Crowdin Pull (#6101 )

Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
[PM-27120] cxp hide user account when remove individual export is enabled (#6089 )
2026-05-09 21:39:15 -05:00 · 2025-10-31 14:04:47 +00:00 · 2025-10-31 10:08:24 +00:00 · 2025-10-30 21:50:44 +00:00 · 2025-10-30 20:32:13 +00:00 · 2025-10-30 17:59:28 +00:00
3391 changed files with 259155 additions and 234724 deletions
--- a/.claude/CLAUDE.md
+++ b/.claude/CLAUDE.md
@@ -0,0 +1,105 @@
+# Claude Guidelines
+
+Core directives for maintaining code quality and consistency in the Bitwarden Android project.
+
+## Core Directives
+
+**You MUST follow these directives at all times.**
+
+1. **Adhere to Architecture**: All code modifications MUST follow patterns in `docs/ARCHITECTURE.md`
+2. **Follow Code Style**: ALWAYS follow `docs/STYLE_AND_BEST_PRACTICES.md`
+3. **Error Handling**: Use Result types and sealed classes per architecture guidelines
+4. **Best Practices**: Follow Kotlin idioms (immutability, appropriate data structures, coroutines)
+5. **Document Everything**: All public APIs require KDoc documentation
+6. **Dependency Management**: Use Hilt DI patterns as established in the project
+7. **Use Established Patterns**: Leverage existing components before creating new ones
+8. **File References**: Use file:line_number format when referencing code
+
+## Code Quality Standards
+
+### Module Organization
+
+**Core Library Modules:**
+- **`:core`** - Common utilities and managers shared across multiple modules
+- **`:data`** - Data sources, database, data repositories
+- **`:network`** - Networking interfaces, API clients, network utilities
+- **`:ui`** - Reusable Bitwarden Composables, theming, UI utilities
+
+**Application Modules:**
+- **`:app`** - Password Manager application, feature screens, ViewModels, DI setup
+- **`:authenticator`** - Authenticator application for 2FA/TOTP code generation
+
+**Specialized Library Modules:**
+- **`:authenticatorbridge`** - Communication bridge between :authenticator and :app
+- **`:annotation`** - Custom annotations for code generation (Hilt, Room, etc.)
+- **`:cxf`** - Android Credential Exchange (CXF/CXP) integration layer
+
+### Patterns Enforcement
+
+- **MVVM + UDF**: ViewModels with StateFlow, Compose UI
+- **Hilt DI**: Interface injection, @HiltViewModel, @Inject constructor
+- **Testing**: JUnit 5, MockK, Turbine for Flow testing
+- **Error Handling**: Sealed Result types, no throws in business logic
+
+## Security Requirements
+
+**Every change must consider:**
+- Zero-knowledge architecture preservation
+- Proper encryption key handling (Android Keystore)
+- Input validation and sanitization
+- Secure data storage patterns
+- Threat model implications
+
+## Workflow Practices
+
+### Before Implementation
+
+1. Read relevant architecture documentation
+2. Search for existing patterns to follow
+3. Identify affected modules and dependencies
+4. Consider security implications
+
+### During Implementation
+
+1. Follow existing code style in surrounding files
+2. Write tests alongside implementation
+3. Add KDoc to all public APIs
+4. Validate against architecture guidelines
+
+### After Implementation
+
+1. Ensure all tests pass
+2. Verify compilation succeeds
+3. Review security considerations
+4. Update relevant documentation
+
+## Anti-Patterns
+
+**Avoid these:**
+- Creating new patterns when established ones exist
+- Exception-based error handling in business logic
+- Direct dependency access (use DI)
+- Mutable state in ViewModels (use StateFlow)
+- Missing null safety handling
+- Undocumented public APIs
+- Tight coupling between modules
+
+## Communication & Decision-Making
+
+Always clarify ambiguous requirements before implementing. Use specific questions:
+- "Should this use [Approach A] or [Approach B]?"
+- "This affects [X]. Proceed or review first?"
+- "Expected behavior for [specific requirement]?"
+
+Defer high-impact decisions to the user:
+- Architecture/module changes, public API modifications
+- Security mechanisms, database migrations
+- Third-party library additions
+
+## Reference Documentation
+
+Critical resources:
+- `docs/ARCHITECTURE.md` - Architecture patterns and principles
+- `docs/STYLE_AND_BEST_PRACTICES.md` - Code style guidelines
+
+**Do not duplicate information from these files - reference them instead.**
--- a/.claude/prompts/review-code.md
+++ b/.claude/prompts/review-code.md
@@ -0,0 +1,20 @@
+Use the `reviewing-changes` skill to review this pull request.
+
+The PR branch is already checked out in the current working directory.
+
+Provide a comprehensive review including:
+
+- Summary of changes since last review
+- Critical issues found (be thorough)
+- Suggested improvements (be thorough)
+- Good practices observed (be concise - list only the most notable items without elaboration)
+- Action items for the author
+- Leverage collapsible <details> sections where appropriate for lengthy explanations or code snippets
+
+When reviewing subsequent commits:
+
+- Track status of previously identified issues (fixed/unfixed/reopened)
+- Identify NEW problems introduced since last review
+- Note if fixes introduced new issues
+
+IMPORTANT: Be comprehensive about issues and improvements. For good practices, be brief - just note what was done well without explaining why or praising excessively.
--- a/.claude/skills/reviewing-changes/SKILL.md
+++ b/.claude/skills/reviewing-changes/SKILL.md
@@ -0,0 +1,110 @@
+---
+name: reviewing-changes
+description: Performs comprehensive code reviews for Bitwarden Android projects, verifying architecture compliance, style guidelines, compilation safety, test coverage, and security requirements. Use when reviewing pull requests, checking commits, analyzing code changes, verifying Bitwarden coding standards, evaluating MVVM patterns, checking Hilt DI usage, reviewing security implementations, or assessing test coverage. Automatically invoked by CI pipeline or manually for interactive code reviews.
+---
+
+# Reviewing Changes
+
+## Instructions
+
+Follow this process to review code changes for Bitwarden Android:
+
+### Step 1: Understand Context
+
+Start with high-level assessment of the change's purpose and approach. Read PR/commit descriptions and understand what problem is being solved.
+
+### Step 2: Verify Compliance
+
+Systematically check each area against Bitwarden standards documented in `CLAUDE.md`:
+
+1. **Architecture**: Follow patterns in `docs/ARCHITECTURE.md`
+   - MVVM + UDF (ViewModels with `StateFlow`, Compose UI)
+   - Hilt DI (interface injection, `@HiltViewModel`)
+   - Repository pattern and proper data flow
+
+2. **Style**: Adhere to `docs/STYLE_AND_BEST_PRACTICES.md`
+   - Naming conventions, code organization, formatting
+   - Kotlin idioms (immutability, null safety, coroutines)
+
+3. **Compilation**: Analyze for potential build issues
+   - Import statements and dependencies
+   - Type safety and null safety
+   - API compatibility and deprecation warnings
+   - Resource references and manifest requirements
+
+4. **Testing**: Verify appropriate test coverage
+   - Unit tests for business logic and utility functions
+   - Integration tests for complex workflows
+   - UI tests for user-facing features when applicable
+   - Test coverage for edge cases and error scenarios
+
+5. **Security**: Given Bitwarden's security-focused nature
+   - Proper handling of sensitive data
+   - Secure storage practices (Android Keystore)
+   - Authentication and authorization patterns
+   - Data encryption and decryption flows
+   - Zero-knowledge architecture preservation
+
+### Step 3: Document Findings
+
+Identify specific violations with `file:line_number` references. Be precise about locations.
+
+### Step 4: Provide Recommendations
+
+Give actionable recommendations for improvements. Explain why changes are needed and suggest specific solutions.
+
+### Step 5: Flag Critical Issues
+
+Highlight issues that must be addressed before merge. Distinguish between blockers and suggestions.
+
+### Step 6: Acknowledge Quality
+
+Note well-implemented patterns (briefly, without elaboration). Keep positive feedback concise.
+
+## Review Anti-Patterns (DO NOT)
+
+- Be nitpicky about linter-catchable style issues
+- Review without understanding context - ask for clarification first
+- Focus only on new code - check surrounding context for issues
+- Request changes outside the scope of this changeset
+
+## Examples
+
+### Good Review Format
+
+```markdown
+## Summary
+This PR adds biometric authentication to the login flow, implementing MVVM pattern with proper state management.
+
+## Critical Issues
+- `app/login/LoginViewModel.kt:45` - Mutable state exposed; use `StateFlow` instead of `MutableStateFlow`
+- `data/auth/BiometricRepository.kt:120` - Missing null safety check on `biometricPrompt` result
+
+## Suggested Improvements
+- Consider extracting biometric prompt logic to separate use case class
+- Add integration tests for biometric failure scenarios
+- `app/login/LoginScreen.kt:89` - Consider using existing `BitwardenButton` component
+
+## Good Practices
+- Proper Hilt DI usage throughout
+- Comprehensive unit test coverage
+- Clear separation of concerns
+
+## Action Items
+1. Fix mutable state exposure in `LoginViewModel`
+2. Add null safety check in `BiometricRepository`
+3. Consider adding integration tests for error flows
+```
+
+### What to Focus On
+
+**DO focus on:**
+- Architecture violations (incorrect patterns)
+- Security issues (data handling, encryption)
+- Missing tests for critical paths
+- Compilation risks (type safety, null safety)
+
+**DON'T focus on:**
+- Minor formatting (handled by linters)
+- Personal preferences without architectural basis
+- Issues outside the changeset scope
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -5,11 +5,16 @@
 # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners

 # Default file owners.
-* @bitwarden/team-android @brian-livefront @david-livefront @dseverns-livefront @ahaisting-livefront @phil-livefront
+* @bitwarden/team-android @brian-livefront @david-livefront

 # Actions and workflow changes.
 .github/ @bitwarden/dept-development-mobile

+# Claude related files
+.claude/ @bitwarden/team-ai-sme
+.github/workflows/respond.yml @bitwarden/team-ai-sme
+.github/workflows/review-code.yml @bitwarden/team-ai-sme
+
 # Auth
 # app/src/main/java/com/x8bit/bitwarden/data/auth @bitwarden/team-auth-dev
 # app/src/main/java/com/x8bit/bitwarden/ui/auth @bitwarden/team-auth-dev
@@ -48,3 +53,9 @@
 # app/src/main/java/com/x8bit/bitwarden/ui/vault  @bitwarden/team-vault-dev
 # app/src/test/java/com/x8bit/bitwarden/data/vault @bitwarden/team-vault-dev
 # app/src/test/java/com/x8bit/bitwarden/ui/vault  @bitwarden/team-vault-dev
+
+# Docker-related files
+**/Dockerfile @bitwarden/team-appsec @bitwarden/dept-bre
+**/*.dockerignore @bitwarden/team-appsec @bitwarden/dept-bre
+**/entrypoint.sh @bitwarden/team-appsec @bitwarden/dept-bre
+**/docker-compose.yml @bitwarden/team-appsec @bitwarden/dept-bre
--- a/.github/actions/log-inputs/action.yml
+++ b/.github/actions/log-inputs/action.yml
@@ -0,0 +1,20 @@
+name: 'Log Inputs to Job Summary'
+description: 'Log workflow inputs to the GitHub Actions job summary'
+
+inputs:
+  inputs:
+    description: 'Workflow inputs as JSON'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Log inputs to job summary
+      shell: bash
+      run: |
+        echo "<details><summary>Job Inputs</summary>" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo '```json' >> $GITHUB_STEP_SUMMARY
+        echo '${{ inputs.inputs }}' >> $GITHUB_STEP_SUMMARY
+        echo '```' >> $GITHUB_STEP_SUMMARY
+        echo "</details>" >> $GITHUB_STEP_SUMMARY
--- a/.github/actions/setup-android-build/action.yml
+++ b/.github/actions/setup-android-build/action.yml
@@ -0,0 +1,49 @@
+name: 'Setup Android Build'
+description: 'Setup Android build environment with Gradle, Ruby, and Fastlane'
+inputs:
+  java-version:
+    description: 'Java version to use'
+    required: false
+    default: '21'
+runs:
+  using: 'composite'
+  steps:
+    - name: Validate Gradle wrapper
+      uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
+
+    - name: Cache Gradle files
+      uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
+      with:
+        path: |
+          ~/.gradle/caches
+          ~/.gradle/wrapper
+        key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
+        restore-keys: |
+          ${{ runner.os }}-gradle-v2-
+
+    - name: Cache build output
+      uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
+      with:
+        path: |
+          ${{ github.workspace }}/build-cache
+        key: ${{ runner.os }}-build-cache-${{ github.sha }}
+        restore-keys: |
+          ${{ runner.os }}-build-
+
+    - name: Configure Ruby
+      uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
+      with:
+        bundler-cache: true
+
+    - name: Configure JDK
+      uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+      with:
+        distribution: "temurin"
+        java-version: ${{ inputs.java-version }}
+
+    - name: Install Fastlane
+      shell: bash
+      run: |
+        gem install bundler:2.2.27
+        bundle config path vendor/bundle
+        bundle install --jobs 4 --retry 3
--- a/.github/images/android-dark.png
+++ b/.github/images/android-dark.png
--- a/.github/images/android-light.png
+++ b/.github/images/android-light.png
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -27,6 +27,9 @@
      ],
      "matchManagers": [
        "gradle"
+      ],
+      "excludePackageNames": [
+        "com.github.bumptech.glide:compose"
      ]
    },
    {
--- a/.github/scripts/jira-get-release-notes/README.md
+++ b/.github/scripts/jira-get-release-notes/README.md
@@ -0,0 +1,133 @@
+# Get Release Notes from Jira script
+
+Fetches release notes from Jira issues.
+
+## Prerequisites
+
+- Python dev environment - use [uv](https://github.com/astral-sh/uv)
+- Jira API token. Generate one at: https://id.atlassian.com/manage-profile/security/api-tokens
+- Install dependencies:
+
+```bash
+uv pip install -r pyproject.toml
+```
+
+## Usage
+
+```bash
+./jira_release_notes.py RELEASE-1762 example@example.com T0k3n123
+```
+
+# Output Format
+
+The script retrieves the content from a custom field and handles two types of Jira release notes formats:
+
+1. Bullet Points:
+```
+• Point 1
+• Point 2
+• Point 3
+```
+
+2. Single Line:
+```
+Single line of release notes text
+```
+
+## Jira JSON format example
+
+### Single line
+
+```json
+...
+"customfield_10335": {
+    "type": "doc",
+    "version": 1,
+    "content": [
+        {
+            "type": "paragraph",
+            "content": [
+                {
+                    "type": "text",
+                    "text": "Single line release notes"
+                }
+            ]
+        }
+    ]
+},
+...
+```
+
+### Bullet points
+
+```json
+...
+"customfield_10335": {
+    "type": "doc",
+    "version": 1,
+    "content": [
+        {
+            "type": "bulletList",
+            "content": [
+                {
+                    "type": "listItem",
+                    "content": [
+                        {
+                            "type": "paragraph",
+                            "content": [
+                                {
+                                    "type": "text",
+                                    "text": "Release notes list item 1"
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "type": "listItem",
+                    "content": [
+                        {
+                            "type": "paragraph",
+                            "content": [
+                                {
+                                    "type": "text",
+                                    "text": "Release notes list item 2"
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "type": "listItem",
+                    "content": [
+                        {
+                            "type": "paragraph",
+                            "content": [
+                                {
+                                    "type": "text",
+                                    "text": "Release notes list item 3"
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "type": "listItem",
+                    "content": [
+                        {
+                            "type": "paragraph",
+                            "content": [
+                                {
+                                    "type": "text",
+                                    "text": "Release notes list item 4"
+                                }
+                            ]
+                        }
+                    ]
+                }
+            ]
+        }
+    ]
+},
+...
+```
--- a/.github/scripts/jira-get-release-notes/jira_release_notes.py
+++ b/.github/scripts/jira-get-release-notes/jira_release_notes.py
@@ -0,0 +1,70 @@
+#!/usr/bin/env python3
+
+import sys
+import base64
+import json
+import requests
+
+def extract_text_from_content(content):
+    if isinstance(content, list):
+        texts = [extract_text_from_content(item) for item in content]
+        return '\n'.join(text for text in texts if text.strip())
+
+    if isinstance(content, dict):
+        if content.get('type') == 'text':
+            return content.get('text', '')
+        elif content.get('type') == 'paragraph':
+            return extract_text_from_content(content.get('content', []))
+        elif content.get('type') == 'bulletList':
+            return extract_text_from_content(content.get('content', []))
+        elif content.get('type') == 'listItem':
+            item_text = extract_text_from_content(content.get('content', []))
+            return f"* {item_text.strip()}"
+
+    return ''
+
+def parse_release_notes(response_json):
+    try:
+        fields = response_json.get('fields', {})
+        release_notes_field = fields.get('customfield_10335', {})
+
+        if not release_notes_field or not release_notes_field.get('content'):
+            return ''
+
+        release_notes = extract_text_from_content(release_notes_field.get('content', []))
+        return release_notes
+
+    except Exception as e:
+        print(f"Error parsing release notes: {str(e)}", file=sys.stderr)
+        return ''
+
+def main():
+    if len(sys.argv) != 4:
+        print(f"Usage: {sys.argv[0]} <issue_id> <jira_email> <jira_api_token>")
+        sys.exit(1)
+
+    jira_issue_id = sys.argv[1]
+    jira_email = sys.argv[2]
+    jira_api_token = sys.argv[3]
+    jira_base_url = "https://bitwarden.atlassian.net"
+
+    auth = base64.b64encode(f"{jira_email}:{jira_api_token}".encode()).decode()
+    headers = {
+        "Authorization": f"Basic {auth}",
+        "Content-Type": "application/json"
+    }
+
+    response = requests.get(
+        f"{jira_base_url}/rest/api/3/issue/{jira_issue_id}",
+        headers=headers
+    )
+
+    if response.status_code != 200:
+        print(f"Error fetching Jira issue: {response.status_code}", file=sys.stderr)
+        sys.exit(1)
+
+    release_notes = parse_release_notes(response.json())
+    print(release_notes)
+
+if __name__ == "__main__":
+    main()
--- a/.github/scripts/jira-get-release-notes/pyproject.toml
+++ b/.github/scripts/jira-get-release-notes/pyproject.toml
@@ -0,0 +1,9 @@
+[project]
+name = "jira-get-release-notes"
+version = "0.1.0"
+description = "Add your description here"
+readme = "README.md"
+requires-python = ">=3.12"
+dependencies = [
+    "requests>=2.32.3",
+]
--- a/.github/scripts/jira-get-release-notes/uv.lock
+++ b/.github/scripts/jira-get-release-notes/uv.lock
@@ -0,0 +1,91 @@
+version = 1
+revision = 2
+requires-python = ">=3.12"
+
+[[package]]
+name = "certifi"
+version = "2025.4.26"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/e8/9e/c05b3920a3b7d20d3d3310465f50348e5b3694f4f88c6daf736eef3024c4/certifi-2025.4.26.tar.gz", hash = "sha256:0a816057ea3cdefcef70270d2c515e4506bbc954f417fa5ade2021213bb8f0c6", size = 160705, upload-time = "2025-04-26T02:12:29.51Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/4a/7e/3db2bd1b1f9e95f7cddca6d6e75e2f2bd9f51b1246e546d88addca0106bd/certifi-2025.4.26-py3-none-any.whl", hash = "sha256:30350364dfe371162649852c63336a15c70c6510c2ad5015b21c2345311805f3", size = 159618, upload-time = "2025-04-26T02:12:27.662Z" },
+]
+
+[[package]]
+name = "charset-normalizer"
+version = "3.4.2"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/e4/33/89c2ced2b67d1c2a61c19c6751aa8902d46ce3dacb23600a283619f5a12d/charset_normalizer-3.4.2.tar.gz", hash = "sha256:5baececa9ecba31eff645232d59845c07aa030f0c81ee70184a90d35099a0e63", size = 126367, upload-time = "2025-05-02T08:34:42.01Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/d7/a4/37f4d6035c89cac7930395a35cc0f1b872e652eaafb76a6075943754f095/charset_normalizer-3.4.2-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:0c29de6a1a95f24b9a1aa7aefd27d2487263f00dfd55a77719b530788f75cff7", size = 199936, upload-time = "2025-05-02T08:32:33.712Z" },
+    { url = "https://files.pythonhosted.org/packages/ee/8a/1a5e33b73e0d9287274f899d967907cd0bf9c343e651755d9307e0dbf2b3/charset_normalizer-3.4.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cddf7bd982eaa998934a91f69d182aec997c6c468898efe6679af88283b498d3", size = 143790, upload-time = "2025-05-02T08:32:35.768Z" },
+    { url = "https://files.pythonhosted.org/packages/66/52/59521f1d8e6ab1482164fa21409c5ef44da3e9f653c13ba71becdd98dec3/charset_normalizer-3.4.2-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:fcbe676a55d7445b22c10967bceaaf0ee69407fbe0ece4d032b6eb8d4565982a", size = 153924, upload-time = "2025-05-02T08:32:37.284Z" },
+    { url = "https://files.pythonhosted.org/packages/86/2d/fb55fdf41964ec782febbf33cb64be480a6b8f16ded2dbe8db27a405c09f/charset_normalizer-3.4.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:d41c4d287cfc69060fa91cae9683eacffad989f1a10811995fa309df656ec214", size = 146626, upload-time = "2025-05-02T08:32:38.803Z" },
+    { url = "https://files.pythonhosted.org/packages/8c/73/6ede2ec59bce19b3edf4209d70004253ec5f4e319f9a2e3f2f15601ed5f7/charset_normalizer-3.4.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4e594135de17ab3866138f496755f302b72157d115086d100c3f19370839dd3a", size = 148567, upload-time = "2025-05-02T08:32:40.251Z" },
+    { url = "https://files.pythonhosted.org/packages/09/14/957d03c6dc343c04904530b6bef4e5efae5ec7d7990a7cbb868e4595ee30/charset_normalizer-3.4.2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:cf713fe9a71ef6fd5adf7a79670135081cd4431c2943864757f0fa3a65b1fafd", size = 150957, upload-time = "2025-05-02T08:32:41.705Z" },
+    { url = "https://files.pythonhosted.org/packages/0d/c8/8174d0e5c10ccebdcb1b53cc959591c4c722a3ad92461a273e86b9f5a302/charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:a370b3e078e418187da8c3674eddb9d983ec09445c99a3a263c2011993522981", size = 145408, upload-time = "2025-05-02T08:32:43.709Z" },
+    { url = "https://files.pythonhosted.org/packages/58/aa/8904b84bc8084ac19dc52feb4f5952c6df03ffb460a887b42615ee1382e8/charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:a955b438e62efdf7e0b7b52a64dc5c3396e2634baa62471768a64bc2adb73d5c", size = 153399, upload-time = "2025-05-02T08:32:46.197Z" },
+    { url = "https://files.pythonhosted.org/packages/c2/26/89ee1f0e264d201cb65cf054aca6038c03b1a0c6b4ae998070392a3ce605/charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:7222ffd5e4de8e57e03ce2cef95a4c43c98fcb72ad86909abdfc2c17d227fc1b", size = 156815, upload-time = "2025-05-02T08:32:48.105Z" },
+    { url = "https://files.pythonhosted.org/packages/fd/07/68e95b4b345bad3dbbd3a8681737b4338ff2c9df29856a6d6d23ac4c73cb/charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:bee093bf902e1d8fc0ac143c88902c3dfc8941f7ea1d6a8dd2bcb786d33db03d", size = 154537, upload-time = "2025-05-02T08:32:49.719Z" },
+    { url = "https://files.pythonhosted.org/packages/77/1a/5eefc0ce04affb98af07bc05f3bac9094513c0e23b0562d64af46a06aae4/charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:dedb8adb91d11846ee08bec4c8236c8549ac721c245678282dcb06b221aab59f", size = 149565, upload-time = "2025-05-02T08:32:51.404Z" },
+    { url = "https://files.pythonhosted.org/packages/37/a0/2410e5e6032a174c95e0806b1a6585eb21e12f445ebe239fac441995226a/charset_normalizer-3.4.2-cp312-cp312-win32.whl", hash = "sha256:db4c7bf0e07fc3b7d89ac2a5880a6a8062056801b83ff56d8464b70f65482b6c", size = 98357, upload-time = "2025-05-02T08:32:53.079Z" },
+    { url = "https://files.pythonhosted.org/packages/6c/4f/c02d5c493967af3eda9c771ad4d2bbc8df6f99ddbeb37ceea6e8716a32bc/charset_normalizer-3.4.2-cp312-cp312-win_amd64.whl", hash = "sha256:5a9979887252a82fefd3d3ed2a8e3b937a7a809f65dcb1e068b090e165bbe99e", size = 105776, upload-time = "2025-05-02T08:32:54.573Z" },
+    { url = "https://files.pythonhosted.org/packages/ea/12/a93df3366ed32db1d907d7593a94f1fe6293903e3e92967bebd6950ed12c/charset_normalizer-3.4.2-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:926ca93accd5d36ccdabd803392ddc3e03e6d4cd1cf17deff3b989ab8e9dbcf0", size = 199622, upload-time = "2025-05-02T08:32:56.363Z" },
+    { url = "https://files.pythonhosted.org/packages/04/93/bf204e6f344c39d9937d3c13c8cd5bbfc266472e51fc8c07cb7f64fcd2de/charset_normalizer-3.4.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:eba9904b0f38a143592d9fc0e19e2df0fa2e41c3c3745554761c5f6447eedabf", size = 143435, upload-time = "2025-05-02T08:32:58.551Z" },
+    { url = "https://files.pythonhosted.org/packages/22/2a/ea8a2095b0bafa6c5b5a55ffdc2f924455233ee7b91c69b7edfcc9e02284/charset_normalizer-3.4.2-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3fddb7e2c84ac87ac3a947cb4e66d143ca5863ef48e4a5ecb83bd48619e4634e", size = 153653, upload-time = "2025-05-02T08:33:00.342Z" },
+    { url = "https://files.pythonhosted.org/packages/b6/57/1b090ff183d13cef485dfbe272e2fe57622a76694061353c59da52c9a659/charset_normalizer-3.4.2-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:98f862da73774290f251b9df8d11161b6cf25b599a66baf087c1ffe340e9bfd1", size = 146231, upload-time = "2025-05-02T08:33:02.081Z" },
+    { url = "https://files.pythonhosted.org/packages/e2/28/ffc026b26f441fc67bd21ab7f03b313ab3fe46714a14b516f931abe1a2d8/charset_normalizer-3.4.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6c9379d65defcab82d07b2a9dfbfc2e95bc8fe0ebb1b176a3190230a3ef0e07c", size = 148243, upload-time = "2025-05-02T08:33:04.063Z" },
+    { url = "https://files.pythonhosted.org/packages/c0/0f/9abe9bd191629c33e69e47c6ef45ef99773320e9ad8e9cb08b8ab4a8d4cb/charset_normalizer-3.4.2-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e635b87f01ebc977342e2697d05b56632f5f879a4f15955dfe8cef2448b51691", size = 150442, upload-time = "2025-05-02T08:33:06.418Z" },
+    { url = "https://files.pythonhosted.org/packages/67/7c/a123bbcedca91d5916c056407f89a7f5e8fdfce12ba825d7d6b9954a1a3c/charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:1c95a1e2902a8b722868587c0e1184ad5c55631de5afc0eb96bc4b0d738092c0", size = 145147, upload-time = "2025-05-02T08:33:08.183Z" },
+    { url = "https://files.pythonhosted.org/packages/ec/fe/1ac556fa4899d967b83e9893788e86b6af4d83e4726511eaaad035e36595/charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:ef8de666d6179b009dce7bcb2ad4c4a779f113f12caf8dc77f0162c29d20490b", size = 153057, upload-time = "2025-05-02T08:33:09.986Z" },
+    { url = "https://files.pythonhosted.org/packages/2b/ff/acfc0b0a70b19e3e54febdd5301a98b72fa07635e56f24f60502e954c461/charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:32fc0341d72e0f73f80acb0a2c94216bd704f4f0bce10aedea38f30502b271ff", size = 156454, upload-time = "2025-05-02T08:33:11.814Z" },
+    { url = "https://files.pythonhosted.org/packages/92/08/95b458ce9c740d0645feb0e96cea1f5ec946ea9c580a94adfe0b617f3573/charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:289200a18fa698949d2b39c671c2cc7a24d44096784e76614899a7ccf2574b7b", size = 154174, upload-time = "2025-05-02T08:33:13.707Z" },
+    { url = "https://files.pythonhosted.org/packages/78/be/8392efc43487ac051eee6c36d5fbd63032d78f7728cb37aebcc98191f1ff/charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:4a476b06fbcf359ad25d34a057b7219281286ae2477cc5ff5e3f70a246971148", size = 149166, upload-time = "2025-05-02T08:33:15.458Z" },
+    { url = "https://files.pythonhosted.org/packages/44/96/392abd49b094d30b91d9fbda6a69519e95802250b777841cf3bda8fe136c/charset_normalizer-3.4.2-cp313-cp313-win32.whl", hash = "sha256:aaeeb6a479c7667fbe1099af9617c83aaca22182d6cf8c53966491a0f1b7ffb7", size = 98064, upload-time = "2025-05-02T08:33:17.06Z" },
+    { url = "https://files.pythonhosted.org/packages/e9/b0/0200da600134e001d91851ddc797809e2fe0ea72de90e09bec5a2fbdaccb/charset_normalizer-3.4.2-cp313-cp313-win_amd64.whl", hash = "sha256:aa6af9e7d59f9c12b33ae4e9450619cf2488e2bbe9b44030905877f0b2324980", size = 105641, upload-time = "2025-05-02T08:33:18.753Z" },
+    { url = "https://files.pythonhosted.org/packages/20/94/c5790835a017658cbfabd07f3bfb549140c3ac458cfc196323996b10095a/charset_normalizer-3.4.2-py3-none-any.whl", hash = "sha256:7f56930ab0abd1c45cd15be65cc741c28b1c9a34876ce8c17a2fa107810c0af0", size = 52626, upload-time = "2025-05-02T08:34:40.053Z" },
+]
+
+[[package]]
+name = "jira-get-release-notes"
+version = "0.1.0"
+source = { virtual = "." }
+dependencies = [
+    { name = "requests" },
+]
+
+[package.metadata]
+requires-dist = [{ name = "requests", specifier = ">=2.32.3" }]
+
+[[package]]
+name = "idna"
+version = "3.10"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/f1/70/7703c29685631f5a7590aa73f1f1d3fa9a380e654b86af429e0934a32f7d/idna-3.10.tar.gz", hash = "sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9", size = 190490, upload-time = "2024-09-15T18:07:39.745Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/76/c6/c88e154df9c4e1a2a66ccf0005a88dfb2650c1dffb6f5ce603dfbd452ce3/idna-3.10-py3-none-any.whl", hash = "sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3", size = 70442, upload-time = "2024-09-15T18:07:37.964Z" },
+]
+
+[[package]]
+name = "requests"
+version = "2.32.3"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "certifi" },
+    { name = "charset-normalizer" },
+    { name = "idna" },
+    { name = "urllib3" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/63/70/2bf7780ad2d390a8d301ad0b550f1581eadbd9a20f896afe06353c2a2913/requests-2.32.3.tar.gz", hash = "sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760", size = 131218, upload-time = "2024-05-29T15:37:49.536Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/f9/9b/335f9764261e915ed497fcdeb11df5dfd6f7bf257d4a6a2a686d80da4d54/requests-2.32.3-py3-none-any.whl", hash = "sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6", size = 64928, upload-time = "2024-05-29T15:37:47.027Z" },
+]
+
+[[package]]
+name = "urllib3"
+version = "2.4.0"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/8a/78/16493d9c386d8e60e442a35feac5e00f0913c0f4b7c217c11e8ec2ff53e0/urllib3-2.4.0.tar.gz", hash = "sha256:414bc6535b787febd7567804cc015fee39daab8ad86268f1310a9250697de466", size = 390672, upload-time = "2025-04-10T15:23:39.232Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/6b/11/cc635220681e93a0183390e26485430ca2c7b5f9d33b15c74c2861cb8091/urllib3-2.4.0-py3-none-any.whl", hash = "sha256:4e16665048960a0900c702d4a66415956a584919c03361cac9f1df5c5dd7e813", size = 128680, upload-time = "2025-04-10T15:23:37.377Z" },
+]
--- a/.github/workflows/_version.yml
+++ b/.github/workflows/_version.yml
@@ -0,0 +1,159 @@
+name: Calculate Version Name and Number
+
+
+on:
+  workflow_dispatch:
+    inputs:
+      app_codename:
+        description: "App Name - e.g. 'bwpm' or 'bwa'"
+      base_version_number:
+        description: "Base Version Number - Will be added to the calculated version number"
+        type: number
+        default: 0
+      version_name:
+        description: "Version Name Override - e.g. '2024.8.1'"
+      version_number:
+        description: "Version Number Override - e.g. '1021'"
+      patch_version:
+        description: "Patch Version Override - e.g. '999'"
+      distinct_id:
+        description: "Unique ID for this dispatch, used by dispatch-and-download.yml"
+      skip_checkout:
+        description: "Skip checking out the repository"
+        type: boolean
+  workflow_call:
+    inputs:
+      app_codename:
+        description: "App Name - e.g. 'bwpm' or 'bwa'"
+        type: string
+      base_version_number:
+        description: "Base Version Number - Will be added to the calculated version number"
+        type: number
+        default: 0
+      version_name:
+        description: "Version Name Override - e.g. '2024.8.1'"
+        type: string
+      version_number:
+        description: "Version Number Override - e.g. '1021'"
+        type: string
+      patch_version:
+        description: "Patch Version Override - e.g. '999'"
+        type: string
+      distinct_id:
+        description: "Unique ID for this dispatch, used by dispatch-and-download.yml"
+        type: string
+      skip_checkout:
+        description: "Skip checking out the repository"
+        type: boolean
+    outputs:
+      version_name:
+        description: "Version Name"
+        value: ${{ jobs.calculate-version.outputs.version_name }}
+      version_number:
+        description: "Version Number"
+        value: ${{ jobs.calculate-version.outputs.version_number }}
+
+env:
+  APP_CODENAME: ${{ inputs.app_codename }}
+  BASE_VERSION_NUMBER: ${{ inputs.base_version_number || 0 }}
+
+jobs:
+  calculate-version:
+    name: Calculate Version Name and Number
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+    outputs:
+      version_name: ${{ steps.calc-version-name.outputs.version_name }}
+      version_number: ${{ steps.calc-version-number.outputs.version_number }}
+    steps:
+      - name: Log inputs to job summary
+        uses: bitwarden/android/.github/actions/log-inputs@main
+        with:
+          inputs: "${{ toJson(inputs) }}"
+
+      - name: Echo distinct ID ${{ github.event.inputs.distinct_id }}
+        run: echo ${{ github.event.inputs.distinct_id }}
+
+      - name: Check out repository
+        if: ${{ !inputs.skip_checkout || false }}
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        with:
+          fetch-depth: 0
+
+      - name: Calculate version name
+        id: calc-version-name
+        run: |
+          output() {
+            local version_name=$1
+            echo "version_name=$version_name" >> $GITHUB_OUTPUT
+          }
+
+          # override version name if provided
+          if [[ ! -z "${{ inputs.version_name }}" ]]; then
+            version_name=${{ inputs.version_name }}
+            echo "::warning::Override applied: $version_name"
+            output "$version_name"
+            exit 0
+          fi
+
+          current_year=$(date +%Y)
+          current_month=$(date +%-m)
+
+          latest_tag_version=$(git tag -l --sort=-creatordate | grep "$APP_CODENAME" | head -n 1)
+          if [[ -z "$latest_tag_version" ]]; then
+            version_name="${current_year}.${current_month}.${{ inputs.patch_version || 0 }}"
+            echo "::warning::No tags found, did you checkout? Calculating version from current date: $version_name"
+            output "$version_name"
+            exit 0
+          fi
+
+          # Git tag was found, calculate version from latest tag
+          latest_version=${latest_tag_version:1}  # remove 'v' from tag version
+
+          latest_major_version=$(echo $latest_version | cut -d "." -f 1)
+          latest_minor_version=$(echo $latest_version | cut -d "." -f 2)
+          patch_version=0
+          if [[ ! -z "${{ inputs.patch_version }}" ]]; then
+            patch_version=${{ inputs.patch_version }}
+            echo "::warning::Patch Version Override applied: $patch_version"
+          elif [[ "$current_year" == "$latest_major_version" && "$current_month" == "$latest_minor_version" ]]; then
+            latest_patch_version=$(echo $latest_version | cut -d "." -f 3)
+            patch_version=$(($latest_patch_version + 1))
+          fi
+
+          version_name="${current_year}.${current_month}.${patch_version}"
+          output "$version_name"
+
+      - name: Calculate version number
+        id: calc-version-number
+        run: |
+          # override version number if provided
+          if [[ ! -z "${{ inputs.version_number }}" ]]; then
+            version_number=${{ inputs.version_number }}
+            echo "::warning::Override applied: $version_number"
+            echo "version_number=$version_number" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          version_number=$(($GITHUB_RUN_NUMBER + ${{ env.BASE_VERSION_NUMBER }}))
+          echo "version_number=$version_number" >> $GITHUB_OUTPUT
+
+      - name: Create version info JSON
+        run: |
+          json='{
+            "version_number": "${{ steps.calc-version-number.outputs.version_number }}",
+            "version_name": "${{ steps.calc-version-name.outputs.version_name }}"
+          }'
+          echo "$json" > version_info.json
+
+          echo "## version-info.json" >> $GITHUB_STEP_SUMMARY
+          echo '```json' >> $GITHUB_STEP_SUMMARY
+          echo "$json" >> $GITHUB_STEP_SUMMARY
+          echo '```' >> $GITHUB_STEP_SUMMARY
+
+      - name: Upload version info artifact
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: version-info
+          path: version_info.json
--- a/.github/workflows/build-authenticator.yml
+++ b/.github/workflows/build-authenticator.yml
@@ -4,6 +4,7 @@ on:
  push:
    branches:
      - main
+      - release/**/*
  workflow_dispatch:
    inputs:
      version-name:
@@ -14,6 +15,9 @@ on:
        description: "Optional. Build number to use. Overrides default of GitHub run number."
        required: false
        type: number
+      patch_version:
+        description: "Order 999 - Overrides Patch version"
+        type: boolean
      distribute-to-firebase:
        description: "Optional. Distribute artifacts to Firebase."
        required: false
@@ -27,22 +31,53 @@ on:

