
    lifecycleScope: LifecycleCoroutineScope,
-    chromeThirdPartyAutofillEnabledManager: ChromeThirdPartyAutofillEnabledManager,
+    browserThirdPartyAutofillEnabledManager: BrowserThirdPartyAutofillEnabledManager,
 ) : AutofillActivityManager {
    private val isAutofillEnabledAndSupported: Boolean
        get() = autofillManager.isEnabled &&
            autofillManager.hasEnabledAutofillServices() &&
            autofillManager.isAutofillSupported

-    private val chromeAutofillStatus: ChromeThirdPartyAutofillStatus
-        get() = ChromeThirdPartyAutofillStatus(
-            stableStatusData = chromeThirdPartyAutofillManager.stableChromeAutofillStatus,
-            betaChannelStatusData = chromeThirdPartyAutofillManager.betaChromeAutofillStatus,
+    private val browserAutofillStatus: BrowserThirdPartyAutofillStatus
+        get() = BrowserThirdPartyAutofillStatus(
+            braveStableStatusData = browserThirdPartyAutofillManager.stableBraveAutofillStatus,
+            chromeStableStatusData = browserThirdPartyAutofillManager.stableChromeAutofillStatus,
+            chromeBetaChannelStatusData = browserThirdPartyAutofillManager.betaChromeAutofillStatus,
        )

    init {
@@ -36,8 +37,8 @@ class AutofillActivityManagerImpl(
            .appForegroundStateFlow
            .onEach {
                autofillEnabledManager.isAutofillEnabled = isAutofillEnabledAndSupported
-                chromeThirdPartyAutofillEnabledManager.chromeThirdPartyAutofillStatus =
-                    chromeAutofillStatus
+                browserThirdPartyAutofillEnabledManager.browserThirdPartyAutofillStatus =
+                    browserAutofillStatus
            }
            .launchIn(lifecycleScope)
    }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/AutofillTotpManagerImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/AutofillTotpManagerImpl.kt
@@ -1,10 +1,8 @@
 package com.x8bit.bitwarden.data.autofill.manager

-import android.content.Context
-import android.widget.Toast
+import com.bitwarden.ui.platform.resource.BitwardenString
 import com.bitwarden.ui.util.asText
 import com.bitwarden.vault.CipherView
-import com.x8bit.bitwarden.R
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.platform.manager.clipboard.BitwardenClipboardManager
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
@@ -16,7 +14,6 @@ import java.time.Clock
 * Default implementation of the [AutofillTotpManager].
 */
 class AutofillTotpManagerImpl(
-    private val context: Context,
    private val clock: Clock,
    private val clipboardManager: BitwardenClipboardManager,
    private val authRepository: AuthRepository,
@@ -27,25 +24,19 @@ class AutofillTotpManagerImpl(
        if (settingsRepository.isAutoCopyTotpDisabled) return
        val isPremium = authRepository.userStateFlow.value?.activeAccount?.isPremium == true
        if (!isPremium && !cipherView.organizationUseTotp) return
-        val totpCode = cipherView.login?.totp ?: return
+        cipherView.login?.totp ?: return
+        val cipherId = cipherView.id ?: return

        val totpResult = vaultRepository.generateTotp(
            time = clock.instant(),
-            totpCode = totpCode,
+            cipherId = cipherId,
        )

        if (totpResult is GenerateTotpResult.Success) {
            clipboardManager.setText(
                text = totpResult.code,
-                toastDescriptorOverride = R.string.verification_code_totp.asText(),
+                toastDescriptorOverride = BitwardenString.verification_code_totp.asText(),
            )
-            Toast
-                .makeText(
-                    context.applicationContext,
-                    R.string.verification_code_totp,
-                    Toast.LENGTH_LONG,
-                )
-                .show()
        }
    }
 }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/browser/BrowserThirdPartyAutofillEnabledManager.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/browser/BrowserThirdPartyAutofillEnabledManager.kt
@@ -0,0 +1,22 @@
+package com.x8bit.bitwarden.data.autofill.manager.browser
+
+import com.x8bit.bitwarden.data.autofill.model.browser.BrowserThirdPartyAutofillStatus
+import kotlinx.coroutines.flow.Flow
+import kotlinx.coroutines.flow.StateFlow
+
+/**
+ * Manager which provides whether specific browser versions have third party autofill available and
+ * enabled.
+ */
+interface BrowserThirdPartyAutofillEnabledManager {
+    /**
+     * Combined status for all concerned browser versions.
+     */
+    var browserThirdPartyAutofillStatus: BrowserThirdPartyAutofillStatus
+
+    /**
+     * An observable [StateFlow] of the combined third party autofill status of all concerned
+     * browser versions.
+     */
+    val browserThirdPartyAutofillStatusFlow: Flow<BrowserThirdPartyAutofillStatus>
+}
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/browser/BrowserThirdPartyAutofillEnabledManagerImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/browser/BrowserThirdPartyAutofillEnabledManagerImpl.kt
@@ -0,0 +1,42 @@
+package com.x8bit.bitwarden.data.autofill.manager.browser
+
+import com.x8bit.bitwarden.data.autofill.model.browser.BrowserThirdPartyAutoFillData
+import com.x8bit.bitwarden.data.autofill.model.browser.BrowserThirdPartyAutofillStatus
+import kotlinx.coroutines.flow.Flow
+import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.flow.update
+
+/**
+ * Default implementation of [BrowserThirdPartyAutofillEnabledManager].
+ */
+class BrowserThirdPartyAutofillEnabledManagerImpl : BrowserThirdPartyAutofillEnabledManager {
+    override var browserThirdPartyAutofillStatus: BrowserThirdPartyAutofillStatus = DEFAULT_STATUS
+        set(value) {
+            field = value
+            mutableBrowserThirdPartyAutofillStatusStateFlow.update {
+                value
+            }
+        }
+
+    private val mutableBrowserThirdPartyAutofillStatusStateFlow = MutableStateFlow(
+        value = browserThirdPartyAutofillStatus,
+    )
+
+    override val browserThirdPartyAutofillStatusFlow: Flow<BrowserThirdPartyAutofillStatus>
+        get() = mutableBrowserThirdPartyAutofillStatusStateFlow
+}
+
+private val DEFAULT_STATUS = BrowserThirdPartyAutofillStatus(
+    braveStableStatusData = BrowserThirdPartyAutoFillData(
+        isAvailable = false,
+        isThirdPartyEnabled = false,
+    ),
+    chromeStableStatusData = BrowserThirdPartyAutoFillData(
+        isAvailable = false,
+        isThirdPartyEnabled = false,
+    ),
+    chromeBetaChannelStatusData = BrowserThirdPartyAutoFillData(
+        isAvailable = false,
+        isThirdPartyEnabled = false,
+    ),
+)
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/browser/BrowserThirdPartyAutofillManager.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/browser/BrowserThirdPartyAutofillManager.kt
@@ -0,0 +1,25 @@
+package com.x8bit.bitwarden.data.autofill.manager.browser
+
+import com.x8bit.bitwarden.data.autofill.model.browser.BrowserThirdPartyAutoFillData
+
+/**
+ * Manager class used to determine if a device has installed versions of a browser (either the
+ * stable release or beta channel) which support and require opt in to third party autofill.
+ */
+interface BrowserThirdPartyAutofillManager {
+
+    /**
+     * The data representing the status of the stable Brave version
+     */
+    val stableBraveAutofillStatus: BrowserThirdPartyAutoFillData
+
+    /**
+     * The data representing the status of the stable Chrome version
+     */
+    val stableChromeAutofillStatus: BrowserThirdPartyAutoFillData
+
+    /**
+     * The data representing the status of the beta Chrome version
+     */
+    val betaChromeAutofillStatus: BrowserThirdPartyAutoFillData
+}
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/browser/BrowserThirdPartyAutofillManagerImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/browser/BrowserThirdPartyAutofillManagerImpl.kt
@@ -1,35 +1,36 @@
-package com.x8bit.bitwarden.data.autofill.manager.chrome
+package com.x8bit.bitwarden.data.autofill.manager.browser

 import android.content.ContentResolver
 import android.content.Context
 import android.net.Uri
 import com.bitwarden.annotation.OmitFromCoverage
-import com.x8bit.bitwarden.data.autofill.model.chrome.ChromeReleaseChannel
-import com.x8bit.bitwarden.data.autofill.model.chrome.ChromeThirdPartyAutoFillData
+import com.x8bit.bitwarden.data.autofill.model.browser.BrowserPackage
+import com.x8bit.bitwarden.data.autofill.model.browser.BrowserThirdPartyAutoFillData

 private const val CONTENT_PROVIDER_NAME = ".AutofillThirdPartyModeContentProvider"
 private const val THIRD_PARTY_MODE_COLUMN = "autofill_third_party_state"
 private const val THIRD_PARTY_MODE_ACTIONS_URI_PATH = "autofill_third_party_mode"

 /**
- * Default implementation of the [ChromeThirdPartyAutofillManager] which uses a
- * [ContentResolver] to determine if the installed Chrome packages support and enable
- * third party autofill services.
+ * Default implementation of the [BrowserThirdPartyAutofillManager] which uses a [ContentResolver]
+ * to determine if the installed browser packages support and enable third party autofill services.
 *
 * Based off of [this blog post](https://android-developers.googleblog.com/2025/02/chrome-3p-autofill-services-update.html)
 */
@OmitFromCoverage
-class ChromeThirdPartyAutofillManagerImpl(
+class BrowserThirdPartyAutofillManagerImpl(
    private val context: Context,
-) : ChromeThirdPartyAutofillManager {
-    override val stableChromeAutofillStatus: ChromeThirdPartyAutoFillData
-        get() = getThirdPartyAutoFillStatusForChannel(ChromeReleaseChannel.STABLE)
-    override val betaChromeAutofillStatus: ChromeThirdPartyAutoFillData
-        get() = getThirdPartyAutoFillStatusForChannel(ChromeReleaseChannel.BETA)
+) : BrowserThirdPartyAutofillManager {
+    override val stableBraveAutofillStatus: BrowserThirdPartyAutoFillData
+        get() = getThirdPartyAutoFillStatusForChannel(BrowserPackage.BRAVE_RELEASE)
+    override val stableChromeAutofillStatus: BrowserThirdPartyAutoFillData
+        get() = getThirdPartyAutoFillStatusForChannel(BrowserPackage.CHROME_STABLE)
+    override val betaChromeAutofillStatus: BrowserThirdPartyAutoFillData
+        get() = getThirdPartyAutoFillStatusForChannel(BrowserPackage.CHROME_BETA)

    private fun getThirdPartyAutoFillStatusForChannel(
-        releaseChannel: ChromeReleaseChannel,
-    ): ChromeThirdPartyAutoFillData {
+        releaseChannel: BrowserPackage,
+    ): BrowserThirdPartyAutoFillData {
        val uri = Uri.Builder()
            .scheme(ContentResolver.SCHEME_CONTENT)
            .authority(releaseChannel.packageName + CONTENT_PROVIDER_NAME)
@@ -54,7 +55,7 @@ class ChromeThirdPartyAutofillManagerImpl(
                true
            }
            ?: false
-        return ChromeThirdPartyAutoFillData(
+        return BrowserThirdPartyAutoFillData(
            isAvailable = isThirdPartyAvailable,
            isThirdPartyEnabled = thirdPartyEnabled,
        )
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/chrome/ChromeThirdPartyAutofillEnabledManager.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/chrome/ChromeThirdPartyAutofillEnabledManager.kt
@@ -1,22 +0,0 @@
-package com.x8bit.bitwarden.data.autofill.manager.chrome
-
-import com.x8bit.bitwarden.data.autofill.model.chrome.ChromeThirdPartyAutofillStatus
-import kotlinx.coroutines.flow.Flow
-import kotlinx.coroutines.flow.StateFlow
-
-/**
- * Manager which provides whether specific Chrome versions have third party autofill available and
- * enabled.
- */
-interface ChromeThirdPartyAutofillEnabledManager {
-    /**
-     * Combined status for all concerned Chrome versions.
-     */
-    var chromeThirdPartyAutofillStatus: ChromeThirdPartyAutofillStatus
-
-    /**
-     * An observable [StateFlow] of the combined third party autofill status of all concerned
-     * chrome versions.
-     */
-    val chromeThirdPartyAutofillStatusFlow: Flow<ChromeThirdPartyAutofillStatus>
-}
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/chrome/ChromeThirdPartyAutofillEnabledManagerImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/chrome/ChromeThirdPartyAutofillEnabledManagerImpl.kt
@@ -1,52 +0,0 @@
-package com.x8bit.bitwarden.data.autofill.manager.chrome
-
-import com.x8bit.bitwarden.data.autofill.model.chrome.ChromeThirdPartyAutoFillData
-import com.x8bit.bitwarden.data.autofill.model.chrome.ChromeThirdPartyAutofillStatus
-import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
-import com.x8bit.bitwarden.data.platform.manager.model.FlagKey
-import kotlinx.coroutines.flow.Flow
-import kotlinx.coroutines.flow.MutableStateFlow
-import kotlinx.coroutines.flow.combine
-import kotlinx.coroutines.flow.update
-
-/**
- * Default implementation of [ChromeThirdPartyAutofillEnabledManager].
- */
-class ChromeThirdPartyAutofillEnabledManagerImpl(
-    private val featureFlagManager: FeatureFlagManager,
-) : ChromeThirdPartyAutofillEnabledManager {
-    override var chromeThirdPartyAutofillStatus: ChromeThirdPartyAutofillStatus = DEFAULT_STATUS
-        set(value) {
-            field = value
-            mutableChromeThirdPartyAutofillStatusStateFlow.update {
-                value
-            }
-        }
-
-    private val mutableChromeThirdPartyAutofillStatusStateFlow = MutableStateFlow(
-        chromeThirdPartyAutofillStatus,
-    )
-
-    override val chromeThirdPartyAutofillStatusFlow: Flow<ChromeThirdPartyAutofillStatus>
-        get() = mutableChromeThirdPartyAutofillStatusStateFlow
-            .combine(
-                featureFlagManager.getFeatureFlagFlow(FlagKey.ChromeAutofill),
-            ) { data, enabled ->
-                if (enabled) {
-                    data
-                } else {
-                    DEFAULT_STATUS
-                }
-            }
-}
-
-private val DEFAULT_STATUS = ChromeThirdPartyAutofillStatus(
-    ChromeThirdPartyAutoFillData(
-        isAvailable = false,
-        isThirdPartyEnabled = false,
-    ),
-    ChromeThirdPartyAutoFillData(
-        isAvailable = false,
-        isThirdPartyEnabled = false,
-    ),
-)
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/chrome/ChromeThirdPartyAutofillManager.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/manager/chrome/ChromeThirdPartyAutofillManager.kt
@@ -1,20 +0,0 @@
-package com.x8bit.bitwarden.data.autofill.manager.chrome
-
-import com.x8bit.bitwarden.data.autofill.model.chrome.ChromeThirdPartyAutoFillData
-
-/**
- * Manager class used to determine if a device has installed versions of Chrome (either the
- * stable release or beta channel) which support and require opt in to third party autofill.
- */
-interface ChromeThirdPartyAutofillManager {
-
-    /**
-     * The data representing the status of the stable chrome version
-     */
-    val stableChromeAutofillStatus: ChromeThirdPartyAutoFillData
-
-    /**
-     * The data representing the status of the beta chrome version
-     */
-    val betaChromeAutofillStatus: ChromeThirdPartyAutoFillData
-}
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/model/AutofillAppInfo.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/model/AutofillAppInfo.kt
@@ -1,6 +1,7 @@
 package com.x8bit.bitwarden.data.autofill.model

 import android.content.Context
+import androidx.annotation.ChecksSdkIntAtLeast

 /**
 * The app information required for the autofill service.
@@ -9,4 +10,10 @@ data class AutofillAppInfo(
    val context: Context,
    val packageName: String,
    val sdkInt: Int,
-)
+) {
+    /**
+     * Returns true if the current [sdkInt] version is at least the provided [version].
+     */
+    @ChecksSdkIntAtLeast(parameter = 0)
+    fun isVersionAtLeast(version: Int): Boolean = sdkInt >= version
+}
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/model/AutofillCipher.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/model/AutofillCipher.kt
@@ -2,7 +2,7 @@ package com.x8bit.bitwarden.data.autofill.model

 import androidx.annotation.DrawableRes
 import com.bitwarden.core.Uuid
-import com.x8bit.bitwarden.R
+import com.bitwarden.ui.platform.resource.BitwardenDrawable