 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  JAVA_VERSION: 17
+  JAVA_VERSION: 21
+
+permissions:
+  contents: read
+  packages: read
+  id-token: write

 jobs:
+  version:
+    name: Calculate Version Name and Number
+    uses: bitwarden/android/.github/workflows/_version.yml@main
+    with:
+      app_codename: "bwa"
+      base_version_number: 0
+      version_name: ${{ inputs.version-name }}
+      version_number: ${{ inputs.version-code }}
+      patch_version: ${{ inputs.patch_version && '999' || '' }}
+    secrets: inherit
+
  build:
    name: Build Authenticator
    runs-on: ubuntu-24.04

    steps:
+      - name: Log inputs to job summary
+        env:
+          INPUTS: ${{ toJson(inputs) }}
+        run: |
+          {
+            echo "<details><summary>Job Inputs</summary>"
+            echo ""
+            echo '```json'
+            echo "$INPUTS"
+            echo '```'
+            echo "</details>"
+          } >> "$GITHUB_STEP_SUMMARY"
+
      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0

      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
        with:
          path: |
            ~/.gradle/caches
@@ -52,7 +87,7 @@ jobs:
            ${{ runner.os }}-gradle-v2-

      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
        with:
          path: |
            ${{ github.workspace }}/build-cache
@@ -61,13 +96,13 @@ jobs:
            ${{ runner.os }}-build-

      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          distribution: "temurin"
          java-version: ${{ env.JAVA_VERSION }}

      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
        with:
          bundler-cache: true

@@ -78,7 +113,7 @@ jobs:
          bundle install --jobs 4 --retry 3

      - name: Check Authenticator
-        run: bundle exec fastlane checkAuthenticator
+        run: bundle exec fastlane check

      - name: Build Authenticator
        run: bundle exec fastlane buildAuthenticatorDebug
@@ -86,6 +121,7 @@ jobs:
  publish_playstore:
    name: Publish Authenticator Play Store artifacts
    needs:
+      - version
      - build
    runs-on: ubuntu-24.04
    strategy:
@@ -95,10 +131,12 @@ jobs:

    steps:
      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
        with:
          bundler-cache: true

@@ -109,9 +147,18 @@ jobs:
          bundle install --jobs 4 --retry 3

      - name: Log in to Azure
-        uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
+        uses: bitwarden/gh-actions/azure-login@main
        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-android
+          secrets: "BWA-AAB-KEYSTORE-STORE-PASSWORD,BWA-AAB-KEYSTORE-KEY-PASSWORD,BWA-APK-KEYSTORE-STORE-PASSWORD,BWA-APK-KEYSTORE-KEY-PASSWORD"

      - name: Retrieve secrets
        env:
@@ -121,27 +168,27 @@ jobs:
          mkdir -p ${{ github.workspace }}/secrets
          mkdir -p ${{ github.workspace }}/keystores

-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name authenticator_apk-keystore.jks --file ${{ github.workspace }}/keystores/authenticator_apk-keystore.jks --output none

-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name authenticator_aab-keystore.jks --file ${{ github.workspace }}/keystores/authenticator_aab-keystore.jks --output none

-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name com.bitwarden.authenticator-google-services.json --file ${{ github.workspace }}/authenticator/src/google-services.json --output none

-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name com.bitwarden.authenticator.dev-google-services.json --file ${{ github.workspace }}/authenticator/src/debug/google-services.json --output none

      - name: Download Firebase credentials
-        if : ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
+        if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
        env:
          ACCOUNT_NAME: bitwardenci
          CONTAINER_NAME: mobile
        run: |
          mkdir -p ${{ github.workspace }}/secrets

-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name authenticator_play_firebase-creds.json --file ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json --output none

      - name: Download Play Store credentials
@@ -152,20 +199,23 @@ jobs:
        run: |
          mkdir -p ${{ github.workspace }}/secrets

-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name authenticator_play_store-creds.json --file ${{ github.workspace }}/secrets/authenticator_play_store-creds.json --output none

+      - name: AZ Logout
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Verify Play Store credentials
        if: ${{ inputs.publish-to-play-store }}
        run: |
          bundle exec fastlane run validate_play_store_json_key \
-          json_key:${{ github.workspace }}/secrets/authenticator_play_store-creds.json }}
+          json_key:"${{ github.workspace }}/secrets/authenticator_play_store-creds.json"

      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0

      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
        with:
          path: |
            ~/.gradle/caches
@@ -175,7 +225,7 @@ jobs:
            ${{ runner.os }}-gradle-v2-

      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
        with:
          path: |
            ${{ github.workspace }}/build-cache
@@ -184,47 +234,66 @@ jobs:
            ${{ runner.os }}-build-

      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          distribution: "temurin"
          java-version: ${{ env.JAVA_VERSION }}

-      - name: Increment version
+      - name: Update app CI Build info
        run: |
-          DEFAULT_VERSION_CODE=$GITHUB_RUN_NUMBER
-          VERSION_CODE="${{ inputs.version-code || '$DEFAULT_VERSION_CODE' }}"
-          bundle exec fastlane setAuthenticatorBuildVersionInfo \
-          versionCode:$VERSION_CODE \
-          versionName:${{ inputs.version-name || '' }}
+          ./scripts/update_app_ci_build_info.sh \
+          "$GITHUB_REPOSITORY" \
+          "$GITHUB_REF_NAME" \
+          "$GITHUB_SHA" \
+          "$GITHUB_RUN_ID" \
+          "$GITHUB_RUN_ATTEMPT"

-          regex='versionName = "([^"]+)"'
-          if [[ "$(cat authenticator/build.gradle.kts)" =~ $regex ]]; then
+      - name: Increment version
+        env:
+          DEFAULT_VERSION_CODE: ${{ github.run_number }}
+          INPUT_VERSION_CODE: "${{ needs.version.outputs.version_number }}"
+          INPUT_VERSION_NAME: ${{ needs.version.outputs.version_name }}
+        run: |
+          VERSION_CODE="${INPUT_VERSION_CODE:-$DEFAULT_VERSION_CODE}"
+          VERSION_NAME_INPUT="${INPUT_VERSION_NAME:-}"
+          bundle exec fastlane setBuildVersionInfo \
+          versionCode:"$VERSION_CODE" \
+          versionName:"$VERSION_NAME_INPUT"
+
+          regex='appVersionName = "([^"]+)"'
+          if [[ "$(cat gradle/libs.versions.toml)" =~ $regex ]]; then
            VERSION_NAME="${BASH_REMATCH[1]}"
          fi
-          echo "Version Name: ${VERSION_NAME}" >> $GITHUB_STEP_SUMMARY
-          echo "Version Number: $VERSION_CODE" >> $GITHUB_STEP_SUMMARY
+          echo "Version Name: ${VERSION_NAME}" >> "$GITHUB_STEP_SUMMARY"
+          echo "Version Number: $VERSION_CODE" >> "$GITHUB_STEP_SUMMARY"

      - name: Generate release Play Store bundle
        if: ${{ matrix.variant == 'aab' }}
+        env:
+          STORE_PASSWORD: ${{ steps.get-kv-secrets.outputs.BWA-AAB-KEYSTORE-STORE-PASSWORD }}
+          KEY_PASSWORD: ${{ steps.get-kv-secrets.outputs.BWA-AAB-KEYSTORE-KEY-PASSWORD }}
        run: |
          bundle exec fastlane bundleAuthenticatorRelease \
-          storeFile:${{ github.workspace }}/keystores/authenticator_aab-keystore.jks \
-          storePassword:'${{ secrets.BWA_AAB_KEYSTORE_STORE_PASSWORD }}' \
-          keyAlias:authenticatorupload \
-          keyPassword:'${{ secrets.BWA_AAB_KEYSTORE_KEY_PASSWORD }}'
+          storeFile:"${{ github.workspace }}/keystores/authenticator_aab-keystore.jks" \
+          storePassword:"$STORE_PASSWORD" \
+          keyAlias:"authenticatorupload" \
+          keyPassword:"$KEY_PASSWORD"

      - name: Generate release Play Store APK
        if: ${{ matrix.variant == 'apk' }}
+        env:
+          STORE_PASSWORD: ${{ steps.get-kv-secrets.outputs.BWA-APK-KEYSTORE-STORE-PASSWORD }}
+          KEY_PASSWORD: ${{ steps.get-kv-secrets.outputs.BWA-APK-KEYSTORE-KEY-PASSWORD }}
        run: |
          bundle exec fastlane buildAuthenticatorRelease \
-          storeFile:${{ github.workspace }}/keystores/authenticator_apk-keystore.jks \
-          storePassword:'${{ secrets.BWA_APK_KEYSTORE_STORE_PASSWORD }}' \
-          keyAlias:bitwardenauthenticator \
-          keyPassword:'${{ secrets.BWA_APK_KEYSTORE_KEY_PASSWORD }}'
+          storeFile:"${{ github.workspace }}/keystores/authenticator_apk-keystore.jks" \
+          storePassword:"$STORE_PASSWORD" \
+          keyAlias:"bitwardenauthenticator" \
+          keyPassword:"$KEY_PASSWORD"

      - name: Upload release Play Store .aab artifact
        if: ${{ matrix.variant == 'aab' }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.bitwarden.authenticator.aab
          path: authenticator/build/outputs/bundle/release/com.bitwarden.authenticator.aab
@@ -232,7 +301,7 @@ jobs:

      - name: Upload release .apk artifact
        if: ${{ matrix.variant == 'apk' }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.bitwarden.authenticator.apk
          path: authenticator/build/outputs/apk/release/com.bitwarden.authenticator.apk
@@ -252,7 +321,7 @@ jobs:

      - name: Upload .apk SHA file for release
        if: ${{ matrix.variant == 'apk' }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: authenticator-android-apk-sha256.txt
          path: ./authenticator-android-apk-sha256.txt
@@ -260,7 +329,7 @@ jobs:

      - name: Upload .aab SHA file for release
        if: ${{ matrix.variant == 'aab' }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: authenticator-android-aab-sha256.txt
          path: ./authenticator-android-aab-sha256.txt
@@ -276,7 +345,7 @@ jobs:
          FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json
        run: |
          bundle exec fastlane distributeAuthenticatorReleaseBundleToFirebase \
-          serviceCredentialsFile:${{ env.FIREBASE_CREDS_PATH }}
+          serviceCredentialsFile:"$FIREBASE_CREDS_PATH"

      # Only publish bundles to Play Store when `publish-to-play-store` is true while building
      # bundles
@@ -286,4 +355,4 @@ jobs:
          PLAY_STORE_CREDS_FILE: ${{ github.workspace }}/secrets/authenticator_play_store-creds.json
        run: |
          bundle exec fastlane publishAuthenticatorReleaseToGooglePlayStore \
-          serviceCredentialsFile:${{ env.PLAY_STORE_CREDS_FILE }} \
+          serviceCredentialsFile:"$PLAY_STORE_CREDS_FILE" \
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -4,6 +4,7 @@ on:
  push:
    branches:
      - main
+      - release/**/*
  workflow_dispatch:
    inputs:
      version-name:
@@ -14,36 +15,71 @@ on:
        description: "Optional. Build number to use. Overrides default of GitHub run number."
        required: false
        type: number
+      patch_version:
+        description: "Order 999 - Overrides Patch version"
+        type: boolean
      distribute-to-firebase:
        description: "Optional. Distribute artifacts to Firebase."
        required: false
-        default: false
+        default: true
        type: boolean
      publish-to-play-store:
        description: "Optional. Deploy bundle artifact to Google Play Store"
        required: false
-        default: false
+        default: true
        type: boolean

 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  JAVA_VERSION: 17
+  JAVA_VERSION: 21
  GITHUB_ACTION_RUN_URL: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"

+permissions:
+  contents: read
+  packages: read
+  id-token: write
+
 jobs:
+  version:
+    name: Calculate Version Name and Number
+    uses: bitwarden/android/.github/workflows/_version.yml@main
+    with:
+      app_codename: "bwpm"
+      # Start from 11000 to prevent collisions with mobile build version codes
+      base_version_number: 11000
+      version_name: ${{ inputs.version-name }}
+      version_number: ${{ inputs.version-code }}
+      patch_version: ${{ inputs.patch_version && '999' || '' }}
+    secrets: inherit
+
  build:
    name: Build
    runs-on: ubuntu-24.04

    steps:
+      - name: Log inputs to job summary
+        env:
+          INPUTS: ${{ toJson(inputs) }}
+        run: |
+          {
+            echo "<details><summary>Job Inputs</summary>"
+            echo ""
+            echo '```json'
+            echo "$INPUTS"
+            echo '```'
+            echo "</details>"
+          } >> "$GITHUB_STEP_SUMMARY"
+
      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0

      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
        with:
          path: |
            ~/.gradle/caches
@@ -53,7 +89,7 @@ jobs:
            ${{ runner.os }}-gradle-v2-

      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
        with:
          path: |
            ${{ github.workspace }}/build-cache
@@ -62,13 +98,13 @@ jobs:
            ${{ runner.os }}-build-

      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          distribution: "temurin"
          java-version: ${{ env.JAVA_VERSION }}

      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
        with:
          bundler-cache: true

@@ -85,7 +121,7 @@ jobs:
        run: bundle exec fastlane assembleDebugApks

      - name: Upload test reports on failure
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        if: failure()
        with:
          name: test-reports
@@ -94,6 +130,7 @@ jobs:
  publish_playstore:
    name: Publish Play Store artifacts
    needs:
+      - version
      - build
    runs-on: ubuntu-24.04
    strategy:
@@ -103,10 +140,12 @@ jobs:
        artifact: ["apk", "aab"]
    steps:
      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
        with:
          bundler-cache: true

@@ -117,9 +156,18 @@ jobs:
          bundle install --jobs 4 --retry 3

      - name: Log in to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        uses: bitwarden/gh-actions/azure-login@main
        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-android
+          secrets: "UPLOAD-KEYSTORE-PASSWORD,UPLOAD-BETA-KEYSTORE-PASSWORD,UPLOAD-BETA-KEY-PASSWORD,PLAY-KEYSTORE-PASSWORD,PLAY-BETA-KEYSTORE-PASSWORD,PLAY-BETA-KEY-PASSWORD"

      - name: Retrieve secrets
        env:
@@ -130,19 +178,19 @@ jobs:
          mkdir -p ${{ github.workspace }}/app/src/standardBeta
          mkdir -p ${{ github.workspace }}/app/src/standardRelease

-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name app_play-keystore.jks --file ${{ github.workspace }}/keystores/app_play-keystore.jks --output none
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name app_upload-keystore.jks --file ${{ github.workspace }}/keystores/app_upload-keystore.jks --output none
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name play_creds.json --file ${{ github.workspace }}/secrets/play_creds.json --output none
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name app_beta_play-keystore.jks --file ${{ github.workspace }}/keystores/app_beta_play-keystore.jks --output none
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name app_beta_upload-keystore.jks --file ${{ github.workspace }}/keystores/app_beta_upload-keystore.jks --output none
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name google-services.json --file ${{ github.workspace }}/app/src/standardRelease/google-services.json --output none
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name google-services.json --file ${{ github.workspace }}/app/src/standardBeta/google-services.json --output none

      - name: Download Firebase credentials
@@ -153,14 +201,17 @@ jobs:
        run: |
          mkdir -p ${{ github.workspace }}/secrets

-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name app_play_prod_firebase-creds.json --file ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json --output none

+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0

      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
        with:
          path: |
            ~/.gradle/caches
@@ -170,7 +221,7 @@ jobs:
            ${{ runner.os }}-gradle-v2-

      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
        with:
          path: |
            ${{ github.workspace }}/build-cache
@@ -179,7 +230,7 @@ jobs:
            ${{ runner.os }}-build-

      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          distribution: "temurin"
          java-version: ${{ env.JAVA_VERSION }}
@@ -187,64 +238,67 @@ jobs:
      - name: Update app CI Build info
        run: |
          ./scripts/update_app_ci_build_info.sh \
-          $GITHUB_REPOSITORY \
-          $GITHUB_REF_NAME \
-          $GITHUB_SHA \
-          $GITHUB_RUN_ID \
-          $GITHUB_RUN_ATTEMPT
+          "$GITHUB_REPOSITORY" \
+          "$GITHUB_REF_NAME" \
+          "$GITHUB_SHA" \
+          "$GITHUB_RUN_ID" \
+          "$GITHUB_RUN_ATTEMPT"

      - name: Increment version
+        env:
+          VERSION_CODE: ${{ needs.version.outputs.version_number }}
+          VERSION_NAME: ${{ needs.version.outputs.version_name }}
        run: |
-          DEFAULT_VERSION_CODE=$((11000+$GITHUB_RUN_NUMBER))
+          VERSION_CODE="${VERSION_CODE:-$GITHUB_RUN_NUMBER}"
          bundle exec fastlane setBuildVersionInfo \
-          versionCode:${{ inputs.version-code || '$DEFAULT_VERSION_CODE' }} \
-          versionName:${{ inputs.version-name }}
+          versionCode:$VERSION_CODE \
+          versionName:$VERSION_NAME

      - name: Generate release Play Store bundle
        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' }}
        env:
-          UPLOAD_KEYSTORE_PASSWORD: ${{ secrets.UPLOAD_KEYSTORE_PASSWORD }}
+          UPLOAD_KEYSTORE_PASSWORD: ${{ steps.get-kv-secrets.outputs.UPLOAD-KEYSTORE-PASSWORD }}
        run: |
          bundle exec fastlane bundlePlayStoreRelease \
          storeFile:app_upload-keystore.jks \
-          storePassword:${{ env.UPLOAD_KEYSTORE_PASSWORD }} \
+          storePassword:$UPLOAD_KEYSTORE_PASSWORD \
          keyAlias:upload \
-          keyPassword:${{ env.UPLOAD_KEYSTORE_PASSWORD }}
+          keyPassword:$UPLOAD_KEYSTORE_PASSWORD

      - name: Generate beta Play Store bundle
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
        env:
-          UPLOAD_BETA_KEYSTORE_PASSWORD: ${{ secrets.UPLOAD_BETA_KEYSTORE_PASSWORD }}
-          UPLOAD_BETA_KEY_PASSWORD: ${{ secrets.UPLOAD_BETA_KEY_PASSWORD }}
+          UPLOAD_BETA_KEYSTORE_PASSWORD: ${{ steps.get-kv-secrets.outputs.UPLOAD-BETA-KEYSTORE-PASSWORD }}
+          UPLOAD_BETA_KEY_PASSWORD: ${{ steps.get-kv-secrets.outputs.UPLOAD-BETA-KEY-PASSWORD }}
        run: |
          bundle exec fastlane bundlePlayStoreBeta \
          storeFile:app_beta_upload-keystore.jks \
-          storePassword:${{ env.UPLOAD_BETA_KEYSTORE_PASSWORD }} \
+          storePassword:$UPLOAD_BETA_KEYSTORE_PASSWORD \
          keyAlias:bitwarden-beta-upload \
-          keyPassword:${{ env.UPLOAD_BETA_KEY_PASSWORD }}
+          keyPassword:$UPLOAD_BETA_KEY_PASSWORD

      - name: Generate release Play Store APK
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
        env:
-          PLAY_KEYSTORE_PASSWORD: ${{ secrets.PLAY_KEYSTORE_PASSWORD }}
+          PLAY_KEYSTORE_PASSWORD: ${{ steps.get-kv-secrets.outputs.PLAY-KEYSTORE-PASSWORD }}
        run: |
          bundle exec fastlane assemblePlayStoreReleaseApk \
          storeFile:app_play-keystore.jks \
-          storePassword:${{ env.PLAY_KEYSTORE_PASSWORD }} \
+          storePassword:$PLAY_KEYSTORE_PASSWORD \
          keyAlias:bitwarden \
-          keyPassword:${{ env.PLAY_KEYSTORE_PASSWORD }}
+          keyPassword:$PLAY_KEYSTORE_PASSWORD

      - name: Generate beta Play Store APK
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
        env:
-          PLAY_BETA_KEYSTORE_PASSWORD: ${{ secrets.PLAY_BETA_KEYSTORE_PASSWORD }}
-          PLAY_BETA_KEY_PASSWORD: ${{ secrets.PLAY_BETA_KEY_PASSWORD }}
+          PLAY_BETA_KEYSTORE_PASSWORD: ${{ steps.get-kv-secrets.outputs.PLAY-BETA-KEYSTORE-PASSWORD }}
+          PLAY_BETA_KEY_PASSWORD: ${{ steps.get-kv-secrets.outputs.PLAY-BETA-KEY-PASSWORD }}
        run: |
          bundle exec fastlane assemblePlayStoreBetaApk \
          storeFile:app_beta_play-keystore.jks \
-          storePassword:${{ env.PLAY_BETA_KEYSTORE_PASSWORD }} \
+          storePassword:$PLAY_BETA_KEYSTORE_PASSWORD \
          keyAlias:bitwarden-beta \
-          keyPassword:${{ env.PLAY_BETA_KEY_PASSWORD }}
+          keyPassword:$PLAY_BETA_KEY_PASSWORD

      - name: Generate debug Play Store APKs
        if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
@@ -253,7 +307,7 @@ jobs:

      - name: Upload release Play Store .aab artifact
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.aab
          path: app/build/outputs/bundle/standardRelease/com.x8bit.bitwarden.aab
@@ -261,7 +315,7 @@ jobs:

      - name: Upload beta Play Store .aab artifact
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.beta.aab
          path: app/build/outputs/bundle/standardBeta/com.x8bit.bitwarden.beta.aab
@@ -269,7 +323,7 @@ jobs:

      - name: Upload release .apk artifact
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.apk
          path: app/build/outputs/apk/standard/release/com.x8bit.bitwarden.apk
@@ -277,7 +331,7 @@ jobs:

      - name: Upload beta .apk artifact
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.beta.apk
          path: app/build/outputs/apk/standard/beta/com.x8bit.bitwarden.beta.apk
@@ -286,7 +340,7 @@ jobs:
      # When building variants other than 'prod'
      - name: Upload debug .apk artifact
        if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.${{ matrix.variant }}.apk
          path: app/build/outputs/apk/standard/debug/com.x8bit.bitwarden.dev.apk
@@ -324,7 +378,7 @@ jobs:

      - name: Upload .apk SHA file for release
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.apk-sha256.txt
          path: ./com.x8bit.bitwarden.apk-sha256.txt
@@ -332,7 +386,7 @@ jobs:

      - name: Upload .apk SHA file for beta
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.beta.apk-sha256.txt
          path: ./com.x8bit.bitwarden.beta.apk-sha256.txt
@@ -340,7 +394,7 @@ jobs:

      - name: Upload .aab SHA file for release
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.aab-sha256.txt
          path: ./com.x8bit.bitwarden.aab-sha256.txt
@@ -348,7 +402,7 @@ jobs:

      - name: Upload .aab SHA file for beta
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.beta.aab-sha256.txt
          path: ./com.x8bit.bitwarden.beta.aab-sha256.txt
@@ -356,7 +410,7 @@ jobs:

      - name: Upload .apk SHA file for debug
        if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
          path: ./com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
@@ -372,8 +426,8 @@ jobs:
          APP_PLAY_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json
        run: |
          bundle exec fastlane distributeReleasePlayStoreToFirebase \
-          actionUrl:${{ env.GITHUB_ACTION_RUN_URL }} \
-          service_credentials_file:${{ env.APP_PLAY_FIREBASE_CREDS_PATH }}
+          actionUrl:$GITHUB_ACTION_RUN_URL \
+          service_credentials_file:$APP_PLAY_FIREBASE_CREDS_PATH

      - name: Publish beta artifacts to Firebase
        if: ${{ (matrix.variant == 'prod' && matrix.artifact == 'apk') && (inputs.distribute-to-firebase || github.event_name == 'push') }}
@@ -381,8 +435,8 @@ jobs:
          APP_PLAY_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json
        run: |
          bundle exec fastlane distributeBetaPlayStoreToFirebase \
-          actionUrl:${{ env.GITHUB_ACTION_RUN_URL }} \
-          service_credentials_file:${{ env.APP_PLAY_FIREBASE_CREDS_PATH }}
+          actionUrl:$GITHUB_ACTION_RUN_URL \
+          service_credentials_file:$APP_PLAY_FIREBASE_CREDS_PATH

      - name: Verify Play Store credentials
        if: ${{ matrix.variant == 'prod' && inputs.publish-to-play-store }}
@@ -390,7 +444,7 @@ jobs:
          bundle exec fastlane run validate_play_store_json_key

      - name: Publish Play Store bundle
-        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' && (inputs.publish-to-play-store || github.ref_name == 'main') }}
+        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' && (inputs.publish-to-play-store || github.event_name == 'push') }}
        run: |
          bundle exec fastlane publishProdToPlayStore
          bundle exec fastlane publishBetaToPlayStore
@@ -398,14 +452,17 @@ jobs:
  publish_fdroid:
    name: Publish F-Droid artifacts
    needs:
+      - version
      - build
    runs-on: ubuntu-24.04
    steps:
      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
        with:
          bundler-cache: true

@@ -416,18 +473,27 @@ jobs:
          bundle install --jobs 4 --retry 3

      - name: Log in to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        uses: bitwarden/gh-actions/azure-login@main
        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-android
+          secrets: "FDROID-KEYSTORE-PASSWORD,FDROID-BETA-KEYSTORE-PASSWORD,FDROID-BETA-KEY-PASSWORD"

      - name: Retrieve secrets
        env:
          ACCOUNT_NAME: bitwardenci
          CONTAINER_NAME: mobile
        run: |
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name app_fdroid-keystore.jks --file ${{ github.workspace }}/keystores/app_fdroid-keystore.jks --output none
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name app_beta_fdroid-keystore.jks --file ${{ github.workspace }}/keystores/app_beta_fdroid-keystore.jks --output none

      - name: Download Firebase credentials
@@ -438,14 +504,17 @@ jobs:
        run: |
          mkdir -p ${{ github.workspace }}/secrets

-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
          --name app_fdroid_firebase-creds.json --file ${{ github.workspace }}/secrets/app_fdroid_firebase-creds.json --output none

+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0

      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
        with:
          path: |
            ~/.gradle/caches
@@ -455,7 +524,7 @@ jobs:
            ${{ runner.os }}-gradle-v2-

      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
        with:
          path: |
            ${{ github.workspace }}/build-cache
@@ -464,7 +533,7 @@ jobs:
            ${{ runner.os }}-build-

      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          distribution: "temurin"
          java-version: ${{ env.JAVA_VERSION }}
@@ -472,50 +541,51 @@ jobs:
      - name: Update app CI Build info
        run: |
          ./scripts/update_app_ci_build_info.sh \
-          $GITHUB_REPOSITORY \
-          $GITHUB_REF_NAME \
-          $GITHUB_SHA \
-          $GITHUB_RUN_ID \
-          $GITHUB_RUN_ATTEMPT
+          "$GITHUB_REPOSITORY" \
+          "$GITHUB_REF_NAME" \
+          "$GITHUB_SHA" \
+          "$GITHUB_RUN_ID" \
+          "$GITHUB_RUN_ATTEMPT"

-      # Start from 11000 to prevent collisions with mobile build version codes
      - name: Increment version
+        env:
+          VERSION_CODE: ${{ needs.version.outputs.version_number }}
+          VERSION_NAME: ${{ needs.version.outputs.version_name }}
        run: |
-          DEFAULT_VERSION_CODE=$((11000+$GITHUB_RUN_NUMBER))
-          VERSION_CODE="${{ inputs.version-code || '$DEFAULT_VERSION_CODE' }}"
+          VERSION_CODE="${VERSION_CODE:-$GITHUB_RUN_NUMBER}"
          bundle exec fastlane setBuildVersionInfo \
          versionCode:$VERSION_CODE \
-          versionName:${{ inputs.version-name || '' }}
+          versionName:$VERSION_NAME

-          regex='versionName = "([^"]+)"'
-          if [[ "$(cat app/build.gradle.kts)" =~ $regex ]]; then
+          regex='appVersionName = "([^"]+)"'
+          if [[ "$(cat gradle/libs.versions.toml)" =~ $regex ]]; then
            VERSION_NAME="${BASH_REMATCH[1]}"
          fi
-          echo "Version Name: ${VERSION_NAME}" >> $GITHUB_STEP_SUMMARY
-          echo "Version Number: $VERSION_CODE" >> $GITHUB_STEP_SUMMARY
+          echo "Version Name: ${VERSION_NAME}" >> "$GITHUB_STEP_SUMMARY"
+          echo "Version Number: $VERSION_CODE" >> "$GITHUB_STEP_SUMMARY"
      - name: Generate F-Droid artifacts
        env:
-          FDROID_STORE_PASSWORD: ${{ secrets.FDROID_KEYSTORE_PASSWORD }}
+          FDROID_STORE_PASSWORD: ${{ steps.get-kv-secrets.outputs.FDROID-KEYSTORE-PASSWORD }}
        run: |
          bundle exec fastlane assembleFDroidReleaseApk \
          storeFile:app_fdroid-keystore.jks \
-          storePassword:"${{ env.FDROID_STORE_PASSWORD }}" \
+          storePassword:$FDROID_STORE_PASSWORD \
          keyAlias:bitwarden \
-          keyPassword:"${{ env.FDROID_STORE_PASSWORD }}"
+          keyPassword:$FDROID_STORE_PASSWORD

      - name: Generate F-Droid Beta Artifacts
        env:
-          FDROID_BETA_KEYSTORE_PASSWORD: ${{ secrets.FDROID_BETA_KEYSTORE_PASSWORD }}
-          FDROID_BETA_KEY_PASSWORD: ${{ secrets.FDROID_BETA_KEY_PASSWORD }}
+          FDROID_BETA_KEYSTORE_PASSWORD: ${{ steps.get-kv-secrets.outputs.FDROID-BETA-KEYSTORE-PASSWORD }}
+          FDROID_BETA_KEY_PASSWORD: ${{ steps.get-kv-secrets.outputs.FDROID-BETA-KEY-PASSWORD }}
        run: |
          bundle exec fastlane assembleFDroidBetaApk \
          storeFile:app_beta_fdroid-keystore.jks \
-          storePassword:"${{ env.FDROID_BETA_KEYSTORE_PASSWORD }}" \
+          storePassword:$FDROID_BETA_KEYSTORE_PASSWORD \
          keyAlias:bitwarden-beta \
-          keyPassword:"${{ env.FDROID_BETA_KEY_PASSWORD }}"
+          keyPassword:$FDROID_BETA_KEY_PASSWORD

      - name: Upload F-Droid .apk artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden-fdroid.apk
          path: app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid.apk
@@ -527,14 +597,14 @@ jobs:
          > ./com.x8bit.bitwarden-fdroid.apk-sha256.txt

      - name: Upload F-Droid SHA file
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden-fdroid.apk-sha256.txt
          path: ./com.x8bit.bitwarden-fdroid.apk-sha256.txt
          if-no-files-found: error

      - name: Upload F-Droid Beta .apk artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.beta-fdroid.apk
          path: app/build/outputs/apk/fdroid/beta/com.x8bit.bitwarden.beta-fdroid.apk
@@ -546,7 +616,7 @@ jobs:
          > ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt

      - name: Upload F-Droid Beta SHA file
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
          path: ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
@@ -562,5 +632,5 @@ jobs:
          APP_FDROID_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_fdroid_firebase-creds.json
        run: |
          bundle exec fastlane distributeReleaseFDroidToFirebase \
-          actionUrl:${{ env.GITHUB_ACTION_RUN_URL }} \
-          service_credentials_file:${{ env.APP_FDROID_FIREBASE_CREDS_PATH }}
+          actionUrl:$GITHUB_ACTION_RUN_URL \
+          service_credentials_file:$APP_FDROID_FIREBASE_CREDS_PATH
--- a/.github/workflows/cron-sync-google-priviledged-browsers.yml
+++ b/.github/workflows/cron-sync-google-priviledged-browsers.yml
@@ -3,7 +3,7 @@ name: Cron / Sync Google Privileged Browsers List
 on:
  schedule:
    # Run weekly on Monday at 00:00 UTC
-    - cron: '0 0 * * 1'
+    - cron: "0 0 * * 1"
  workflow_dispatch:

 env:
@@ -21,25 +21,26 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: true

      - name: Download Google Privileged Browsers List
-        run: curl -s $SOURCE_URL -o $GOOGLE_FILE
+        run: curl -s "$SOURCE_URL" -o "$GOOGLE_FILE"

      - name: Check for changes
        id: check-changes
        run: |
-          if git diff --quiet -- $GOOGLE_FILE; then
+          if git diff --quiet -- "$GOOGLE_FILE"; then
            echo "👀 No changes detected, skipping..."
-            echo "has_changes=false" >> $GITHUB_OUTPUT
+            echo "has_changes=false" >> "$GITHUB_OUTPUT"
            exit 0
          fi

-          echo "has_changes=true" >> $GITHUB_OUTPUT
+          echo "has_changes=true" >> "$GITHUB_OUTPUT"
          echo "👀 Changes detected, validating fido2_privileged_google.json..."

-          python .github/scripts/validate-json/validate_json.py validate $GOOGLE_FILE
-          if [ $? -ne 0 ]; then
+          if ! python .github/scripts/validate-json/validate_json.py validate "$GOOGLE_FILE"; then
            echo "::error::JSON validation failed for $GOOGLE_FILE"
            exit 1
          fi
@@ -47,14 +48,14 @@ jobs:
          echo "👀 fido2_privileged_google.json is valid, checking for duplicates..."

          # Check for duplicates between Google and Community files
-          python .github/scripts/validate-json/validate_json.py duplicates $GOOGLE_FILE $COMMUNITY_FILE duplicates.txt
+          python .github/scripts/validate-json/validate_json.py duplicates "$GOOGLE_FILE" "$COMMUNITY_FILE" duplicates.txt

          if [ -f duplicates.txt ]; then
            echo "::warning::Duplicate package names found between Google and Community files."
-            echo "duplicates_found=true" >> $GITHUB_OUTPUT
+            echo "duplicates_found=true" >> "$GITHUB_OUTPUT"
          else
            echo "✅ No duplicate package names found between Google and Community files"
-            echo "duplicates_found=false" >> $GITHUB_OUTPUT
+            echo "duplicates_found=false" >> "$GITHUB_OUTPUT"
          fi

      - name: Create branch and commit
@@ -65,11 +66,11 @@ jobs:
          BRANCH_NAME="cron-sync-privileged-browsers/$GITHUB_RUN_NUMBER-sync"
          git config user.name "GitHub Actions Bot"
          git config user.email "actions@github.com"
-          git checkout -b $BRANCH_NAME
-          git add $GOOGLE_FILE
+          git checkout -b "$BRANCH_NAME"
+          git add "$GOOGLE_FILE"
          git commit -m "Update Google privileged browsers list"
-          git push origin $BRANCH_NAME
-          echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
+          git push origin "$BRANCH_NAME"
+          echo "BRANCH_NAME=$BRANCH_NAME" >> "$GITHUB_ENV"
          echo "🌱 Branch created: $BRANCH_NAME"

      - name: Create Pull Request
@@ -89,10 +90,10 @@ jobs:
          fi

          # Use echo -e to interpret escape sequences and pipe to gh pr create
-          PR_URL=$(echo -e "$PR_BODY" | gh pr create \
+          echo -e "$PR_BODY" | gh pr create \
            --title "Update Google privileged browsers list" \
            --body-file - \
            --base main \
-            --head $BRANCH_NAME \
+            --head "$BRANCH_NAME" \
            --label "automated-pr" \
-            --label "t:ci")
+            --label "t:ci"
--- a/.github/workflows/crowdin-pull-authenticator.yml
+++ b/.github/workflows/crowdin-pull-authenticator.yml
@@ -1,56 +0,0 @@
-name: Crowdin Sync - Authenticator
-
-on:
-  workflow_dispatch:
-    inputs: {}
-  schedule:
-    - cron: '0 0 * * 5'
-
-jobs:
-  crowdin-sync:
-    name: Autosync
-    runs-on: ubuntu-24.04
-    env:
-      _CROWDIN_PROJECT_ID: "673718"
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Log in to Azure - CI Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
-        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-
-      - name: Retrieve secrets
-        id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@main
-        with:
-          keyvault: "bitwarden-ci"
-          secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"
-
-      - name: Generate GH App token
-        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
-        id: app-token
-        with:
-          app-id: ${{ secrets.BW_GHAPP_ID }}
-          private-key: ${{ secrets.BW_GHAPP_KEY }}
-
-      - name: Download translations
-        uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1
-        env:
-          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
-          CROWDIN_API_TOKEN: ${{ secrets.CROWDIN_API_TOKEN }}
-        with:
-          config: crowdin-bwa.yml
-          upload_sources: false
-          upload_translations: false
-          download_translations: true
-          github_user_name: "bitwarden-devops-bot"
-          github_user_email: "106330231+bitwarden-devops-bot@users.noreply.github.com"
-          commit_message: "Autosync the updated translations"
-          localization_branch_name: crowdin-auto-sync
-          create_pull_request: true
-          pull_request_title: "Autosync Crowdin Translations"
-          pull_request_body: "Autosync the updated translations"
-          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
-          gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
--- a/.github/workflows/crowdin-pull.yml
+++ b/.github/workflows/crowdin-pull.yml
@@ -1,25 +1,38 @@
-name: Crowdin Sync
+name: Cron / Crowdin Pull
+run-name: Crowdin Pull - ${{ github.event_name == 'workflow_dispatch' && 'Manual' || 'Scheduled' }}

 on:
  workflow_dispatch:
-    inputs: {}
  schedule:
-    - cron: '0 0 * * 5'
+    - cron: "0 0 * * 5"

 jobs:
  crowdin-sync:
-    name: Autosync
+    name: Crowdin Pull - ${{ github.event_name }}
    runs-on: ubuntu-24.04
-    env:
-      _CROWDIN_PROJECT_ID: "269690"
+    permissions:
+      contents: write
+      pull-requests: write
+      id-token: write
    steps:
      - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Login to Azure - CI Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          persist-credentials: false
+
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"

      - name: Retrieve secrets
        id: retrieve-secrets
@@ -28,18 +41,22 @@ jobs:
          keyvault: "bitwarden-ci"
          secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"

+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Generate GH App token
-        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
+        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
        id: app-token
        with:
-          app-id: ${{ secrets.BW_GHAPP_ID }}
-          private-key: ${{ secrets.BW_GHAPP_KEY }}
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}

      - name: Download translations
-        uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1
+        uses: crowdin/github-action@0749939f635900a2521aa6aac7a3766642b2dc71 # v2.11.0
        env:
          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
          CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
+          _CROWDIN_PROJECT_ID: "269690"
        with:
          config: crowdin.yml
          upload_sources: false
@@ -47,10 +64,10 @@ jobs:
          download_translations: true
          github_user_name: "bitwarden-devops-bot"
          github_user_email: "106330231+bitwarden-devops-bot@users.noreply.github.com"
-          commit_message: "Autosync the updated translations"
-          localization_branch_name: crowdin-auto-sync
+          commit_message: "Crowdin Pull"
+          localization_branch_name: "crowdin-pull"
          create_pull_request: true
-          pull_request_title: "Autosync Crowdin Translations"
-          pull_request_body: "Autosync the updated translations"
+          pull_request_title: "Crowdin Pull"
+          pull_request_body: ":inbox_tray: New translations received!"
          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
          gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
--- a/.github/workflows/crowdin-push-authenticator.yml
+++ b/.github/workflows/crowdin-push-authenticator.yml
@@ -1,30 +0,0 @@
-name: Crowdin Push - Authenticator
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - "main"
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  JAVA_VERSION: 17
-
-jobs:
-  crowdin-push:
-    name: Crowdin Push
-    runs-on: ubuntu-24.04
-    env:
-      _CROWDIN_PROJECT_ID: "673718"
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Upload sources
-        uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          CROWDIN_API_TOKEN: ${{ secrets.CROWDIN_API_TOKEN }}
-        with:
-          config: crowdin-bwa.yml
-          upload_sources: true
-          upload_translations: false
--- a/.github/workflows/crowdin-push.yml
+++ b/.github/workflows/crowdin-push.yml
@@ -1,25 +1,31 @@
-name: Crowdin Push
+name: CI / Crowdin Push
+run-name: Crowdin Push - ${{ github.event_name == 'workflow_dispatch' && 'Manual' || 'CI' }}

 on:
  workflow_dispatch:
  push:
    branches:
-      - "main"
+      - main

 jobs:
  crowdin-push:
-    name: Crowdin Push
+    name: Crowdin Push - ${{ github.event_name }}
    runs-on: ubuntu-24.04
-    env:
-      _CROWDIN_PROJECT_ID: "269690"
+    permissions:
+      contents: read
+      id-token: write
    steps:
      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Log in to Azure
-        uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
+        uses: bitwarden/gh-actions/azure-login@main
        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}

      - name: Retrieve secrets
        id: retrieve-secrets
@@ -29,11 +35,15 @@ jobs:
          secrets: "crowdin-api-token"

      - name: Upload sources
-        uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1
+        uses: crowdin/github-action@0749939f635900a2521aa6aac7a3766642b2dc71 # v2.11.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
+          _CROWDIN_PROJECT_ID: "269690"
        with:
          config: crowdin.yml
          upload_sources: true
          upload_translations: false
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
--- a/.github/workflows/github-release.yml
+++ b/.github/workflows/github-release.yml
@@ -3,127 +3,287 @@ name: Create GitHub Release
 on:
  workflow_dispatch:
    inputs:
-      version-name:
-        description: 'Version Name - E.g. "2024.11.1"'
-        required: true
-        type: string
-      version-number:
-        description: 'Version Number - E.g. "123456"'
-        required: true
-        type: string
      artifact-run-id:
-        description: 'GitHub Action Run ID containing artifacts'
+        description: "GitHub Action Run ID containing artifacts"
        required: true
        type: string
-      draft:
-        description: 'Create as draft release'
-        type: boolean
-        default: true
-      prerelease:
-        description: 'Mark as pre-release'
-        type: boolean
-        default: true
-      make-latest:
-        description: 'Set as the latest release'
-        type: boolean
-      branch-protection-type:
-        description: 'Branch protection type'
-        type: choice
-        options:
-          - Branch Name
-          - GitHub API
-        default: Branch Name
+      release-ticket-id:
+        description: "Release Ticket ID - e.g. RELEASE-1762"
+        required: true
+        type: string
+
 env:
-    ARTIFACTS_PATH: artifacts
+  ARTIFACTS_PATH: artifacts
+
 jobs:
  create-release:
    name: Create GitHub Release
    runs-on: ubuntu-24.04
    permissions:
      contents: write
-      actions: read
+      id-token: write

    steps:
      - name: Check out repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          fetch-depth: 0
+          persist-credentials: true
+
+      - name: Log inputs to job summary
+        uses: ./.github/actions/log-inputs
+        with:
+          inputs: ${{ toJson(inputs) }}

      - name: Get branch from workflow run
        id: get_release_branch
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
-          BRANCH_PROTECTION_TYPE: ${{ inputs.branch-protection-type }}
        run: |
-          release_branch=$(gh run view $ARTIFACT_RUN_ID --json headBranch -q .headBranch)
+          workflow_data=$(gh run view "$ARTIFACT_RUN_ID" --json headBranch,workflowName)
+          release_branch=$(echo "$workflow_data" | jq -r .headBranch)
+          workflow_name=$(echo "$workflow_data" | jq -r .workflowName)

-          case "$BRANCH_PROTECTION_TYPE" in
-            "Branch Name")
-              if [[ "$release_branch" != "main" && ! "$release_branch" =~ ^release/ ]]; then
-                echo "::error::Branch '$release_branch' is not 'main' or a release branch starting with 'release/'. Releases must be created from protected branches."
-                exit 1
-              fi
+          # branch protection check
+          if [[ "$release_branch" != "main" && ! "$release_branch" =~ ^release/ ]]; then
+            echo "::error::Branch '$release_branch' is not 'main' or a release branch starting with 'release/'. Releases must be created from protected branches."
+            exit 1
+          fi
+
+          echo "🔖 Release branch: $release_branch"
+          echo "🔖 Workflow name: $workflow_name"
+          echo "release_branch=$release_branch" >> "$GITHUB_OUTPUT"
+          echo "workflow_name=$workflow_name" >> "$GITHUB_OUTPUT"
+
+          case "$workflow_name" in
+            *"Password Manager"* | "Build")
+              app_name="Password Manager"
+              app_name_suffix="bwpm"
              ;;
-            "GitHub API")
-              #NOTE requires token with "administration:read" scope
-              if ! gh api "repos/${{ github.repository }}/branches/$release_branch/protection" | grep -q "required_status_checks"; then
-                echo "::error::Branch '$release_branch' is not protected. Releases must be created from protected branches. If that's not correct, confirm if the github token user has the 'administration:read' scope."
-                exit 1
-              fi
+            *"Authenticator"*)
+              app_name="Authenticator"
+              app_name_suffix="bwa"
              ;;
            *)
-              echo "::error::Unsupported branch protection type: $BRANCH_PROTECTION_TYPE"
+              echo "::error::Unknown workflow name: $workflow_name"
              exit 1
              ;;
          esac
+          echo "🔖 App name: $app_name"
+          echo "🔖 App name suffix: $app_name_suffix"
+          echo "app_name=$app_name" >> "$GITHUB_OUTPUT"
+          echo "app_name_suffix=$app_name_suffix" >> "$GITHUB_OUTPUT"

-          echo "release_branch=$release_branch" >> $GITHUB_OUTPUT
+      - name: Get version info from run logs and set release tag name
+        id: get_release_info
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
+          _APP_NAME_SUFFIX: ${{ steps.get_release_branch.outputs.app_name_suffix }}
+        run: |
+          workflow_log=$(gh run view "$ARTIFACT_RUN_ID" --log)
+
+          version_number_with_trailing_dot=$(grep -m 1 "Setting version code to" <<< "$workflow_log" | sed 's/.*Setting version code to //')
+          version_number=${version_number_with_trailing_dot%.} # remove trailing dot
+
+          version_name_with_trailing_dot=$(grep -m 1 "Setting version name to" <<< "$workflow_log" | sed 's/.*Setting version name to //')
+          version_name=${version_name_with_trailing_dot%.} # remove trailing dot
+
+          if [[ -z "$version_name" ]]; then
+            echo "::warning::Version name not found. Using default value - 0.0.0"
+            version_name="0.0.0"
+          else
+            echo "✅ Found version name: $version_name"
+          fi
+
+          if [[ -z "$version_number" ]]; then
+            echo "::warning::Version number not found. Using default value - 0"
+            version_number="0"
+          else
+            echo "✅ Found version number: $version_number"
+          fi
+
+          echo "version_number=$version_number" >> "$GITHUB_OUTPUT"
+          echo "version_name=$version_name" >> "$GITHUB_OUTPUT"
+
+          tag_name="v$version_name-$_APP_NAME_SUFFIX" # e.g. v2025.6.0-bwpm
+          echo "🔖 New tag name: $tag_name"
+          echo "tag_name=$tag_name" >> "$GITHUB_OUTPUT"
+
+          last_release_tag=$(git tag -l --sort=-authordate | grep "$_APP_NAME_SUFFIX" | head -n 1)
+          echo "🔖 Last release tag: $last_release_tag"
+          echo "last_release_tag=$last_release_tag" >> "$GITHUB_OUTPUT"

      - name: Download artifacts
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
        run: |
-          gh run download $ARTIFACT_RUN_ID -D $ARTIFACTS_PATH
-          file_count=$(find $ARTIFACTS_PATH -type f | wc -l)
+          gh run download "$ARTIFACT_RUN_ID" -D "$ARTIFACTS_PATH"
+          file_count=$(find "$ARTIFACTS_PATH" -type f | wc -l)
          echo "Downloaded $file_count file(s)."
          if [ "$file_count" -gt 0 ]; then
            echo "Downloaded files:"
-            find $ARTIFACTS_PATH -type f
+            find "$ARTIFACTS_PATH" -type f
          fi

+          # Files that won't be included in any release
+          files_to_remove=(
+            "com.x8bit.bitwarden.aab"
+            "com.x8bit.bitwarden.aab-sha256.txt"
+
+            "com.x8bit.bitwarden.beta.apk"
+            "com.x8bit.bitwarden.beta.apk-sha256.txt"
+            "com.x8bit.bitwarden.beta.aab"
+            "com.x8bit.bitwarden.beta.aab-sha256.txt"
+
+            "com.x8bit.bitwarden.beta-fdroid.apk"
+            "com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt"
+
+            "com.x8bit.bitwarden.dev.apk"
+            "com.x8bit.bitwarden.dev.apk-sha256.txt"
+
+            "com.bitwarden.authenticator.aab"
+            "authenticator-android-aab-sha256.txt"
+          )
+
+          for file in "${files_to_remove[@]}"; do
+            find "$ARTIFACTS_PATH" -name "$file" -type f -delete
+          done
+          echo "🔖 Removed internal artifacts."
+          echo ""
+          echo "🔖 Files to be included in the release:"
+          find "$ARTIFACTS_PATH" -type f
+
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-android
+          secrets: "JIRA-API-EMAIL,JIRA-API-TOKEN"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Get product release notes
+        id: get_release_notes
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
+          _VERSION_NAME: ${{ steps.get_release_info.outputs.version_name }}
+          _RELEASE_TICKET_ID: ${{ inputs.release-ticket-id }}
+          _JIRA_API_EMAIL: ${{ steps.get-kv-secrets.outputs.JIRA-API-EMAIL }}
+          _JIRA_API_TOKEN: ${{ steps.get-kv-secrets.outputs.JIRA-API-TOKEN }}
+        run: |
+          echo "Getting product release notes"
+          product_release_notes=$(python3 .github/scripts/jira-get-release-notes/jira_release_notes.py "$_RELEASE_TICKET_ID" "$_JIRA_API_EMAIL" "$_JIRA_API_TOKEN")
+
+          if [[ -z "$product_release_notes" || $product_release_notes == "Error checking"* ]]; then
+            echo "::warning::Failed to fetch release notes from Jira. Output: $product_release_notes"
+            product_release_notes="<insert product release notes here>"
+          else
+            echo "✅ Product release notes:"
+            echo "$product_release_notes"
+          fi
+
+          echo "$product_release_notes" > product_release_notes.txt
+
      - name: Create Release
        id: create_release
-        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
-        with:
-          tag_name: "v${{ inputs.version-name }}"
-          name: "${{ inputs.version-name }} (${{ inputs.version-number }})"
-          prerelease: ${{ inputs.prerelease }}
-          draft: ${{ inputs.draft }}
-          make_latest: ${{ inputs.make-latest }}
-          target_commitish: ${{ steps.get_release_branch.outputs.release_branch }}
-          generate_release_notes: true
-          files: |
-            artifacts/**/*
-
-      - name: Update Release Description
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          RELEASE_ID: ${{ steps.create_release.outputs.id }}
-          RELEASE_URL: ${{ steps.create_release.outputs.url }}
-          ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
+          _APP_NAME: ${{ steps.get_release_branch.outputs.app_name }}
+          _VERSION_NAME: ${{ steps.get_release_info.outputs.version_name }}
+          _VERSION_NUMBER: ${{ steps.get_release_info.outputs.version_number }}
+          _TARGET_COMMIT: ${{ steps.get_release_branch.outputs.release_branch }}
+          _TAG_NAME: ${{ steps.get_release_info.outputs.tag_name }}
+          _LAST_RELEASE_TAG: ${{ steps.get_release_info.outputs.last_release_tag }}
        run: |
-          # Get current release body
-          current_body=$(gh api /repos/${{ github.repository }}/releases/$RELEASE_ID --jq .body)
+          is_latest_release=false
+          if [[ "$_APP_NAME" == "Password Manager" ]]; then
+            is_latest_release=true
+          fi