 /**
 * A paired down model of the CipherView for use within the autofill feature.
@@ -48,7 +48,7 @@ sealed class AutofillCipher {
        val number: String,
    ) : AutofillCipher() {
        override val iconRes: Int
-            @DrawableRes get() = R.drawable.ic_payment_card
+            @DrawableRes get() = BitwardenDrawable.ic_payment_card

        override val isTotpEnabled: Boolean
            get() = false
@@ -67,6 +67,6 @@ sealed class AutofillCipher {
        val username: String,
    ) : AutofillCipher() {
        override val iconRes: Int
-            @DrawableRes get() = R.drawable.ic_globe
+            @DrawableRes get() = BitwardenDrawable.ic_globe
    }
 }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/model/browser/BrowserPackage.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/model/browser/BrowserPackage.kt
@@ -0,0 +1,16 @@
+package com.x8bit.bitwarden.data.autofill.model.browser
+
+private const val BRAVE_CHANNEL_PACKAGE = "com.brave.browser"
+private const val CHROME_BETA_CHANNEL_PACKAGE = "com.chrome.beta"
+private const val CHROME_RELEASE_CHANNEL_PACKAGE = "com.android.chrome"
+
+/**
+ * Enumerated values of each browser that supports third party autofill checks.
+ *
+ * @property packageName the package name of the release channel for the browser version.
+ */
+enum class BrowserPackage(val packageName: String) {
+    BRAVE_RELEASE(BRAVE_CHANNEL_PACKAGE),
+    CHROME_STABLE(CHROME_RELEASE_CHANNEL_PACKAGE),
+    CHROME_BETA(CHROME_BETA_CHANNEL_PACKAGE),
+}
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/model/browser/BrowserThirdPartyAutoFillData.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/model/browser/BrowserThirdPartyAutoFillData.kt
@@ -0,0 +1,18 @@
+package com.x8bit.bitwarden.data.autofill.model.browser
+
+/**
+ * Relevant data relating to the third party autofill status of a specific browser app.
+ */
+data class BrowserThirdPartyAutoFillData(
+    val isAvailable: Boolean,
+    val isThirdPartyEnabled: Boolean,
+)
+
+/**
+ * The overall status for all relevant browsers.
+ */
+data class BrowserThirdPartyAutofillStatus(
+    val braveStableStatusData: BrowserThirdPartyAutoFillData,
+    val chromeStableStatusData: BrowserThirdPartyAutoFillData,
+    val chromeBetaChannelStatusData: BrowserThirdPartyAutoFillData,
+)
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/model/chrome/ChromeReleaseChannel.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/model/chrome/ChromeReleaseChannel.kt
@@ -1,14 +0,0 @@
-package com.x8bit.bitwarden.data.autofill.model.chrome
-
-private const val BETA_CHANNEL_PACKAGE = "com.chrome.beta"
-private const val CHROME_CHANNEL_PACKAGE = "com.android.chrome"
-
-/**
- * Enumerated values of each version of Chrome supported for third party autofill checks.
- *
- * @property packageName the package name of the release channel for the Chrome version.
- */
-enum class ChromeReleaseChannel(val packageName: String) {
-    STABLE(CHROME_CHANNEL_PACKAGE),
-    BETA(BETA_CHANNEL_PACKAGE),
-}
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/model/chrome/ChromeThirdPartyAutoFillData.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/model/chrome/ChromeThirdPartyAutoFillData.kt
@@ -1,17 +0,0 @@
-package com.x8bit.bitwarden.data.autofill.model.chrome
-
-/**
- * Relevant data relating to the third party autofill status of a version of the Chrome browser app.
- */
-data class ChromeThirdPartyAutoFillData(
-    val isAvailable: Boolean,
-    val isThirdPartyEnabled: Boolean,
-)
-
-/**
- * The overall status for all relevant release channels of Chrome.
- */
-data class ChromeThirdPartyAutofillStatus(
-    val stableStatusData: ChromeThirdPartyAutoFillData,
-    val betaChannelStatusData: ChromeThirdPartyAutoFillData,
-)
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/parser/AutofillParserImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/parser/AutofillParserImpl.kt
@@ -15,6 +15,7 @@ import com.x8bit.bitwarden.data.autofill.util.getMaxInlineSuggestionsCount
 import com.x8bit.bitwarden.data.autofill.util.toAutofillView
 import com.x8bit.bitwarden.data.autofill.util.website
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
+import timber.log.Timber

 /**
 * A list of URIs that should never be autofilled.
@@ -23,6 +24,8 @@ private val BLOCK_LISTED_URIS: List<String> = listOf(
    "androidapp://android",
    "androidapp://com.android.settings",
    "androidapp://com.x8bit.bitwarden",
+    "androidapp://com.x8bit.bitwarden.beta",
+    "androidapp://com.x8bit.bitwarden.dev",
    "androidapp://com.oneplus.applocker",
 )

@@ -70,6 +73,7 @@ class AutofillParserImpl(
        autofillAppInfo: AutofillAppInfo,
        fillRequest: FillRequest?,
    ): AutofillRequest {
+        Timber.d("Parsing AssistStructure -- ${fillRequest?.id}")
        // Parse the `assistStructure` into internal models.
        val traversalDataList = assistStructure.traverse()
        // Take only the autofill views from the node that currently has focus.
@@ -131,6 +135,7 @@ class AutofillParserImpl(

        // Get inline information if available
        val isInlineAutofillEnabled = settingsRepository.isInlineAutofillEnabled
+        Timber.e("Autofill request isInlineEnabled=$isInlineAutofillEnabled -- ${fillRequest?.id}")
        val maxInlineSuggestionsCount = fillRequest.getMaxInlineSuggestionsCount(
            autofillAppInfo = autofillAppInfo,
            isInlineAutofillEnabled = isInlineAutofillEnabled,
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/processor/AutofillProcessorImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/processor/AutofillProcessorImpl.kt
@@ -53,8 +53,12 @@ class AutofillProcessorImpl(
        fillCallback: FillCallback,
        request: FillRequest,
    ) {
+        Timber.d("Begin processing Autofill fill request -- ${request.id}")
        // Set the listener so that any long running work is cancelled when it is no longer needed.
-        cancellationSignal.setOnCancelListener { job.cancel() }
+        cancellationSignal.setOnCancelListener {
+            Timber.d("Autofill job cancelled")
+            job.cancel()
+        }
        // Process the OS data and handle invoking the callback with the result.
        job.cancel()
        job = scope.launch {
@@ -122,6 +126,7 @@ class AutofillProcessorImpl(
        )
        when (autofillRequest) {
            is AutofillRequest.Fillable -> {
+                Timber.d("Autofill request is Fillable -- ${fillRequest.id}")
                // Fulfill the [autofillRequest].
                val filledData = filledDataBuilder.build(
                    autofillRequest = autofillRequest,
@@ -141,6 +146,7 @@ class AutofillProcessorImpl(

                @Suppress("TooGenericExceptionCaught")
                try {
+                    Timber.d("Autofill request success: Fillable -- ${fillRequest.id}")
                    fillCallback.onSuccess(response)
                } catch (e: RuntimeException) {
                    // This is to catch any TransactionTooLargeExceptions that could occur here.
@@ -153,6 +159,7 @@ class AutofillProcessorImpl(
                // If we are unable to fulfill the request, we should invoke the callback
                // with null. This effectively disables autofill for this view set and
                // allows the [AutofillService] to be unbound.
+                Timber.d("Autofill request success: Unfillable -- ${fillRequest.id}")
                fillCallback.onSuccess(null)
            }
        }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/provider/AutofillCipherProviderImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/provider/AutofillCipherProviderImpl.kt
@@ -1,16 +1,19 @@
 package com.x8bit.bitwarden.data.autofill.provider

+import com.bitwarden.vault.CipherListView
+import com.bitwarden.vault.CipherListViewType
 import com.bitwarden.vault.CipherRepromptType
-import com.bitwarden.vault.CipherType
 import com.bitwarden.vault.CipherView
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.autofill.model.AutofillCipher
 import com.x8bit.bitwarden.data.platform.manager.ciphermatching.CipherMatchingManager
 import com.x8bit.bitwarden.data.platform.util.firstWithTimeoutOrNull
 import com.x8bit.bitwarden.data.platform.util.subtitle
+import com.x8bit.bitwarden.data.vault.manager.model.GetCipherResult
 import com.x8bit.bitwarden.data.vault.repository.VaultRepository
 import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockData
 import com.x8bit.bitwarden.data.vault.repository.util.statusFor
+import timber.log.Timber

 /**
 * The duration, in milliseconds, we should wait while waiting for the vault status to not be
@@ -49,31 +52,35 @@ class AutofillCipherProviderImpl(
    }

    override suspend fun getCardAutofillCiphers(): List<AutofillCipher.Card> {
-        val cipherViews = getUnlockedCiphersOrNull() ?: return emptyList()
+        val cipherListViews = getUnlockedCipherListViewsOrNull() ?: return emptyList()

-        return cipherViews
-            .mapNotNull { cipherView ->
-                cipherView
+        return cipherListViews
+            .mapNotNull { cipherListView ->
+                cipherListView
                    // We only care about non-deleted card ciphers.
                    .takeIf {
                        // Must be card type.
-                        cipherView.type == CipherType.CARD &&
+                        it.type is CipherListViewType.Card &&
                            // Must not be deleted.
-                            cipherView.deletedDate == null &&
+                            it.deletedDate == null &&
                            // Must not require a reprompt.
                            it.reprompt == CipherRepromptType.NONE
                    }
-                    ?.let { nonNullCipherView ->
-                        AutofillCipher.Card(
-                            cipherId = cipherView.id,
-                            name = nonNullCipherView.name,
-                            subtitle = nonNullCipherView.subtitle.orEmpty(),
-                            cardholderName = nonNullCipherView.card?.cardholderName.orEmpty(),
-                            code = nonNullCipherView.card?.code.orEmpty(),
-                            expirationMonth = nonNullCipherView.card?.expMonth.orEmpty(),
-                            expirationYear = nonNullCipherView.card?.expYear.orEmpty(),
-                            number = nonNullCipherView.card?.number.orEmpty(),
-                        )
+                    ?.let { nonNullCipherListView ->
+                        nonNullCipherListView.id?.let { cipherId ->
+                            decryptCipherOrNull(cipherId = cipherId)?.let { cipherView ->
+                                AutofillCipher.Card(
+                                    cipherId = cipherView.id,
+                                    name = cipherView.name,
+                                    subtitle = cipherView.subtitle.orEmpty(),
+                                    cardholderName = cipherView.card?.cardholderName.orEmpty(),
+                                    code = cipherView.card?.code.orEmpty(),
+                                    expirationMonth = cipherView.card?.expMonth.orEmpty(),
+                                    expirationYear = cipherView.card?.expYear.orEmpty(),
+                                    number = cipherView.card?.number.orEmpty(),
+                                )
+                            }
+                        }
                    }
            }
    }
@@ -81,12 +88,12 @@ class AutofillCipherProviderImpl(
    override suspend fun getLoginAutofillCiphers(
        uri: String,
    ): List<AutofillCipher.Login> {
-        val cipherViews = getUnlockedCiphersOrNull() ?: return emptyList()
+        val cipherViews = getUnlockedCipherListViewsOrNull() ?: return emptyList()
        // We only care about non-deleted login ciphers.
        val loginCiphers = cipherViews
            .filter {
                // Must be login type
-                it.type == CipherType.LOGIN &&
+                it.type is CipherListViewType.Login &&
                    // Must not be deleted.
                    it.deletedDate == null &&
                    // Must not require a reprompt.
@@ -96,9 +103,12 @@ class AutofillCipherProviderImpl(
        return cipherMatchingManager
            // Filter for ciphers that match the uri in some way.
            .filterCiphersForMatches(
-                ciphers = loginCiphers,
+                cipherListViews = loginCiphers,
                matchUri = uri,
            )
+            .mapNotNull { cipherListView ->
+                cipherListView.id?.let { decryptCipherOrNull(cipherId = it) }
+            }
            .map { cipherView ->
                AutofillCipher.Login(
                    cipherId = cipherView.id,
@@ -114,10 +124,24 @@ class AutofillCipherProviderImpl(
    /**
     * Get available [CipherView]s if possible.
     */
-    private suspend fun getUnlockedCiphersOrNull(): List<CipherView>? =
+    private suspend fun getUnlockedCipherListViewsOrNull(): List<CipherListView>? =
        vaultRepository
-            .ciphersStateFlow
+            .decryptCipherListResultStateFlow
            .takeUnless { isVaultLocked() }
            ?.firstWithTimeoutOrNull(timeMillis = GET_CIPHERS_TIMEOUT_MS) { it.data != null }
            ?.data
+            ?.successes
+
+    private suspend fun decryptCipherOrNull(cipherId: String): CipherView? =
+        when (val result = vaultRepository.getCipher(cipherId = cipherId)) {
+            GetCipherResult.CipherNotFound -> {
+                Timber.e("Cipher not found for autofill.")
+                null
+            }
+            is GetCipherResult.Failure -> {
+                Timber.e(result.error, "Failed to decrypt cipher for autofill.")
+                null
+            }
+            is GetCipherResult.Success -> result.cipherView
+        }
 }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/util/AutofillIntentUtils.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/util/AutofillIntentUtils.kt
@@ -18,7 +18,7 @@ import com.x8bit.bitwarden.data.autofill.model.AutofillAppInfo
 import com.x8bit.bitwarden.data.autofill.model.AutofillSaveItem
 import com.x8bit.bitwarden.data.autofill.model.AutofillSelectionData
 import com.x8bit.bitwarden.data.autofill.model.AutofillTotpCopyData
-import com.x8bit.bitwarden.data.platform.util.getSafeParcelableExtra
+import com.bitwarden.ui.platform.util.getSafeParcelableExtra
 import kotlin.random.Random

 private const val AUTOFILL_SAVE_ITEM_DATA_KEY = "autofill-save-item-data"
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/util/CipherListViewExtensions.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/util/CipherListViewExtensions.kt
@@ -0,0 +1,31 @@
+package com.x8bit.bitwarden.data.autofill.util
+
+import com.bitwarden.vault.CardListView
+import com.bitwarden.vault.CipherListView
+import com.bitwarden.vault.CipherListViewType
+import com.bitwarden.vault.CopyableCipherFields
+import com.bitwarden.vault.LoginListView
+
+/**
+ * Returns true when the cipher is not deleted and contains at least one FIDO 2 credential.
+ */
+val CipherListView.isActiveWithFido2Credentials: Boolean
+    get() = deletedDate == null && login?.hasFido2 ?: false
+
+/**
+ * Returns true when the cipher type is not deleted and contains a copyable password.
+ */
+val CipherListView.isActiveWithCopyablePassword: Boolean
+    get() = deletedDate == null && copyableFields.contains(CopyableCipherFields.LOGIN_PASSWORD)
+
+/**
+ * Returns the [LoginListView] if the cipher is of type [CipherListViewType.Login], otherwise null.
+ */
+val CipherListView.login: LoginListView?
+    get() = (this.type as? CipherListViewType.Login)?.v1
+
+/**
+ * Returns the [CardListView] if the cipher is of type [CipherListViewType.Card], otherwise null.
+ */
+val CipherListView.card: CardListView?
+    get() = (this.type as? CipherListViewType.Card)?.v1
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/util/CipherViewExtensions.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/util/CipherViewExtensions.kt
@@ -50,3 +50,9 @@ fun CipherView.toAutofillCipherProvider(): AutofillCipherProvider =
 */
 val CipherView.isActiveWithFido2Credentials: Boolean
    get() = deletedDate == null && !(login?.fido2Credentials.isNullOrEmpty())
+
+/**
+ * Returns true when the cipher is not deleted and contains at least one Pasword credential.
+ */
+val CipherView.isActiveWithPasswordCredentials: Boolean
+    get() = deletedDate == null && !(login?.password.isNullOrEmpty())
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/util/FillRequestExtensions.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/util/FillRequestExtensions.kt
@@ -1,6 +1,5 @@
 package com.x8bit.bitwarden.data.autofill.util

-import android.annotation.SuppressLint
 import android.os.Build
 import android.service.autofill.FillRequest
 import android.widget.inline.InlinePresentationSpec
@@ -9,12 +8,11 @@ import com.x8bit.bitwarden.data.autofill.model.AutofillAppInfo
 /**
 * Extract the list of [InlinePresentationSpec]s. If it fails, return an empty list.
 */
-@SuppressLint("NewApi")
 fun FillRequest?.getInlinePresentationSpecs(
    autofillAppInfo: AutofillAppInfo,
    isInlineAutofillEnabled: Boolean,
 ): List<InlinePresentationSpec>? =
-    if (autofillAppInfo.sdkInt < Build.VERSION_CODES.R) {
+    if (!autofillAppInfo.isVersionAtLeast(version = Build.VERSION_CODES.R)) {
        // When SDK version is bellow 30, InlinePresentationSpec is not available and null
        // must be returned.
        null
@@ -28,14 +26,13 @@ fun FillRequest?.getInlinePresentationSpecs(
 * Extract the max inline suggestions count. If the OS is below Android R, this will always
 * return 0.
 */
-@SuppressLint("NewApi")
 fun FillRequest?.getMaxInlineSuggestionsCount(
    autofillAppInfo: AutofillAppInfo,
    isInlineAutofillEnabled: Boolean,
 ): Int =
    if (this != null &&
        isInlineAutofillEnabled &&
-        autofillAppInfo.sdkInt >= Build.VERSION_CODES.R
+        autofillAppInfo.isVersionAtLeast(version = Build.VERSION_CODES.R)
    ) {
        inlineSuggestionsRequest?.maxSuggestionCount ?: 0
    } else {
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/util/FilledDataExtensions.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/util/FilledDataExtensions.kt
@@ -1,6 +1,5 @@
 package com.x8bit.bitwarden.data.autofill.util

-import android.annotation.SuppressLint
 import android.app.PendingIntent
 import android.os.Build
 import android.service.autofill.Dataset
@@ -28,7 +27,6 @@ val FilledData.fillableAutofillIds: List<AutofillId>
 /**
 * Builds a [Dataset] for the Vault item.
 */
-@SuppressLint("NewApi")
 fun FilledData.buildVaultItemDataset(
    autofillAppInfo: AutofillAppInfo,
 ): Dataset {
@@ -70,7 +68,7 @@ fun FilledData.buildVaultItemDataset(
    return Dataset.Builder()
        .setAuthentication(pendingIntent.intentSender)
        .apply {
-            if (autofillAppInfo.sdkInt >= Build.VERSION_CODES.TIRAMISU) {
+            if (autofillAppInfo.isVersionAtLeast(version = Build.VERSION_CODES.TIRAMISU)) {
                addVaultItemDataPostTiramisu(
                    autofillAppInfo = autofillAppInfo,
                    pendingIntent = pendingIntent,
@@ -132,8 +130,7 @@ private fun Dataset.Builder.addVaultItemDataPostTiramisu(
 /**
 * Adds the Vault data to the given [Dataset.Builder] for pre-Tiramisu versions.
 */
-@Suppress("DEPRECATION", "LongParameterList")
-@SuppressLint("NewApi")
+@Suppress("LongParameterList")
 private fun Dataset.Builder.addVaultItemDataPreTiramisu(
    autofillAppInfo: AutofillAppInfo,
    pendingIntent: PendingIntent,
@@ -142,7 +139,7 @@ private fun Dataset.Builder.addVaultItemDataPreTiramisu(
    inlinePresentationSpec: InlinePresentationSpec?,
    isLocked: Boolean,
 ): Dataset.Builder {
-    if (autofillAppInfo.sdkInt >= Build.VERSION_CODES.R) {
+    if (autofillAppInfo.isVersionAtLeast(version = Build.VERSION_CODES.R)) {
        inlinePresentationSpec
            ?.createVaultItemInlinePresentationOrNull(
                autofillAppInfo = autofillAppInfo,
@@ -150,6 +147,7 @@ private fun Dataset.Builder.addVaultItemDataPreTiramisu(
                isLocked = isLocked,
            )
            ?.let { inlinePresentation ->
+                @Suppress("DEPRECATION")
                this.setInlinePresentation(inlinePresentation)
            }
    }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/util/FilledItemExtensions.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/util/FilledItemExtensions.kt
@@ -1,17 +1,18 @@
 package com.x8bit.bitwarden.data.autofill.util

-import android.annotation.SuppressLint
+import android.os.Build
 import android.service.autofill.Dataset
 import android.service.autofill.Field
 import android.service.autofill.Presentations
 import android.widget.RemoteViews
+import androidx.annotation.RequiresApi
 import com.x8bit.bitwarden.data.autofill.model.FilledItem

 /**
 * Set up an overlay presentation for this [FilledItem] in the [datasetBuilder] for Android devices
 * running on API Tiramisu or greater.
 */
-@SuppressLint("NewApi")
+@RequiresApi(Build.VERSION_CODES.TIRAMISU)
 fun FilledItem.applyToDatasetPostTiramisu(
    datasetBuilder: Dataset.Builder,
    presentations: Presentations,
@@ -29,11 +30,11 @@ fun FilledItem.applyToDatasetPostTiramisu(
 * Set up an overlay presentation for this [FilledItem] in the [datasetBuilder] for Android devices
 * running on APIs that predate Tiramisu.
 */
-@Suppress("Deprecation")
 fun FilledItem.applyToDatasetPreTiramisu(
    datasetBuilder: Dataset.Builder,
    remoteViews: RemoteViews,
 ) {
+    @Suppress("DEPRECATION")
    datasetBuilder.setValue(
        autofillId,
        value,
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/util/FilledPartitionExtensions.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/util/FilledPartitionExtensions.kt
@@ -1,6 +1,5 @@
 package com.x8bit.bitwarden.data.autofill.util

-import android.annotation.SuppressLint
 import android.content.IntentSender
 import android.os.Build
 import android.service.autofill.Dataset
@@ -16,7 +15,6 @@ import com.x8bit.bitwarden.ui.autofill.util.createCipherInlinePresentationOrNull
 * Build a [Dataset] to represent the [FilledPartition]. This dataset includes an overlay UI
 * presentation for each filled item. If an [authIntentSender] is present, add it to the dataset.
 */
-@SuppressLint("NewApi")
 fun FilledPartition.buildDataset(
    authIntentSender: IntentSender?,
    autofillAppInfo: AutofillAppInfo,
@@ -26,13 +24,9 @@ fun FilledPartition.buildDataset(
        autofillCipher = autofillCipher,
    )
    val datasetBuilder = Dataset.Builder()
+    authIntentSender?.let { intentSender -> datasetBuilder.setAuthentication(intentSender) }

-    authIntentSender
-        ?.let { intentSender ->
-            datasetBuilder.setAuthentication(intentSender)
-        }
-
-    if (autofillAppInfo.sdkInt >= Build.VERSION_CODES.TIRAMISU) {
+    if (autofillAppInfo.isVersionAtLeast(version = Build.VERSION_CODES.TIRAMISU)) {
        applyToDatasetPostTiramisu(
            autofillAppInfo = autofillAppInfo,
            datasetBuilder = datasetBuilder,
@@ -85,20 +79,19 @@ private fun FilledPartition.applyToDatasetPostTiramisu(
 * Apply this [FilledPartition] to the [datasetBuilder] on devices running OS versions that predate
 * Tiramisu.
 */
-@Suppress("DEPRECATION")
-@SuppressLint("NewApi")
 private fun FilledPartition.buildDatasetPreTiramisu(
    autofillAppInfo: AutofillAppInfo,
    datasetBuilder: Dataset.Builder,
    remoteViews: RemoteViews,
 ) {
-    if (autofillAppInfo.sdkInt >= Build.VERSION_CODES.R) {
+    if (autofillAppInfo.isVersionAtLeast(version = Build.VERSION_CODES.R)) {
        inlinePresentationSpec
            ?.createCipherInlinePresentationOrNull(
                autofillAppInfo = autofillAppInfo,
                autofillCipher = autofillCipher,
            )
            ?.let { inlinePresentation ->
+                @Suppress("DEPRECATION")
                datasetBuilder.setInlinePresentation(inlinePresentation)
            }
    }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/builder/CredentialEntryBuilder.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/builder/CredentialEntryBuilder.kt
@@ -1,8 +1,11 @@
 package com.x8bit.bitwarden.data.credentials.builder

+import androidx.credentials.provider.BeginGetPasswordOption
 import androidx.credentials.provider.BeginGetPublicKeyCredentialOption
+import androidx.credentials.provider.PasswordCredentialEntry
 import androidx.credentials.provider.PublicKeyCredentialEntry
 import com.bitwarden.fido.Fido2CredentialAutofillView
+import com.bitwarden.vault.CipherListView

 /**
 * Builder for credential entries.
@@ -18,4 +21,14 @@ interface CredentialEntryBuilder {
        beginGetPublicKeyCredentialOptions: List<BeginGetPublicKeyCredentialOption>,
        isUserVerified: Boolean,
    ): List<PublicKeyCredentialEntry>
+
+    /**
+     * Build password credential entries from the given cipher views and options.
+     */
+    fun buildPasswordCredentialEntries(
+        userId: String,
+        cipherListViews: List<CipherListView>,
+        beginGetPasswordCredentialOptions: List<BeginGetPasswordOption>,
+        isUserVerified: Boolean,
+    ): List<PasswordCredentialEntry>
 }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/builder/CredentialEntryBuilderImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/builder/CredentialEntryBuilderImpl.kt
@@ -3,11 +3,17 @@ package com.x8bit.bitwarden.data.credentials.builder
 import android.content.Context
 import android.graphics.drawable.Icon
 import androidx.core.graphics.drawable.IconCompat
+import androidx.credentials.provider.BeginGetPasswordOption
 import androidx.credentials.provider.BeginGetPublicKeyCredentialOption
+import androidx.credentials.provider.PasswordCredentialEntry
 import androidx.credentials.provider.PublicKeyCredentialEntry
 import com.bitwarden.fido.Fido2CredentialAutofillView
-import com.x8bit.bitwarden.R
+import com.bitwarden.ui.platform.resource.BitwardenDrawable
+import com.bitwarden.ui.platform.resource.BitwardenString
+import com.bitwarden.vault.CipherListView
+import com.x8bit.bitwarden.data.autofill.util.login
 import com.x8bit.bitwarden.data.credentials.processor.GET_PASSKEY_INTENT
+import com.x8bit.bitwarden.data.credentials.processor.GET_PASSWORD_INTENT
 import com.x8bit.bitwarden.data.credentials.util.setBiometricPromptDataIfSupported
 import com.x8bit.bitwarden.data.platform.manager.BiometricsEncryptionManager
 import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
@@ -40,6 +46,21 @@ class CredentialEntryBuilderImpl(
                )
        }

+    override fun buildPasswordCredentialEntries(
+        userId: String,
+        cipherListViews: List<CipherListView>,
+        beginGetPasswordCredentialOptions: List<BeginGetPasswordOption>,
+        isUserVerified: Boolean,
+    ): List<PasswordCredentialEntry> = beginGetPasswordCredentialOptions
+        .flatMap { option ->
+            cipherListViews
+                .toPasswordCredentialEntryList(
+                    userId = userId,
+                    option = option,
+                    isUserVerified = isUserVerified,
+                )
+        }
+
    private fun List<Fido2CredentialAutofillView>.toPublicKeyCredentialEntryList(
        userId: String,
        option: BeginGetPublicKeyCredentialOption,
@@ -50,7 +71,7 @@ class CredentialEntryBuilderImpl(
                .Builder(
                    context = context,
                    username = fido2AutofillView.userNameForUi
-                        ?: context.getString(R.string.no_username),
+                        ?: context.getString(BitwardenString.no_username),
                    pendingIntent = intentManager
                        .createFido2GetCredentialPendingIntent(
                            action = GET_PASSKEY_INTENT,
@@ -80,16 +101,52 @@ class CredentialEntryBuilderImpl(
                .build()
        }

+    private fun List<CipherListView>.toPasswordCredentialEntryList(
+        userId: String,
+        option: BeginGetPasswordOption,
+        isUserVerified: Boolean,
+    ): List<PasswordCredentialEntry> = this
+        .map { cipherView ->
+            PasswordCredentialEntry
+                .Builder(
+                    context = context,
+                    username = cipherView.login?.username
+                        ?: context.getString(BitwardenString.no_username),
+                    pendingIntent = intentManager
+                        .createPasswordGetCredentialPendingIntent(
+                            action = GET_PASSWORD_INTENT,
+                            userId = userId,
+                            cipherId = cipherView.id,
+                            isUserVerified = isUserVerified,
+                            requestCode = Random.nextInt(),
+                        ),
+                    beginGetPasswordOption = option,
+                )
+                .setDisplayName(cipherView.name)
+                .setAutoSelectAllowed(this.size == 1)
+                .setIcon(getCredentialEntryIcon())
+                .apply {
+                    if (!isUserVerified) {
+                        setBiometricPromptDataIfSupported(
+                            cipher = biometricsEncryptionManager
+                                .getOrCreateCipher(userId),
+                        )
+                    }
+                }
+                .build()
+        }
+
    // TODO: [PM-20176] Enable web icons in credential entries
    // Leave web icons disabled until CredentialManager TransactionTooLargeExceptions
    // are addressed. See https://issuetracker.google.com/issues/355141766 for details.
-    private fun getCredentialEntryIcon(isPasskey: Boolean): Icon = IconCompat
+    private fun getCredentialEntryIcon(
+        isPasskey: Boolean = false,
+    ): Icon = IconCompat
        .createWithResource(
            context,
-            if (isPasskey) {
-                R.drawable.ic_bw_passkey
-            } else {
-                R.drawable.ic_globe
+            when {
+                isPasskey -> BitwardenDrawable.ic_bw_passkey
+                else -> BitwardenDrawable.ic_globe
            },
        )
        .toIcon(context)
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/di/CredentialProviderModule.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/di/CredentialProviderModule.kt
@@ -23,6 +23,7 @@ import com.x8bit.bitwarden.data.credentials.repository.PrivilegedAppRepositoryIm
 import com.x8bit.bitwarden.data.platform.manager.AssetManager
 import com.x8bit.bitwarden.data.platform.manager.BiometricsEncryptionManager
 import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
+import com.x8bit.bitwarden.data.platform.manager.ciphermatching.CipherMatchingManager
 import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
 import com.x8bit.bitwarden.data.vault.repository.VaultRepository
 import com.x8bit.bitwarden.ui.platform.manager.intent.IntentManager
@@ -75,6 +76,7 @@ object CredentialProviderModule {
        vaultRepository: VaultRepository,
        dispatcherManager: DispatcherManager,
        credentialEntryBuilder: CredentialEntryBuilder,
+        cipherMatchingManager: CipherMatchingManager,
    ): BitwardenCredentialManager =
        BitwardenCredentialManagerImpl(
            vaultSdkSource = vaultSdkSource,
@@ -83,6 +85,7 @@ object CredentialProviderModule {
            vaultRepository = vaultRepository,
            dispatcherManager = dispatcherManager,
            credentialEntryBuilder = credentialEntryBuilder,
+            cipherMatchingManager = cipherMatchingManager,
        )

    @Provides
@@ -118,9 +121,13 @@ object CredentialProviderModule {
    @Singleton
    fun providePrivilegedAppRepository(
        privilegedAppDiskSource: PrivilegedAppDiskSource,
+        assetManager: AssetManager,
+        dispatcherManager: DispatcherManager,
        json: Json,
    ): PrivilegedAppRepository = PrivilegedAppRepositoryImpl(
        privilegedAppDiskSource = privilegedAppDiskSource,
+        assetManager = assetManager,
+        dispatcherManager = dispatcherManager,
        json = json,
    )