-          # Append build source to the end
-          updated_body="${current_body}
+          echo "⌛️ Creating release for $_APP_NAME $_VERSION_NAME ($_VERSION_NUMBER) on $_TARGET_COMMIT"
+          release_url=$(gh release create "$_TAG_NAME" \
+            --title "$_APP_NAME $_VERSION_NAME ($_VERSION_NUMBER)" \
+            --target "$_TARGET_COMMIT" \
+            --generate-notes \
+            --notes-start-tag "$_LAST_RELEASE_TAG" \
+            --latest=$is_latest_release \
+            --draft \
+            "$ARTIFACTS_PATH/*/*")
+
+          # Extract release tag from URL
+          release_id_from_url=$(echo "$release_url" | sed 's/.*\/tag\///')
+          echo "release_id_from_url=$release_id_from_url" >> "$GITHUB_OUTPUT"
+          echo "url=$release_url" >> "$GITHUB_OUTPUT"
+
+          echo "✅ Release created: $release_url"
+          echo "🔖 Release ID from URL: $release_id_from_url"
+
+      - name: Update Release Description
+        id: update_release_description
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
+          _VERSION_NAME: ${{ steps.get_release_info.outputs.version_name }}
+          _RELEASE_ID: ${{ steps.create_release.outputs.release_id_from_url }}
+        run: |
+          echo "Getting current release body. Release ID: $_RELEASE_ID"
+          current_body=$(gh release view "$_RELEASE_ID" --json body --jq .body)
+
+          product_release_notes=$(cat product_release_notes.txt)
+
+          # Update release description with product release notes and builds source
+          updated_body="# Overview
+          ${product_release_notes}
+
+          ${current_body}
          **Builds Source:** https://github.com/${{ github.repository }}/actions/runs/$ARTIFACT_RUN_ID"

-          # Update release
-          gh api --method PATCH /repos/${{ github.repository }}/releases/$RELEASE_ID \
-            -f body="$updated_body"
+          new_release_url=$(gh release edit "$_RELEASE_ID" --notes "$updated_body")

-          echo "# :rocket: Release ready at:" >> $GITHUB_STEP_SUMMARY
-          echo "$RELEASE_URL" >> $GITHUB_STEP_SUMMARY
+          # draft release links change after editing
+          echo "release_url=$new_release_url" >> "$GITHUB_OUTPUT"
+
+      - name: Add Release Summary
+        env:
+          _RELEASE_TAG: ${{ steps.get_release_info.outputs.tag_name }}
+          _LAST_RELEASE_TAG: ${{ steps.get_release_info.outputs.last_release_tag }}
+          _VERSION_NAME: ${{ steps.get_release_info.outputs.version_name }}
+          _VERSION_NUMBER: ${{ steps.get_release_info.outputs.version_number }}
+          _RELEASE_BRANCH: ${{ steps.get_release_branch.outputs.release_branch }}
+          _RELEASE_URL: ${{ steps.update_release_description.outputs.release_url }}
+        run: |
+          {
+            echo "# :fish_cake: Release ready at:"
+            echo "$_RELEASE_URL"
+            echo ""
+          } >> "$GITHUB_STEP_SUMMARY"
+
+          if [[ "$_VERSION_NAME" == "0.0.0" || "$_VERSION_NUMBER" == "0" ]]; then
+            {
+              echo "> [!CAUTION]"
+              echo "> Version name or number wasn't previously found and a default value was used. You'll need to manually update the release Title, Tag and Description, specifically, the \"Full Changelog\" link."
+              echo ""
+            } >> "$GITHUB_STEP_SUMMARY"
+          fi
+
+          {
+            echo ":clipboard: Confirm that the defined GitHub Release options are correct:"
+            echo " * :bookmark: New tag name: \`$_RELEASE_TAG\`"
+            echo " * :palm_tree: Target branch: \`$_RELEASE_BRANCH\`"
+            echo " * :ocean: Previous tag set in the description \"Full Changelog\" link: \`$_LAST_RELEASE_TAG\`"
+            echo " * :white_check_mark: Description has automated release notes and they match the commits in the release branch"
+            echo "> [!NOTE]"
+            echo "> Commits directly pushed to branches without a Pull Request won't appear in the automated release notes." 
+          } >> "$GITHUB_STEP_SUMMARY"
--- a/.github/workflows/publish-github-release-bwa.yml
+++ b/.github/workflows/publish-github-release-bwa.yml
@@ -0,0 +1,23 @@
+name: Publish Authenticator GitHub Release as newest
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 * * * 1-5' # Every hour on the hour on weekdays
+permissions:
+  contents: write
+  id-token: write
+  actions: write
+
+jobs:
+  publish-release-authenticator:
+    name: Publish Authenticator Release
+    uses: bitwarden/gh-actions/.github/workflows/_publish-mobile-github-release.yml@main
+    with:
+      release_name: "Authenticator"
+      workflow_name: "publish-github-release-bwa.yml"
+      credentials_filename: "authenticator_play_store-creds.json"
+      project_type: android
+      check_release_command: >
+        bundle exec fastlane getLatestPlayStoreVersion package_name:com.bitwarden.authenticator track:production
+    secrets: inherit
--- a/.github/workflows/publish-github-release-bwpm.yml
+++ b/.github/workflows/publish-github-release-bwpm.yml
@@ -0,0 +1,24 @@
+name: Publish Password Manager GitHub Release as newest
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 * * * 1-5' # Every hour on the hour on weekdays
+
+permissions:
+  contents: write
+  id-token: write
+  actions: write
+
+jobs:
+  publish-release-password-manager:
+    name: Publish Password Manager Release
+    uses: bitwarden/gh-actions/.github/workflows/_publish-mobile-github-release.yml@main
+    with:
+      release_name: "Password Manager"
+      workflow_name: "publish-github-release-bwpm.yml"
+      credentials_filename: "play_creds.json"
+      project_type: android
+      check_release_command: >
+        bundle exec fastlane getLatestPlayStoreVersion package_name:com.x8bit.bitwarden track:production
+    secrets: inherit
--- a/.github/workflows/publish-store.yml
+++ b/.github/workflows/publish-store.yml
@@ -0,0 +1,190 @@
+name: Publish to Google Play
+run-name:  >
+  ${{ inputs.dry-run && ' (Dry Run)' || '' }}Promoting ${{ inputs.product }} ${{ inputs.version-code }} from ${{ inputs.track-from }} to ${{ inputs.track-target }}
+on:
+  workflow_dispatch:
+    inputs:
+      product:
+        description: "Which app is being released."
+        type: choice
+        options:
+          - Password Manager
+          - Authenticator
+      version-name:
+        description: "Version name to promote to production ex 2025.1.1"
+        type: string
+      version-code:
+        description: "Build number to promote to production."
+        required: true
+        type: string
+      rollout-percentage:
+        description: "Percentage of users who will receive this version update."
+        required: true
+        type: choice
+        options:
+          - 10%
+          - 30%
+          - 50%
+          - 100%
+        default: 10%
+      release-notes:
+        description: "Change notes to be included with this release."
+        type: string
+        default: "Bug fixes."
+        required: true
+      track-from:
+        description: "Track to promote from."
+        type: choice
+        options:
+          - internal
+          - Fastlane Automation Source
+        required: true
+        default: "internal"
+      track-target:
+        description: "Track to promote to."
+        type: choice
+        options:
+          - production
+          - Fastlane Automation Target
+        required: true
+      dry-run:
+        description: "Dry-Run, Run the workflow without publishing to the store"
+        type: boolean
+        default: false
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GITHUB_ACTION_RUN_URL: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+
+permissions:
+  contents: read
+  packages: read
+  id-token: write
+  actions: write
+
+jobs:
+  promote:
+    runs-on: ubuntu-24.04
+    name: Promote build to Production in Play Store
+
+    steps:
+      - name: Log inputs to job summary
+        env:
+          INPUTS: ${{ toJson(inputs) }}
+        run: |
+          {
+            echo "<details><summary>Job Inputs</summary>"
+            echo ""
+            echo '```json'
+            echo "$INPUTS"
+            echo '```'
+            echo "</details>"
+          }  >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Check out repo
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Configure Ruby
+        uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
+        with:
+          bundler-cache: true
+
+      - name: Install Fastlane
+        run: |
+          gem install bundler:2.2.27
+          bundle config path vendor/bundle
+          bundle install --jobs 4 --retry 3
+
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-android
+          secrets: "PLAY-BETA-KEYSTORE-PASSWORD,PLAY-BETA-KEY-PASSWORD"
+
+      - name: Retrieve secrets
+        env:
+          ACCOUNT_NAME: bitwardenci
+          CONTAINER_NAME: mobile
+        run: |
+          mkdir -p ${{ github.workspace }}/secrets
+          mkdir -p ${{ github.workspace }}/app/src/standardRelease
+
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
+          --name play_creds.json --file ${{ github.workspace }}/secrets/play_creds.json --output none
+
+          az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
+          --name authenticator_play_store-creds.json --file ${{ github.workspace }}/secrets/authenticator_play_store-creds.json --output none
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Format Release Notes
+        env:
+          RELEASE_NOTES: ${{ inputs.release-notes }}
+        run: |
+          FORMATTED_MESSAGE="$(echo "$RELEASE_NOTES" | sed 's/  /\n/g')"
+          {
+            echo "RELEASE_NOTES<<EOF"
+            printf '%s\n' "$FORMATTED_MESSAGE"
+            echo "EOF"
+          }  >> "$GITHUB_ENV"
+
+      - name: Promote Play Store version to production
+        env:
+          PLAY_KEYSTORE_PASSWORD: ${{ steps.get-kv-secrets.outputs.PLAY-BETA-KEYSTORE-PASSWORD }}
+          PLAY_KEY_PASSWORD: ${{ steps.get-kv-secrets.outputs.PLAY-BETA-KEY-PASSWORD }}
+          VERSION_CODE_INPUT: ${{ inputs.version-code }}
+          VERSION_NAME: ${{inputs.version-name}}
+          ROLLOUT_PERCENTAGE: ${{ inputs.rollout-percentage }}
+          PRODUCT: ${{ inputs.product }}
+          TRACK_FROM: ${{ inputs.track-from }}
+          TRACK_TARGET: ${{ inputs.track-target }}
+        run: |
+          if [ "$PRODUCT" = "Password Manager" ]; then
+            PACKAGE_NAME="com.x8bit.bitwarden"
+          elif [ "$PRODUCT" = "Authenticator" ]; then
+            PACKAGE_NAME="com.bitwarden.authenticator"
+          else
+            echo "Unsupported product: $PRODUCT"
+            exit 1
+          fi
+
+          VERSION_CODE=$(echo "${VERSION_CODE_INPUT}" | tr -d ',')
+
+          decimal=$(echo "scale=2; ${ROLLOUT_PERCENTAGE/\%/} / 100" | bc)
+
+          bundle exec fastlane updateReleaseNotes \
+            releaseNotes:"$RELEASE_NOTES" \
+            versionCode:"$VERSION_CODE" \
+            packageName:"$PACKAGE_NAME"
+
+          bundle exec fastlane promoteToProduction \
+            versionCode:"$VERSION_CODE" \
+            versionName:"$VERSION_NAME" \
+            rolloutPercentage:"$decimal" \
+            packageName:"$PACKAGE_NAME" \
+            releaseNotes:"$RELEASE_NOTES" \
+            track:"$TRACK_FROM" \
+            trackPromoteTo:"$TRACK_TARGET"
+
+      - name: Enable Publish Github Release Workflow
+        env:
+          PRODUCT: ${{ inputs.product }}
+        run: |
+          if ${{ inputs.dry-run }} ; then
+            gh workflow view publish-github-release-bwpm.yml
+            exit 0
+          fi
+          if [ "$PRODUCT" = "Password Manager" ]; then
+            gh workflow enable publish-github-release-bwpm.yml
+          elif [ "$PRODUCT" = "Authenticator" ]; then
+            gh workflow enable publish-github-release-bwa.yml
+          fi
--- a/.github/workflows/release-branch.yml
+++ b/.github/workflows/release-branch.yml
@@ -4,12 +4,14 @@ on:
  workflow_dispatch:
    inputs:
      release_type:
-        description: 'Release Type'
+        description: "Release Type"
        required: true
        type: choice
        options:
          - RC
-          - Hotfix
+          - Hotfix Password Manager
+          - Hotfix Authenticator
+          - Test

 jobs:
  create-release-branch:
@@ -17,42 +19,68 @@ jobs:
    runs-on: ubuntu-24.04
    permissions:
      contents: write
+      actions: write
    steps:
      - name: Check out repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          fetch-depth: 0
+          persist-credentials: true

-      - name: Create RC Branch
-        if: inputs.release_type == 'RC'
+      - name: Create RC or Test Branch
+        id: rc_branch
+        if: inputs.release_type == 'RC' || inputs.release_type == 'Test'
        env:
-          RC_PREFIX_DATE: "true" # replace with input if needed
+          _TEST_MODE: ${{ inputs.release_type == 'Test' }}
+          _RELEASE_TYPE: ${{ inputs.release_type }}
        run: |
-          if [ "$RC_PREFIX_DATE" = "true" ]; then
-            current_date=$(date +'%Y.%m')
-            branch_name="release/${current_date}-rc${{ github.run_number }}"
-          else
-            branch_name="release/rc${{ github.run_number }}"
+          current_date=$(date +'%Y.%-m')
+          branch_name="${current_date}-rc${{ github.run_number }}"
+
+          if [ "$_TEST_MODE" = "true" ]; then
+            branch_name="WORKFLOW-TEST-${branch_name}"
          fi
+          branch_name="release/${branch_name}"
+
          git switch main
-          git switch -c $branch_name
-          git push origin $branch_name
-          echo "# :cherry_blossom: RC branch: ${branch_name}" >> $GITHUB_STEP_SUMMARY
+          git switch -c "$branch_name"
+          git push origin "$branch_name"
+          echo "# :cherry_blossom: ${_RELEASE_TYPE} branch: ${branch_name}" >> "$GITHUB_STEP_SUMMARY"
+          echo "branch_name=$branch_name" >> "$GITHUB_OUTPUT"

      - name: Create Hotfix Branch
-        if: inputs.release_type == 'Hotfix'
+        id: hotfix_branch
+        if: startsWith(inputs.release_type, 'Hotfix')
+        env:
+          _RELEASE_TYPE: ${{ inputs.release_type }}
        run: |
-          latest_tag=$(git tag -l --sort=-creatordate | head -n 1)
+          app_codename="bwpm"
+          if [ "$_RELEASE_TYPE" == "Hotfix Authenticator" ]; then
+            app_codename="bwa"
+          fi
+          echo "🌿 app codename: $app_codename"
+
+          latest_tag=$(git tag -l --sort=-creatordate | grep "$app_codename" | head -n 1)
          if [ -z "$latest_tag" ]; then
            echo "::error::No tags found in the repository"
            exit 1
          fi
          branch_name="release/hotfix-${latest_tag}"
          echo "🌿 branch name: $branch_name"
+          echo "branch_name=$branch_name" >> "$GITHUB_OUTPUT"
          if git show-ref --verify --quiet "refs/remotes/origin/$branch_name"; then
-            echo "# :fire: :warning: Hotfix branch already exists: ${branch_name}" >> $GITHUB_STEP_SUMMARY
+            echo "# :fire: :warning: Hotfix branch already exists: ${branch_name}" >> "$GITHUB_STEP_SUMMARY"
            exit 0
          fi
-          git switch -c $branch_name $latest_tag
-          git push origin $branch_name
-          echo "# :fire: Hotfix branch: ${branch_name}" >> $GITHUB_STEP_SUMMARY
+          git switch -c "$branch_name" "$latest_tag"
+          git push origin "$branch_name"
+          echo "# :fire: Hotfix branch: ${branch_name}" >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Trigger CI Workflows
+        env:
+          GH_TOKEN: ${{ github.token }}
+          _BRANCH_NAME: ${{ steps.rc_branch.outputs.branch_name || steps.hotfix_branch.outputs.branch_name }}
+        run: |
+          echo "🌿 branch name: $_BRANCH_NAME"
+          gh workflow run build.yml --ref "$_BRANCH_NAME" -f distribute-to-firebase=true -f publish-to-play-store=true
+          gh workflow run build-authenticator.yml --ref "$_BRANCH_NAME" -f distribute-to-firebase=true -f publish-to-play-store=true
--- a/.github/workflows/respond.yml
+++ b/.github/workflows/respond.yml
@@ -0,0 +1,28 @@
+name: Respond
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+permissions: {}
+
+jobs:
+  respond:
+    name: Respond
+    uses: bitwarden/gh-actions/.github/workflows/_respond.yml@main
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      actions: read
+      contents: write
+      id-token: write
+      issues: write
+      pull-requests: write
--- a/.github/workflows/review-code.yml
+++ b/.github/workflows/review-code.yml
@@ -0,0 +1,20 @@
+name: Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+permissions: {}
+
+jobs:
+  review:
+    name: Review
+    uses: bitwarden/gh-actions/.github/workflows/_review-code.yml@main
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      contents: read
+      id-token: write
+      pull-requests: write
--- a/.github/workflows/scan-authenticator.yml
+++ b/.github/workflows/scan-authenticator.yml
@@ -1,78 +0,0 @@
-name: Scan Authenticator
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - "main"
-      - "rc"
-      - "hotfix-rc"
-  pull_request_target:
-    types: [opened, synchronize]
-
-jobs:
-  check-run:
-    name: Check PR run
-    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
-
-  sast:
-    name: SAST scan
-    runs-on: ubuntu-24.04
-    needs: check-run
-    permissions:
-      contents: read
-      pull-requests: write
-      security-events: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: ${{  github.event.pull_request.head.sha }}
-
-      - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
-        env:
-          INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
-        with:
-          project_name: ${{ github.repository }}
-          cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
-          base_uri: https://ast.checkmarx.net/
-          cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
-          cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
-          additional_params: |
-            --report-format sarif \
-            --filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
-            --output-path . ${{ env.INCREMENTAL }}
-
-      - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2
-        with:
-          sarif_file: cx_result.sarif
-          sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }}
-          ref: ${{ contains(github.event_name, 'pull_request') && format('refs/pull/{0}/head', github.event.pull_request.number) || github.ref }}
-
-  quality:
-    name: Quality scan
-    runs-on: ubuntu-24.04
-    needs: check-run
-    permissions:
-      contents: read
-      pull-requests: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-          ref: ${{  github.event.pull_request.head.sha }}
-
-      - name: Scan with SonarCloud
-        uses: sonarsource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        with:
-          args: >
-            -Dsonar.organization=${{ github.repository_owner }}
-            -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
-            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
--- a/.github/workflows/scan-ci.yml
+++ b/.github/workflows/scan-ci.yml
@@ -6,58 +6,30 @@ on:
    branches:
      - "main"

+permissions: {}
+
 jobs:
  sast:
-    name: SAST scan
-    runs-on: ubuntu-24.04
+    name: Checkmarx
+    uses: bitwarden/gh-actions/.github/workflows/_checkmarx.yml@main
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
    permissions:
      contents: read
+      pull-requests: write
      security-events: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-
-      - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
-        with:
-          project_name: ${{ github.repository }}
-          cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
-          base_uri: https://ast.checkmarx.net/
-          cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
-          cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
-          additional_params: |
-            --report-format sarif \
-            --filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
-            --output-path .
-
-      - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
-        with:
-          sarif_file: cx_result.sarif
-          sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }}
-          ref: ${{ contains(github.event_name, 'pull_request') && format('refs/pull/{0}/head', github.event.pull_request.number) || github.ref }}
+      id-token: write

  quality:
-    name: Quality scan
-    runs-on: ubuntu-24.04
+    name: Sonar
+    uses: bitwarden/gh-actions/.github/workflows/_sonar.yml@main
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
    permissions:
      contents: read
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-
-      - name: Scan with SonarCloud
-        uses: sonarsource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        with:
-          args: >
-            -Dsonar.organization=${{ github.repository_owner }}
-            -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
-            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
+      pull-requests: write
+      id-token: write
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -2,72 +2,47 @@ name: Scan Pull Requests

 on:
  workflow_dispatch:
-  pull_request_target:
-    types: [opened, synchronize]
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches-ignore:
+      - main
+  pull_request_target: # zizmor: ignore[dangerous-triggers]
+    types: [opened, synchronize, reopened]
+    branches:
+      - main
+
+permissions: {}

 jobs:
  check-run:
    name: Check PR run
    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+    permissions:
+      contents: read

  sast:
-    name: SAST scan
-    runs-on: ubuntu-24.04
+    name: Checkmarx
+    uses: bitwarden/gh-actions/.github/workflows/_checkmarx.yml@main
    needs: check-run
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
    permissions:
      contents: read
      pull-requests: write
      security-events: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: ${{  github.event.pull_request.head.sha }}
-
-      - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
-        env:
-          INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
-        with:
-          project_name: ${{ github.repository }}
-          cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
-          base_uri: https://ast.checkmarx.net/
-          cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
-          cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
-          additional_params: |
-            --report-format sarif \
-            --filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
-            --output-path . ${{ env.INCREMENTAL }}
-
-      - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
-        with:
-          sarif_file: cx_result.sarif
-          sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }}
-          ref: ${{ contains(github.event_name, 'pull_request') && format('refs/pull/{0}/head', github.event.pull_request.number) || github.ref }}
+      id-token: write

  quality:
-    name: Quality scan
-    runs-on: ubuntu-24.04
+    name: Sonar
+    uses: bitwarden/gh-actions/.github/workflows/_sonar.yml@main
    needs: check-run
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
    permissions:
      contents: read
      pull-requests: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-          ref: ${{  github.event.pull_request.head.sha }}
-
-      - name: Scan with SonarCloud
-        uses: sonarsource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        with:
-          args: >
-            -Dsonar.organization=${{ github.repository_owner }}
-            -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
-            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
+      id-token: write
--- a/.github/workflows/sdlc-sdk-update.yml
+++ b/.github/workflows/sdlc-sdk-update.yml
@@ -0,0 +1,230 @@
+name: SDLC / SDK Update
+run-name: "SDK ${{inputs.run-mode == 'Update' && format('Update - {0}', inputs.sdk-version) || format('Test #{0} - {1}', inputs.pr-id, inputs.sdk-version)}}"
+
+on:
+  workflow_dispatch:
+    inputs:
+      run-mode:
+        description: "Run Mode"
+        type: choice
+        options:
+          - Test # used for testing sdk-internal repo PRs
+          - Update # opens a PR in this repo updating the SDK
+        default: Test
+      sdk-package:
+        description: "SDK Package ID"
+        required: true
+        default: "com.bitwarden:sdk-android.dev"
+      sdk-version:
+        description: "SDK Version"
+        required: true
+        default: "1.0.0-2686-km-update-kdf-sdk"
+      pr-id:
+        description: "Pull Request ID"
+
+env:
+  _BOT_NAME: "bw-ghapp[bot]"
+  _BOT_EMAIL: "178206702+bw-ghapp[bot]@users.noreply.github.com"
+
+jobs:
+  update:
+    name: Update and PR
+    if: ${{ inputs.run-mode == 'Update' }}
+    runs-on: ubuntu-24.04
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Generate GH App token
+        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
+        id: app-token
+        with:
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
+          permission-pull-requests: write
+          permission-actions: read
+          permission-contents: write
+
+      - name: Check out repo
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          fetch-depth: 0
+          persist-credentials: true
+
+      - name: Log inputs to job summary
+        uses: ./.github/actions/log-inputs
+        with:
+          inputs: ${{ toJson(inputs) }}
+
+      - name: Switch to branch
+        id: switch-branch
+        run: |
+          BRANCH_NAME="sdlc/sdk-update"
+          echo "branch_name=$BRANCH_NAME" >> "$GITHUB_OUTPUT"
+
+          if git switch "$BRANCH_NAME"; then
+            echo "✅ Switched to existing branch: $BRANCH_NAME"
+            echo "updating_existing_branch=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "📝 Creating new branch: $BRANCH_NAME"
+            git switch -c "$BRANCH_NAME"
+            echo "updating_existing_branch=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Prevent updating the branch when the last committer isn't the bot
+        if: ${{ steps.switch-branch.outputs.updating_existing_branch == 'true' }}
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }}
+        run: |
+          LATEST_COMMIT_AUTHOR=$(git log -1 --format='%ae' "$_BRANCH_NAME")
+
+          echo "Latest commit author in branch ($_BRANCH_NAME): $LATEST_COMMIT_AUTHOR"
+          echo "Expected bot email: $_BOT_EMAIL"
+
+          if [ "$LATEST_COMMIT_AUTHOR" != "$_BOT_EMAIL" ]; then
+            echo "::error::Branch $_BRANCH_NAME has a commit not made by the bot." \
+              "This indicates manual changes have been made to the branch," \
+              "PR has to be merged or closed before running this workflow again."
+            echo "👀 Fetching existing PR..."
+            gh pr list --head "$_BRANCH_NAME" --base main --state open --json number --jq '.[0].number // empty'
+            EXISTING_PR=$(gh pr list --head "$_BRANCH_NAME" --base main --state open --json number --jq '.[0].number // empty')
+            if [ -z "$EXISTING_PR" ]; then
+              echo "::error::Couldn't find an existing PR for branch $_BRANCH_NAME."
+              exit 1
+            fi
+            PR_URL="https://github.com/${{ github.repository }}/pull/$EXISTING_PR"
+            echo "## ❌ Merge or close: $PR_URL" >> "$GITHUB_STEP_SUMMARY"
+            exit 1
+          fi
+
+          echo "✅ Branch tip commit was made by the bot. Safe to proceed."
+
+      # Using main to retrieve the changelog on consecutive updates of the same PR.
+      - name: Get current SDK version from main branch
+        id: get-current-sdk
+        run: |
+          git show origin/main:gradle/libs.versions.toml
+          SDK_VERSION=$(git show origin/main:gradle/libs.versions.toml | grep "bitwardenSdk =" | cut -d'"' -f2)
+          if [ -z "$SDK_VERSION" ]; then
+            echo "::error::Failed to get current SDK version from main branch."
+            exit 1
+          fi
+          GIT_REF=$(echo "$SDK_VERSION" | cut -d'-' -f3-) # handles both commit hashes and branch names
+          echo "Current SDK version (from main): $SDK_VERSION"
+          echo "Current SDK git ref: $GIT_REF"
+          echo "version=$SDK_VERSION" >> "$GITHUB_OUTPUT"
+          echo "git_ref=$GIT_REF" >> "$GITHUB_OUTPUT"
+
+      - name: Update SDK Version
+        env:
+          _SDK_PACKAGE: ${{ inputs.sdk-package }}
+          _SDK_VERSION: ${{ inputs.sdk-version }}
+        run: |
+          ./scripts/update-sdk-version.sh "$_SDK_PACKAGE" "$_SDK_VERSION"
+
+      - name: Create branch and commit
+        env:
+          _SDK_PACKAGE: ${{ inputs.sdk-package }}
+          _SDK_VERSION: ${{ inputs.sdk-version }}
+          _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }}
+        run: |
+          echo "👀 Committing SDK version update..."
+
+          git config user.name "$_BOT_NAME"
+          git config user.email "$_BOT_EMAIL"
+
+          git add gradle/libs.versions.toml
+          git commit -m "SDK Update - $_SDK_PACKAGE $_SDK_VERSION"
+          git push origin "$_BRANCH_NAME"
+
+      - name: Create or Update Pull Request
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }}
+          _SDK_PACKAGE: ${{ inputs.sdk-package }}
+          _SDK_VERSION: ${{ inputs.sdk-version }}
+          _OLD_SDK_VERSION: ${{ steps.get-current-sdk.outputs.version }}
+          _OLD_SDK_GIT_REF: ${{ steps.get-current-sdk.outputs.git_ref }}
+        run: |
+          NEW_SDK_GIT_REF=$(echo "$_SDK_VERSION" | cut -d'-' -f3-)
+          CHANGELOG=$(./scripts/get-repo-changelog.sh "bitwarden/sdk-internal" "$_OLD_SDK_GIT_REF" "$NEW_SDK_GIT_REF")
+          PR_BODY="Updates the SDK version from \`$_OLD_SDK_VERSION\` to \`$_SDK_PACKAGE $_SDK_VERSION\`
+
+          ## What's Changed
+
+          $CHANGELOG"
+
+          EXISTING_PR=$(gh pr list --head "$_BRANCH_NAME" --base main --state open --json number --jq '.[0].number // empty')
+
+          if [ -n "$EXISTING_PR" ]; then
+            echo "🔄 Updating existing PR #$EXISTING_PR..."
+            echo -e "$PR_BODY" | gh pr edit "$EXISTING_PR" \
+              --title "Update SDK to $_SDK_VERSION" \
+              --body-file -
+            PR_URL="https://github.com/${{ github.repository }}/pull/$EXISTING_PR"
+            echo "## ✅ Updated PR: $PR_URL" >> "$GITHUB_STEP_SUMMARY"
+          else
+            echo "📝 Creating new PR..."
+            PR_URL=$(echo -e "$PR_BODY" | gh pr create \
+              --title "Update SDK to $_SDK_VERSION" \
+              --body-file - \
+              --base main \
+              --head "$_BRANCH_NAME" \
+              --label "automated-pr" \
+              --label "t:ci")
+            echo "## 🚀 Created PR: $PR_URL" >> "$GITHUB_STEP_SUMMARY"
+          fi
+
+  test:
+    name: Test Update
+    if: ${{ inputs.run-mode == 'Test' }}
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      packages: read
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+
+      - name: Log inputs to job summary
+        uses: ./.github/actions/log-inputs
+        with:
+          inputs: ${{ toJson(inputs) }}
+
+      - name: Setup Android Build
+        uses: ./.github/actions/setup-android-build
+
+      - name: Update SDK Version
+        env:
+          _SDK_PACKAGE: ${{ inputs.sdk-package }}
+          _SDK_VERSION: ${{ inputs.sdk-version }}
+        run: |
+          ./scripts/update-sdk-version.sh "$_SDK_PACKAGE" "$_SDK_VERSION"
+
+      - name: Build
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Used in settings.gradle.kts to download the SDK from GitHub Maven Packages
+        run: |
+          ./gradlew assembleDebug --warn
--- a/.github/workflows/test-authenticator.yml
+++ b/.github/workflows/test-authenticator.yml
@@ -1,82 +0,0 @@
-name: Test Authenticator
-
-on:
-  push:
-    branches:
-      - "main"
-      - "rc"
-      - "hotfix-rc"
-  pull_request_target:
-    types: [opened, synchronize]
-
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  JAVA_VERSION: 17
-
-jobs:
-  check-run:
-    name: Check PR run
-    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
-
-  test:
-    name: Test
-    runs-on: ubuntu-24.04
-    needs: check-run
-    permissions:
-      contents: read
-      packages: read
-      pull-requests: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: ${{  github.event.pull_request.head.sha }}
-
-      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
-
-      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-v2-
-
-      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
-        with:
-          path: |
-            ${{ github.workspace }}/build-cache
-          key: ${{ runner.os }}-build-cache-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-build-
-
-      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
-        with:
-          bundler-cache: true
-
-      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
-        with:
-          distribution: "temurin"
-          java-version: ${{ env.JAVA_VERSION }}
-
-      - name: Install Fastlane
-        run: |
-          gem install bundler:2.2.27
-          bundle config path vendor/bundle
-          bundle install --jobs 4 --retry 3
-
-      - name: Build and test Authenticator
-        run: |
-          bundle exec fastlane checkAuthenticator
-
-      - name: Upload to codecov.io
-        uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
-        with:
-          files: authenticator/build/reports/kover/reportDebug.xml
--- a/.github/workflows/test-device.yml
+++ b/.github/workflows/test-device.yml
@@ -0,0 +1,16 @@
+name: Test Device
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: Test Device
+    runs-on: ubuntu-24.04
+
+    steps:
+    - name: Placeholder step
+      run: echo "Placeholder workflow step"
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -9,30 +9,32 @@ on:
  pull_request:
    types: [opened, synchronize]
  merge_group:
-    type: [checks_requested]
+    types: [checks_requested]
  workflow_dispatch:

 env:
-  _JAVA_VERSION: 17
+  _JAVA_VERSION: 21
  _GITHUB_ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }}