--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/manager/BitwardenCredentialManagerImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/manager/BitwardenCredentialManagerImpl.kt
@@ -3,6 +3,7 @@ package com.x8bit.bitwarden.data.credentials.manager
 import androidx.credentials.CreatePublicKeyCredentialRequest
 import androidx.credentials.GetPublicKeyCredentialOption
 import androidx.credentials.exceptions.GetCredentialUnknownException
+import androidx.credentials.provider.BeginGetPasswordOption
 import androidx.credentials.provider.BeginGetPublicKeyCredentialOption
 import androidx.credentials.provider.CallingAppInfo
 import androidx.credentials.provider.CredentialEntry
@@ -18,8 +19,12 @@ import com.bitwarden.fido.Origin
 import com.bitwarden.fido.UnverifiedAssetLink
 import com.bitwarden.sdk.Fido2CredentialStore
 import com.bitwarden.ui.platform.base.util.prefixHttpsIfNecessaryOrNull
+import com.bitwarden.ui.platform.base.util.toAndroidAppUriString
+import com.bitwarden.vault.CipherListView
 import com.bitwarden.vault.CipherView
+import com.x8bit.bitwarden.data.autofill.util.isActiveWithCopyablePassword
 import com.x8bit.bitwarden.data.autofill.util.isActiveWithFido2Credentials
+import com.x8bit.bitwarden.data.autofill.util.login
 import com.x8bit.bitwarden.data.credentials.builder.CredentialEntryBuilder
 import com.x8bit.bitwarden.data.credentials.model.Fido2CredentialAssertionResult
 import com.x8bit.bitwarden.data.credentials.model.Fido2RegisterCredentialResult
@@ -27,6 +32,7 @@ import com.x8bit.bitwarden.data.credentials.model.GetCredentialsRequest
 import com.x8bit.bitwarden.data.credentials.model.PasskeyAssertionOptions
 import com.x8bit.bitwarden.data.credentials.model.PasskeyAttestationOptions
 import com.x8bit.bitwarden.data.credentials.model.UserVerificationRequirement
+import com.x8bit.bitwarden.data.platform.manager.ciphermatching.CipherMatchingManager
 import com.x8bit.bitwarden.data.platform.util.getAppOrigin
 import com.x8bit.bitwarden.data.platform.util.getAppSigningSignatureFingerprint
 import com.x8bit.bitwarden.data.platform.util.getSignatureFingerprintAsHexString
@@ -35,8 +41,8 @@ import com.x8bit.bitwarden.data.vault.datasource.sdk.model.AuthenticateFido2Cred
 import com.x8bit.bitwarden.data.vault.datasource.sdk.model.RegisterFido2CredentialRequest
 import com.x8bit.bitwarden.data.vault.datasource.sdk.util.toAndroidAttestationResponse
 import com.x8bit.bitwarden.data.vault.datasource.sdk.util.toAndroidFido2PublicKeyCredential
+import com.x8bit.bitwarden.data.vault.manager.model.GetCipherResult
 import com.x8bit.bitwarden.data.vault.repository.VaultRepository
-import com.x8bit.bitwarden.data.vault.repository.model.DecryptFido2CredentialAutofillViewResult
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.flow.fold
 import kotlinx.coroutines.withContext
@@ -53,6 +59,7 @@ class BitwardenCredentialManagerImpl(
    private val credentialEntryBuilder: CredentialEntryBuilder,
    private val json: Json,
    private val vaultRepository: VaultRepository,
+    private val cipherMatchingManager: CipherMatchingManager,
    dispatcherManager: DispatcherManager,
 ) : BitwardenCredentialManager,
    Fido2CredentialStore by fido2CredentialStore {
@@ -168,30 +175,48 @@ class BitwardenCredentialManagerImpl(
    override suspend fun getCredentialEntries(
        getCredentialsRequest: GetCredentialsRequest,
    ): Result<List<CredentialEntry>> = withContext(ioScope.coroutineContext) {
-        val cipherViews = vaultRepository
-            .ciphersStateFlow
+        val cipherListViews = vaultRepository
+            .decryptCipherListResultStateFlow
            .takeUntilLoaded()
-            .fold(initial = emptyList<CipherView>()) { _, dataState ->
+            .fold(initial = emptyList<CipherListView>()) { _, dataState ->
                when (dataState) {
-                    is DataState.Loaded -> {
-                        dataState.data
-                    }
-
+                    is DataState.Loaded -> dataState.data.successes
                    else -> emptyList()
                }
            }
-            .filter { it.isActiveWithFido2Credentials }
-            .ifEmpty {
-                return@withContext emptyList<CredentialEntry>().asSuccess()
-            }
+            .filter { it.isActiveWithFido2Credentials || it.isActiveWithCopyablePassword }
+            .ifEmpty { return@withContext emptyList<CredentialEntry>().asSuccess() }

-        getCredentialsRequest
+        val passwordCredentialResult = getCredentialsRequest
+            .callingAppInfo
+            ?.packageName
+            ?.let { packageName ->
+                getCredentialsRequest
+                    .beginGetPasswordOptions
+                    .toPasswordCredentialEntries(
+                        userId = getCredentialsRequest.userId,
+                        cipherListViews = cipherMatchingManager.filterCiphersForMatches(
+                            cipherListViews = cipherListViews,
+                            matchUri = packageName.toAndroidAppUriString(),
+                        ),
+                    )
+            }
+            .orEmpty()
+
+        val passkeyCredentialResult = getCredentialsRequest
            .beginGetPublicKeyCredentialOptions
            .toPublicKeyCredentialEntries(
                userId = getCredentialsRequest.userId,
-                cipherViewsWithPublicKeyCredentials = cipherViews,
+                cipherListViews = cipherListViews
+                    .filter { it.isActiveWithFido2Credentials },
            )
            .onFailure { Timber.e(it, "Failed to get FIDO 2 credential entries.") }
+
+        if (passkeyCredentialResult.isFailure && passwordCredentialResult.isNotEmpty()) {
+            Result.success(passwordCredentialResult)
+        } else {
+            passkeyCredentialResult.map { it + passwordCredentialResult }
+        }
    }

    private fun getPasskeyAssertionOptionsOrNull(
@@ -200,8 +225,10 @@ class BitwardenCredentialManagerImpl(

    private suspend fun List<BeginGetPublicKeyCredentialOption>.toPublicKeyCredentialEntries(
        userId: String,
-        cipherViewsWithPublicKeyCredentials: List<CipherView>,
+        cipherListViews: List<CipherListView>,
    ): Result<List<CredentialEntry>> {
+        if (this.isEmpty()) return emptyList<CredentialEntry>().asSuccess()
+
        val relyingPartyIds = this
            .mapNotNull { getPasskeyAssertionOptionsOrNull(it.requestJson)?.relyingPartyId }
            .distinct()
@@ -209,27 +236,54 @@ class BitwardenCredentialManagerImpl(
                return GetCredentialUnknownException("Relying party id required.").asFailure()
            }

-        val decryptResult = vaultRepository
-            .getDecryptedFido2CredentialAutofillViews(cipherViewsWithPublicKeyCredentials)
-
-        return when (decryptResult) {
-            is DecryptFido2CredentialAutofillViewResult.Error -> {
-                GetCredentialUnknownException("Error decrypting credentials.").asFailure()
+        val cipherViews = cipherListViews
+            .filter { cipherListView ->
+                cipherListView.login
+                    ?.fido2Credentials
+                    .orEmpty()
+                    .any { credential -> credential.rpId in relyingPartyIds }
            }
+            .mapNotNull { cipherListView ->
+                when (val result = vaultRepository.getCipher(cipherListView.id.orEmpty())) {
+                    GetCipherResult.CipherNotFound -> {
+                        Timber.e("Cipher not found while building public key credential entries.")
+                        null
+                    }

-            is DecryptFido2CredentialAutofillViewResult.Success -> {
-                credentialEntryBuilder
-                    .buildPublicKeyCredentialEntries(
-                        userId = userId,
-                        fido2CredentialAutofillViews = decryptResult
-                            .fido2CredentialAutofillViews
-                            .filter { it.rpId in relyingPartyIds },
-                        beginGetPublicKeyCredentialOptions = this,
-                        isUserVerified = isUserVerified,
-                    )
-                    .asSuccess()
+                    is GetCipherResult.Failure -> {
+                        Timber.e(
+                            result.error,
+                            "Failed to decrypt cipher while building credential entries.",
+                        )
+                        null
+                    }
+
+                    is GetCipherResult.Success -> result.cipherView
+                }
            }
-        }
+            .toTypedArray()
+            .ifEmpty { return emptyList<CredentialEntry>().asSuccess() }
+
+        return vaultSdkSource
+            .decryptFido2CredentialAutofillViews(
+                userId = userId,
+                cipherViews = cipherViews,
+            )
+            .fold(
+                onSuccess = { fido2AutofillViews ->
+                    credentialEntryBuilder
+                        .buildPublicKeyCredentialEntries(
+                            userId = userId,
+                            fido2CredentialAutofillViews = fido2AutofillViews,
+                            beginGetPublicKeyCredentialOptions = this,
+                            isUserVerified = isUserVerified,
+                        )
+                        .asSuccess()
+                },
+                onFailure = {
+                    GetCredentialUnknownException("Error decrypting credentials.").asFailure()
+                },
+            )
    }

    private suspend fun registerFido2CredentialForUnprivilegedApp(
@@ -321,6 +375,21 @@ class BitwardenCredentialManagerImpl(
            },
        )

+    private fun List<BeginGetPasswordOption>.toPasswordCredentialEntries(
+        userId: String,
+        cipherListViews: List<CipherListView>,
+    ): List<CredentialEntry> {
+        if (this.isEmpty()) return emptyList()
+
+        return credentialEntryBuilder
+            .buildPasswordCredentialEntries(
+                userId = userId,
+                cipherListViews = cipherListViews,
+                beginGetPasswordCredentialOptions = this,
+                isUserVerified = isUserVerified,
+            )
+    }
+
    private fun getOriginUrlFromAssertionOptionsOrNull(requestJson: String) =
        getPasskeyAssertionOptionsOrNull(requestJson)
            ?.relyingPartyId
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/model/GetCredentialsRequest.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/model/GetCredentialsRequest.kt
@@ -2,6 +2,7 @@ package com.x8bit.bitwarden.data.credentials.model

 import android.os.Bundle
 import android.os.Parcelable
+import androidx.credentials.CredentialManager
 import androidx.credentials.provider.BeginGetCredentialRequest
 import androidx.credentials.provider.BeginGetPasswordOption
 import androidx.credentials.provider.BeginGetPublicKeyCredentialOption
@@ -10,7 +11,7 @@ import kotlinx.parcelize.IgnoredOnParcel
 import kotlinx.parcelize.Parcelize

 /**
- * Models a FIDO 2 request to retrieve FIDO credentials parsed from the launching intent.
+ * Models a [CredentialManager] request to retrieve credentials parsed from the launching intent.
 *
 * @param userId The ID of the user's vault to search.
 * @param requestData Provider request data in the form of a [Bundle].
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/model/PasskeyAttestationOptions.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/model/PasskeyAttestationOptions.kt
@@ -73,7 +73,7 @@ data class PasskeyAttestationOptions(
        @SerialName("type")
        val type: String,
        @SerialName("alg")
-        val alg: Long,
+        val alg: Double,
    )

    /**
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/model/ProviderGetPasswordCredentialRequest.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/model/ProviderGetPasswordCredentialRequest.kt
@@ -2,22 +2,51 @@ package com.x8bit.bitwarden.data.credentials.model

 import android.os.Bundle
 import android.os.Parcelable
+import androidx.credentials.CredentialOption
+import androidx.credentials.GetPasswordOption
+import androidx.credentials.provider.CallingAppInfo
 import androidx.credentials.provider.ProviderGetCredentialRequest
+import kotlinx.parcelize.IgnoredOnParcel
 import kotlinx.parcelize.Parcelize

 /**
- * A wrapper around [ProviderGetCredentialRequest] that includes additional information needed to
- * fulfill the request.
+ * Models a Password credential authentication request parsed from the launching intent.
 *
- * @param userId The ID of the user that owns the credential being requested.
- * @param cipherId The ID of the cipher containing the password to be retrieved.
- * @param isUserVerified Whether the user has been verified prior to this request.
- * @param requestData The original request data from the system.
+ * @property userId ID of the user requesting credential authentication.
+ * @property cipherId ID of the cipher to be authenticated against.
+ * @property isUserPreVerified Whether the user has already been verified by the OS biometric
+ * prompt.
+ * @property requestData Provider request data in the form of a [Bundle].
 */
@Parcelize
 data class ProviderGetPasswordCredentialRequest(
    val userId: String,
    val cipherId: String,
-    val isUserVerified: Boolean,
-    val requestData: Bundle,
-) : Parcelable
+    val isUserPreVerified: Boolean,
+    private val requestData: Bundle,
+) : Parcelable {
+
+    /**
+     * The [ProviderGetCredentialRequest] from the [requestData].
+     */
+    @IgnoredOnParcel
+    val providerRequest: ProviderGetCredentialRequest by lazy {
+        ProviderGetCredentialRequest.fromBundle(requestData)
+    }
+
+    /**
+     * The [CallingAppInfo] from the [providerRequest].
+     */
+    @IgnoredOnParcel
+    val callingAppInfo: CallingAppInfo by lazy { providerRequest.callingAppInfo }
+
+    /**
+     * The [CredentialOption] from the [providerRequest], or null if one is not found
+     * in the request options list.
+     */
+    @IgnoredOnParcel
+    val option: GetPasswordOption? by lazy {
+        providerRequest.credentialOptions
+            .firstNotNullOfOrNull { it as? GetPasswordOption }
+    }
+}
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/processor/CredentialProviderProcessorImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/processor/CredentialProviderProcessorImpl.kt
@@ -25,8 +25,9 @@ import androidx.credentials.provider.BeginGetCredentialResponse
 import androidx.credentials.provider.BiometricPromptData
 import androidx.credentials.provider.CreateEntry
 import androidx.credentials.provider.ProviderClearCredentialStateRequest
+import com.bitwarden.core.util.isBuildVersionAtLeast
 import com.bitwarden.data.manager.DispatcherManager
-import com.x8bit.bitwarden.R
+import com.bitwarden.ui.platform.resource.BitwardenString
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.auth.repository.model.UserState
 import com.x8bit.bitwarden.data.credentials.manager.BitwardenCredentialManager
@@ -34,7 +35,6 @@ import com.x8bit.bitwarden.data.credentials.model.GetCredentialsRequest
 import com.x8bit.bitwarden.data.platform.manager.BiometricsEncryptionManager
 import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
 import com.x8bit.bitwarden.data.platform.manager.model.FlagKey
-import com.x8bit.bitwarden.data.platform.util.isBuildVersionBelow
 import com.x8bit.bitwarden.ui.platform.manager.intent.IntentManager
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.launch
@@ -44,6 +44,7 @@ import javax.crypto.Cipher

 private const val CREATE_PASSKEY_INTENT = "com.x8bit.bitwarden.credentials.ACTION_CREATE_PASSKEY"
 const val GET_PASSKEY_INTENT = "com.x8bit.bitwarden.credentials.ACTION_GET_PASSKEY"
+const val GET_PASSWORD_INTENT = "com.x8bit.bitwarden.credentials.ACTION_GET_PASSWORD"
 const val UNLOCK_ACCOUNT_INTENT = "com.x8bit.bitwarden.credentials.ACTION_UNLOCK_ACCOUNT"

 /**
@@ -105,7 +106,7 @@ class CredentialProviderProcessorImpl(
        // Return an unlock action if the current account is locked.
        if (!userState.activeAccount.isVaultUnlocked) {
            val authenticationAction = AuthenticationAction(
-                title = context.getString(R.string.unlock),
+                title = context.getString(BitwardenString.unlock),
                pendingIntent = intentManager.createFido2UnlockPendingIntent(
                    action = UNLOCK_ACCOUNT_INTENT,
                    userId = userState.activeUserId,
@@ -192,7 +193,7 @@ class CredentialProviderProcessorImpl(
            )
            .setDescription(
                context.getString(
-                    R.string.your_passkey_will_be_saved_to_your_bitwarden_vault_for_x,
+                    BitwardenString.your_passkey_will_be_saved_to_your_bitwarden_vault_for_x,
                    accountName,
                ),
            )
@@ -214,7 +215,7 @@ class CredentialProviderProcessorImpl(
    private fun CreateEntry.Builder.setBiometricPromptDataIfSupported(
        cipher: Cipher,
    ): CreateEntry.Builder {
-        return if (isBuildVersionBelow(Build.VERSION_CODES.VANILLA_ICE_CREAM)) {
+        return if (!isBuildVersionAtLeast(Build.VERSION_CODES.VANILLA_ICE_CREAM)) {
            this
        } else {
            setBiometricPromptData(
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/repository/PrivilegedAppRepository.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/repository/PrivilegedAppRepository.kt
@@ -1,22 +1,49 @@
 package com.x8bit.bitwarden.data.credentials.repository

+import com.bitwarden.core.data.repository.model.DataState
 import com.x8bit.bitwarden.data.credentials.model.PrivilegedAppAllowListJson
-import kotlinx.coroutines.flow.Flow
+import com.x8bit.bitwarden.data.credentials.repository.model.PrivilegedAppData
+import kotlinx.coroutines.flow.StateFlow

 /**
 * Repository for managing privileged apps trusted by the user.
 */
 interface PrivilegedAppRepository {

+    /**
+     * Flow that represents the trusted privileged apps data.
+     */
+    val trustedAppDataStateFlow: StateFlow<DataState<PrivilegedAppData>>
+
    /**
     * Flow of the user's trusted privileged apps.
     */
-    val userTrustedPrivilegedAppsFlow: Flow<PrivilegedAppAllowListJson>
+    val userTrustedAppsFlow: StateFlow<DataState<PrivilegedAppAllowListJson>>
+
+    /**
+     * Flow of the Google's trusted privileged apps.
+     */
+    val googleTrustedPrivilegedAppsFlow: StateFlow<DataState<PrivilegedAppAllowListJson>>
+
+    /**
+     * Flow of the community's trusted privileged apps.
+     */
+    val communityTrustedAppsFlow: StateFlow<DataState<PrivilegedAppAllowListJson>>

    /**
     * List the user's trusted privileged apps.
     */
-    suspend fun getAllUserTrustedPrivilegedApps(): PrivilegedAppAllowListJson
+    suspend fun getUserTrustedPrivilegedAppsOrNull(): PrivilegedAppAllowListJson?
+
+    /**
+     * List Google's trusted privileged apps.
+     */
+    suspend fun getGoogleTrustedPrivilegedAppsOrNull(): PrivilegedAppAllowListJson?
+
+    /**
+     * List community's trusted privileged apps.
+     */
+    suspend fun getCommunityTrustedPrivilegedAppsOrNull(): PrivilegedAppAllowListJson?