-
 jobs:
  test:
    name: Test
    runs-on: ubuntu-24.04
    permissions:
      packages: read
+      pull-requests: write

    steps:
      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0

      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
        with:
          path: |
            ~/.gradle/caches
@@ -42,7 +44,7 @@ jobs:
            ${{ runner.os }}-gradle-v2-

      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
        with:
          path: |
            ${{ github.workspace }}/build-cache
@@ -51,12 +53,12 @@ jobs:
            ${{ runner.os }}-build-

      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
        with:
          bundler-cache: true

      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          distribution: "temurin"
          java-version: ${{ env._JAVA_VERSION }}
@@ -74,52 +76,42 @@ jobs:
          bundle exec fastlane check

      - name: Upload test reports
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        if: always()
        with:
          name: test-reports
          path: |
+            build/reports/kover/reportMergedCoverage.xml
            app/build/reports/tests/
-            app/build/reports/kover/reportStandardDebug.xml
-
-  report:
-    name: Process Test Reports
-    needs: test
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      issues: write
-      pull-requests: write
-    if: success()
-
-    steps:
-      - name: Download test artifacts
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-        if: github.event_name == 'push' || github.event_name == 'pull_request'
-        with:
-          name: test-reports
+            authenticator/build/reports/tests/
+            authenticatorbridge/build/reports/tests/
+            core/build/reports/tests/
+            data/build/reports/tests/
+            network/build/reports/tests/
+            ui/build/reports/tests/

      - name: Upload to codecov.io
        id: upload-to-codecov
-        uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        if: github.event_name == 'push' || github.event_name == 'pull_request'
        continue-on-error: true
        with:
          os: linux
-          files: kover/reportStandardDebug.xml
+          files: build/reports/kover/reportMergedCoverage.xml
          fail_ci_if_error: true
+          disable_search: true

      - name: Comment PR if tests failed
        if: steps.upload-to-codecov.outcome == 'failure' && (github.event_name == 'push' || github.event_name == 'pull_request')
        env:
-            PR_NUMBER: ${{ github.event.number }}
-            GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-            RUN_ACTOR: ${{ github.triggering_actor }}
+          PR_NUMBER: ${{ github.event.number }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          RUN_ACTOR: ${{ github.triggering_actor }}
        run: |
-          echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
-          echo "> Uploading code coverage report failed. Please check the \"Upload to codecov.io\" step of \"Process Test Reports\" job for more details." >> $GITHUB_STEP_SUMMARY
+          echo "> [!WARNING]" >> "$GITHUB_STEP_SUMMARY"
+          echo "> Uploading code coverage report failed. Please check the \"Upload to codecov.io\" step of \"Process Test Reports\" job for more details." >> "$GITHUB_STEP_SUMMARY"

-          if [ ! -z "$PR_NUMBER" ]; then
+          if [ -n "$PR_NUMBER" ]; then
            message=$'> [!WARNING]\n> @'$RUN_ACTOR' Uploading code coverage report failed. Please check the "Upload to codecov.io" step of [Process Test Reports job]('$_GITHUB_ACTION_RUN_URL') for more details.'
-            gh pr comment --repo $GITHUB_REPOSITORY $PR_NUMBER --body "$message"
+            gh pr comment --repo "$GITHUB_REPOSITORY" "$PR_NUMBER" --body "$message"
          fi
--- a/.github/zizmor.yml
+++ b/.github/zizmor.yml
@@ -0,0 +1,5 @@
+rules:
+  unpinned-uses:
+    config:
+      policies:
+        bitwarden/gh-actions/*: ref-pin
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,13 @@
 fastlane/report.xml
 fastlane/README.md

+# Ruby / Bundler
+.bundle/
+vendor/
+
+# Backup files
+*.bak
+
 # General
 .DS_Store
 Thumbs.db
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-3.3.1
+3.4.2
--- a/9
+++ b/9
@@ -7,3 +7,12 @@ gem 'time'

 plugins_path = File.join(File.dirname(__FILE__), 'fastlane', 'Pluginfile')
 eval_gemfile(plugins_path) if File.exist?(plugins_path)
+
+# Since ruby 3.4.0 these are not included in the standard library
+gem 'abbrev'
+gem 'logger'
+gem 'mutex_m'
+gem 'csv'
+
+# Starting with Ruby 3.5.0, these are not included in the standard library
+gem 'ostruct'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -5,34 +5,39 @@ GEM
      base64
      nkf
      rexml
+    abbrev (0.1.2)
    addressable (2.8.7)
      public_suffix (>= 2.0.2, < 7.0)
    artifactory (3.0.17)
    atomos (0.1.3)
-    aws-eventstream (1.3.2)
-    aws-partitions (1.1067.0)
-    aws-sdk-core (3.220.1)
+    aws-eventstream (1.4.0)
+    aws-partitions (1.1177.0)
+    aws-sdk-core (3.235.0)
      aws-eventstream (~> 1, >= 1.3.0)
      aws-partitions (~> 1, >= 1.992.0)
      aws-sigv4 (~> 1.9)
      base64
+      bigdecimal
      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.99.0)
-      aws-sdk-core (~> 3, >= 3.216.0)
+      logger
+    aws-sdk-kms (1.115.0)
+      aws-sdk-core (~> 3, >= 3.234.0)
      aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.182.0)
-      aws-sdk-core (~> 3, >= 3.216.0)
+    aws-sdk-s3 (1.201.0)
+      aws-sdk-core (~> 3, >= 3.234.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.5)
-    aws-sigv4 (1.11.0)
+    aws-sigv4 (1.12.1)
      aws-eventstream (~> 1, >= 1.0.2)
    babosa (1.0.4)
-    base64 (0.2.0)
+    base64 (0.3.0)
+    bigdecimal (3.3.1)
    claide (1.1.0)
    colored (1.2)
    colored2 (3.1.2)
    commander (4.6.0)
      highline (~> 2.0.0)
+    csv (3.3.5)
    date (3.4.1)
    declarative (0.0.20)
    digest-crc (0.7.0)
@@ -57,10 +62,10 @@ GEM
      faraday (>= 0.8.0)
      http-cookie (~> 1.0.0)
    faraday-em_http (1.0.0)
-    faraday-em_synchrony (1.0.0)
+    faraday-em_synchrony (1.0.1)
    faraday-excon (1.1.0)
    faraday-httpclient (1.0.1)
-    faraday-multipart (1.1.0)
+    faraday-multipart (1.1.1)
      multipart-post (~> 2.0)
    faraday-net_http (1.0.2)
    faraday-net_http_persistent (1.2.0)
@@ -70,7 +75,7 @@ GEM
    faraday_middleware (1.2.1)
      faraday (~> 1.0)
    fastimage (2.4.0)
-    fastlane (2.227.0)
+    fastlane (2.228.0)
      CFPropertyList (>= 2.3, < 4.0.0)
      addressable (>= 2.8, < 3.0.0)
      artifactory (~> 3.0)
@@ -110,9 +115,9 @@ GEM
      tty-spinner (>= 0.8.0, < 1.0.0)
      word_wrap (~> 1.0.0)
      xcodeproj (>= 1.13.0, < 2.0.0)
-      xcpretty (~> 0.4.0)
+      xcpretty (~> 0.4.1)
      xcpretty-travis-formatter (>= 0.0.3, < 2.0.0)
-    fastlane-plugin-firebase_app_distribution (0.10.0)
+    fastlane-plugin-firebase_app_distribution (0.10.1)
      google-apis-firebaseappdistribution_v1 (~> 0.3.0)
      google-apis-firebaseappdistribution_v1alpha (~> 0.2.0)
    fastlane-sirp (1.0.0)
@@ -164,36 +169,38 @@ GEM
    httpclient (2.9.0)
      mutex_m
    jmespath (1.6.2)
-    json (2.10.2)
-    jwt (2.10.1)
+    json (2.15.2)
+    jwt (2.10.2)
      base64
+    logger (1.7.0)
    mini_magick (4.13.2)
    mini_mime (1.1.5)
-    multi_json (1.15.0)
+    multi_json (1.17.0)
    multipart-post (2.4.1)
    mutex_m (0.3.0)
    nanaimo (0.4.0)
-    naturally (2.2.1)
+    naturally (2.3.0)
    nkf (0.2.0)
    optparse (0.6.0)
    os (1.1.4)
+    ostruct (0.6.3)
    plist (3.7.2)
-    public_suffix (6.0.1)
-    rake (13.2.1)
+    public_suffix (6.0.2)
+    rake (13.3.0)
    representable (3.2.0)
      declarative (< 0.1.0)
      trailblazer-option (>= 0.1.1, < 0.2.0)
      uber (< 0.2.0)
    retriable (3.1.2)
-    rexml (3.4.1)
+    rexml (3.4.4)
    rouge (3.28.0)
    ruby2_keywords (0.0.5)
    rubyzip (2.4.1)
    security (0.1.5)
-    signet (0.19.0)
+    signet (0.21.0)
      addressable (~> 2.8)
      faraday (>= 0.17.5, < 3.a)
-      jwt (>= 1.5, < 3.0)
+      jwt (>= 1.5, < 4.0)
      multi_json (~> 1.10)
    simctl (1.6.10)
      CFPropertyList
@@ -219,7 +226,7 @@ GEM
      colored2 (~> 3.1)
      nanaimo (~> 0.4.0)
      rexml (>= 3.3.6, < 4.0)
-    xcpretty (0.4.0)
+    xcpretty (0.4.1)
      rouge (~> 3.28.0)
    xcpretty-travis-formatter (1.0.1)
      xcpretty (~> 0.2, >= 0.0.7)
@@ -228,12 +235,17 @@ PLATFORMS
  ruby

 DEPENDENCIES
+  abbrev
+  csv
  fastlane
  fastlane-plugin-firebase_app_distribution
+  logger
+  mutex_m
+  ostruct
  time

 RUBY VERSION
-   ruby 3.3.1p55
+   ruby 3.4.2p28

 BUNDLED WITH
-   2.5.9
+   2.6.9
--- a/README-bwa.md
+++ b/README-bwa.md
@@ -1,61 +0,0 @@
-[![Github Workflow build on main](https://github.com/bitwarden/authenticator-android/actions/workflows/build-authenticator.yml/badge.svg?branch=main)](https://github.com/bitwarden/authenticator-android/actions/workflows/build-authenticator.yml?query=branch:main)
-[![Join the chat at https://gitter.im/bitwarden/Lobby](https://badges.gitter.im/bitwarden/Lobby.svg)](https://gitter.im/bitwarden/Lobby)
-
-# Bitwarden Authenticator Android App
-
-<a href="https://play.google.com/store/apps/details?id=com.bitwarden.authenticator" target="_blank"><img alt="Get it on Google Play" src="https://imgur.com/YQzmZi9.png" width="153" height="46"></a>
-
-Bitwarden Authenticator allows you easily store and generate two-factor authentication codes on your device. The Bitwarden Authenticator Android application is written in Kotlin.
-
-<img src="https://raw.githubusercontent.com/bitwarden/brand/master/screenshots/authenticator-android-codes.png" alt="" width="325" height="650" />
-
-## Compatibility
-
- **Minimum SDK**: 28
- **Target SDK**: 34
- **Device Types Supported**: Phone and Tablet
- **Orientations Supported**: Portrait and Landscape
-
-## Setup
-
-
-1. Clone the repository:
-
-    ```sh
-    $ git clone https://github.com/bitwarden/authenticator-android
-    ```
-
-2. Create a `user.properties` file in the root directory of the project and add the following properties:
-
-    - `gitHubToken`: A "classic" Github Personal Access Token (PAT) with the `read:packages` scope (ex: `gitHubToken=gph_xx...xx`). These can be generated by going to the [Github tokens page](https://github.com/settings/tokens). See [the Github Packages user documentation concerning authentication](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-gradle-registry#authenticating-to-github-packages) for more details.
-
-3. Setup the code style formatter:
-
-    All code must follow the guidelines described in the [Code Style Guidelines document](docs/STYLE_AND_BEST_PRACTICES.md). To aid in adhering to these rules, all contributors should apply `docs/bitwarden-style.xml` as their code style scheme. In IntelliJ / Android Studio:
-
-    - Navigate to `Preferences > Editor > Code Style`.
-    - Hit the `Manage` button next to `Scheme`.
-    - Select `Import`.
-    - Find the `bitwarden-style.xml` file in the project's `docs/` directory.
-    - Import "from" `BitwardenStyle` "to" `BitwardenStyle`.
-    - Hit `Apply` and `OK` to save the changes and exit Preferences.
-
-    Note that in some cases you may need to restart Android Studio for the changes to take effect.
-
-    All code should be formatted before submitting a pull request. This can be done manually but it can also be helpful to create a macro with a custom keyboard binding to auto-format when saving. In Android Studio on OS X:
-
-    - Select `Edit > Macros > Start Macro Recording`
-    - Select `Code > Optimize Imports`
-    - Select `Code > Reformat Code`
-    - Select `File > Save All`
-    - Select `Edit > Macros > Stop Macro Recording`
-
-    This can then be mapped to a set of keys by navigating to `Android Studio > Preferences` and editing the macro under `Keymap` (ex : shift + command + s).
-
-    Please avoid mixing formatting and logical changes in the same commit/PR. When possible, fix any large formatting issues in a separate PR before opening one to make logical changes to the same code. This helps others focus on the meaningful code changes when reviewing the code.
-
-## Contribute
-
-Code contributions are welcome! Please commit any pull requests against the `main` branch. Learn more about how to contribute by reading the [Contributing Guidelines](https://contributing.bitwarden.com/contributing/). Check out the [Contributing Documentation](https://contributing.bitwarden.com/) for how to get started with your first contribution.
-
-Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the [`SECURITY.md`](SECURITY.md) file.
--- a/README.md
+++ b/README.md
@@ -1,40 +1,274 @@
+# Bitwarden Android

-<p align="center">
-    <picture>
-        <source media="(prefers-color-scheme: dark)" srcset=".github/images/android-dark.png">
-        <source media="(prefers-color-scheme: light)" srcset=".github/images/android-light.png">
-        <img alt="Bitwarden Android apps screenshots." src=".github/images/android-light.png">
-    </picture>
-</p>
-<p align="center">
-    <a href="https://github.com/bitwarden/android/actions/workflows/build.yml?query=branch:main" target="_blank"><img src="https://github.com/bitwarden/android/actions/workflows/build.yml/badge.svg?branch=main" alt="GitHub Workflow Android CI build on main" /></a>
-    <a href="https://github.com/bitwarden/android/actions/workflows/test.yml?query=branch:main" target="_blank"><img src="https://github.com/bitwarden/android/actions/workflows/test.yml/badge.svg?branch=main" alt="GitHub Workflow Android Password Manager Test on main" /></a>
-    <a href="https://gitter.im/bitwarden/Lobby" target="_blank"><img src="https://badges.gitter.im/bitwarden/Lobby.svg" alt="gitter chat" /></a>
-</p>
+## Contents

---
+- [Compatibility](#compatibility)
+- [Setup](#setup)
+- [Dependencies](#dependencies)

-# Bitwarden Android Password Manager & Authenticator Apps
+## Compatibility

-Please refer to the [Contributing Documentation](https://contributing.bitwarden.com/) for setup instructions, recommended tooling, code style tips, and lots of other great information to get you started. Relevant Links:
+- **Minimum SDK**: 29 (Android 10)
+- **Target SDK**: 36 (Android 16)
+- **Device Types Supported**: Phone and Tablet
+- **Orientations Supported**: Portrait and Landscape

- [Getting Started](https://contributing.bitwarden.com/getting-started/mobile/android/)
- [Code Style](https://contributing.bitwarden.com/contributing/code-style/android-kotlin)
- [Architecture](https://contributing.bitwarden.com/architecture/mobile-clients/android/)
- [Push Notifications Deep Dive](https://contributing.bitwarden.com/architecture/deep-dives/push-notifications/mobile)
+## Setup

-## Related projects:
+1. Clone the repository:

- [bitwarden/server](https://github.com/bitwarden/server): The core infrastructure backend (API, database, Docker, etc).
- [bitwarden/clients](https://github.com/bitwarden/clients): Non-mobile Bitwarden Clients Applications.
- [bitwarden/directory-connector](https://github.com/bitwarden/directory-connector): A tool for syncing a directory (AD, LDAP, Azure, G Suite, Okta) to an organization.
+    ```sh
+    $ git clone https://github.com/bitwarden/android
+    ```

-# We're Hiring!
+2. Create a `user.properties` file in the root directory of the project and add the following properties:

-Interested in contributing in a big way? Consider joining our team! We're hiring for many positions. Please take a look at our [Careers page](https://bitwarden.com/careers/) to see what opportunities are [currently open](https://bitwarden.com/careers/#open-positions) as well as what it's like to work at Bitwarden.
+    - `gitHubToken`: A "classic" Github Personal Access Token (PAT) with the `read:packages` scope (ex: `gitHubToken=gph_xx...xx`). These can be generated by going to the [Github tokens page](https://github.com/settings/tokens). See [the Github Packages user documentation concerning authentication](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-gradle-registry#authenticating-to-github-packages) for more details.
+    - `localSdk`: A boolean value to determine if the SDK should be loaded from the local maven artifactory (ex: `localSdk=true`). This is particularly useful when developing new SDK capabilities. Review [Linking SDK to clients](https://contributing.bitwarden.com/getting-started/sdk/#linking-the-sdk-to-clients) for more details.

-# Contribute
+3. Setup the code style formatter:

-Code contributions are welcome! Please commit any pull requests against the `main` branch. Learn more about how to contribute by reading the [Contributing Guidelines](https://contributing.bitwarden.com/contributing/). Check out the [Contributing Documentation](https://contributing.bitwarden.com/) for how to get started with your first contribution.
+    All code must follow the guidelines described in the [Code Style Guidelines document](docs/STYLE_AND_BEST_PRACTICES.md). To aid in adhering to these rules, all contributors should apply `docs/bitwarden-style.xml` as their code style scheme. In IntelliJ / Android Studio:

-Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the [`SECURITY.md`](SECURITY.md) file.
+    - Navigate to `Preferences > Editor > Code Style`.
+    - Hit the `Manage` button next to `Scheme`.
+    - Select `Import`.
+    - Find the `bitwarden-style.xml` file in the project's `docs/` directory.
+    - Import "from" `BitwardenStyle` "to" `BitwardenStyle`.
+    - Hit `Apply` and `OK` to save the changes and exit Preferences.
+
+    Note that in some cases you may need to restart Android Studio for the changes to take effect.
+
+    All code should be formatted before submitting a pull request. This can be done manually but it can also be helpful to create a macro with a custom keyboard binding to auto-format when saving. In Android Studio on OS X:
+
+    - Select `Edit > Macros > Start Macro Recording`
+    - Select `Code > Optimize Imports`
+    - Select `Code > Reformat Code`
+    - Select `File > Save All`
+    - Select `Edit > Macros > Stop Macro Recording`
+
+    This can then be mapped to a set of keys by navigating to `Android Studio > Preferences` and editing the macro under `Keymap` (ex : shift + command + s).
+
+    Please avoid mixing formatting and logical changes in the same commit/PR. When possible, fix any large formatting issues in a separate PR before opening one to make logical changes to the same code. This helps others focus on the meaningful code changes when reviewing the code.
+
+4. Setup JDK `Version` `21`:
+
+    - Navigate to `Preferences > Build, Execution, Deployment > Build Tools > Gradle`.
+    - Hit the selected Gradle JDK next to `Gradle JDK:`.
+    - Select a `21.x` version or hit `Download JDK...` if not present.
+    - Select `Version` `21`.
+    - Select your preferred `Vendor`.
+    - Hit `Download`.
+    - Hit `Apply`.
+
+5. Setup `detekt` pre-commit hook (optional):
+
+Run the following script from the root of the repository to install the hook. This will overwrite any existing pre-commit hook if present.
+
+```shell
+echo "Writing detekt pre-commit hook..."
+cat << 'EOL' > .git/hooks/pre-commit
+#!/usr/bin/env bash
+
+echo "Running detekt check..."
+OUTPUT="/tmp/detekt-$(date +%s)"
+./gradlew -Pprecommit=true detekt > $OUTPUT
+EXIT_CODE=$?
+if [ $EXIT_CODE -ne 0 ]; then
+  cat $OUTPUT
+  rm $OUTPUT
+  echo "***********************************************"
+  echo "                 detekt failed                 "
+  echo " Please fix the above issues before committing "
+  echo "***********************************************"
+  exit $EXIT_CODE
+fi
+rm $OUTPUT
+EOL
+echo "detekt pre-commit hook written to .git/hooks/pre-commit"
+echo "Making the hook executable"
+chmod +x .git/hooks/pre-commit
+
+echo "detekt pre-commit hook installed successfully to .git/hooks/pre-commit"
+```
+
+## Dependencies
+
+### Application Dependencies
+
+The following is a list of all third-party dependencies included as part of the application beyond the standard Android SDK.
+
+- **AndroidX Activity**
+    - https://developer.android.com/jetpack/androidx/releases/activity
+    - Purpose: Allows access composable APIs built on top of Activity.
+    - License: Apache 2.0
+
+- **AndroidX Appcompat**
+    - https://developer.android.com/jetpack/androidx/releases/appcompat
+    - Purpose: Allows access to new APIs on older API versions.
+    - License: Apache 2.0
+
+- **AndroidX Autofill**
+    - https://developer.android.com/jetpack/androidx/releases/autofill
+    - Purpose: Allows access to tools for building inline autofill UI.
+    - License: Apache 2.0
+
+- **AndroidX Biometrics**
+    - https://developer.android.com/jetpack/androidx/releases/biometric
+    - Purpose: Authenticate with biometrics or device credentials.
+    - License: Apache 2.0
+
+- **AndroidX Browser**
+    - https://developer.android.com/jetpack/androidx/releases/browser
+    - Purpose: Displays webpages with the user's default browser.
+    - License: Apache 2.0
+
+- **AndroidX Camera**
+    - https://developer.android.com/jetpack/androidx/releases/camera
+    - Purpose: Display and capture images for barcode scanning.
+    - License: Apache 2.0
+
+- **AndroidX Compose**
+    - https://developer.android.com/jetpack/androidx/releases/compose
+    - Purpose: A Kotlin-based declarative UI framework.
+    - License: Apache 2.0
+
+- **AndroidX Core**
+    - https://developer.android.com/jetpack/androidx/releases/core
+    - Purpose: Backwards compatible platform features and APIs.
+    - License: Apache 2.0
+
+- **AndroidX Credentials**
+    - https://developer.android.com/jetpack/androidx/releases/credentials
+    - Purpose: Unified access to user's credentials.
+    - License: Apache 2.0
+
+- **AndroidX Lifecycle**
+    - https://developer.android.com/jetpack/androidx/releases/lifecycle
+    - Purpose: Lifecycle aware components and tooling.
+    - License: Apache 2.0
+
+- **AndroidX Navigation**
+    - https://developer.android.com/jetpack/androidx/releases/navigation
+    - Purpose: Provides a consistent API for navigating between Android components.
+    - License: Apache 2.0
+
+- **AndroidX Room**
+    - https://developer.android.com/jetpack/androidx/releases/room
+    - Purpose: A convenient SQLite-based persistence layer for Android.
+    - License: Apache 2.0
+
+- **AndroidX Security**
+    - https://developer.android.com/jetpack/androidx/releases/security
+    - Purpose: Safely manage keys and encrypt files and sharedpreferences.
+    - License: Apache 2.0
+
+- **AndroidX WorkManager**
+    - https://developer.android.com/jetpack/androidx/releases/work
+    - Purpose: The WorkManager is used to schedule deferrable, asynchronous tasks that must be run reliably.
+    - License: Apache 2.0
+
+- **Dagger Hilt**
+    - https://github.com/google/dagger
+    - Purpose: Dependency injection framework.
+    - License: Apache 2.0
+
+- **Glide**
+    - https://github.com/bumptech/glide
+    - Purpose: Image loading and caching.
+    - License: BSD, part MIT and Apache 2.0
+
+- **kotlinx.collections.immutable**
+    - https://github.com/Kotlin/kotlinx.collections.immutable
+    - Purpose: Immutable collection interfaces and implementation prototypes for Kotlin.
+    - License: Apache 2.0
+
+- **kotlinx.coroutines**
+    - https://github.com/Kotlin/kotlinx.coroutines
+    - Purpose: Kotlin coroutines library for asynchronous and reactive code.
+    - License: Apache 2.0
+
+- **kotlinx.serialization**
+    - https://github.com/Kotlin/kotlinx.serialization/
+    - Purpose: JSON serialization library for Kotlin.
+    - License: Apache 2.0
+
+- **OkHttp 3**
+    - https://github.com/square/okhttp
+    - Purpose: An HTTP client used by the library to intercept and log traffic.
+    - License: Apache 2.0
+
+- **Retrofit 2**
+    - https://github.com/square/retrofit
+    - Purpose: A networking layer interface.
+    - License: Apache 2.0
+
+- **Timber**
+    - https://github.com/JakeWharton/timber
+    - Purpose: Extensible logging library for Android.
+    - License: Apache 2.0
+
+- **ZXing**
+    - https://github.com/zxing/zxing
+    - Purpose: Barcode scanning and generation.
+    - License: Apache 2.0
+
+The following is an additional list of third-party dependencies that are only included in the non-F-Droid build variants of the application.
+
+- **Firebase Cloud Messaging**
+    - https://github.com/firebase/firebase-android-sdk
+    - Purpose: Allows for push notification support.
+    - License: Apache 2.0
+
+- **Firebase Crashlytics**
+    - https://github.com/firebase/firebase-android-sdk
+    - Purpose: SDK for crash and non-fatal error reporting.
+    - License: Apache 2.0
+
+- **Google Play Reviews**
+    - https://developer.android.com/reference/com/google/android/play/core/release-notes
+    - Purpose: On standard builds provide an interface to add a review for the password manager application in Google Play.
+    - License: Apache 2.0
+
+### Development Environment Dependencies
+
+The following is a list of additional third-party dependencies used as part of the local development environment. This includes test-related artifacts as well as tools related to code quality and linting. These are not present in the final packaged application.
+
+- **detekt**
+    - https://github.com/detekt/detekt
+    - Purpose: A static code analysis tool for the Kotlin programming language.
+    - License: Apache 2.0
+
+- **JUnit 5**
+    - https://github.com/junit-team/junit5
+    - Purpose: Unit Testing framework for testing application code.
+    - License: Eclipse Public License 2.0
+
+- **MockK**
+    - https://github.com/mockk/mockk
+    - Purpose: Kotlin-friendly mocking library.
+    - License: Apache 2.0
+
+- **Robolectric**
+    - https://github.com/robolectric/robolectric
+    - Purpose: A unit testing framework for code directly depending on the Android framework.
+    - License: MIT
+
+- **Turbine**
+    - https://github.com/cashapp/turbine
+    - Purpose: A small testing library for kotlinx.coroutine's Flow.
+    - License: Apache 2.0
+
+### CI/CD Dependencies
+
+The following is a list of additional third-party dependencies used as part of the CI/CD workflows. These are not present in the final packaged application.
+
+- **Fastlane**
+    - https://fastlane.tools/
+    - Purpose: Automates building, signing, and distributing applications.
+    - License: MIT
+
+- **Kover**
+    - https://github.com/Kotlin/kotlinx-kover
+    - Purpose: Kotlin code coverage toolset.
+    - License: Apache 2.0
--- a/annotation/.gitignore
+++ b/annotation/.gitignore
@@ -0,0 +1 @@
+/build
--- a/annotation/build.gradle.kts
+++ b/annotation/build.gradle.kts
@@ -0,0 +1,42 @@
+import org.jetbrains.kotlin.gradle.dsl.JvmTarget
+
+plugins {
+    alias(libs.plugins.android.library)
+    alias(libs.plugins.kotlin.android)
+}
+
+android {
+    namespace = "com.bitwarden.annotation"
+    compileSdk = libs.versions.compileSdk.get().toInt()
+
+    defaultConfig {
+        minSdk = libs.versions.minSdkBwa.get().toInt()
+
+        testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
+        consumerProguardFiles("consumer-rules.pro")
+    }
+
+    buildTypes {
+        release {
+            isMinifyEnabled = false
+            proguardFiles(
+                getDefaultProguardFile("proguard-android-optimize.txt"),
+                "proguard-rules.pro",
+            )
+        }
+    }
+    compileOptions {
+        sourceCompatibility(libs.versions.jvmTarget.get())
+        targetCompatibility(libs.versions.jvmTarget.get())
+    }
+    @Suppress("UnstableApiUsage")
+    testFixtures {
+        enable = true
+    }
+}
+
+kotlin {
+    compilerOptions {
+        jvmTarget = JvmTarget.fromTarget(libs.versions.jvmTarget.get())
+    }
+}
--- a/annotation/src/main/kotlin/com/bitwarden/annotation/OmitFromCoverage.kt
+++ b/annotation/src/main/kotlin/com/bitwarden/annotation/OmitFromCoverage.kt
@@ -0,0 +1,13 @@
+package com.bitwarden.annotation
+
+/**
+ * Used to omit the annotated class from test coverage reporting. This should be used sparingly and
+ * is intended for non-testable classes that are placed in packages along with testable ones.
+ */
+@Target(
+    AnnotationTarget.CLASS,
+    AnnotationTarget.FILE,
+    AnnotationTarget.FUNCTION,
+)
+@Retention(AnnotationRetention.BINARY)
+annotation class OmitFromCoverage
--- a/app/build.gradle.kts
+++ b/app/build.gradle.kts
@@ -10,19 +10,17 @@ import java.util.Properties

 plugins {
    alias(libs.plugins.android.application)
+    alias(libs.plugins.androidx.room)
    // Crashlytics is enabled for all builds initially but removed for FDroid builds in gradle and
    // standardDebug builds in the merged manifest.
    alias(libs.plugins.crashlytics)
-    alias(libs.plugins.detekt)
    alias(libs.plugins.hilt)
    alias(libs.plugins.kotlin.android)
    alias(libs.plugins.kotlin.compose.compiler)
    alias(libs.plugins.kotlin.parcelize)
    alias(libs.plugins.kotlin.serialization)
-    alias(libs.plugins.kotlinx.kover)
    alias(libs.plugins.ksp)
    alias(libs.plugins.google.services)
-    alias(libs.plugins.sonarqube)
 }

 /**
@@ -49,26 +47,32 @@ android {
    namespace = "com.x8bit.bitwarden"
    compileSdk = libs.versions.compileSdk.get().toInt()

+    room {
+        schemaDirectory("$projectDir/schemas")
+    }
+
    defaultConfig {
        applicationId = "com.x8bit.bitwarden"
        minSdk = libs.versions.minSdk.get().toInt()
        targetSdk = libs.versions.targetSdk.get().toInt()
-        versionCode = 1
-        versionName = "2024.9.0"
-
-        setProperty("archivesBaseName", "com.x8bit.bitwarden")
-
-        ksp {
-            // The location in which the generated Room Database Schemas will be stored in the repo.
-            arg("room.schemaLocation", "$projectDir/schemas")
-        }
+        versionCode = libs.versions.appVersionCode.get().toInt()
+        versionName = libs.versions.appVersionName.get()

        testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"

+        // Set the base archive name for publishing purposes. This is used to derive the APK and AAB
+        // artifact names when uploading to Firebase and Play Store.
+        base.archivesName = "com.x8bit.bitwarden"
+
        buildConfigField(
            type = "String",
            name = "CI_INFO",
-            value = "${ciProperties.getOrDefault("ci.info", "\"local\"")}",
+            value = "${ciProperties.getOrDefault("ci.info", "\"\uD83D\uDCBB local\"")}",
+        )
+        buildConfigField(
+            type = "String",
+            name = "SDK_VERSION",
+            value = "\"${libs.versions.bitwardenSdk.get()}\"",
        )
    }

@@ -102,6 +106,8 @@ android {
            applicationIdSuffix = ".beta"
            isDebuggable = false
            isMinifyEnabled = true
+            isShrinkResources = true
+            matchingFallbacks += listOf("release")
            proguardFiles(
                getDefaultProguardFile("proguard-android-optimize.txt"),
                "proguard-rules.pro",
@@ -113,6 +119,7 @@ android {
        release {
            isDebuggable = false
            isMinifyEnabled = true
+            isShrinkResources = true
            proguardFiles(
                getDefaultProguardFile("proguard-android-optimize.txt"),
                "proguard-rules.pro",
@@ -195,7 +202,7 @@ android {

 kotlin {
    compilerOptions {
-        jvmTarget.set(JvmTarget.fromTarget(libs.versions.jvmTarget.get()))
+        jvmTarget = JvmTarget.fromTarget(libs.versions.jvmTarget.get())
    }
 }

@@ -213,7 +220,14 @@ dependencies {
        add("standardImplementation", dependencyNotation)
    }

-    implementation(files("libs/authenticatorbridge-1.0.0-release.aar"))
+    implementation(files("libs/authenticatorbridge-1.0.1-release.aar"))
+
+    implementation(project(":annotation"))
+    implementation(project(":core"))
+    implementation(project(":cxf"))
+    implementation(project(":data"))
+    implementation(project(":network"))
+    implementation(project(":ui"))

    implementation(libs.androidx.activity.compose)
    implementation(libs.androidx.appcompat)
@@ -221,16 +235,17 @@ dependencies {
    implementation(libs.androidx.browser)
    implementation(libs.androidx.biometrics)
    implementation(libs.androidx.camera.camera2)
-    implementation(libs.androidx.camera.lifecycle)
-    implementation(libs.androidx.camera.view)
    implementation(platform(libs.androidx.compose.bom))
    implementation(libs.androidx.compose.animation)
    implementation(libs.androidx.compose.material3)
+    implementation(libs.androidx.compose.material3.adaptive)
    implementation(libs.androidx.compose.runtime)
    implementation(libs.androidx.compose.ui)
    implementation(libs.androidx.compose.ui.graphics)
    implementation(libs.androidx.compose.ui.tooling.preview)
    implementation(libs.androidx.core.ktx)
+    implementation(libs.androidx.credentials)
+    implementation(libs.androidx.credentials.providerevents)
    implementation(libs.androidx.hilt.navigation.compose)
    implementation(libs.androidx.lifecycle.process)
    implementation(libs.androidx.lifecycle.runtime.compose)
@@ -244,20 +259,16 @@ dependencies {
    implementation(libs.androidx.work.runtime.ktx)
    implementation(libs.bitwarden.sdk)
    implementation(libs.bumptech.glide)
-    implementation(libs.androidx.credentials)
    implementation(libs.google.hilt.android)
    ksp(libs.google.hilt.compiler)
    implementation(libs.kotlinx.collections.immutable)
    implementation(libs.kotlinx.coroutines.android)
    implementation(libs.kotlinx.serialization)
-    implementation(libs.nulab.zxcvbn4j)
+    implementation(platform(libs.square.okhttp.bom))
    implementation(libs.square.okhttp)
-    implementation(libs.square.okhttp.logging)
    implementation(platform(libs.square.retrofit.bom))
    implementation(libs.square.retrofit)
-    implementation(libs.square.retrofit.kotlinx.serialization)
    implementation(libs.timber)
-    implementation(libs.zxing.zxing.core)

    // For now we are restricted to running Compose tests for debug builds only
    debugImplementation(libs.androidx.compose.ui.test.manifest)
@@ -269,107 +280,32 @@ dependencies {
    standardImplementation(libs.google.firebase.crashlytics)
    standardImplementation(libs.google.play.review)

+    // Pull in test fixtures from other modules
+    testImplementation(testFixtures(project(":data")))
+    testImplementation(testFixtures(project(":network")))
+    testImplementation(testFixtures(project(":ui")))
+
    testImplementation(libs.androidx.compose.ui.test)
    testImplementation(libs.google.hilt.android.testing)
    testImplementation(platform(libs.junit.bom))
    testRuntimeOnly(libs.junit.platform.launcher)
-    testImplementation(libs.junit.junit5)
+    testImplementation(libs.junit.jupiter)
    testImplementation(libs.junit.vintage)
    testImplementation(libs.kotlinx.coroutines.test)
    testImplementation(libs.mockk.mockk)
    testImplementation(libs.robolectric.robolectric)
-    testImplementation(libs.square.okhttp.mockwebserver)
    testImplementation(libs.square.turbine)
-
-    detektPlugins(libs.detekt.detekt.formatting)
-    detektPlugins(libs.detekt.detekt.rules)
-}
-
-detekt {
-    autoCorrect = true
-    config.from(files("$rootDir/detekt-config.yml"))
-}
-
-kover {
-    currentProject {
-        sources {
-            excludeJava = true
-        }
-    }
-    reports {
-        filters {
-            excludes {
-                androidGeneratedClasses()
-                annotatedBy(
-                    // Compose previews
-                    "androidx.compose.ui.tooling.preview.Preview",
-                    "androidx.compose.ui.tooling.preview.PreviewScreenSizes",
-                    // Manually excluded classes/files/etc.
-                    "com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage",
-                )
-                classes(
-                    // Navigation helpers
-                    "*.*NavigationKt*",
-                    // Composable singletons
-                    "*.*ComposableSingletons*",
-                    // Generated classes related to interfaces with default values
-                    "*.*DefaultImpls*",
-                    // Databases
-                    "*.database.*Database*",
-                    "*.dao.*Dao*",
-                    // Dagger Hilt
-                    "dagger.hilt.*",
-                    "hilt_aggregated_deps.*",
-                    "*_Factory",
-                    "*_Factory\$*",
-                    "*_*Factory",
-                    "*_*Factory\$*",
-                    "*.Hilt_*",
-                    "*_HiltModules",
-                    "*_HiltModules*",
-                    "*_HiltModules\$*",
-                    "*_Impl",
-                    "*_Impl\$*",
-                    "*_MembersInjector",
-                )
-                packages(
-                    // Dependency injection
-                    "*.di",
-                    // Models
-                    "*.model",
-                    // Custom UI components
-                    "com.x8bit.bitwarden.ui.platform.components",
-                    // Theme-related code
-                    "com.x8bit.bitwarden.ui.platform.theme",
-                )
-            }
-        }
-    }
 }

 tasks {
-    getByName("check") {
-        // Add detekt with type resolution to check
-        dependsOn("detekt")
-    }
-
-    getByName("sonar") {
-        dependsOn("check")
-    }
-
-    withType<io.gitlab.arturbosch.detekt.Detekt>().configureEach {
-        jvmTarget = libs.versions.jvmTarget.get()
-    }
-    withType<io.gitlab.arturbosch.detekt.DetektCreateBaselineTask>().configureEach {
-        jvmTarget = libs.versions.jvmTarget.get()
-    }
-
    withType<Test> {
        useJUnitPlatform()
        maxHeapSize = "2g"
        maxParallelForks = Runtime.getRuntime().availableProcessors()
-        jvmArgs = jvmArgs.orEmpty() + "-XX:+UseParallelGC"
-        android.sourceSets["main"].res.srcDirs("src/test/res")
+        jvmArgs = jvmArgs.orEmpty() + "-XX:+UseParallelGC" + 
+            // Explicitly setting the user Country and Language because tests assume en-US 
+            "-Duser.country=US" + 
+            "-Duser.language=en"
    }
 }

@@ -383,18 +319,6 @@ afterEvaluate {
        .forEach { it.enabled = false }
 }

-sonar {
-    properties {
-        property("sonar.projectKey", "bitwarden_android")
-        property("sonar.organization", "bitwarden")
-        property("sonar.host.url", "https://sonarcloud.io")
-        property("sonar.sources", "app/src/")
-        property("sonar.tests", "app/src/")
-        property("sonar.test.inclusions", "app/src/test/")
-        property("sonar.exclusions", "app/src/test/")
-    }
-}
-
 private fun renameFile(path: String, newName: String) {
    val originalFile = File(path)
    if (!originalFile.exists()) {
@@ -406,6 +330,7 @@ private fun renameFile(path: String, newName: String) {
    if (originalFile.renameTo(newFile)) {
        println("Renamed $originalFile to $newFile")
    } else {
+        @Suppress("TooGenericExceptionThrown")
        throw RuntimeException("Failed to rename $originalFile to $newFile")
    }
 }
--- a/app/libs/authenticatorbridge-1.0.0-release.aar
+++ b/app/libs/authenticatorbridge-1.0.0-release.aar
--- a/app/libs/authenticatorbridge-1.0.1-release.aar
+++ b/app/libs/authenticatorbridge-1.0.1-release.aar
--- a/app/schemas/com.x8bit.bitwarden.data.credentials.datasource.disk.database.PrivilegedAppDatabase/1.json
+++ b/app/schemas/com.x8bit.bitwarden.data.credentials.datasource.disk.database.PrivilegedAppDatabase/1.json
@@ -0,0 +1,38 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 1,
+    "identityHash": "ce40856ec88770d11b7afb587c7deabc",
+    "entities": [
+      {
+        "tableName": "privileged_apps",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`package_name` TEXT NOT NULL, `signature` TEXT NOT NULL, PRIMARY KEY(`package_name`, `signature`))",
+        "fields": [
+          {
+            "fieldPath": "packageName",
+            "columnName": "package_name",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "signature",
+            "columnName": "signature",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "package_name",
+            "signature"
+          ]
+        }
+      }
+    ],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, 'ce40856ec88770d11b7afb587c7deabc')"
+    ]
+  }
+}
--- a/app/schemas/com.x8bit.bitwarden.data.vault.datasource.disk.database.VaultDatabase/7.json
+++ b/app/schemas/com.x8bit.bitwarden.data.vault.datasource.disk.database.VaultDatabase/7.json
@@ -0,0 +1,252 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 7,
+    "identityHash": "4c6ad1f5268d7e8add7407201788aa2e",
+    "entities": [
+      {
+        "tableName": "ciphers",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `has_totp` INTEGER NOT NULL DEFAULT 1, `cipher_type` TEXT NOT NULL, `cipher_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "hasTotp",
+            "columnName": "has_totp",
+            "affinity": "INTEGER",
+            "notNull": true,
+            "defaultValue": "1"
+          },
+          {
+            "fieldPath": "cipherType",
+            "columnName": "cipher_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherJson",
+            "columnName": "cipher_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_ciphers_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_ciphers_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      },
+      {
+        "tableName": "collections",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `organization_id` TEXT NOT NULL, `should_hide_passwords` INTEGER NOT NULL, `name` TEXT NOT NULL, `external_id` TEXT, `read_only` INTEGER NOT NULL, `manage` INTEGER, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "organizationId",
+            "columnName": "organization_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "shouldHidePasswords",
+            "columnName": "should_hide_passwords",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "externalId",
+            "columnName": "external_id",
+            "affinity": "TEXT"
+          },
+          {
+            "fieldPath": "isReadOnly",
+            "columnName": "read_only",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "canManage",
+            "columnName": "manage",
+            "affinity": "INTEGER"
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_collections_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_collections_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      },
+      {
+        "tableName": "domains",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`user_id` TEXT NOT NULL, `domains_json` TEXT, PRIMARY KEY(`user_id`))",
+        "fields": [
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "domainsJson",
+            "columnName": "domains_json",
+            "affinity": "TEXT"
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "user_id"
+          ]
+        }
+      },
+      {
+        "tableName": "folders",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `name` TEXT, `revision_date` INTEGER NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT"
+          },
+          {
+            "fieldPath": "revisionDate",
+            "columnName": "revision_date",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_folders_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_folders_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      },
+      {
+        "tableName": "sends",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `send_type` TEXT NOT NULL, `send_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendType",
+            "columnName": "send_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendJson",
+            "columnName": "send_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_sends_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_sends_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      }
+    ],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, '4c6ad1f5268d7e8add7407201788aa2e')"
+    ]
+  }
+}
--- a/app/schemas/com.x8bit.bitwarden.data.vault.datasource.disk.database.VaultDatabase/8.json
+++ b/app/schemas/com.x8bit.bitwarden.data.vault.datasource.disk.database.VaultDatabase/8.json
@@ -0,0 +1,264 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 8,
+    "identityHash": "11387825dab701f9d2dd2e940ffbd794",
+    "entities": [
+      {
+        "tableName": "ciphers",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `has_totp` INTEGER NOT NULL DEFAULT 1, `cipher_type` TEXT NOT NULL, `cipher_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "hasTotp",
+            "columnName": "has_totp",
+            "affinity": "INTEGER",
+            "notNull": true,
+            "defaultValue": "1"
+          },
+          {
+            "fieldPath": "cipherType",
+            "columnName": "cipher_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherJson",
+            "columnName": "cipher_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_ciphers_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_ciphers_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      },
+      {
+        "tableName": "collections",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `organization_id` TEXT NOT NULL, `should_hide_passwords` INTEGER NOT NULL, `name` TEXT NOT NULL, `external_id` TEXT, `read_only` INTEGER NOT NULL, `manage` INTEGER, `default_user_collection_email` TEXT, `type` TEXT NOT NULL DEFAULT '0', PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "organizationId",
+            "columnName": "organization_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "shouldHidePasswords",
+            "columnName": "should_hide_passwords",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "externalId",
+            "columnName": "external_id",
+            "affinity": "TEXT"
+          },
+          {
+            "fieldPath": "isReadOnly",
+            "columnName": "read_only",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "canManage",
+            "columnName": "manage",
+            "affinity": "INTEGER"
+          },
+          {
+            "fieldPath": "defaultUserCollectionEmail",
+            "columnName": "default_user_collection_email",
+            "affinity": "TEXT"
+          },
+          {
+            "fieldPath": "type",
+            "columnName": "type",
+            "affinity": "TEXT",
+            "notNull": true,
+            "defaultValue": "'0'"
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_collections_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_collections_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      },
+      {
+        "tableName": "domains",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`user_id` TEXT NOT NULL, `domains_json` TEXT, PRIMARY KEY(`user_id`))",
+        "fields": [
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "domainsJson",
+            "columnName": "domains_json",
+            "affinity": "TEXT"
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "user_id"
+          ]
+        }
+      },
+      {
+        "tableName": "folders",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `name` TEXT, `revision_date` INTEGER NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT"
+          },
+          {
+            "fieldPath": "revisionDate",
+            "columnName": "revision_date",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_folders_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_folders_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      },
+      {
+        "tableName": "sends",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `send_type` TEXT NOT NULL, `send_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendType",
+            "columnName": "send_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendJson",
+            "columnName": "send_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_sends_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_sends_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      }
+    ],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, '11387825dab701f9d2dd2e940ffbd794')"
+    ]
+  }
+}
--- a/app/src/beta/AndroidManifest.xml
+++ b/app/src/beta/AndroidManifest.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools">
+
+    <application tools:ignore="MissingApplicationIcon">
+        <activity
+            android:name=".MainActivity">
+            <intent-filter android:autoVerify="true">
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+                <category android:name="android.intent.category.BROWSABLE" />
+
+                <data android:scheme="https" />
+                <data android:host="*.bitwarden.pw" />
+                <data android:pathPattern="/redirect-connector.*" />
+            </intent-filter>
+        </activity>
+    </application>
+
+</manifest>
--- a/app/src/debug/AndroidManifest.xml
+++ b/app/src/debug/AndroidManifest.xml
@@ -7,6 +7,20 @@
        <meta-data
            android:name="firebase_crashlytics_collection_enabled"
            android:value="false" />
+        <activity
+            android:name=".MainActivity"
+            tools:ignore="IntentFilterExportedReceiver">
+            <intent-filter android:autoVerify="true">
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+                <category android:name="android.intent.category.BROWSABLE" />
+
+                <data android:scheme="https" />
+                <data android:host="*.bitwarden.pw" />
+                <data android:pathPattern="/redirect-connector.*" />
+            </intent-filter>
+        </activity>
    </application>

 </manifest>
--- a/app/src/debug/res/xml/network_security_config.xml
+++ b/app/src/debug/res/xml/network_security_config.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config xmlns:tools="http://schemas.android.com/tools">
+
+    <base-config
+        cleartextTrafficPermitted="true"
+        tools:ignore="InsecureBaseConfiguration">
+        <trust-anchors>
+            <!-- Trust pre-installed CAs -->
+            <certificates src="system" />
+            <!-- Additionally trust user added CAs -->
+            <certificates
+                src="user"
+                tools:ignore="AcceptsUserCertificates" />
+        </trust-anchors>
+    </base-config>
+
+    <domain-config cleartextTrafficPermitted="false">
+        <domain includeSubdomains="true">bitwarden.com</domain>
+        <domain includeSubdomains="true">bitwarden.eu</domain>
+        <domain includeSubdomains="true">bitwarden.pw</domain>
+        <trust-anchors>
+            <!-- Only trust pre-installed CAs for Bitwarden domains and all subdomains -->
+            <certificates src="system" />
+        </trust-anchors>
+    </domain-config>
+
+</network-security-config>
--- a/app/src/debug/res/xml/provider.xml
+++ b/app/src/debug/res/xml/provider.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<credential-provider>
+    <capabilities>
+        <capability name="android.credentials.TYPE_PASSWORD_CREDENTIAL" />
+        <capability name="androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" />
+    </capabilities>
+</credential-provider>
--- a/app/src/fdroid/java/com/x8bit/bitwarden/data/platform/manager/LogsManagerImpl.kt
+++ b/app/src/fdroid/java/com/x8bit/bitwarden/data/platform/manager/LogsManagerImpl.kt
@@ -1,27 +0,0 @@
-package com.x8bit.bitwarden.data.platform.manager
-
-import com.x8bit.bitwarden.BuildConfig
-import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacyAppCenterMigrator
-import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
-import com.x8bit.bitwarden.data.platform.repository.model.Environment
-import timber.log.Timber
-
-/**
- * [LogsManager] implementation for F-droid flavor builds.
- */
-class LogsManagerImpl(
-    settingsRepository: SettingsRepository,
-    legacyAppCenterMigrator: LegacyAppCenterMigrator,
-) : LogsManager {
-    init {
-        if (BuildConfig.HAS_LOGS_ENABLED) {
-            Timber.plant(Timber.DebugTree())
-        }
-    }
-
-    override var isEnabled: Boolean = false
-
-    override fun setUserData(userId: String?, environmentType: Environment.Type) = Unit
-
-    override fun trackNonFatalException(throwable: Throwable) = Unit
-}
--- a/app/src/fdroid/kotlin/com/x8bit/bitwarden/data/platform/manager/LogsManagerImpl.kt
+++ b/app/src/fdroid/kotlin/com/x8bit/bitwarden/data/platform/manager/LogsManagerImpl.kt
@@ -0,0 +1,27 @@
+package com.x8bit.bitwarden.data.platform.manager
+
+import com.bitwarden.data.repository.model.Environment
+import com.x8bit.bitwarden.BuildConfig
+import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacyAppCenterMigrator
+import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
+import timber.log.Timber
+
+/**
+ * [LogsManager] implementation for F-droid flavor builds.
+ */
+class LogsManagerImpl(
+    settingsRepository: SettingsRepository,
+    legacyAppCenterMigrator: LegacyAppCenterMigrator,
+) : LogsManager {
+    init {
+        if (BuildConfig.HAS_LOGS_ENABLED) {
+            Timber.plant(Timber.DebugTree())
+        }
+    }
+
+    override var isEnabled: Boolean = false
+
+    override fun setUserData(userId: String?, environmentType: Environment.Type) = Unit
+
+    override fun trackNonFatalException(throwable: Throwable) = Unit
+}
--- a/app/src/fdroid/kotlin/com/x8bit/bitwarden/ui/platform/manager/review/AppReviewManagerImpl.kt
+++ b/app/src/fdroid/kotlin/com/x8bit/bitwarden/ui/platform/manager/review/AppReviewManagerImpl.kt
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -15,7 +15,7 @@
    <uses-permission android:name="android.permission.CAMERA" />
    <uses-permission android:name="android.permission.INTERNET" />
    <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
-    <uses-permission android:name="android.permission.READ_USER_DICTIONARY"/>
+    <uses-permission android:name="android.permission.READ_USER_DICTIONARY" />
    <!-- Protect access to AuthenticatorBridgeService using this custom permission.

    Note that each build type uses a different value for knownCerts.
@@ -37,15 +37,18 @@
        android:dataExtractionRules="@xml/data_extraction_rules"
        android:fullBackupContent="@xml/backup_rules"
        android:icon="@mipmap/ic_launcher"
+        android:intentMatchingFlags="enforceIntentFilter"
        android:label="@string/app_name"
        android:networkSecurityConfig="@xml/network_security_config"
        android:roundIcon="@mipmap/ic_launcher_round"
        android:supportsRtl="true"
        android:theme="@style/LaunchTheme"
+        tools:ignore="CredentialDependency"
        tools:replace="appComponentFactory"
-        tools:targetApi="33">
+        tools:targetApi="36">
        <activity
            android:name=".MainActivity"
+            android:configChanges="uiMode"
            android:exported="true"
            android:launchMode="@integer/launchModeAPIlevel"
            android:theme="@style/LaunchTheme"
@@ -76,16 +79,15 @@
                <category android:name="android.intent.category.BROWSABLE" />

                <data android:scheme="https" />
-
-                <data android:host="vault.bitwarden.com" />
-                <data android:host="vault.bitwarden.eu" />
-                <data android:host="*.bitwarden.pw" />
+                <data android:host="*.bitwarden.com" />
+                <data android:host="*.bitwarden.eu" />
                <data android:pathPattern="/redirect-connector.*" />
            </intent-filter>
            <intent-filter>
-                <action android:name="com.x8bit.bitwarden.fido2.ACTION_CREATE_PASSKEY" />
-                <action android:name="com.x8bit.bitwarden.fido2.ACTION_GET_PASSKEY" />
-                <action android:name="com.x8bit.bitwarden.fido2.ACTION_UNLOCK_ACCOUNT" />
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_CREATE_PASSKEY" />
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_GET_PASSKEY" />
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_GET_PASSWORD" />
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_UNLOCK_ACCOUNT" />

                <category android:name="android.intent.category.DEFAULT" />
            </intent-filter>
@@ -103,6 +105,17 @@
                <category android:name="android.intent.category.DEFAULT" />
                <data android:scheme="bitwarden" />
            </intent-filter>
+            <!-- Handle Credential Exchange transfer requests -->
+            <intent-filter
+                android:autoVerify="true"
+                tools:ignore="AppLinkUrlError">
+                <action android:name="androidx.identitycredentials.action.IMPORT_CREDENTIALS" />
+                <category android:name="android.intent.category.DEFAULT" />
+                <data
+                    android:mimeType="application/octet-stream"
+                    android:scheme="content"
+                    tools:ignore="AppLinkUriRelativeFilterGroupError" />
+            </intent-filter>
        </activity>

        <activity
@@ -113,11 +126,11 @@
            android:theme="@android:style/Theme.NoDisplay" />

        <activity
-            android:name=".AutofillTotpCopyActivity"
+            android:name=".AutofillCallbackActivity"
            android:exported="true"
            android:launchMode="singleTop"
            android:noHistory="true"
-            android:theme="@style/AutofillTotpCopyTheme" />
+            android:theme="@style/AutofillCallbackTheme" />

        <activity
            android:name=".AuthCallbackActivity"
@@ -131,16 +144,6 @@
                <category android:name="android.intent.category.DEFAULT" />
                <category android:name="android.intent.category.BROWSABLE" />

-                <data
-                    android:host="captcha-callback"
-                    android:scheme="bitwarden" />
-            </intent-filter>
-            <intent-filter>
-                <action android:name="android.intent.action.VIEW" />
-
-                <category android:name="android.intent.category.DEFAULT" />
-                <category android:name="android.intent.category.BROWSABLE" />
-
                <data
                    android:host="duo-callback"
                    android:scheme="bitwarden" />
@@ -257,7 +260,7 @@
            android:name="com.x8bit.bitwarden.AutofillTileService"
            android:exported="true"
            android:icon="@drawable/ic_notification"
-            android:label="@string/autofill"
+            android:label="@string/autofill_title"
            android:permission="android.permission.BIND_QUICK_SETTINGS_TILE"
            tools:ignore="MissingClass">
            <intent-filter>
@@ -310,6 +313,14 @@
            android:exported="true"
            android:permission="${applicationId}.permission.AUTHENTICATOR_BRIDGE_SERVICE" />

+        <!-- Firebase SDK initOrder is 100. We use a higher order to initialize first -->
+        <provider
+            android:name=".data.platform.contentprovider.UncaughtErrorLoggingContentProvider"
+            android:authorities="${applicationId}"
+            android:exported="false"
+            android:grantUriPermissions="false"
+            android:initOrder="101" />
+
    </application>

    <queries>
@@ -320,11 +331,19 @@
            <action android:name="android.intent.action.MAIN" />
            <category android:name="android.intent.category.HOME" />
        </intent>
+        <!-- To Query Privileged Apps -->
+        <intent>
+            <action android:name="android.intent.action.VIEW" />
+            <data android:scheme="http" />
+        </intent>
        <!-- To Query Chrome Beta: -->
        <package android:name="com.chrome.beta" />

        <!-- To Query Chrome Stable: -->
        <package android:name="com.android.chrome" />
+
+        <!-- To Query Brave Stable: -->
+        <package android:name="com.brave.browser" />
    </queries>