    /**
     * Returns true if the given [packageName] and [signature] are trusted.
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/repository/PrivilegedAppRepositoryImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/repository/PrivilegedAppRepositoryImpl.kt
@@ -1,12 +1,35 @@
 package com.x8bit.bitwarden.data.credentials.repository

+import com.bitwarden.core.data.repository.model.DataState
+import com.bitwarden.core.data.repository.util.combineDataStates
+import com.bitwarden.core.data.util.decodeFromStringOrNull
+import com.bitwarden.data.manager.DispatcherManager
 import com.x8bit.bitwarden.data.credentials.datasource.disk.PrivilegedAppDiskSource
 import com.x8bit.bitwarden.data.credentials.datasource.disk.entity.PrivilegedAppEntity
 import com.x8bit.bitwarden.data.credentials.model.PrivilegedAppAllowListJson
-import kotlinx.coroutines.flow.Flow
+import com.x8bit.bitwarden.data.credentials.repository.model.PrivilegedAppData
+import com.x8bit.bitwarden.data.platform.manager.AssetManager
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.flow.SharingStarted
+import kotlinx.coroutines.flow.StateFlow
+import kotlinx.coroutines.flow.asStateFlow
+import kotlinx.coroutines.flow.combine
+import kotlinx.coroutines.flow.launchIn
 import kotlinx.coroutines.flow.map
+import kotlinx.coroutines.flow.onEach
+import kotlinx.coroutines.flow.stateIn
+import kotlinx.coroutines.launch
+import kotlinx.coroutines.withContext
 import kotlinx.serialization.json.Json

+/**
+ * A "stop timeout delay" in milliseconds used to let a shared coroutine continue to run for the
+ * specified period of time after it no longer has subscribers.
+ */
+private const val STOP_TIMEOUT_DELAY_MS: Long = 1000L
+private const val GOOGLE_ALLOW_LIST_FILE_NAME = "fido2_privileged_google.json"
+private const val COMMUNITY_ALLOW_LIST_FILE_NAME = "fido2_privileged_community.json"
 private const val ANDROID_TYPE = "android"
 private const val RELEASE_BUILD = "release"

@@ -15,17 +38,102 @@ private const val RELEASE_BUILD = "release"
 */
 class PrivilegedAppRepositoryImpl(
    private val privilegedAppDiskSource: PrivilegedAppDiskSource,
+    private val assetManager: AssetManager,
+    dispatcherManager: DispatcherManager,
    private val json: Json,
 ) : PrivilegedAppRepository {

-    override val userTrustedPrivilegedAppsFlow: Flow<PrivilegedAppAllowListJson> =
-        privilegedAppDiskSource.userTrustedPrivilegedAppsFlow
-            .map { it.toPrivilegedAppAllowListJson() }
+    private val unconfinedScope = CoroutineScope(dispatcherManager.unconfined)
+    private val ioScope = CoroutineScope(dispatcherManager.io)

-    override suspend fun getAllUserTrustedPrivilegedApps(): PrivilegedAppAllowListJson =
-        privilegedAppDiskSource.getAllUserTrustedPrivilegedApps()
+    private val mutableUserTrustedAppsFlow =
+        MutableStateFlow<DataState<PrivilegedAppAllowListJson>>(DataState.Loading)
+    private val mutableGoogleTrustedAppsFlow =
+        MutableStateFlow<DataState<PrivilegedAppAllowListJson>>(DataState.Loading)
+    private val mutableCommunityTrustedPrivilegedAppsFlow =
+        MutableStateFlow<DataState<PrivilegedAppAllowListJson>>(DataState.Loading)
+
+    override val trustedAppDataStateFlow: StateFlow<DataState<PrivilegedAppData>> =
+        combine(
+            userTrustedAppsFlow,
+            googleTrustedPrivilegedAppsFlow,
+            communityTrustedAppsFlow,
+        ) { userAppsState, googleAppsState, communityAppsState ->
+            combineDataStates(
+                userAppsState,
+                googleAppsState,
+                communityAppsState,
+            ) { userApps, googleApps, communityApps ->
+                PrivilegedAppData(
+                    googleTrustedApps = googleApps,
+                    communityTrustedApps = communityApps,
+                    userTrustedApps = userApps,
+                )
+            }
+        }
+            .stateIn(
+                scope = unconfinedScope,
+                started = SharingStarted.WhileSubscribed(stopTimeoutMillis = STOP_TIMEOUT_DELAY_MS),
+                initialValue = DataState.Loading,
+            )
+
+    override val userTrustedAppsFlow: StateFlow<DataState<PrivilegedAppAllowListJson>>
+        get() = mutableUserTrustedAppsFlow.asStateFlow()
+
+    override val googleTrustedPrivilegedAppsFlow: StateFlow<DataState<PrivilegedAppAllowListJson>>
+        get() = mutableGoogleTrustedAppsFlow.asStateFlow()
+
+    override val communityTrustedAppsFlow: StateFlow<DataState<PrivilegedAppAllowListJson>>
+        get() = mutableCommunityTrustedPrivilegedAppsFlow.asStateFlow()
+
+    init {
+        ioScope.launch {
+            mutableGoogleTrustedAppsFlow.value = assetManager
+                .readAsset(fileName = GOOGLE_ALLOW_LIST_FILE_NAME)
+                .map { json.decodeFromString<PrivilegedAppAllowListJson>(it) }
+                .fold(
+                    onSuccess = { DataState.Loaded(it) },
+                    onFailure = { DataState.Error(it) },
+                )
+
+            mutableCommunityTrustedPrivilegedAppsFlow.value = assetManager
+                .readAsset(fileName = COMMUNITY_ALLOW_LIST_FILE_NAME)
+                .map { json.decodeFromString<PrivilegedAppAllowListJson>(it) }
+                .fold(
+                    onSuccess = { DataState.Loaded(it) },
+                    onFailure = { DataState.Error(it) },
+                )
+        }
+
+        privilegedAppDiskSource
+            .userTrustedPrivilegedAppsFlow
+            .map { DataState.Loaded(it.toPrivilegedAppAllowListJson()) }
+            .onEach { mutableUserTrustedAppsFlow.value = it }
+            .launchIn(ioScope)
+    }
+
+    override suspend fun getUserTrustedPrivilegedAppsOrNull(): PrivilegedAppAllowListJson =
+        privilegedAppDiskSource
+            .getAllUserTrustedPrivilegedApps()
            .toPrivilegedAppAllowListJson()

+    override suspend fun getGoogleTrustedPrivilegedAppsOrNull(): PrivilegedAppAllowListJson? =
+        withContext(ioScope.coroutineContext) {
+            assetManager
+                .readAsset(fileName = GOOGLE_ALLOW_LIST_FILE_NAME)
+                .map { json.decodeFromStringOrNull<PrivilegedAppAllowListJson>(it) }
+                .getOrNull()
+        }
+
+    override suspend fun getCommunityTrustedPrivilegedAppsOrNull(): PrivilegedAppAllowListJson? {
+        return withContext(ioScope.coroutineContext) {
+            assetManager
+                .readAsset(fileName = COMMUNITY_ALLOW_LIST_FILE_NAME)
+                .map { json.decodeFromStringOrNull<PrivilegedAppAllowListJson>(it) }
+                .getOrNull()
+        }
+    }
+
    override suspend fun isPrivilegedAppAllowed(
        packageName: String,
        signature: String,
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/repository/model/PrivilegedAppData.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/repository/model/PrivilegedAppData.kt
@@ -0,0 +1,12 @@
+package com.x8bit.bitwarden.data.credentials.repository.model
+
+import com.x8bit.bitwarden.data.credentials.model.PrivilegedAppAllowListJson
+
+/**
+ * Represents privileged applications that are trusted by various sources.
+ */
+data class PrivilegedAppData(
+    val googleTrustedApps: PrivilegedAppAllowListJson,
+    val communityTrustedApps: PrivilegedAppAllowListJson,
+    val userTrustedApps: PrivilegedAppAllowListJson,
+)
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/util/PublicKeyCredentialEntryBuilderExtensions.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/util/PublicKeyCredentialEntryBuilderExtensions.kt
@@ -3,9 +3,10 @@
 package com.x8bit.bitwarden.data.credentials.util

 import android.os.Build
+import androidx.credentials.provider.PasswordCredentialEntry
 import androidx.credentials.provider.PublicKeyCredentialEntry
 import com.bitwarden.annotation.OmitFromCoverage
-import com.x8bit.bitwarden.data.platform.util.isBuildVersionBelow
+import com.bitwarden.core.util.isBuildVersionAtLeast
 import javax.crypto.Cipher

 /**
@@ -15,7 +16,7 @@ fun PublicKeyCredentialEntry.Builder.setBiometricPromptDataIfSupported(
    cipher: Cipher?,
    isSingleTapAuthEnabled: Boolean,
 ): PublicKeyCredentialEntry.Builder =
-    if (!isBuildVersionBelow(Build.VERSION_CODES.VANILLA_ICE_CREAM) &&
+    if (isBuildVersionAtLeast(Build.VERSION_CODES.VANILLA_ICE_CREAM) &&
        cipher != null &&
        isSingleTapAuthEnabled
    ) {
@@ -25,3 +26,17 @@ fun PublicKeyCredentialEntry.Builder.setBiometricPromptDataIfSupported(
    } else {
        this
    }
+
+/**
+ * Sets the biometric prompt data on the [PasswordCredentialEntry.Builder] if supported.
+ */
+fun PasswordCredentialEntry.Builder.setBiometricPromptDataIfSupported(
+    cipher: Cipher?,
+): PasswordCredentialEntry.Builder =
+    if (isBuildVersionAtLeast(Build.VERSION_CODES.VANILLA_ICE_CREAM) && cipher != null) {
+        setBiometricPromptData(
+            biometricPromptData = buildPromptDataWithCipher(cipher),
+        )
+    } else {
+        this
+    }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/util/CredentialProviderIntentUtils.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/util/CredentialProviderIntentUtils.kt
@@ -7,10 +7,11 @@ import androidx.credentials.provider.BeginGetCredentialRequest
 import androidx.credentials.provider.PendingIntentHandler
 import androidx.credentials.provider.ProviderCreateCredentialRequest
 import androidx.credentials.provider.ProviderGetCredentialRequest
+import com.bitwarden.core.util.isBuildVersionAtLeast
 import com.x8bit.bitwarden.data.credentials.model.CreateCredentialRequest
 import com.x8bit.bitwarden.data.credentials.model.Fido2CredentialAssertionRequest
 import com.x8bit.bitwarden.data.credentials.model.GetCredentialsRequest
-import com.x8bit.bitwarden.data.platform.util.isBuildVersionBelow
+import com.x8bit.bitwarden.data.credentials.model.ProviderGetPasswordCredentialRequest
 import com.x8bit.bitwarden.ui.platform.manager.intent.EXTRA_KEY_CIPHER_ID
 import com.x8bit.bitwarden.ui.platform.manager.intent.EXTRA_KEY_CREDENTIAL_ID
 import com.x8bit.bitwarden.ui.platform.manager.intent.EXTRA_KEY_USER_ID
@@ -21,7 +22,7 @@ import com.x8bit.bitwarden.ui.platform.manager.intent.EXTRA_KEY_UV_PERFORMED_DUR
 * [CredentialManager] creation process.
 */
 fun Intent.getCreateCredentialRequestOrNull(): CreateCredentialRequest? {
-    if (isBuildVersionBelow(Build.VERSION_CODES.UPSIDE_DOWN_CAKE)) return null
+    if (!isBuildVersionAtLeast(Build.VERSION_CODES.UPSIDE_DOWN_CAKE)) return null

    val systemRequest = PendingIntentHandler.retrieveProviderCreateCredentialRequest(this)
        ?: return null
@@ -48,7 +49,7 @@ fun Intent.getCreateCredentialRequestOrNull(): CreateCredentialRequest? {
 * credential authentication process.
 */
 fun Intent.getFido2AssertionRequestOrNull(): Fido2CredentialAssertionRequest? {
-    if (isBuildVersionBelow(Build.VERSION_CODES.UPSIDE_DOWN_CAKE)) return null
+    if (!isBuildVersionAtLeast(Build.VERSION_CODES.UPSIDE_DOWN_CAKE)) return null

    val systemRequest = PendingIntentHandler
        .retrieveProviderGetCredentialRequest(this)
@@ -79,12 +80,44 @@ fun Intent.getFido2AssertionRequestOrNull(): Fido2CredentialAssertionRequest? {
    )
 }

+/**
+ * Checks if this [Intent] contains a [ProviderGetPasswordCredentialRequest] related to an
+ * ongoing password credential GetPassword process.
+ */
+fun Intent.getProviderGetPasswordRequestOrNull(): ProviderGetPasswordCredentialRequest? {
+    if (!isBuildVersionAtLeast(Build.VERSION_CODES.UPSIDE_DOWN_CAKE)) return null
+
+    val systemRequest = PendingIntentHandler
+        .retrieveProviderGetCredentialRequest(this)
+        ?: return null
+
+    val cipherId = getStringExtra(EXTRA_KEY_CIPHER_ID)
+        ?: return null
+
+    val userId: String = getStringExtra(EXTRA_KEY_USER_ID)
+        ?: return null
+
+    // Extract the OS biometric prompt result from the request data because it is not included in
+    // the bundle returned by `ProviderGetCredentialRequest.asBundle()`.
+    val isUserPreVerified = systemRequest
+        .biometricPromptResult
+        ?.isSuccessful
+        ?: getBooleanExtra(EXTRA_KEY_UV_PERFORMED_DURING_UNLOCK, false)
+
+    return ProviderGetPasswordCredentialRequest(
+        userId = userId,
+        cipherId = cipherId,
+        isUserPreVerified = isUserPreVerified,
+        requestData = ProviderGetCredentialRequest.asBundle(systemRequest),
+    )
+}
+
 /**
 * Checks if this [Intent] contains a [GetCredentialsRequest] related to an ongoing
 * [CredentialManager] credential lookup process.
 */
 fun Intent.getGetCredentialsRequestOrNull(): GetCredentialsRequest? {
-    if (isBuildVersionBelow(Build.VERSION_CODES.UPSIDE_DOWN_CAKE)) return null
+    if (!isBuildVersionAtLeast(Build.VERSION_CODES.UPSIDE_DOWN_CAKE)) return null

    val systemRequest = PendingIntentHandler
        .retrieveBeginGetCredentialRequest(this)
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/PushDiskSourceImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/PushDiskSourceImpl.kt
@@ -1,9 +1,9 @@
 package com.x8bit.bitwarden.data.platform.datasource.disk

 import android.content.SharedPreferences
+import com.bitwarden.core.util.getBinaryLongFromZoneDateTime
+import com.bitwarden.core.util.getZoneDateTimeFromBinaryLong
 import com.bitwarden.data.datasource.disk.BaseDiskSource
-import com.x8bit.bitwarden.data.platform.util.getBinaryLongFromZoneDateTime
-import com.x8bit.bitwarden.data.platform.util.getZoneDateTimeFromBinaryLong
 import java.time.ZonedDateTime

 private const val CURRENT_PUSH_TOKEN_KEY = "pushCurrentToken"
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/SettingsDiskSourceImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/SettingsDiskSourceImpl.kt
@@ -93,7 +93,7 @@ class SettingsDiskSourceImpl(

    private val mutableHasSeenGeneratorCoachMarkFlow = bufferedMutableSharedFlow<Boolean?>()

-    private val mutableScreenCaptureAllowedFlow = MutableSharedFlow<Boolean?>()
+    private val mutableScreenCaptureAllowedFlow = bufferedMutableSharedFlow<Boolean?>()

    private val mutableVaultRegisteredForExportFlow =
        mutableMapOf<String, MutableSharedFlow<Boolean?>>()
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/model/MutualTlsCertificate.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/model/MutualTlsCertificate.kt
@@ -17,12 +17,6 @@ data class MutualTlsCertificate(
    val leafCertificate: X509Certificate?
        get() = certificateChain.lastOrNull()

-    /**
-     * Root certificate of the chain.
-     */
-    val rootCertificate: X509Certificate?
-        get() = certificateChain.firstOrNull()
-
    override fun toString(): String = leafCertificate
        ?.let {
            buildString {
@@ -32,5 +26,5 @@ data class MutualTlsCertificate(
                appendLine("Valid Until: ${it.notAfter}")
            }
        }
-        ?: ""
+        .orEmpty()
 }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/BiometricsEncryptionManagerImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/BiometricsEncryptionManagerImpl.kt
@@ -7,6 +7,7 @@ import com.bitwarden.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.BuildConfig
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.platform.datasource.disk.SettingsDiskSource
+import timber.log.Timber
 import java.security.InvalidAlgorithmParameterException
 import java.security.InvalidKeyException
 import java.security.KeyStore
@@ -45,9 +46,11 @@ class BiometricsEncryptionManagerImpl(
            }
        val cipher = try {
            Cipher.getInstance(CIPHER_TRANSFORMATION)
-        } catch (_: NoSuchAlgorithmException) {
+        } catch (nsae: NoSuchAlgorithmException) {
+            Timber.w(nsae, "createCipherOrNull failed to get cipher instance")
            return null
-        } catch (_: NoSuchPaddingException) {
+        } catch (nspe: NoSuchPaddingException) {
+            Timber.w(nspe, "createCipherOrNull failed to get cipher instance")
            return null
        }
        // Instantiate integrity values.
@@ -124,20 +127,25 @@ class BiometricsEncryptionManagerImpl(
    private fun generateKeyOrNull(userId: String): SecretKey? {
        val keyGen = try {
            KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, ENCRYPTION_KEYSTORE_NAME)
-        } catch (_: NoSuchAlgorithmException) {
+        } catch (nsae: NoSuchAlgorithmException) {
+            Timber.w(nsae, "generateKeyOrNull failed to get key generator instance")
            return null
-        } catch (_: NoSuchProviderException) {
+        } catch (nspe: NoSuchProviderException) {
+            Timber.w(nspe, "generateKeyOrNull failed to get key generator instance")
            return null
-        } catch (_: IllegalArgumentException) {
+        } catch (iae: IllegalArgumentException) {
+            Timber.w(iae, "generateKeyOrNull failed to get key generator instance")
            return null
        }

        return try {
            keyGen.init(getKeyGenParameterSpec(userId = userId))
            keyGen.generateKey()
-        } catch (_: InvalidAlgorithmParameterException) {
+        } catch (iape: InvalidAlgorithmParameterException) {
+            Timber.w(iape, "generateKeyOrNull failed to initialize and generate key")
            null
-        } catch (_: ProviderException) {
+        } catch (pe: ProviderException) {
+            Timber.w(pe, "generateKeyOrNull failed to initialize and generate key")
            null
        }
    }
@@ -150,14 +158,17 @@ class BiometricsEncryptionManagerImpl(
            keystore
                .getKey(encryptionKeyName(userId = userId), null)
                ?.let { it as SecretKey }
-        } catch (_: KeyStoreException) {
+        } catch (kse: KeyStoreException) {
            // keystore was not loaded
+            Timber.w(kse, "getSecretKeyOrNull failed to retrieve secret key")
            null
-        } catch (_: NoSuchAlgorithmException) {
+        } catch (nsae: NoSuchAlgorithmException) {
            // keystore algorithm cannot be found
+            Timber.w(nsae, "getSecretKeyOrNull failed to retrieve secret key")
            null
-        } catch (_: UnrecoverableKeyException) {
+        } catch (uke: UnrecoverableKeyException) {
            // key could not be recovered
+            Timber.w(uke, "getSecretKeyOrNull failed to retrieve secret key")
            null
        }

@@ -174,16 +185,19 @@ class BiometricsEncryptionManagerImpl(
                ?.let { init(Cipher.DECRYPT_MODE, secretKey, IvParameterSpec(it)) }
                ?: init(Cipher.ENCRYPT_MODE, secretKey)
            true
-        } catch (_: KeyPermanentlyInvalidatedException) {
+        } catch (kpie: KeyPermanentlyInvalidatedException) {
            // Biometric has changed
+            Timber.w(kpie, "initializeCipher failed to initialize cipher")
            destroyBiometrics(userId = userId)
            false
-        } catch (_: UnrecoverableKeyException) {
+        } catch (uke: UnrecoverableKeyException) {
            // Biometric was disabled and re-enabled
+            Timber.w(uke, "initializeCipher failed to initialize cipher")
            destroyBiometrics(userId = userId)
            false
-        } catch (_: InvalidKeyException) {
+        } catch (ike: InvalidKeyException) {
            // User has no key
+            Timber.w(ike, "initializeCipher failed to initialize cipher")
            destroyBiometrics(userId = userId)
            true
        }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/FirstTimeActionManagerImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/FirstTimeActionManagerImpl.kt
@@ -7,7 +7,6 @@ import com.x8bit.bitwarden.data.autofill.manager.AutofillEnabledManager
 import com.x8bit.bitwarden.data.platform.datasource.disk.SettingsDiskSource
 import com.x8bit.bitwarden.data.platform.manager.model.CoachMarkTourType
 import com.x8bit.bitwarden.data.platform.manager.model.FirstTimeState
-import com.x8bit.bitwarden.data.platform.manager.model.FlagKey
 import com.x8bit.bitwarden.data.vault.datasource.disk.VaultDiskSource
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.ExperimentalCoroutinesApi
@@ -31,7 +30,6 @@ class FirstTimeActionManagerImpl @Inject constructor(
    private val authDiskSource: AuthDiskSource,
    private val settingsDiskSource: SettingsDiskSource,
    private val vaultDiskSource: VaultDiskSource,
-    private val featureFlagManager: FeatureFlagManager,
    private val autofillEnabledManager: AutofillEnabledManager,
 ) : FirstTimeActionManager {

@@ -101,16 +99,9 @@ class FirstTimeActionManagerImpl @Inject constructor(
            .activeUserIdChangesFlow
            .filterNotNull()
            .flatMapLatest {
-                combine(
-                    getShowImportLoginsSettingBadgeFlowInternal(userId = it),
-                    featureFlagManager.getFeatureFlagFlow(FlagKey.ImportLoginsFlow),
-                ) { showImportLogins, importLoginsEnabled ->
-                    val shouldShowImportLoginsSettings = showImportLogins && importLoginsEnabled
-                    listOf(shouldShowImportLoginsSettings)
-                }
-                    .map { list ->
-                        list.count { showImportLogins -> showImportLogins }
-                    }
+                getShowImportLoginsSettingBadgeFlowInternal(userId = it)
+                    .map { showImportLogins -> listOf(showImportLogins) }
+                    .map { list -> list.count { showImportLogins -> showImportLogins } }
            }
            .stateIn(
                scope = unconfinedScope,
@@ -246,7 +237,7 @@ class FirstTimeActionManagerImpl @Inject constructor(
        return authDiskSource
            .getShowImportLoginsFlow(userId)
            .combine(
-                vaultDiskSource.getCiphers(userId),
+                vaultDiskSource.getCiphersFlow(userId),
            ) { showImportLogins, ciphers ->
                showImportLogins ?: true && ciphers.isEmpty()
            }
@@ -260,7 +251,7 @@ class FirstTimeActionManagerImpl @Inject constructor(
        return settingsDiskSource
            .getShowImportLoginsSettingBadgeFlow(userId)
            .combine(
-                vaultDiskSource.getCiphers(userId),
+                vaultDiskSource.getCiphersFlow(userId),
            ) { showImportLogins, ciphers ->
                showImportLogins ?: false && ciphers.isEmpty()
            }
@@ -297,7 +288,7 @@ class FirstTimeActionManagerImpl @Inject constructor(
            .flatMapLatest { activeUserId ->
                combine(
                    flow = this,
-                    flow2 = vaultDiskSource.getCiphers(activeUserId),
+                    flow2 = vaultDiskSource.getCiphersFlow(activeUserId),
                ) { receiverCurrentValue, ciphers ->
                    receiverCurrentValue && ciphers.none {
                        it.login != null && it.organizationId == null
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/PushManagerImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/PushManagerImpl.kt
@@ -30,8 +30,15 @@ import kotlinx.serialization.json.Json
 import java.time.Clock
 import java.time.ZoneOffset
 import java.time.ZonedDateTime
-import java.time.temporal.ChronoUnit
 import javax.inject.Inject
+import kotlin.time.Duration
+import kotlin.time.Duration.Companion.days
+import kotlin.time.toJavaDuration
+
+/**
+ * The amount of time to delay before updating the push token against Bitwarden server.
+ */
+private val PUSH_TOKEN_UPDATE_DELAY: Duration = 7.days

 /**
 * Primary implementation of [PushManager].
@@ -279,11 +286,6 @@ class PushManagerImpl @Inject constructor(
        val userId = activeUserId ?: return
        if (!isLoggedIn(userId)) return

-        // If the last registered token is from less than a day before, skip this for now
-        val lastRegistration = pushDiskSource.getLastPushTokenRegistrationDate(userId)?.toInstant()
-        val dayBefore = clock.instant().minus(1, ChronoUnit.DAYS)
-        if (lastRegistration?.isAfter(dayBefore) == true) return
-
        ioScope.launch {
            pushDiskSource.registeredPushToken?.let {
                registerPushTokenIfNecessaryInternal(
@@ -296,14 +298,11 @@ class PushManagerImpl @Inject constructor(

    private suspend fun registerPushTokenIfNecessaryInternal(userId: String, token: String) {
        val currentToken = pushDiskSource.getCurrentPushToken(userId)
-
        if (token == currentToken) {
-            // Our token is up-to-date, so just update the last registration date
-            pushDiskSource.storeLastPushTokenRegistrationDate(
-                userId = userId,
-                registrationDate = ZonedDateTime.ofInstant(clock.instant(), ZoneOffset.UTC),
-            )
-            return
+            val lastRegistration =
+                pushDiskSource.getLastPushTokenRegistrationDate(userId)?.toInstant() ?: return
+            val updateTime = clock.instant().minus(PUSH_TOKEN_UPDATE_DELAY.toJavaDuration())
+            if (updateTime.isBefore(lastRegistration)) return
        }

        pushService
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/SdkClientManagerImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/SdkClientManagerImpl.kt
@@ -1,18 +1,25 @@
 package com.x8bit.bitwarden.data.platform.manager

 import android.os.Build
+import com.bitwarden.core.util.isBuildVersionAtLeast
 import com.bitwarden.sdk.Client
-import com.x8bit.bitwarden.data.platform.util.isBuildVersionBelow
+import com.x8bit.bitwarden.data.platform.manager.sdk.SdkRepositoryFactory

 /**
 * Primary implementation of [SdkClientManager].
 */
 class SdkClientManagerImpl(
-    private val featureFlagManager: FeatureFlagManager,
    nativeLibraryManager: NativeLibraryManager,
-    private val clientProvider: suspend () -> Client = {
+    sdkRepoFactory: SdkRepositoryFactory,
+    private val featureFlagManager: FeatureFlagManager,
+    private val clientProvider: suspend (userId: String?) -> Client = { userId ->
        Client(settings = null).apply {
            platform().loadFlags(featureFlagManager.sdkFeatureFlags)
+            userId?.let {
+                platform().state().apply {
+                    registerCipherRepository(sdkRepoFactory.getCipherRepository(userId = it))
+                }
+            }
        }
    },
 ) : SdkClientManager {
@@ -22,14 +29,14 @@ class SdkClientManagerImpl(
        // The SDK requires access to Android APIs that were not made public until API 31. In order
        // to work around this limitation the SDK must be manually loaded prior to initializing any
        // [Client] instance.
-        if (isBuildVersionBelow(Build.VERSION_CODES.S)) {
+        if (!isBuildVersionAtLeast(Build.VERSION_CODES.S)) {
            nativeLibraryManager.loadLibrary("bitwarden_uniffi")
        }
    }

    override suspend fun getOrCreateClient(
        userId: String?,
-    ): Client = userIdToClientMap.getOrPut(key = userId) { clientProvider() }
+    ): Client = userIdToClientMap.getOrPut(key = userId) { clientProvider(userId) }

    override fun destroyClient(
        userId: String?,
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/ciphermatching/CipherMatchingManager.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/ciphermatching/CipherMatchingManager.kt
@@ -1,16 +1,16 @@
 package com.x8bit.bitwarden.data.platform.manager.ciphermatching

-import com.bitwarden.vault.CipherView
+import com.bitwarden.vault.CipherListView

 /**
 * A manager for matching ciphers based on special criteria.
 */
 interface CipherMatchingManager {
    /**
-     * Filter [ciphers] for entries that match the [matchUri] in some fashion.
+     * Filter [cipherListViews] for entries that match the [matchUri] in some fashion.
     */
    suspend fun filterCiphersForMatches(
-        ciphers: List<CipherView>,
+        cipherListViews: List<CipherListView>,
        matchUri: String,
-    ): List<CipherView>
+    ): List<CipherListView>
 }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/ciphermatching/CipherMatchingManagerImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/ciphermatching/CipherMatchingManagerImpl.kt
@@ -1,8 +1,9 @@
 package com.x8bit.bitwarden.data.platform.manager.ciphermatching

-import com.bitwarden.vault.CipherView
+import com.bitwarden.vault.CipherListView
 import com.bitwarden.vault.LoginUriView
 import com.bitwarden.vault.UriMatchType
+import com.x8bit.bitwarden.data.autofill.util.login
 import com.x8bit.bitwarden.data.platform.manager.ResourceCacheManager
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
 import com.x8bit.bitwarden.data.platform.util.firstWithTimeoutOrNull
@@ -33,9 +34,9 @@ class CipherMatchingManagerImpl(
    private val vaultRepository: VaultRepository,
 ) : CipherMatchingManager {
    override suspend fun filterCiphersForMatches(
-        ciphers: List<CipherView>,
+        cipherListViews: List<CipherListView>,
        matchUri: String,
-    ): List<CipherView> {
+    ): List<CipherListView> {
        val equivalentDomainsData = vaultRepository
            .domainsStateFlow
            .mapNotNull { it.data }
@@ -58,14 +59,14 @@ class CipherMatchingManagerImpl(
            matchUri = matchUri,
        )

-        val exactMatchingCiphers = mutableListOf<CipherView>()
-        val fuzzyMatchingCiphers = mutableListOf<CipherView>()
+        val exactMatchingCiphers = mutableListOf<CipherListView>()
+        val fuzzyMatchingCiphers = mutableListOf<CipherListView>()

-        ciphers
-            .forEach { cipherView ->
+        cipherListViews
+            .forEach { cipherListView ->
                val matchResult = checkForCipherMatch(
                    resourceCacheManager = resourceCacheManager,
-                    cipherView = cipherView,
+                    cipherListView = cipherListView,
                    defaultUriMatchType = defaultUriMatchType,
                    isAndroidApp = isAndroidApp,
                    matchUri = matchUri,
@@ -73,8 +74,8 @@ class CipherMatchingManagerImpl(
                )

                when (matchResult) {
-                    MatchResult.EXACT -> exactMatchingCiphers.add(cipherView)
-                    MatchResult.FUZZY -> fuzzyMatchingCiphers.add(cipherView)
+                    MatchResult.EXACT -> exactMatchingCiphers.add(cipherListView)
+                    MatchResult.FUZZY -> fuzzyMatchingCiphers.add(cipherListView)
                    MatchResult.NONE -> Unit
                }
            }
@@ -135,10 +136,10 @@ private fun getMatchingDomains(
 }

 /**
- * Check to see if [cipherView] matches [matchUri] in some way. The returned [MatchResult] will
+ * Check to see if [cipherListView] matches [matchUri] in some way. The returned [MatchResult] will
 * provide details on the match quality.
 *
- * @param cipherView The cipher to be judged for a match.
+ * @param cipherListView The cipher to be judged for a match.
 * @param resourceCacheManager The [ResourceCacheManager] for fetching cached resources.
 * @param defaultUriMatchType The global default [UriMatchType].
 * @param isAndroidApp Whether or not the [matchUri] belongs to an Android app.
@@ -148,13 +149,13 @@ private fun getMatchingDomains(
@Suppress("LongParameterList")
 private fun checkForCipherMatch(
    resourceCacheManager: ResourceCacheManager,
-    cipherView: CipherView,
+    cipherListView: CipherListView,
    defaultUriMatchType: UriMatchType,
    isAndroidApp: Boolean,
    matchingDomains: MatchingDomains,
    matchUri: String,
 ): MatchResult {
-    val matchResults = cipherView
+    val matchResults = cipherListView
        .login
        ?.uris
        ?.map { loginUriView ->
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/clipboard/BitwardenClipboardManagerImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/clipboard/BitwardenClipboardManagerImpl.kt
@@ -1,10 +1,10 @@
 package com.x8bit.bitwarden.data.platform.manager.clipboard

 import android.content.ClipData
+import android.content.ClipDescription
 import android.content.ClipboardManager
 import android.content.Context
 import android.os.Build
-import android.widget.Toast
 import androidx.compose.ui.text.AnnotatedString
 import androidx.core.content.getSystemService
 import androidx.core.os.persistableBundleOf
@@ -12,9 +12,11 @@ import androidx.work.ExistingWorkPolicy
 import androidx.work.OneTimeWorkRequest
 import androidx.work.WorkManager
 import com.bitwarden.annotation.OmitFromCoverage
+import com.bitwarden.core.data.manager.toast.ToastManager
+import com.bitwarden.core.util.isBuildVersionAtLeast
 import com.bitwarden.ui.platform.base.util.toAnnotatedString
+import com.bitwarden.ui.platform.resource.BitwardenString
 import com.bitwarden.ui.util.Text
-import com.x8bit.bitwarden.R
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
 import java.util.concurrent.TimeUnit