 </manifest>
--- a/app/src/main/assets/fido2_privileged_community.json
+++ b/app/src/main/assets/fido2_privileged_community.json
@@ -12,20 +12,6 @@
        ]
      }
    },
-
-    {
-      "type": "android",
-      "info": {
-        "package_name": "net.quetta.browser",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "BE:FE:E7:31:12:6A:A5:6E:7E:FD:AE:AF:5E:F3:FA:EA:44:1C:19:CC:E0:CA:EC:42:6B:65:BB:F8:2C:59:46:80"
-          }
-        ]
-      }
-    },
-
    {
      "type": "android",
      "info": {
@@ -65,11 +51,11 @@
    {
      "type": "android",
      "info": {
-        "package_name": "org.mozilla.fenix",
+        "package_name": "org.ironfoxoss.ironfox.nightly",
        "signatures": [
          {
            "build": "release",
-            "cert_fingerprint_sha256": "50:04:77:90:88:E7:F9:88:D5:BC:5C:C5:F8:79:8F:EB:F4:F8:CD:08:4A:1B:2A:46:EF:D4:C8:EE:4A:EA:F2:11"
+            "cert_fingerprint_sha256": "C5:E2:91:B5:A5:71:F9:C8:CD:9A:97:99:C2:C9:4E:02:EC:97:03:94:88:93:F2:CA:75:6D:67:B9:42:04:F9:04"
          }
        ]
      }
--- a/app/src/main/assets/fido2_privileged_google.json
+++ b/app/src/main/assets/fido2_privileged_google.json
@@ -160,6 +160,78 @@
        ]
      }
    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.fenix",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "50:04:77:90:88:E7:F9:88:D5:BC:5C:C5:F8:79:8F:EB:F4:F8:CD:08:4A:1B:2A:46:EF:D4:C8:EE:4A:EA:F2:11"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.fenix.debug",
+        "signatures": [
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "BD:AE:82:02:80:D2:AF:B7:74:94:EF:22:58:AA:78:A9:AE:A1:36:41:7E:8B:C2:3D:C9:87:75:2E:6F:48:E8:48"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.focus.beta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.focus.nightly",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.klar",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.reference.browser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "B0:09:90:E3:0F:9D:81:5D:2E:BC:7B:9B:B2:21:CE:47:E5:C9:D5:17:AA:C7:0E:7F:D5:95:B1:E5:3E:9A:4B:14"
+          }
+        ]
+      }
+    },
    {
      "type": "android",
      "info": {
@@ -571,6 +643,178 @@
          }
        ]
      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.Island",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "D9:C3:39:AC:9C:3A:EE:E1:75:1D:85:8C:35:D9:BA:C5:CC:87:B3:CE:76:30:93:F0:F5:10:64:F5:A2:F6:9B:04"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.IslandCanary",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "90:17:13:23:45:6E:6F:39:CB:FD:CF:B2:56:BE:1D:CF:F3:BC:1C:59:8A:15:93:30:E4:97:73:D0:4C:B9:C9:05"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.IslandBeta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "35:31:83:1A:9E:2B:21:1D:E6:AA:C3:69:4B:45:83:6E:56:09:B9:D7:D0:04:C3:1B:21:87:40:FB:77:17:38:D1"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.IslandDev",
+        "signatures": [
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.island.intune",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "C2:38:24:15:41:20:A0:8F:C3:95:42:AC:D8:2A:E9:24:94:78:80:1E:47:FD:6C:66:2B:18:1C:28:CA:7E:59:4E"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.island.canary.intune",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "1E:16:74:BB:79:EA:09:FB:37:CF:9F:1B:07:1B:1D:51:8D:46:03:0E:D3:EE:F2:C1:4E:AD:93:9E:C6:EE:3A:4C"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.island.beta.intune",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "D2:5E:AD:F6:1C:E6:36:6C:A4:23:A4:7F:C4:DB:9B:8C:9C:8A:35:B4:B0:19:E8:D9:82:FB:D0:8A:D9:DB:49:5A"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.island.dev.intune",
+        "signatures": [
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "net.quetta.browser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "BE:FE:E7:31:12:6A:A5:6E:7E:FD:AE:AF:5E:F3:FA:EA:44:1C:19:CC:E0:CA:EC:42:6B:65:BB:F8:2C:59:46:80"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "F1:38:00:4F:38:04:51:D4:8A:05:2B:B3:A3:EF:17:24:23:D4:B0:D0:C8:A3:AA:DD:FB:DB:66:30:31:48:EC:A4"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "cz.seznam.sbrowser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "DB:95:40:66:10:78:83:6E:4E:B1:66:F6:9E:F4:07:30:9E:8D:AE:33:34:68:5E:C8:F6:FA:2F:13:81:B9:AC:F6"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.opera.mini.native",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "57:AC:BC:52:5F:1B:2E:BD:19:19:6C:D6:F0:14:39:7C:C9:10:FD:18:84:1E:0A:E8:50:FE:BC:3E:1E:59:3F:F2"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.opera.mini.native.beta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "57:AC:BC:52:5F:1B:2E:BD:19:19:6C:D6:F0:14:39:7C:C9:10:FD:18:84:1E:0A:E8:50:FE:BC:3E:1E:59:3F:F2"
+          }
+        ]
+      }
    }
  ]
-}
+}
--- a/app/src/main/java/com/x8bit/bitwarden/AccessibilityActivity.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/AccessibilityActivity.kt
@@ -1,17 +0,0 @@
-package com.x8bit.bitwarden
-
-import android.os.Bundle
-import androidx.appcompat.app.AppCompatActivity
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
-
-/**
- * An activity to be launched and then immediately closed so that the OS Shade can be collapsed
- * after the user clicks on the Autofill Quick Tile.
- */
-@OmitFromCoverage
-class AccessibilityActivity : AppCompatActivity() {
-    override fun onCreate(savedInstanceState: Bundle?) {
-        super.onCreate(savedInstanceState)
-        finish()
-    }
-}
--- a/app/src/main/java/com/x8bit/bitwarden/AuthCallbackActivity.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/AuthCallbackActivity.kt
@@ -1,38 +0,0 @@
-package com.x8bit.bitwarden
-
-import android.content.Intent
-import android.os.Bundle
-import androidx.activity.viewModels
-import androidx.appcompat.app.AppCompatActivity
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
-import dagger.hilt.android.AndroidEntryPoint
-
-/**
- * An activity to receive external authentication-related callbacks so the current state of the
- * task holding the [MainActivity] can remain undisturbed.
- *
- * These callbacks can be from Custom Chrome tabs or other auth related flows, including NFC
- * related transmissions.
- */
-@OmitFromCoverage
-@AndroidEntryPoint
-class AuthCallbackActivity : AppCompatActivity() {
-
-    private val viewModel: AuthCallbackViewModel by viewModels()
-
-    override fun onCreate(savedInstanceState: Bundle?) {
-        super.onCreate(savedInstanceState)
-
-        viewModel.trySendAction(AuthCallbackAction.IntentReceive(intent = intent))
-
-        val intent = Intent(this, MainActivity::class.java)
-            .apply {
-                addFlags(
-                    Intent.FLAG_ACTIVITY_CLEAR_TOP or
-                        Intent.FLAG_ACTIVITY_SINGLE_TOP,
-                )
-            }
-        startActivity(intent)
-        finish()
-    }
-}
--- a/app/src/main/java/com/x8bit/bitwarden/AutofillTotpCopyActivity.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/AutofillTotpCopyActivity.kt
@@ -1,74 +0,0 @@
-package com.x8bit.bitwarden
-
-import android.os.Bundle
-import androidx.activity.viewModels
-import androidx.appcompat.app.AppCompatActivity
-import androidx.lifecycle.lifecycleScope
-import com.x8bit.bitwarden.data.autofill.manager.AutofillCompletionManager
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
-import dagger.hilt.android.AndroidEntryPoint
-import kotlinx.coroutines.flow.launchIn
-import kotlinx.coroutines.flow.onEach
-import javax.inject.Inject
-
-/**
- * An activity for copying a TOTP code to the clipboard. This is done when an autofill item is
- * selected and it requires TOTP authentication. Due to the constraints of the autofill framework,
- * we also have to re-fulfill the autofill for the views that are being filled.
- */
-@OmitFromCoverage
-@AndroidEntryPoint
-class AutofillTotpCopyActivity : AppCompatActivity() {
-
-    @Inject
-    lateinit var autofillCompletionManager: AutofillCompletionManager
-
-    private val autofillTotpCopyViewModel: AutofillTotpCopyViewModel by viewModels()
-
-    override fun onCreate(savedInstanceState: Bundle?) {
-        super.onCreate(savedInstanceState)
-
-        observeViewModelEvents()
-
-        autofillTotpCopyViewModel.trySendAction(
-            AutofillTotpCopyAction.IntentReceived(
-                intent = intent,
-            ),
-        )
-    }
-
-    private fun observeViewModelEvents() {
-        autofillTotpCopyViewModel
-            .eventFlow
-            .onEach { event ->
-                when (event) {
-                    is AutofillTotpCopyEvent.CompleteAutofill -> {
-                        handleCompleteAutofill(event)
-                    }
-
-                    is AutofillTotpCopyEvent.FinishActivity -> {
-                        finishActivity()
-                    }
-                }
-            }
-            .launchIn(lifecycleScope)
-    }
-
-    /**
-     * Complete autofill with the provided data.
-     */
-    private fun handleCompleteAutofill(event: AutofillTotpCopyEvent.CompleteAutofill) {
-        autofillCompletionManager.completeAutofill(
-            activity = this,
-            cipherView = event.cipherView,
-        )
-    }
-
-    /**
-     * Finish the activity.
-     */
-    private fun finishActivity() {
-        setResult(RESULT_CANCELED)
-        finish()
-    }
-}
--- a/app/src/main/java/com/x8bit/bitwarden/AutofillTotpCopyViewModel.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/AutofillTotpCopyViewModel.kt
@@ -1,121 +0,0 @@
-package com.x8bit.bitwarden
-
-import android.content.Intent
-import androidx.lifecycle.viewModelScope
-import com.bitwarden.vault.CipherView
-import com.x8bit.bitwarden.data.auth.repository.AuthRepository
-import com.x8bit.bitwarden.data.autofill.util.getTotpCopyIntentOrNull
-import com.x8bit.bitwarden.data.platform.util.launchWithTimeout
-import com.x8bit.bitwarden.data.vault.repository.VaultRepository
-import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockData
-import com.x8bit.bitwarden.data.vault.repository.util.statusFor
-import com.x8bit.bitwarden.ui.platform.base.BaseViewModel
-import dagger.hilt.android.lifecycle.HiltViewModel
-import kotlinx.coroutines.flow.first
-import kotlinx.coroutines.flow.mapNotNull
-import javax.inject.Inject
-
-/**
- * The amount of time we should wait for ciphers to be loaded before timing out.
- */
-private const val CIPHER_WAIT_TIMEOUT_MILLIS: Long = 500
-
-/**
- * A view model that handles logic for the [AutofillTotpCopyActivity].
- */
-@HiltViewModel
-class AutofillTotpCopyViewModel @Inject constructor(
-    private val authRepository: AuthRepository,
-    private val vaultRepository: VaultRepository,
-) : BaseViewModel<Unit, AutofillTotpCopyEvent, AutofillTotpCopyAction>(Unit) {
-    private val activeUserId: String? get() = authRepository.activeUserId
-
-    override fun handleAction(action: AutofillTotpCopyAction): Unit = when (action) {
-        is AutofillTotpCopyAction.IntentReceived -> handleIntentReceived(action)
-    }
-
-    /**
-     * Process the received intent and alert the activity of what to do next.
-     */
-    private fun handleIntentReceived(action: AutofillTotpCopyAction.IntentReceived) {
-        viewModelScope
-            .launchWithTimeout(
-                timeoutBlock = { finishActivity() },
-                timeoutDuration = CIPHER_WAIT_TIMEOUT_MILLIS,
-            ) {
-                // Extract TOTP copy data from the intent.
-                val cipherId = action
-                    .intent
-                    .getTotpCopyIntentOrNull()
-                    ?.cipherId
-
-                if (cipherId == null || isVaultLocked()) {
-                    finishActivity()
-                    return@launchWithTimeout
-                }
-
-                // Try and find the matching cipher.
-                vaultRepository
-                    .ciphersStateFlow
-                    .mapNotNull { it.data }
-                    .first()
-                    .find { it.id == cipherId }
-                    ?.let { cipherView ->
-                        sendEvent(
-                            AutofillTotpCopyEvent.CompleteAutofill(
-                                cipherView = cipherView,
-                            ),
-                        )
-                    }
-                    ?: finishActivity()
-            }
-    }
-
-    /**
-     * Send an event to the activity that signals it to finish.
-     */
-    private fun finishActivity() {
-        sendEvent(AutofillTotpCopyEvent.FinishActivity)
-    }
-
-    private suspend fun isVaultLocked(): Boolean {
-        val userId = activeUserId ?: return true
-
-        // Wait for any unlocking actions to finish. This can be relevant on startup for Never lock
-        // accounts.
-        vaultRepository.vaultUnlockDataStateFlow.first {
-            it.statusFor(userId) != VaultUnlockData.Status.UNLOCKING
-        }
-
-        return !vaultRepository.isVaultUnlocked(userId = userId)
-    }
-}
-
-/**
- * Represents actions that can be sent to the [AutofillTotpCopyViewModel].
- */
-sealed class AutofillTotpCopyAction {
-    /**
-     * An [intent] has been received and is ready to be processed.
-     */
-    data class IntentReceived(
-        val intent: Intent,
-    ) : AutofillTotpCopyAction()
-}
-
-/**
- * Represents events emitted by the [AutofillTotpCopyViewModel].
- */
-sealed class AutofillTotpCopyEvent {
-    /**
-     * Complete autofill with the provided [cipherView].
-     */
-    data class CompleteAutofill(
-        val cipherView: CipherView,
-    ) : AutofillTotpCopyEvent()
-
-    /**
-     * Finish the activity.
-     */
-    data object FinishActivity : AutofillTotpCopyEvent()
-}
--- a/app/src/main/java/com/x8bit/bitwarden/BitwardenApplication.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/BitwardenApplication.kt
@@ -1,35 +0,0 @@
-package com.x8bit.bitwarden
-
-import android.app.Application
-import com.x8bit.bitwarden.data.auth.manager.AuthRequestNotificationManager
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
-import com.x8bit.bitwarden.data.platform.manager.LogsManager
-import com.x8bit.bitwarden.data.platform.manager.event.OrganizationEventManager
-import com.x8bit.bitwarden.data.platform.manager.network.NetworkConfigManager
-import com.x8bit.bitwarden.data.platform.manager.restriction.RestrictionManager
-import dagger.hilt.android.HiltAndroidApp
-import javax.inject.Inject
-
-/**
- * Custom application class.
- */
-@OmitFromCoverage
-@HiltAndroidApp
-class BitwardenApplication : Application() {
-    // Inject classes here that must be triggered on startup but are not otherwise consumed by
-    // other callers.
-    @Inject
-    lateinit var logsManager: LogsManager
-
-    @Inject
-    lateinit var networkConfigManager: NetworkConfigManager
-
-    @Inject
-    lateinit var authRequestNotificationManager: AuthRequestNotificationManager
-
-    @Inject
-    lateinit var organizationEventManager: OrganizationEventManager
-
-    @Inject
-    lateinit var restrictionManager: RestrictionManager
-}
--- a/app/src/main/java/com/x8bit/bitwarden/MainActivity.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/MainActivity.kt
@@ -1,227 +0,0 @@
-package com.x8bit.bitwarden
-
-import android.content.Intent
-import android.os.Build
-import android.os.Bundle
-import android.view.KeyEvent
-import android.view.MotionEvent
-import android.view.WindowManager
-import android.widget.Toast
-import androidx.activity.compose.setContent
-import androidx.activity.viewModels
-import androidx.appcompat.app.AppCompatActivity
-import androidx.appcompat.app.AppCompatDelegate
-import androidx.compose.runtime.getValue
-import androidx.compose.runtime.remember
-import androidx.core.os.LocaleListCompat
-import androidx.core.splashscreen.SplashScreen.Companion.installSplashScreen
-import androidx.lifecycle.compose.collectAsStateWithLifecycle
-import androidx.navigation.compose.NavHost
-import androidx.navigation.compose.rememberNavController
-import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityCompletionManager
-import com.x8bit.bitwarden.data.autofill.manager.AutofillActivityManager
-import com.x8bit.bitwarden.data.autofill.manager.AutofillCompletionManager
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
-import com.x8bit.bitwarden.data.platform.manager.util.ObserveScreenDataEffect
-import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
-import com.x8bit.bitwarden.ui.platform.base.util.EventsEffect
-import com.x8bit.bitwarden.ui.platform.composition.LocalManagerProvider
-import com.x8bit.bitwarden.ui.platform.feature.debugmenu.debugMenuDestination
-import com.x8bit.bitwarden.ui.platform.feature.debugmenu.manager.DebugMenuLaunchManager
-import com.x8bit.bitwarden.ui.platform.feature.debugmenu.navigateToDebugMenuScreen
-import com.x8bit.bitwarden.ui.platform.feature.rootnav.ROOT_ROUTE
-import com.x8bit.bitwarden.ui.platform.feature.rootnav.rootNavDestination
-import com.x8bit.bitwarden.ui.platform.theme.BitwardenTheme
-import com.x8bit.bitwarden.ui.platform.util.appLanguage
-import dagger.hilt.android.AndroidEntryPoint
-import javax.inject.Inject
-
-/**
- * Primary entry point for the application.
- */
-@Suppress("TooManyFunctions")
-@OmitFromCoverage
-@AndroidEntryPoint
-class MainActivity : AppCompatActivity() {
-
-    private val mainViewModel: MainViewModel by viewModels()
-
-    @Inject
-    lateinit var autofillActivityManager: AutofillActivityManager
-
-    @Inject
-    lateinit var autofillCompletionManager: AutofillCompletionManager
-
-    @Inject
-    lateinit var accessibilityCompletionManager: AccessibilityCompletionManager
-
-    @Inject
-    lateinit var settingsRepository: SettingsRepository
-
-    @Inject
-    lateinit var debugLaunchManager: DebugMenuLaunchManager
-
-    @Suppress("LongMethod")
-    override fun onCreate(savedInstanceState: Bundle?) {
-        var shouldShowSplashScreen = true
-        installSplashScreen().setKeepOnScreenCondition { shouldShowSplashScreen }
-        super.onCreate(savedInstanceState)
-
-        if (savedInstanceState == null) {
-            mainViewModel.trySendAction(
-                MainAction.ReceiveFirstIntent(
-                    intent = intent,
-                ),
-            )
-        }
-
-        // Within the app the theme will change dynamically and will be managed by the
-        // OS, but we need to ensure we properly set the values when upgrading from older versions
-        // that handle this differently or when the activity restarts.
-        AppCompatDelegate.setDefaultNightMode(settingsRepository.appTheme.osValue)
-        setContent {
-            val state by mainViewModel.stateFlow.collectAsStateWithLifecycle()
-            val navController = rememberNavController()
-            EventsEffect(viewModel = mainViewModel) { event ->
-                when (event) {
-                    is MainEvent.CompleteAccessibilityAutofill -> {
-                        handleCompleteAccessibilityAutofill(event)
-                    }
-
-                    is MainEvent.CompleteAutofill -> handleCompleteAutofill(event)
-                    MainEvent.Recreate -> handleRecreate()
-                    MainEvent.NavigateToDebugMenu -> navController.navigateToDebugMenuScreen()
-                    is MainEvent.ShowToast -> {
-                        Toast
-                            .makeText(
-                                baseContext,
-                                event.message.invoke(resources),
-                                Toast.LENGTH_SHORT,
-                            )
-                            .show()
-                    }
-
-                    is MainEvent.UpdateAppLocale -> {
-                        AppCompatDelegate.setApplicationLocales(
-                            LocaleListCompat.forLanguageTags(event.localeName),
-                        )
-                    }
-
-                    is MainEvent.UpdateAppTheme -> {
-                        AppCompatDelegate.setDefaultNightMode(event.osTheme)
-                    }
-                }
-            }
-            updateScreenCapture(isScreenCaptureAllowed = state.isScreenCaptureAllowed)
-            LocalManagerProvider(featureFlagsState = state.featureFlagsState) {
-                ObserveScreenDataEffect(
-                    onDataUpdate = remember(mainViewModel) {
-                        {
-                            mainViewModel.trySendAction(
-                                MainAction.ResumeScreenDataReceived(it),
-                            )
-                        }
-                    },
-                )
-                BitwardenTheme(theme = state.theme) {
-                    NavHost(
-                        navController = navController,
-                        startDestination = ROOT_ROUTE,
-                    ) {
-                        // Nothing else should end up at this top level, we just want the ability
-                        // to have the debug menu appear on top of the rest of the app without
-                        // interacting with the state-based navigation used by the RootNavScreen.
-                        rootNavDestination { shouldShowSplashScreen = false }
-                        debugMenuDestination(
-                            onNavigateBack = { navController.popBackStack() },
-                            onSplashScreenRemoved = { shouldShowSplashScreen = false },
-                        )
-                    }
-                }
-            }
-        }
-    }
-
-    override fun onNewIntent(intent: Intent) {
-        super.onNewIntent(intent)
-        mainViewModel.trySendAction(
-            action = MainAction.ReceiveNewIntent(
-                intent = intent,
-            ),
-        )
-    }
-
-    override fun onResume() {
-        super.onResume()
-        // When the app resumes check for any app specific language which may have been
-        // set via the device settings. Similar to the theme setting in onCreate this
-        // ensures we properly set the values when upgrading from older versions
-        // that handle this differently or when the activity restarts.
-        val appSpecificLanguage = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
-            val locales: LocaleListCompat = AppCompatDelegate.getApplicationLocales()
-            if (locales.isEmpty) {
-                // App is using the system language
-                null
-            } else {
-                // App has specific language settings
-                locales.get(0)?.appLanguage
-            }
-        } else {
-            // For older versions, use what ever language is available from the repository.
-            settingsRepository.appLanguage
-        }
-
-        appSpecificLanguage?.let {
-            mainViewModel.trySendAction(MainAction.AppSpecificLanguageUpdate(it))
-        }
-    }
-
-    override fun onStop() {
-        super.onStop()
-        // In some scenarios on an emulator the Activity can leak when recreated
-        // if we don't first clear focus anytime we exit and return to the app.
-        currentFocus?.clearFocus()
-    }
-
-    override fun dispatchTouchEvent(event: MotionEvent): Boolean = debugLaunchManager
-        .actionOnInputEvent(event = event, action = ::sendOpenDebugMenuEvent)
-        .takeIf { it }
-        ?: super.dispatchTouchEvent(event)
-
-    override fun dispatchKeyEvent(event: KeyEvent): Boolean = debugLaunchManager
-        .actionOnInputEvent(event = event, action = ::sendOpenDebugMenuEvent)
-        .takeIf { it }
-        ?: super.dispatchKeyEvent(event)
-
-    private fun sendOpenDebugMenuEvent() {
-        mainViewModel.trySendAction(MainAction.OpenDebugMenu)
-    }
-
-    private fun handleCompleteAccessibilityAutofill(
-        event: MainEvent.CompleteAccessibilityAutofill,
-    ) {
-        accessibilityCompletionManager.completeAccessibilityAutofill(
-            activity = this,
-            cipherView = event.cipherView,
-        )
-    }
-
-    private fun handleCompleteAutofill(event: MainEvent.CompleteAutofill) {
-        autofillCompletionManager.completeAutofill(
-            activity = this,
-            cipherView = event.cipherView,
-        )
-    }
-
-    private fun handleRecreate() {
-        recreate()
-    }
-
-    private fun updateScreenCapture(isScreenCaptureAllowed: Boolean) {
-        if (isScreenCaptureAllowed) {
-            window.clearFlags(WindowManager.LayoutParams.FLAG_SECURE)
-        } else {
-            window.addFlags(WindowManager.LayoutParams.FLAG_SECURE)
-        }
-    }
-}
--- a/app/src/main/java/com/x8bit/bitwarden/MainViewModel.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/MainViewModel.kt
@@ -1,620 +0,0 @@
-package com.x8bit.bitwarden
-
-import android.content.Intent
-import android.os.Parcelable
-import androidx.lifecycle.SavedStateHandle
-import androidx.lifecycle.viewModelScope
-import com.bitwarden.vault.CipherView
-import com.x8bit.bitwarden.data.auth.manager.AddTotpItemFromAuthenticatorManager
-import com.x8bit.bitwarden.data.auth.repository.AuthRepository
-import com.x8bit.bitwarden.data.auth.repository.model.EmailTokenResult
-import com.x8bit.bitwarden.data.auth.util.getCompleteRegistrationDataIntentOrNull
-import com.x8bit.bitwarden.data.auth.util.getPasswordlessRequestDataIntentOrNull
-import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilitySelectionManager
-import com.x8bit.bitwarden.data.autofill.fido2.manager.Fido2CredentialManager
-import com.x8bit.bitwarden.data.autofill.fido2.util.getFido2AssertionRequestOrNull
-import com.x8bit.bitwarden.data.autofill.fido2.util.getFido2CreateCredentialRequestOrNull
-import com.x8bit.bitwarden.data.autofill.fido2.util.getFido2GetCredentialsRequestOrNull
-import com.x8bit.bitwarden.data.autofill.manager.AutofillSelectionManager
-import com.x8bit.bitwarden.data.autofill.util.getAutofillSaveItemOrNull
-import com.x8bit.bitwarden.data.autofill.util.getAutofillSelectionDataOrNull
-import com.x8bit.bitwarden.data.platform.manager.AppResumeManager
-import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
-import com.x8bit.bitwarden.data.platform.manager.SpecialCircumstanceManager
-import com.x8bit.bitwarden.data.platform.manager.garbage.GarbageCollectionManager
-import com.x8bit.bitwarden.data.platform.manager.model.AppResumeScreenData
-import com.x8bit.bitwarden.data.platform.manager.model.CompleteRegistrationData
-import com.x8bit.bitwarden.data.platform.manager.model.FlagKey
-import com.x8bit.bitwarden.data.platform.manager.model.SpecialCircumstance
-import com.x8bit.bitwarden.data.platform.repository.EnvironmentRepository
-import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
-import com.x8bit.bitwarden.data.platform.util.isAddTotpLoginItemFromAuthenticator
-import com.x8bit.bitwarden.data.vault.manager.model.VaultStateEvent
-import com.x8bit.bitwarden.data.vault.repository.VaultRepository
-import com.x8bit.bitwarden.ui.platform.base.BaseViewModel
-import com.x8bit.bitwarden.ui.platform.base.util.Text
-import com.x8bit.bitwarden.ui.platform.base.util.asText
-import com.x8bit.bitwarden.ui.platform.feature.settings.appearance.model.AppLanguage
-import com.x8bit.bitwarden.ui.platform.feature.settings.appearance.model.AppTheme
-import com.x8bit.bitwarden.ui.platform.manager.intent.IntentManager
-import com.x8bit.bitwarden.ui.platform.model.FeatureFlagsState
-import com.x8bit.bitwarden.ui.platform.util.isAccountSecurityShortcut
-import com.x8bit.bitwarden.ui.platform.util.isMyVaultShortcut
-import com.x8bit.bitwarden.ui.platform.util.isPasswordGeneratorShortcut
-import com.x8bit.bitwarden.ui.vault.model.TotpData
-import com.x8bit.bitwarden.ui.vault.util.getTotpDataOrNull
-import dagger.hilt.android.lifecycle.HiltViewModel
-import kotlinx.coroutines.delay
-import kotlinx.coroutines.flow.distinctUntilChanged
-import kotlinx.coroutines.flow.drop
-import kotlinx.coroutines.flow.first
-import kotlinx.coroutines.flow.launchIn
-import kotlinx.coroutines.flow.map
-import kotlinx.coroutines.flow.onEach
-import kotlinx.coroutines.flow.update
-import kotlinx.coroutines.launch
-import kotlinx.parcelize.Parcelize
-import java.time.Clock
-import javax.inject.Inject
-
-private const val SPECIAL_CIRCUMSTANCE_KEY = "special-circumstance"
-private const val ANIMATION_REFRESH_DELAY = 500L
-
-/**
- * A view model that helps launch actions for the [MainActivity].
- */
-@Suppress("LongParameterList", "TooManyFunctions")
-@HiltViewModel
-class MainViewModel @Inject constructor(
-    accessibilitySelectionManager: AccessibilitySelectionManager,
-    autofillSelectionManager: AutofillSelectionManager,
-    featureFlagManager: FeatureFlagManager,
-    private val addTotpItemFromAuthenticatorManager: AddTotpItemFromAuthenticatorManager,
-    private val specialCircumstanceManager: SpecialCircumstanceManager,
-    private val garbageCollectionManager: GarbageCollectionManager,
-    private val fido2CredentialManager: Fido2CredentialManager,
-    private val intentManager: IntentManager,
-    private val settingsRepository: SettingsRepository,
-    private val vaultRepository: VaultRepository,
-    private val authRepository: AuthRepository,
-    private val environmentRepository: EnvironmentRepository,
-    private val savedStateHandle: SavedStateHandle,
-    private val appResumeManager: AppResumeManager,
-    private val clock: Clock,
-) : BaseViewModel<MainState, MainEvent, MainAction>(
-    initialState = MainState(
-        theme = settingsRepository.appTheme,
-        isScreenCaptureAllowed = settingsRepository.isScreenCaptureAllowed,
-        isErrorReportingDialogEnabled = featureFlagManager.getFeatureFlag(
-            key = FlagKey.MobileErrorReporting,
-        ),
-    ),
-) {
-    private var specialCircumstance: SpecialCircumstance?
-        get() = savedStateHandle[SPECIAL_CIRCUMSTANCE_KEY]
-        set(value) {
-            savedStateHandle[SPECIAL_CIRCUMSTANCE_KEY] = value
-        }
-
-    init {
-        // Immediately restore the special circumstance if we have one and then listen for changes
-        specialCircumstanceManager.specialCircumstance = specialCircumstance
-
-        specialCircumstanceManager
-            .specialCircumstanceStateFlow
-            .onEach { specialCircumstance = it }
-            .launchIn(viewModelScope)
-
-        featureFlagManager
-            .getFeatureFlagFlow(key = FlagKey.MobileErrorReporting)
-            .map { MainAction.Internal.OnMobileErrorReportingReceive(it) }
-            .onEach(::sendAction)
-            .launchIn(viewModelScope)
-
-        accessibilitySelectionManager
-            .accessibilitySelectionFlow
-            .map { MainAction.Internal.AccessibilitySelectionReceive(it) }
-            .onEach(::sendAction)
-            .launchIn(viewModelScope)
-
-        autofillSelectionManager
-            .autofillSelectionFlow
-            .onEach { trySendAction(MainAction.Internal.AutofillSelectionReceive(it)) }
-            .launchIn(viewModelScope)
-
-        settingsRepository
-            .appThemeStateFlow
-            .onEach { trySendAction(MainAction.Internal.ThemeUpdate(it)) }
-            .launchIn(viewModelScope)
-        settingsRepository
-            .appLanguageStateFlow
-            .map { MainEvent.UpdateAppLocale(it.localeName) }
-            .onEach(::sendEvent)
-            .launchIn(viewModelScope)
-
-        settingsRepository
-            .isScreenCaptureAllowedStateFlow
-            .map { MainAction.Internal.ScreenCaptureUpdate(it) }
-            .onEach(::trySendAction)
-            .launchIn(viewModelScope)
-
-        authRepository
-            .userStateFlow
-            .drop(count = 1)
-            // Trigger an action whenever the current user changes or we go into/out of a pending
-            // account state (which acts like switching to a temporary user).
-            .map { it?.activeUserId to it?.hasPendingAccountAddition }
-            .distinctUntilChanged()
-            .onEach {
-                // Switching between account states often involves some kind of animation (ex:
-                // account switcher) that we might want to give time to finish before triggering
-                // a refresh.
-                delay(ANIMATION_REFRESH_DELAY)
-                trySendAction(MainAction.Internal.CurrentUserStateChange)
-            }
-            .launchIn(viewModelScope)
-
-        vaultRepository
-            .vaultStateEventFlow
-            .onEach {
-                when (it) {
-                    is VaultStateEvent.Locked -> {
-                        // Similar to account switching, triggering this action too soon can
-                        // interfere with animations or navigation logic, so we will delay slightly.
-                        delay(ANIMATION_REFRESH_DELAY)
-                        trySendAction(MainAction.Internal.VaultUnlockStateChange)
-                    }
-
-                    is VaultStateEvent.Unlocked -> Unit
-                }
-            }
-            .launchIn(viewModelScope)
-
-        // On app launch, mark all active users as having previously logged in.
-        // This covers any users who are active prior to this value being recorded.
-        viewModelScope.launch {
-            val userState = authRepository
-                .userStateFlow
-                .first()
-            userState
-                ?.accounts
-                ?.forEach {
-                    settingsRepository.storeUserHasLoggedInValue(it.userId)
-                }
-        }
-    }
-
-    override fun handleAction(action: MainAction) {
-        when (action) {
-            is MainAction.ReceiveFirstIntent -> handleFirstIntentReceived(action)
-            is MainAction.ReceiveNewIntent -> handleNewIntentReceived(action)
-            MainAction.OpenDebugMenu -> handleOpenDebugMenu()