@@ -25,6 +27,7 @@ import java.util.concurrent.TimeUnit
 class BitwardenClipboardManagerImpl(
    private val context: Context,
    private val settingsRepository: SettingsRepository,
+    private val toastManager: ToastManager,
 ) : BitwardenClipboardManager {
    private val clipboardManager: ClipboardManager = requireNotNull(context.getSystemService())

@@ -41,18 +44,22 @@ class BitwardenClipboardManagerImpl(
                .newPlainText("", text)
                .apply {
                    description.extras = persistableBundleOf(
-                        "android.content.extra.IS_SENSITIVE" to isSensitive,
+                        if (isBuildVersionAtLeast(version = Build.VERSION_CODES.TIRAMISU)) {
+                            ClipDescription.EXTRA_IS_SENSITIVE to isSensitive
+                        } else {
+                            "android.content.extra.IS_SENSITIVE" to isSensitive
+                        },
                    )
                },
        )
-        if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.S_V2) {
+        if (!isBuildVersionAtLeast(version = Build.VERSION_CODES.TIRAMISU)) {
            val descriptor = toastDescriptorOverride
-                ?.let { context.resources.getString(R.string.value_has_been_copied, it) }
+                ?.let { context.resources.getString(BitwardenString.value_has_been_copied, it) }
                ?: context.resources.getString(
-                    R.string.value_has_been_copied,
-                    context.resources.getString(R.string.value),
+                    BitwardenString.value_has_been_copied,
+                    context.resources.getString(BitwardenString.value),
                )
-            Toast.makeText(context, descriptor, Toast.LENGTH_SHORT).show()
+            toastManager.show(message = descriptor)
        }

        val frequency = clearClipboardFrequencySeconds ?: return
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/di/PlatformManagerModule.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/di/PlatformManagerModule.kt
@@ -3,6 +3,8 @@ package com.x8bit.bitwarden.data.platform.manager.di
 import android.app.Application
 import android.content.Context
 import androidx.core.content.getSystemService
+import com.bitwarden.core.data.manager.toast.ToastManager
+import com.bitwarden.core.data.manager.toast.ToastManagerImpl
 import com.bitwarden.data.manager.DispatcherManager
 import com.bitwarden.data.manager.DispatcherManagerImpl
 import com.bitwarden.data.repository.ServerConfigRepository
@@ -67,6 +69,8 @@ import com.x8bit.bitwarden.data.platform.manager.network.NetworkConnectionManage
 import com.x8bit.bitwarden.data.platform.manager.network.NetworkConnectionManagerImpl
 import com.x8bit.bitwarden.data.platform.manager.restriction.RestrictionManager
 import com.x8bit.bitwarden.data.platform.manager.restriction.RestrictionManagerImpl
+import com.x8bit.bitwarden.data.platform.manager.sdk.SdkRepositoryFactory
+import com.x8bit.bitwarden.data.platform.manager.sdk.SdkRepositoryFactoryImpl
 import com.x8bit.bitwarden.data.platform.processor.AuthenticatorBridgeProcessor
 import com.x8bit.bitwarden.data.platform.processor.AuthenticatorBridgeProcessorImpl
 import com.x8bit.bitwarden.data.platform.repository.AuthenticatorBridgeRepository
@@ -134,13 +138,11 @@ object PlatformManagerModule {
        addTotpItemFromAuthenticatorManager: AddTotpItemFromAuthenticatorManager,
        @ApplicationContext context: Context,
        dispatcherManager: DispatcherManager,
-        featureFlagManager: FeatureFlagManager,
    ): AuthenticatorBridgeProcessor = AuthenticatorBridgeProcessorImpl(
        authenticatorBridgeRepository = authenticatorBridgeRepository,
        addTotpItemFromAuthenticatorManager = addTotpItemFromAuthenticatorManager,
        context = context,
        dispatcherManager = dispatcherManager,
-        featureFlagManager = featureFlagManager,
    )

    @Provides
@@ -189,9 +191,19 @@ object PlatformManagerModule {
    fun provideBitwardenClipboardManager(
        @ApplicationContext context: Context,
        settingsRepository: SettingsRepository,
+        toastManager: ToastManager,
    ): BitwardenClipboardManager = BitwardenClipboardManagerImpl(
-        context,
-        settingsRepository,
+        context = context,
+        settingsRepository = settingsRepository,
+        toastManager = toastManager,
+    )
+
+    @Provides
+    @Singleton
+    fun provideToastManager(
+        @ApplicationContext context: Context,
+    ): ToastManager = ToastManagerImpl(
+        context = context,
    )

    @Provides
@@ -233,9 +245,11 @@ object PlatformManagerModule {
    fun provideSdkClientManager(
        featureFlagManager: FeatureFlagManager,
        nativeLibraryManager: NativeLibraryManager,
+        sdkRepositoryFactory: SdkRepositoryFactory,
    ): SdkClientManager = SdkClientManagerImpl(
        featureFlagManager = featureFlagManager,
        nativeLibraryManager = nativeLibraryManager,
+        sdkRepoFactory = sdkRepositoryFactory,
    )

    @Provides
@@ -339,14 +353,12 @@ object PlatformManagerModule {
        settingsDiskSource: SettingsDiskSource,
        vaultDiskSource: VaultDiskSource,
        dispatcherManager: DispatcherManager,
-        featureFlagManager: FeatureFlagManager,
        autofillEnabledManager: AutofillEnabledManager,
    ): FirstTimeActionManager = FirstTimeActionManagerImpl(
        authDiskSource = authDiskSource,
        settingsDiskSource = settingsDiskSource,
        vaultDiskSource = vaultDiskSource,
        dispatcherManager = dispatcherManager,
-        featureFlagManager = featureFlagManager,
        autofillEnabledManager = autofillEnabledManager,
    )

@@ -374,6 +386,14 @@ object PlatformManagerModule {
        accessibilityEnabledManager = accessibilityEnabledManager,
    )

+    @Provides
+    @Singleton
+    fun provideSdkRepositoryFactory(
+        vaultDiskSource: VaultDiskSource,
+    ): SdkRepositoryFactory = SdkRepositoryFactoryImpl(
+        vaultDiskSource = vaultDiskSource,
+    )
+
    @Provides
    @Singleton
    fun provideKeyManager(
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/model/FlagKey.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/model/FlagKey.kt
@@ -21,34 +21,18 @@ sealed class FlagKey<out T : Any> {
         */
        val activeFlags: List<FlagKey<*>> by lazy {
            listOf(
-                AuthenticatorSync,
                EmailVerification,
-                ImportLoginsFlow,
                CredentialExchangeProtocolImport,
                CredentialExchangeProtocolExport,
-                MutualTls,
                SingleTapPasskeyCreation,
                SingleTapPasskeyAuthentication,
-                AnonAddySelfHostAlias,
-                SimpleLoginSelfHostAlias,
-                ChromeAutofill,
-                MobileErrorReporting,
-                FlightRecorder,
                RestrictCipherItemDeletion,
-                PreAuthSettings,
                UserManagedPrivilegedApps,
+                RemoveCardPolicy,
            )
        }
    }

-    /**
-     * Data object holding the key for syncing with the Bitwarden Authenticator app.
-     */
-    data object AuthenticatorSync : FlagKey<Boolean>() {
-        override val keyName: String = "enable-pm-bwa-sync"
-        override val defaultValue: Boolean = false
-    }
-
    /**
     * Data object holding the key for Email Verification feature.
     */
@@ -57,30 +41,6 @@ sealed class FlagKey<out T : Any> {
        override val defaultValue: Boolean = false
    }

-    /**
-     * Data object holding the key for syncing with the Bitwarden Authenticator app.
-     */
-    data object MobileErrorReporting : FlagKey<Boolean>() {
-        override val keyName: String = "mobile-error-reporting"
-        override val defaultValue: Boolean = false
-    }
-
-    /**
-     * Data object holding the key for enabling the flught recorder feature.
-     */
-    data object FlightRecorder : FlagKey<Boolean>() {
-        override val keyName: String = "enable-pm-flight-recorder"
-        override val defaultValue: Boolean = false
-    }
-
-    /**
-     * Data object holding the feature flag key for the import logins feature.
-     */
-    data object ImportLoginsFlow : FlagKey<Boolean>() {
-        override val keyName: String = "import-logins-flow"
-        override val defaultValue: Boolean = false
-    }
-
    /**
     * Data object holding hte feature flag key for the Credential Exchange Protocol (CXP) import
     * feature.
@@ -107,14 +67,6 @@ sealed class FlagKey<out T : Any> {
        override val defaultValue: Boolean = false
    }

-    /**
-     * Data object holding the feature flag key for the Mutual TLS feature.
-     */
-    data object MutualTls : FlagKey<Boolean>() {
-        override val keyName: String = "mutual-tls"
-        override val defaultValue: Boolean = false
-    }
-
    /**
     * Data object holding the feature flag key to enable single tap passkey creation.
     */
@@ -131,32 +83,6 @@ sealed class FlagKey<out T : Any> {
        override val defaultValue: Boolean = false
    }

-    /**
-     * Data object holding the feature flag key to enable AnonAddy (addy.io) self host alias
-     * generation.
-     */
-    data object AnonAddySelfHostAlias : FlagKey<Boolean>() {
-        override val keyName: String = "anon-addy-self-host-alias"
-        override val defaultValue: Boolean = false
-    }
-
-    /**
-     * Data object holding the feature flag key to enable SimpleLogin self-host alias generation.
-     */
-    data object SimpleLoginSelfHostAlias : FlagKey<Boolean>() {
-        override val keyName: String = "simple-login-self-host-alias"
-        override val defaultValue: Boolean = false
-    }
-
-    /**
-     * Data object holding the feature flag key to enable the checking for Chrome's third party
-     * autofill.
-     */
-    data object ChromeAutofill : FlagKey<Boolean>() {
-        override val keyName: String = "android-chrome-autofill"
-        override val defaultValue: Boolean = false
-    }
-
    /**
     * Data object holding the feature flag key to enable the restriction of cipher item deletion
     */
@@ -165,14 +91,6 @@ sealed class FlagKey<out T : Any> {
        override val defaultValue: Boolean = false
    }

-    /**
-     * Data object holding the feature flag key to enable the settings menu before login.
-     */
-    data object PreAuthSettings : FlagKey<Boolean>() {
-        override val keyName: String = "enable-pm-prelogin-settings"
-        override val defaultValue: Boolean = false
-    }
-
    /**
     * Data object holding the feature flag key to enabled user-managed privileged apps.
     */
@@ -181,6 +99,15 @@ sealed class FlagKey<out T : Any> {
        override val defaultValue: Boolean = false
    }

+    /**
+     * Data object holding the feature flag key to enable the removal of card item types.
+     * This flag will hide card types from organizations with policy enable and individual vaults
+     */
+    data object RemoveCardPolicy : FlagKey<Boolean>() {
+        override val keyName: String = "pm-16442-remove-card-item-type-policy"
+        override val defaultValue: Boolean = false
+    }
+
    //region Dummy keys for testing
    /**
     * Data object holding the key for a [Boolean] flag to be used in tests.
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/model/SpecialCircumstance.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/model/SpecialCircumstance.kt
@@ -7,6 +7,7 @@ import com.x8bit.bitwarden.data.autofill.model.AutofillSelectionData
 import com.x8bit.bitwarden.data.credentials.model.CreateCredentialRequest
 import com.x8bit.bitwarden.data.credentials.model.Fido2CredentialAssertionRequest
 import com.x8bit.bitwarden.data.credentials.model.GetCredentialsRequest
+import com.x8bit.bitwarden.data.credentials.model.ProviderGetPasswordCredentialRequest
 import com.x8bit.bitwarden.ui.platform.manager.intent.IntentManager
 import com.x8bit.bitwarden.ui.vault.model.TotpData
 import kotlinx.parcelize.Parcelize
@@ -70,7 +71,7 @@ sealed class SpecialCircumstance : Parcelable {
    ) : SpecialCircumstance()

    /**
-     * The app was launched via the [CredentialManager] framework in order to authenticate a
+     * The app was launched via the [CredentialManager] framework in order to authenticate a FIDO 2
     * credential saved to the user's vault.
     */
    @Parcelize
@@ -78,6 +79,15 @@ sealed class SpecialCircumstance : Parcelable {
        val fido2AssertionRequest: Fido2CredentialAssertionRequest,
    ) : SpecialCircumstance()

+    /**
+     * The app was launched via the [CredentialManager] framework in order to retrieve a Password
+     * credential saved to the user's vault.
+     */
+    @Parcelize
+    data class ProviderGetPasswordRequest(
+        val passwordGetRequest: ProviderGetPasswordCredentialRequest,
+    ) : SpecialCircumstance()
+
    /**
     * The app was launched via the [CredentialManager] framework request to retrieve credentials
     * associated with the requesting entity.
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/sdk/SdkRepositoryFactory.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/sdk/SdkRepositoryFactory.kt
@@ -0,0 +1,13 @@
+package com.x8bit.bitwarden.data.platform.manager.sdk
+
+import com.bitwarden.sdk.CipherRepository
+
+/**
+ * Creates and manages sdk repositories.
+ */
+interface SdkRepositoryFactory {
+    /**
+     * Retrieves or creates a [CipherRepository] for use with the Bitwarden SDK.
+     */
+    fun getCipherRepository(userId: String): CipherRepository
+}
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/sdk/SdkRepositoryFactoryImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/sdk/SdkRepositoryFactoryImpl.kt
@@ -0,0 +1,20 @@
+package com.x8bit.bitwarden.data.platform.manager.sdk
+
+import com.bitwarden.sdk.CipherRepository
+import com.x8bit.bitwarden.data.platform.manager.sdk.repository.SdkCipherRepository
+import com.x8bit.bitwarden.data.vault.datasource.disk.VaultDiskSource
+
+/**
+ * The default implementation for the [SdkRepositoryFactory].
+ */
+class SdkRepositoryFactoryImpl(
+    private val vaultDiskSource: VaultDiskSource,
+) : SdkRepositoryFactory {
+    override fun getCipherRepository(
+        userId: String,
+    ): CipherRepository =
+        SdkCipherRepository(
+            userId = userId,
+            vaultDiskSource = vaultDiskSource,
+        )
+}
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/sdk/repository/SdkCipherRepository.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/sdk/repository/SdkCipherRepository.kt
@@ -0,0 +1,43 @@
+package com.x8bit.bitwarden.data.platform.manager.sdk.repository
+
+import com.bitwarden.sdk.CipherRepository
+import com.bitwarden.vault.Cipher
+import com.x8bit.bitwarden.data.vault.datasource.disk.VaultDiskSource
+import com.x8bit.bitwarden.data.vault.repository.util.toEncryptedNetworkCipherResponse
+import com.x8bit.bitwarden.data.vault.repository.util.toEncryptedSdkCipher
+import timber.log.Timber
+
+/**
+ * A user-scoped implementation of a Bitwarden SDK [CipherRepository].
+ */
+class SdkCipherRepository(
+    private val userId: String,
+    private val vaultDiskSource: VaultDiskSource,
+) : CipherRepository {
+    override suspend fun get(id: String): Cipher? =
+        vaultDiskSource
+            .getCipher(userId = userId, cipherId = id)
+            ?.toEncryptedSdkCipher()
+
+    override suspend fun has(id: String): Boolean = this.get(id = id) != null
+
+    override suspend fun list(): List<Cipher> =
+        vaultDiskSource
+            .getCiphers(userId = userId)
+            .map { it.toEncryptedSdkCipher() }
+
+    override suspend fun remove(id: String) {
+        vaultDiskSource.deleteCipher(userId = userId, cipherId = id)
+    }
+
+    override suspend fun set(id: String, value: Cipher) {
+        if (id != value.id) {
+            Timber.e("SDK Cipher 'set' operation: ID's do not match")
+            return
+        }
+        vaultDiskSource.saveCipher(
+            userId = userId,
+            cipher = value.toEncryptedNetworkCipherResponse(encryptedFor = userId),
+        )
+    }
+}
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/util/SpecialCircumstanceExtensions.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/util/SpecialCircumstanceExtensions.kt
@@ -5,6 +5,7 @@ import com.x8bit.bitwarden.data.autofill.model.AutofillSelectionData
 import com.x8bit.bitwarden.data.credentials.model.CreateCredentialRequest
 import com.x8bit.bitwarden.data.credentials.model.Fido2CredentialAssertionRequest
 import com.x8bit.bitwarden.data.credentials.model.GetCredentialsRequest
+import com.x8bit.bitwarden.data.credentials.model.ProviderGetPasswordCredentialRequest
 import com.x8bit.bitwarden.data.platform.manager.model.SpecialCircumstance
 import com.x8bit.bitwarden.ui.vault.model.TotpData

@@ -44,6 +45,15 @@ fun SpecialCircumstance.toFido2AssertionRequestOrNull(): Fido2CredentialAssertio
        else -> null
    }

+/**
+ * Returns [ProviderGetPasswordCredentialRequest] when contained in the given [SpecialCircumstance].
+ */
+fun SpecialCircumstance.toPasswordGetRequestOrNull(): ProviderGetPasswordCredentialRequest? =
+    when (this) {
+        is SpecialCircumstance.ProviderGetPasswordRequest -> this.passwordGetRequest
+        else -> null
+    }
+
 /**
 * Returns [GetCredentialsRequest] when contained in the given [SpecialCircumstance].
 */
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/processor/AuthenticatorBridgeProcessorImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/processor/AuthenticatorBridgeProcessorImpl.kt
@@ -15,13 +15,11 @@ import com.bitwarden.authenticatorbridge.util.decrypt
 import com.bitwarden.authenticatorbridge.util.encrypt
 import com.bitwarden.authenticatorbridge.util.toFingerprint
 import com.bitwarden.authenticatorbridge.util.toSymmetricEncryptionKeyData
+import com.bitwarden.core.util.isBuildVersionAtLeast
 import com.bitwarden.data.manager.DispatcherManager
 import com.x8bit.bitwarden.data.auth.manager.AddTotpItemFromAuthenticatorManager
-import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
-import com.x8bit.bitwarden.data.platform.manager.model.FlagKey
 import com.x8bit.bitwarden.data.platform.repository.AuthenticatorBridgeRepository
 import com.x8bit.bitwarden.data.platform.util.createAddTotpItemFromAuthenticatorIntent
-import com.x8bit.bitwarden.data.platform.util.isBuildVersionBelow
 import com.x8bit.bitwarden.ui.vault.util.getTotpDataOrNull
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.launch
@@ -33,7 +31,6 @@ import timber.log.Timber
 class AuthenticatorBridgeProcessorImpl(
    private val authenticatorBridgeRepository: AuthenticatorBridgeRepository,
    private val addTotpItemFromAuthenticatorManager: AddTotpItemFromAuthenticatorManager,
-    private val featureFlagManager: FeatureFlagManager,
    dispatcherManager: DispatcherManager,
    context: Context,
 ) : AuthenticatorBridgeProcessor {
@@ -44,12 +41,9 @@ class AuthenticatorBridgeProcessorImpl(

    override val binder: IAuthenticatorBridgeService.Stub?
        get() {
-            return if (
-                !featureFlagManager.getFeatureFlag(FlagKey.AuthenticatorSync) ||
-                isBuildVersionBelow(Build.VERSION_CODES.S)
-            ) {
-                // If the feature flag is not enabled, OR if version is below Android 12,
-                // return a null binder which will no-op all service calls
+            return if (!isBuildVersionAtLeast(Build.VERSION_CODES.S)) {
+                // If version is below Android 12, return a null binder which will no-op all
+                // service calls
                null
            } else {
                // Otherwise, return real binder implementation:
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/repository/AuthenticatorBridgeRepositoryImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/repository/AuthenticatorBridgeRepositoryImpl.kt
@@ -1,39 +1,43 @@
 package com.x8bit.bitwarden.data.platform.repository

 import com.bitwarden.authenticatorbridge.model.SharedAccountData
+import com.bitwarden.core.InitOrgCryptoRequest
+import com.bitwarden.core.InitUserCryptoMethod
+import com.bitwarden.core.InitUserCryptoRequest
+import com.bitwarden.core.data.util.asSuccess
+import com.bitwarden.core.data.util.flatMap
+import com.bitwarden.data.repository.util.toEnvironmentUrlsOrDefault
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
-import com.x8bit.bitwarden.data.auth.repository.AuthRepository
+import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountJson
+import com.x8bit.bitwarden.data.auth.repository.util.toSdkParams
+import com.x8bit.bitwarden.data.platform.error.MissingPropertyException
 import com.x8bit.bitwarden.data.platform.repository.util.sanitizeTotpUri
 import com.x8bit.bitwarden.data.vault.datasource.disk.VaultDiskSource
-import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
-import com.x8bit.bitwarden.data.vault.repository.VaultRepository
-import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockData
+import com.x8bit.bitwarden.data.vault.datasource.sdk.ScopedVaultSdkSource
+import com.x8bit.bitwarden.data.vault.datasource.sdk.model.InitializeCryptoResult
 import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockResult
-import com.x8bit.bitwarden.data.vault.repository.util.statusFor
 import com.x8bit.bitwarden.data.vault.repository.util.toEncryptedSdkCipher
-import kotlinx.coroutines.flow.first
+import com.x8bit.bitwarden.data.vault.repository.util.toVaultUnlockResult

 /**
 * Default implementation of [AuthenticatorBridgeRepository].
 */
 class AuthenticatorBridgeRepositoryImpl(
-    private val authRepository: AuthRepository,
    private val authDiskSource: AuthDiskSource,
-    private val vaultRepository: VaultRepository,
    private val vaultDiskSource: VaultDiskSource,
-    private val vaultSdkSource: VaultSdkSource,
+    private val scopedVaultSdkSource: ScopedVaultSdkSource,
 ) : AuthenticatorBridgeRepository {

    override val authenticatorSyncSymmetricKey: ByteArray?
        get() {
-            val doAnyAccountsHaveAuthenticatorSyncEnabled = authRepository
-                .userStateFlow
-                .value
+            val doAnyAccountsHaveAuthenticatorSyncEnabled = authDiskSource
+                .userState
                ?.accounts
-                ?.any {
+                ?.keys
+                ?.any { userId ->
                    // Authenticator sync is enabled if any accounts have an authenticator
                    // sync key stored:
-                    authDiskSource.getAuthenticatorSyncUnlockKey(it.userId) != null
+                    authDiskSource.getAuthenticatorSyncUnlockKey(userId = userId) != null
                }
                ?: false
            return if (doAnyAccountsHaveAuthenticatorSyncEnabled) {
@@ -43,95 +47,118 @@ class AuthenticatorBridgeRepositoryImpl(
            }
        }

-    @Suppress("LongMethod")
    override suspend fun getSharedAccounts(): SharedAccountData {
-        val allAccounts = authRepository.userStateFlow.value?.accounts ?: emptyList()
-
-        return allAccounts
-            .mapNotNull { account ->
-                val userId = account.userId
-
+        return authDiskSource
+            .userState
+            ?.accounts
+            .orEmpty()
+            .mapNotNull { (userId, account) ->
                // Grab the user's authenticator sync unlock key. If it is null,
-                // the user has not enabled authenticator sync.
+                // the user has not enabled authenticator sync and we skip the account.
                val decryptedUserKey = authDiskSource.getAuthenticatorSyncUnlockKey(userId)
                    ?: return@mapNotNull null
-
-                // Wait for any unlocking actions to finish:
-                vaultRepository.vaultUnlockDataStateFlow.first {
-                    it.statusFor(userId) != VaultUnlockData.Status.UNLOCKING
-                }
-
-                // Unlock vault if necessary:
-                val isVaultAlreadyUnlocked = vaultRepository.isVaultUnlocked(userId = userId)
-                if (!isVaultAlreadyUnlocked) {
-                    val unlockResult = vaultRepository
-                        .unlockVaultWithDecryptedUserKey(
+                val vaultUnlockResult = unlockClient(
+                    userId = userId,
+                    account = account,
+                    decryptedUserKey = decryptedUserKey,
+                )
+                when (vaultUnlockResult) {
+                    is VaultUnlockResult.AuthenticationError,
+                    is VaultUnlockResult.BiometricDecodingError,
+                    is VaultUnlockResult.GenericError,
+                    is VaultUnlockResult.InvalidStateError,
+                        -> {
+                        // Not being able to unlock the user's vault with the
+                        // decrypted unlock key is an unexpected case, but if it does
+                        // happen we omit the account from list of shared accounts
+                        // and remove that user's authenticator sync unlock key.
+                        // This gives the user a way to potentially re-enable syncing
+                        // (going to Account Security and re-enabling the toggle)
+                        authDiskSource.storeAuthenticatorSyncUnlockKey(
                            userId = userId,
-                            decryptedUserKey = decryptedUserKey,
+                            authenticatorSyncUnlockKey = null,
                        )
-
-                    when (unlockResult) {
-                        is VaultUnlockResult.AuthenticationError,
-                        is VaultUnlockResult.BiometricDecodingError,
-                        is VaultUnlockResult.GenericError,
-                        is VaultUnlockResult.InvalidStateError,
-                            -> {
-                            // Not being able to unlock the user's vault with the
-                            // decrypted unlock key is an unexpected case, but if it does
-                            // happen we omit the account from list of shared accounts
-                            // and remove that user's authenticator sync unlock key.
-                            // This gives the user a way to potentially re-enable syncing
-                            // (going to Account Security and re-enabling the toggle)
-                            authDiskSource.storeAuthenticatorSyncUnlockKey(
-                                userId = userId,
-                                authenticatorSyncUnlockKey = null,
-                            )
-                            return@mapNotNull null
-                        }
-                        // Proceed
-                        VaultUnlockResult.Success -> Unit
+                        // Destroy our stand-alone instance of the vault.
+                        scopedVaultSdkSource.clearCrypto(userId = userId)
+                        return@mapNotNull null
                    }
+                    // Proceed
+                    VaultUnlockResult.Success -> Unit
                }

                // Vault is unlocked, query vault disk source for totp logins:
                val totpUris = vaultDiskSource
-                    .getCiphers(userId)
-                    .first()
-                    // Filter out any ciphers without a totp item and also deleted ciphers
-                    .filter { it.login?.totp != null && it.deletedDate == null }
+                    .getTotpCiphers(userId = userId)
+                    // Filter out any deleted ciphers.
+                    .filter { it.deletedDate == null }
                    .mapNotNull {
-                        val decryptedCipher = vaultSdkSource
-                            .decryptCipher(
-                                userId = userId,
-                                cipher = it.toEncryptedSdkCipher(),
-                            )
+                        scopedVaultSdkSource
+                            .decryptCipher(userId = userId, cipher = it.toEncryptedSdkCipher())
                            .getOrNull()
-
-                        val rawTotp = decryptedCipher?.login?.totp
-                        val cipherName = decryptedCipher?.name
-                        val username = decryptedCipher?.login?.username
-
-                        rawTotp.sanitizeTotpUri(cipherName, username)
+                            ?.let { decryptedCipher ->
+                                val rawTotp = decryptedCipher.login?.totp
+                                val cipherName = decryptedCipher.name
+                                val username = decryptedCipher.login?.username
+                                rawTotp.sanitizeTotpUri(issuer = cipherName, username = username)
+                            }
                    }

-                // Lock the user's vault if we unlocked it for this operation:
-                if (!isVaultAlreadyUnlocked) {
-                    vaultRepository.lockVault(
-                        userId = userId,
-                        isUserInitiated = false,
-                    )
-                }
+                // Lock and destroy our stand-alone instance of the vault:
+                scopedVaultSdkSource.clearCrypto(userId = userId)

                SharedAccountData.Account(
-                    userId = account.userId,
-                    name = account.name,
-                    email = account.email,
-                    environmentLabel = account.environment.label,
+                    userId = userId,
+                    name = account.profile.name,
+                    email = account.profile.email,
+                    environmentLabel = account
+                        .settings
+                        .environmentUrlData
+                        .toEnvironmentUrlsOrDefault()
+                        .label,
                    totpUris = totpUris,
                )
            }
-            .let {
-                SharedAccountData(it)
+            .let(::SharedAccountData)
+    }
+
+    private suspend fun unlockClient(
+        userId: String,
+        account: AccountJson,
+        decryptedUserKey: String,
+    ): VaultUnlockResult {
+        val privateKey = authDiskSource
+            .getPrivateKey(userId = userId)
+            ?: return VaultUnlockResult.InvalidStateError(MissingPropertyException("Private key"))
+        return scopedVaultSdkSource
+            .initializeCrypto(
+                userId = userId,
+                request = InitUserCryptoRequest(
+                    userId = userId,
+                    kdfParams = account.profile.toSdkParams(),
+                    email = account.profile.email,
+                    privateKey = privateKey,
+                    method = InitUserCryptoMethod.DecryptedKey(
+                        decryptedUserKey = decryptedUserKey,
+                    ),
+                    signingKey = null,
+                    securityState = null,
+                ),
+            )
+            .flatMap { result ->
+                // Initialize the SDK for organizations if necessary
+                val organizationKeys = authDiskSource.getOrganizationKeys(userId = userId)
+                if (organizationKeys != null && result is InitializeCryptoResult.Success) {
+                    scopedVaultSdkSource.initializeOrganizationCrypto(
+                        userId = userId,
+                        request = InitOrgCryptoRequest(organizationKeys = organizationKeys),
+                    )
+                } else {
+                    result.asSuccess()
+                }
            }
+            .fold(
+                onFailure = { VaultUnlockResult.GenericError(error = it) },
+                onSuccess = { it.toVaultUnlockResult() },
+            )
    }
 }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/repository/SettingsRepositoryImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/repository/SettingsRepositoryImpl.kt
@@ -35,6 +35,8 @@ import kotlinx.coroutines.flow.map
 import kotlinx.coroutines.flow.onEach
 import kotlinx.coroutines.flow.stateIn
 import kotlinx.coroutines.launch
+import timber.log.Timber
+import java.security.GeneralSecurityException
 import java.time.Instant
 import javax.crypto.Cipher

@@ -501,9 +503,14 @@ class SettingsRepositoryImpl(
            .onSuccess { biometricsKey ->
                authDiskSource.storeUserBiometricUnlockKey(
                    userId = userId,
-                    biometricsKey = cipher
-                        .doFinal(biometricsKey.encodeToByteArray())
-                        .toString(Charsets.ISO_8859_1),
+                    biometricsKey = try {
+                        cipher
+                            .doFinal(biometricsKey.encodeToByteArray())
+                            .toString(Charsets.ISO_8859_1)
+                    } catch (e: GeneralSecurityException) {
+                        Timber.w(e, "setupBiometricsKey failed encrypt the biometric key")
+                        return BiometricsKeyResult.Error(error = e)
+                    },
                )
                authDiskSource.storeUserBiometricInitVector(userId = userId, iv = cipher.iv)
            }
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/repository/di/PlatformRepositoryModule.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/platform/repository/di/PlatformRepositoryModule.kt
@@ -4,7 +4,6 @@ import android.view.autofill.AutofillManager
 import com.bitwarden.data.manager.DispatcherManager
 import com.bitwarden.data.repository.ServerConfigRepository
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
-import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityEnabledManager
 import com.x8bit.bitwarden.data.autofill.manager.AutofillEnabledManager
 import com.x8bit.bitwarden.data.platform.datasource.disk.EnvironmentDiskSource
@@ -21,8 +20,8 @@ import com.x8bit.bitwarden.data.platform.repository.EnvironmentRepositoryImpl
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepositoryImpl
 import com.x8bit.bitwarden.data.vault.datasource.disk.VaultDiskSource
+import com.x8bit.bitwarden.data.vault.datasource.sdk.ScopedVaultSdkSource
 import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
-import com.x8bit.bitwarden.data.vault.repository.VaultRepository
 import dagger.Module
 import dagger.Provides
 import dagger.hilt.InstallIn
@@ -39,17 +38,13 @@ object PlatformRepositoryModule {
    @Provides
    @Singleton
    fun providesAuthenticatorBridgeRepository(
-        authRepository: AuthRepository,
        authDiskSource: AuthDiskSource,
-        vaultRepository: VaultRepository,
        vaultDiskSource: VaultDiskSource,
-        vaultSdkSource: VaultSdkSource,
+        scopedVaultSdkSource: ScopedVaultSdkSource,
    ): AuthenticatorBridgeRepository = AuthenticatorBridgeRepositoryImpl(
-        authRepository = authRepository,
        authDiskSource = authDiskSource,
-        vaultRepository = vaultRepository,
        vaultDiskSource = vaultDiskSource,
-        vaultSdkSource = vaultSdkSource,
+        scopedVaultSdkSource = scopedVaultSdkSource,
    )

    @Provides
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .3.1
 .4.2