-            is MainAction.ResumeScreenDataReceived -> handleAppResumeDataUpdated(action)
-            is MainAction.AppSpecificLanguageUpdate -> handleAppSpecificLanguageUpdate(action)
-            is MainAction.Internal -> handleInternalAction(action)
-        }
-    }
-
-    private fun handleInternalAction(action: MainAction.Internal) {
-        when (action) {
-            is MainAction.Internal.AccessibilitySelectionReceive -> {
-                handleAccessibilitySelectionReceive(action)
-            }
-
-            is MainAction.Internal.AutofillSelectionReceive -> {
-                handleAutofillSelectionReceive(action)
-            }
-
-            is MainAction.Internal.CurrentUserStateChange -> handleCurrentUserStateChange()
-            is MainAction.Internal.ScreenCaptureUpdate -> handleScreenCaptureUpdate(action)
-            is MainAction.Internal.ThemeUpdate -> handleAppThemeUpdated(action)
-            is MainAction.Internal.VaultUnlockStateChange -> handleVaultUnlockStateChange()
-            is MainAction.Internal.OnMobileErrorReportingReceive -> {
-                handleOnMobileErrorReportingReceive(action)
-            }
-        }
-    }
-
-    private fun handleOnMobileErrorReportingReceive(
-        action: MainAction.Internal.OnMobileErrorReportingReceive,
-    ) {
-        mutableStateFlow.update {
-            it.copy(isErrorReportingDialogEnabled = action.isErrorReportingEnabled)
-        }
-    }
-
-    private fun handleAppSpecificLanguageUpdate(action: MainAction.AppSpecificLanguageUpdate) {
-        settingsRepository.appLanguage = action.appLanguage
-    }
-
-    private fun handleAppResumeDataUpdated(action: MainAction.ResumeScreenDataReceived) {
-        when (val data = action.screenResumeData) {
-            null -> appResumeManager.clearResumeScreen()
-            else -> appResumeManager.setResumeScreen(data)
-        }
-    }
-
-    private fun handleOpenDebugMenu() {
-        sendEvent(MainEvent.NavigateToDebugMenu)
-    }
-
-    private fun handleAccessibilitySelectionReceive(
-        action: MainAction.Internal.AccessibilitySelectionReceive,
-    ) {
-        specialCircumstanceManager.specialCircumstance = null
-        sendEvent(MainEvent.CompleteAccessibilityAutofill(cipherView = action.cipherView))
-    }
-
-    private fun handleAutofillSelectionReceive(
-        action: MainAction.Internal.AutofillSelectionReceive,
-    ) {
-        specialCircumstanceManager.specialCircumstance = null
-        sendEvent(MainEvent.CompleteAutofill(cipherView = action.cipherView))
-    }
-
-    private fun handleCurrentUserStateChange() {
-        recreateUiAndGarbageCollect()
-    }
-
-    private fun handleScreenCaptureUpdate(action: MainAction.Internal.ScreenCaptureUpdate) {
-        mutableStateFlow.update { it.copy(isScreenCaptureAllowed = action.isScreenCaptureEnabled) }
-    }
-
-    private fun handleAppThemeUpdated(action: MainAction.Internal.ThemeUpdate) {
-        mutableStateFlow.update { it.copy(theme = action.theme) }
-        sendEvent(MainEvent.UpdateAppTheme(osTheme = action.theme.osValue))
-    }
-
-    private fun handleVaultUnlockStateChange() {
-        recreateUiAndGarbageCollect()
-    }
-
-    private fun handleFirstIntentReceived(action: MainAction.ReceiveFirstIntent) {
-        handleIntent(
-            intent = action.intent,
-            isFirstIntent = true,
-        )
-    }
-
-    private fun handleNewIntentReceived(action: MainAction.ReceiveNewIntent) {
-        handleIntent(
-            intent = action.intent,
-            isFirstIntent = false,
-        )
-    }
-
-    @Suppress("LongMethod", "CyclomaticComplexMethod")
-    private fun handleIntent(
-        intent: Intent,
-        isFirstIntent: Boolean,
-    ) {
-        val passwordlessRequestData = intent.getPasswordlessRequestDataIntentOrNull()
-        val autofillSaveItem = intent.getAutofillSaveItemOrNull()
-        val autofillSelectionData = intent.getAutofillSelectionDataOrNull()
-        val shareData = intentManager.getShareDataFromIntent(intent)
-        val totpData: TotpData? =
-            // First grab TOTP URI directly from the intent data:
-            intent.getTotpDataOrNull()
-                ?: run {
-                    // Then check to see if the intent is coming from the Authenticator app:
-                    if (intent.isAddTotpLoginItemFromAuthenticator()) {
-                        addTotpItemFromAuthenticatorManager.pendingAddTotpLoginItemData.also {
-                            // Clear pending add TOTP data so it is only handled once:
-                            addTotpItemFromAuthenticatorManager.pendingAddTotpLoginItemData = null
-                        }
-                    } else {
-                        null
-                    }
-                }
-        val hasGeneratorShortcut = intent.isPasswordGeneratorShortcut
-        val hasVaultShortcut = intent.isMyVaultShortcut
-        val hasAccountSecurityShortcut = intent.isAccountSecurityShortcut
-        val fido2CreateCredentialRequestData = intent.getFido2CreateCredentialRequestOrNull()
-        val completeRegistrationData = intent.getCompleteRegistrationDataIntentOrNull()
-        val fido2CredentialAssertionRequest = intent.getFido2AssertionRequestOrNull()
-        val fido2GetCredentialsRequest = intent.getFido2GetCredentialsRequestOrNull()
-        when {
-            passwordlessRequestData != null -> {
-                authRepository.activeUserId?.let {
-                    if (it != passwordlessRequestData.userId &&
-                        !vaultRepository.isVaultUnlocked(it)
-                    ) {
-                        // We only switch the account here if the current user's vault is not
-                        // unlocked, otherwise prompt the user to allow us to change the account
-                        // in the LoginApprovalScreen
-                        authRepository.switchAccount(passwordlessRequestData.userId)
-                    }
-                }
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.PasswordlessRequest(
-                        passwordlessRequestData = passwordlessRequestData,
-                        // Allow users back into the already-running app when completing the
-                        // autofill task when this is not the first intent.
-                        shouldFinishWhenComplete = isFirstIntent,
-                    )
-            }
-
-            completeRegistrationData != null -> {
-                handleCompleteRegistrationData(completeRegistrationData)
-            }
-
-            autofillSaveItem != null -> {
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.AutofillSave(
-                        autofillSaveItem = autofillSaveItem,
-                    )
-            }
-
-            autofillSelectionData != null -> {
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.AutofillSelection(
-                        autofillSelectionData = autofillSelectionData,
-                        // Allow users back into the already-running app when completing the
-                        // autofill task when this is not the first intent.
-                        shouldFinishWhenComplete = isFirstIntent,
-                    )
-            }
-
-            totpData != null -> {
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.AddTotpLoginItem(data = totpData)
-            }
-
-            shareData != null -> {
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.ShareNewSend(
-                        data = shareData,
-                        // Allow users back into the already-running app when completing the
-                        // Send task when this is not the first intent.
-                        shouldFinishWhenComplete = isFirstIntent,
-                    )
-            }
-
-            fido2CreateCredentialRequestData != null -> {
-                // Set the user's verification status when a new FIDO 2 request is received to force
-                // explicit verification if the user's vault is unlocked when the request is
-                // received.
-                fido2CreateCredentialRequestData.isUserVerified
-                    ?.let { isVerified -> fido2CredentialManager.isUserVerified = isVerified }
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.Fido2Save(
-                        fido2CreateCredentialRequest = fido2CreateCredentialRequestData,
-                    )
-
-                // Switch accounts if the selected user is not the active user.
-                if (authRepository.activeUserId != null &&
-                    authRepository.activeUserId != fido2CreateCredentialRequestData.userId
-                ) {
-                    authRepository.switchAccount(fido2CreateCredentialRequestData.userId)
-                }
-            }
-
-            fido2CredentialAssertionRequest != null -> {
-                // If device biometric verification was performed as part of single-tap
-                // authentication, set the user's verification state to the device result.
-                // Otherwise, retain the verification state as-is.
-                fido2CredentialAssertionRequest.isUserVerified
-                    ?.let { isVerified -> fido2CredentialManager.isUserVerified = isVerified }
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.Fido2Assertion(
-                        fido2AssertionRequest = fido2CredentialAssertionRequest,
-                    )
-            }
-
-            fido2GetCredentialsRequest != null -> {
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.Fido2GetCredentials(
-                        fido2GetCredentialsRequest = fido2GetCredentialsRequest,
-                    )
-            }
-
-            hasGeneratorShortcut -> {
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.GeneratorShortcut
-            }
-
-            hasVaultShortcut -> {
-                specialCircumstanceManager.specialCircumstance = SpecialCircumstance.VaultShortcut
-            }
-
-            hasAccountSecurityShortcut -> {
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.AccountSecurityShortcut
-            }
-        }
-    }
-
-    private fun recreateUiAndGarbageCollect() {
-        sendEvent(MainEvent.Recreate)
-        garbageCollectionManager.tryCollect()
-    }
-
-    private fun handleCompleteRegistrationData(data: CompleteRegistrationData) {
-        viewModelScope.launch {
-            // Attempt to load the environment for the user if they have a pre-auth environment
-            // saved.
-            environmentRepository.loadEnvironmentForEmail(userEmail = data.email)
-            // Determine if the token is still valid.
-            val emailTokenResult = authRepository.validateEmailToken(
-                email = data.email,
-                token = data.verificationToken,
-            )
-            when (emailTokenResult) {
-                is EmailTokenResult.Error -> {
-                    sendEvent(
-                        MainEvent.ShowToast(
-                            message = emailTokenResult
-                                .message
-                                ?.asText()
-                                ?: R.string.there_was_an_issue_validating_the_registration_token
-                                    .asText(),
-                        ),
-                    )
-                }
-
-                EmailTokenResult.Expired -> {
-                    specialCircumstanceManager.specialCircumstance = SpecialCircumstance
-                        .RegistrationEvent
-                        .ExpiredRegistrationLink
-                }
-
-                EmailTokenResult.Success -> {
-                    if (authRepository.activeUserId != null) {
-                        authRepository.hasPendingAccountAddition = true
-                    }
-                    specialCircumstanceManager.specialCircumstance =
-                        SpecialCircumstance.RegistrationEvent.CompleteRegistration(
-                            completeRegistrationData = data,
-                            timestamp = clock.millis(),
-                        )
-                }
-            }
-        }
-    }
-}
-
-/**
- * Models state for the [MainActivity].
- */
-@Parcelize
-data class MainState(
-    val theme: AppTheme,
-    val isScreenCaptureAllowed: Boolean,
-    private val isErrorReportingDialogEnabled: Boolean,
-) : Parcelable {
-    /**
-     * Contains all feature flags that are available to the UI.
-     */
-    val featureFlagsState: FeatureFlagsState
-        get() = FeatureFlagsState(
-            isErrorReportingDialogEnabled = isErrorReportingDialogEnabled,
-        )
-}
-
-/**
- * Models actions for the [MainActivity].
- */
-sealed class MainAction {
-    /**
-     * Receive first Intent by the application.
-     */
-    data class ReceiveFirstIntent(val intent: Intent) : MainAction()
-
-    /**
-     * Receive Intent by the application.
-     */
-    data class ReceiveNewIntent(val intent: Intent) : MainAction()
-
-    /**
-     * Receive event to open the debug menu.
-     */
-    data object OpenDebugMenu : MainAction()
-
-    /**
-     * Receive event to save the app resume screen
-     */
-    data class ResumeScreenDataReceived(val screenResumeData: AppResumeScreenData?) : MainAction()
-
-    /**
-     * Receive if there is an app specific locale selection made by user
-     * in the device's settings.
-     */
-    data class AppSpecificLanguageUpdate(val appLanguage: AppLanguage) : MainAction()
-
-    /**
-     * Actions for internal use by the ViewModel.
-     */
-    sealed class Internal : MainAction() {
-        /**
-         * Indicates the user has manually selected the given [cipherView] for accessibility
-         * autofill.
-         */
-        data class AccessibilitySelectionReceive(
-            val cipherView: CipherView,
-        ) : Internal()
-
-        /**
-         * Indicates the Mobile Error Reporting feature flag has been updated.
-         */
-        data class OnMobileErrorReportingReceive(
-            val isErrorReportingEnabled: Boolean,
-        ) : Internal()
-
-        /**
-         * Indicates the user has manually selected the given [cipherView] for autofill.
-         */
-        data class AutofillSelectionReceive(
-            val cipherView: CipherView,
-        ) : Internal()
-
-        /**
-         * Indicates a relevant change in the current user state.
-         */
-        data object CurrentUserStateChange : Internal()
-
-        /**
-         * Indicates that the screen capture state has changed.
-         */
-        data class ScreenCaptureUpdate(
-            val isScreenCaptureEnabled: Boolean,
-        ) : Internal()
-
-        /**
-         * Indicates that the app theme has changed.
-         */
-        data class ThemeUpdate(
-            val theme: AppTheme,
-        ) : Internal()
-
-        /**
-         * Indicates a relevant change in the current vault lock state.
-         */
-        data object VaultUnlockStateChange : Internal()
-    }
-}
-
-/**
- * Represents events that are emitted by the [MainViewModel].
- */
-sealed class MainEvent {
-    /**
-     * Event indicating that the user has chosen the given [cipherView] for accessibility autofill
-     * and that the process is ready to complete.
-     */
-    data class CompleteAccessibilityAutofill(val cipherView: CipherView) : MainEvent()
-
-    /**
-     * Event indicating that the user has chosen the given [cipherView] for autofill and that the
-     * process is ready to complete.
-     */
-    data class CompleteAutofill(val cipherView: CipherView) : MainEvent()
-
-    /**
-     * Event indicating that the UI should recreate itself.
-     */
-    data object Recreate : MainEvent()
-
-    /**
-     * Navigate to the debug menu.
-     */
-    data object NavigateToDebugMenu : MainEvent()
-
-    /**
-     * Show a toast with the given [message].
-     */
-    data class ShowToast(val message: Text) : MainEvent()
-
-    /**
-     * Indicates that the app language has been updated.
-     */
-    data class UpdateAppLocale(
-        val localeName: String?,
-    ) : MainEvent()
-
-    /**
-     * Indicates that the app theme has been updated.
-     */
-    data class UpdateAppTheme(
-        val osTheme: Int,
-    ) : MainEvent()
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/EnvironmentUrlDataJson.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/EnvironmentUrlDataJson.kt
@@ -1,88 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.disk.model
-
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-
-/**
- * Represents URLs for various Bitwarden domains.
- *
- * @property base The overall base URL.
- * @property keyUri A Uri containing the alias and host of the key used for mutual TLS.
- * @property api Separate base URL for the "/api" domain (if applicable).
- * @property identity Separate base URL for the "/identity" domain (if applicable).
- * @property icon Separate base URL for the icon domain (if applicable).
- * @property notifications Separate base URL for the notifications domain (if applicable).
- * @property webVault Separate base URL for the web vault domain (if applicable).
- * @property events Separate base URL for the events domain (if applicable).
- */
-@Serializable
-data class EnvironmentUrlDataJson(
-    @SerialName("base")
-    val base: String,
-
-    @SerialName("keyUri")
-    val keyUri: String? = null,
-
-    @SerialName("api")
-    val api: String? = null,
-
-    @SerialName("identity")
-    val identity: String? = null,
-
-    @SerialName("icons")
-    val icon: String? = null,
-
-    @SerialName("notifications")
-    val notifications: String? = null,
-
-    @SerialName("webVault")
-    val webVault: String? = null,
-
-    @SerialName("events")
-    val events: String? = null,
-) {
-    @Suppress("UndocumentedPublicClass")
-    companion object {
-        /**
-         * Default [EnvironmentUrlDataJson] for the US region.
-         */
-        val DEFAULT_US: EnvironmentUrlDataJson =
-            EnvironmentUrlDataJson(base = "https://vault.bitwarden.com")
-
-        /**
-         * Default [EnvironmentUrlDataJson] for the US region as written to disk by the legacy
-         * Xamarin app.
-         */
-        val DEFAULT_LEGACY_US: EnvironmentUrlDataJson = EnvironmentUrlDataJson(
-            base = "https://vault.bitwarden.com",
-            keyUri = null,
-            api = "https://api.bitwarden.com",
-            identity = "https://identity.bitwarden.com",
-            icon = "https://icons.bitwarden.net",
-            notifications = "https://notifications.bitwarden.com",
-            webVault = "https://vault.bitwarden.com",
-            events = "https://events.bitwarden.com",
-        )
-
-        /**
-         * Default [EnvironmentUrlDataJson] for the EU region.
-         */
-        val DEFAULT_EU: EnvironmentUrlDataJson =
-            EnvironmentUrlDataJson(base = "https://vault.bitwarden.eu")
-
-        /**
-         * Default [EnvironmentUrlDataJson] for the EU region as written to disk by the legacy
-         * Xamarin app.
-         */
-        val DEFAULT_LEGACY_EU: EnvironmentUrlDataJson = EnvironmentUrlDataJson(
-            base = "https://vault.bitwarden.eu",
-            keyUri = null,
-            api = "https://api.bitwarden.eu",
-            identity = "https://identity.bitwarden.eu",
-            icon = "https://icons.bitwarden.eu",
-            notifications = "https://notifications.bitwarden.eu",
-            webVault = "https://vault.bitwarden.eu",
-            events = "https://events.bitwarden.eu",
-        )
-    }
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/NewDeviceNoticeDisplayStatus.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/NewDeviceNoticeDisplayStatus.kt
@@ -1,60 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.disk.model
-
-import kotlinx.serialization.Contextual
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-import java.time.ZonedDateTime
-
-/**
- * Describes the current display status of the new device notice screen.
- */
-@Serializable
-enum class NewDeviceNoticeDisplayStatus {
-    /**
-     * The user has seen the screen and indicated they can access their email.
-     */
-    @SerialName("canAccessEmail")
-    CAN_ACCESS_EMAIL,
-
-    /**
-     * The user has indicated they can access their email
-     * as specified by the Permanent mode of the notice.
-     */
-    @SerialName("canAccessEmailPermanent")
-    CAN_ACCESS_EMAIL_PERMANENT,
-
-    /**
-     * The user has not seen the screen.
-     */
-    @SerialName("hasNotSeen")
-    HAS_NOT_SEEN,
-
-    /**
-     * The user has seen the screen and selected "remind me later".
-     */
-    @SerialName("hasSeen")
-    HAS_SEEN,
-}
-
-/**
- * The state of the new device notice screen.
- */
-@Suppress("MagicNumber")
-@Serializable
-data class NewDeviceNoticeState(
-    @SerialName("displayStatus")
-    val displayStatus: NewDeviceNoticeDisplayStatus,
-
-    @SerialName("lastSeenDate")
-    @Contextual
-    val lastSeenDate: ZonedDateTime?,
-) {
-    /**
-     * Whether the [lastSeenDate] is at least 7 days old.
-     */
-    val shouldDisplayNoticeIfSeen = lastSeenDate
-        ?.isBefore(
-            ZonedDateTime.now().minusDays(7),
-        )
-        ?: false
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedAccountsApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedAccountsApi.kt
@@ -1,61 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.CreateAccountKeysRequest
-import com.x8bit.bitwarden.data.auth.datasource.network.model.DeleteAccountRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResetPasswordRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.SetPasswordRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyOtpRequestJson
-import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
-import retrofit2.http.Body
-import retrofit2.http.HTTP
-import retrofit2.http.POST
-
-/**
- * Defines raw calls under the /accounts API with authentication applied.
- */
-interface AuthenticatedAccountsApi {
-
-    /**
-     * Converts the currently active account to a key-connector account.
-     */
-    @POST("/accounts/convert-to-key-connector")
-    suspend fun convertToKeyConnector(): NetworkResult<Unit>
-
-    /**
-     * Creates the keys for the current account.
-     */
-    @POST("/accounts/keys")
-    suspend fun createAccountKeys(@Body body: CreateAccountKeysRequest): NetworkResult<Unit>
-
-    /**
-     * Deletes the current account.
-     */
-    @HTTP(method = "DELETE", path = "/accounts", hasBody = true)
-    suspend fun deleteAccount(@Body body: DeleteAccountRequestJson): NetworkResult<Unit>
-
-    @POST("/accounts/request-otp")
-    suspend fun requestOtp(): NetworkResult<Unit>
-
-    @POST("/accounts/verify-otp")
-    suspend fun verifyOtp(
-        @Body body: VerifyOtpRequestJson,
-    ): NetworkResult<Unit>
-
-    /**
-     * Resets the temporary password.
-     */
-    @HTTP(method = "PUT", path = "/accounts/update-temp-password", hasBody = true)
-    suspend fun resetTempPassword(@Body body: ResetPasswordRequestJson): NetworkResult<Unit>
-
-    /**
-     * Resets the password.
-     */
-    @HTTP(method = "POST", path = "/accounts/password", hasBody = true)
-    suspend fun resetPassword(@Body body: ResetPasswordRequestJson): NetworkResult<Unit>
-
-    /**
-     * Sets the password.
-     */
-    @POST("/accounts/set-password")
-    suspend fun setPassword(@Body body: SetPasswordRequestJson): NetworkResult<Unit>
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedAuthRequestsApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedAuthRequestsApi.kt
@@ -1,50 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestUpdateRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestsResponseJson
-import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
-import retrofit2.http.Body
-import retrofit2.http.GET
-import retrofit2.http.Header
-import retrofit2.http.POST
-import retrofit2.http.PUT
-import retrofit2.http.Path
-
-/**
- * Defines authenticated raw calls under the /auth-requests API.
- */
-interface AuthenticatedAuthRequestsApi {
-
-    /**
-     * Notifies the server of a new admin authentication request.
-     */
-    @POST("/auth-requests/admin-request")
-    suspend fun createAdminAuthRequest(
-        @Header("Device-Identifier") deviceIdentifier: String,
-        @Body body: AuthRequestRequestJson,
-    ): NetworkResult<AuthRequestsResponseJson.AuthRequest>
-
-    /**
-     * Updates an authentication request.
-     */
-    @PUT("/auth-requests/{id}")
-    suspend fun updateAuthRequest(
-        @Path("id") userId: String,
-        @Body body: AuthRequestUpdateRequestJson,
-    ): NetworkResult<AuthRequestsResponseJson.AuthRequest>
-
-    /**
-     * Gets a list of auth requests for this device.
-     */
-    @GET("/auth-requests")
-    suspend fun getAuthRequests(): NetworkResult<AuthRequestsResponseJson>
-
-    /**
-     * Retrieves an existing authentication request by ID.
-     */
-    @GET("/auth-requests/{requestId}")
-    suspend fun getAuthRequest(
-        @Path("requestId") requestId: String,
-    ): NetworkResult<AuthRequestsResponseJson.AuthRequest>
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedDevicesApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedDevicesApi.kt
@@ -1,21 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import androidx.annotation.Keep
-import com.x8bit.bitwarden.data.auth.datasource.network.model.TrustedDeviceKeysRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.TrustedDeviceKeysResponseJson
-import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
-import retrofit2.http.Body
-import retrofit2.http.PUT
-import retrofit2.http.Path
-
-/**
- * Defines raw calls under the /devices API that require authentication.
- */
-@Keep
-interface AuthenticatedDevicesApi {
-    @PUT("/devices/{appId}/keys")
-    suspend fun updateTrustedDeviceKeys(
-        @Path(value = "appId") appId: String,
-        @Body request: TrustedDeviceKeysRequestJson,
-    ): NetworkResult<TrustedDeviceKeysResponseJson>
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedKeyConnectorApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedKeyConnectorApi.kt
@@ -1,20 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import androidx.annotation.Keep
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyRequestJson
-import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
-import retrofit2.http.Body
-import retrofit2.http.POST
-import retrofit2.http.Url
-
-/**
- * Defines raw calls specific for key connectors that use custom urls.
- */
-@Keep
-interface AuthenticatedKeyConnectorApi {
-    @POST
-    suspend fun storeMasterKeyToKeyConnector(
-        @Url url: String,
-        @Body body: KeyConnectorMasterKeyRequestJson,
-    ): NetworkResult<Unit>
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedOrganizationApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedOrganizationApi.kt
@@ -1,41 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationAutoEnrollStatusResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationKeysResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationResetPasswordEnrollRequestJson
-import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
-import retrofit2.http.Body
-import retrofit2.http.GET
-import retrofit2.http.PUT
-import retrofit2.http.Path
-
-/**
- * Defines raw calls under the authenticated /organizations API.
- */
-interface AuthenticatedOrganizationApi {
-    /**
-     * Enrolls this user in the organization's password reset.
-     */
-    @PUT("/organizations/{orgId}/users/{userId}/reset-password-enrollment")
-    suspend fun organizationResetPasswordEnroll(
-        @Path("orgId") organizationId: String,
-        @Path("userId") userId: String,
-        @Body body: OrganizationResetPasswordEnrollRequestJson,
-    ): NetworkResult<Unit>
-
-    /**
-     * Checks whether this organization auto enrolls users in password reset.
-     */
-    @GET("/organizations/{identifier}/auto-enroll-status")
-    suspend fun getOrganizationAutoEnrollResponse(
-        @Path("identifier") organizationIdentifier: String,
-    ): NetworkResult<OrganizationAutoEnrollStatusResponseJson>
-
-    /**
-     * Gets the public and private keys for this organization.
-     */
-    @GET("/organizations/{id}/keys")
-    suspend fun getOrganizationKeys(
-        @Path("id") organizationId: String,
-    ): NetworkResult<OrganizationKeysResponseJson>
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/HaveIBeenPwnedApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/HaveIBeenPwnedApi.kt
@@ -1,19 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
-import okhttp3.ResponseBody
-import retrofit2.http.GET
-import retrofit2.http.Path
-
-/**
- * Defines endpoints for the "have I been pwned" API. For docs see
- * https://haveibeenpwned.com/API/v2.
- */
-interface HaveIBeenPwnedApi {
-
-    @GET("/range/{hashPrefix}")
-    suspend fun fetchBreachedPasswords(
-        @Path("hashPrefix")
-        hashPrefix: String,
-    ): NetworkResult<ResponseBody>
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedAccountsApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedAccountsApi.kt
@@ -1,37 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorKeyRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PasswordHintRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendEmailRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendNewDeviceOtpRequestJson
-import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
-import com.x8bit.bitwarden.data.platform.datasource.network.util.HEADER_KEY_AUTHORIZATION
-import retrofit2.http.Body
-import retrofit2.http.Header
-import retrofit2.http.POST
-
-/**
- * Defines raw calls under the /accounts API.
- */
-interface UnauthenticatedAccountsApi {
-    @POST("/accounts/password-hint")
-    suspend fun passwordHintRequest(
-        @Body body: PasswordHintRequestJson,
-    ): NetworkResult<Unit>
-
-    @POST("/two-factor/send-email-login")
-    suspend fun resendVerificationCodeEmail(
-        @Body body: ResendEmailRequestJson,
-    ): NetworkResult<Unit>
-
-    @POST("/accounts/set-key-connector-key")
-    suspend fun setKeyConnectorKey(
-        @Body body: KeyConnectorKeyRequestJson,
-        @Header(HEADER_KEY_AUTHORIZATION) bearerToken: String,
-    ): NetworkResult<Unit>
-
-    @POST("/accounts/resend-new-device-otp")
-    suspend fun resendNewDeviceOtp(
-        @Body body: ResendNewDeviceOtpRequestJson,
-    ): NetworkResult<Unit>
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedAuthRequestsApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedAuthRequestsApi.kt
@@ -1,35 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestsResponseJson
-import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
-import retrofit2.http.Body
-import retrofit2.http.GET
-import retrofit2.http.Header
-import retrofit2.http.POST
-import retrofit2.http.Path
-import retrofit2.http.Query
-
-/**
- * Defines unauthenticated raw calls under the /auth-requests API.
- */
-interface UnauthenticatedAuthRequestsApi {
-
-    /**
-     * Notifies the server of a new authentication request.
-     */
-    @POST("/auth-requests")
-    suspend fun createAuthRequest(
-        @Header("Device-Identifier") deviceIdentifier: String,
-        @Body body: AuthRequestRequestJson,
-    ): NetworkResult<AuthRequestsResponseJson.AuthRequest>
-
-    /**
-     * Queries for updates to a given auth request.
-     */
-    @GET("/auth-requests/{requestId}/response")
-    suspend fun getAuthRequestUpdate(
-        @Path("requestId") requestId: String,
-        @Query("code") accessCode: String,
-    ): NetworkResult<AuthRequestsResponseJson.AuthRequest>
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedDevicesApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedDevicesApi.kt
@@ -1,16 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
-import retrofit2.http.GET
-import retrofit2.http.Header
-
-/**
- * Defines raw calls under the /devices API that do not require authentication.
- */
-interface UnauthenticatedDevicesApi {
-    @GET("/devices/knowndevice")
-    suspend fun getIsKnownDevice(
-        @Header(value = "X-Request-Email") emailAddress: String,
-        @Header(value = "X-Device-Identifier") deviceId: String,
-    ): NetworkResult<Boolean>
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedIdentityApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedIdentityApi.kt
@@ -1,92 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.GetTokenResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PreLoginRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PreLoginResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PrevalidateSsoResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RefreshTokenResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterFinishRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.SendVerificationEmailRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyEmailTokenRequestJson
-import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
-import kotlinx.serialization.json.JsonPrimitive
-import retrofit2.Call
-import retrofit2.http.Body
-import retrofit2.http.Field
-import retrofit2.http.FormUrlEncoded
-import retrofit2.http.GET
-import retrofit2.http.Header
-import retrofit2.http.POST
-import retrofit2.http.Query
-
-/**
- * Defines raw calls under the /identity API.
- */
-interface UnauthenticatedIdentityApi {
-
-    @POST("/connect/token")
-    @Suppress("LongParameterList")
-    @FormUrlEncoded
-    suspend fun getToken(
-        @Field(value = "scope", encoded = true) scope: String,
-        @Field(value = "client_id") clientId: String,
-        @Field(value = "username") email: String,
-        @Header(value = "Auth-Email") authEmail: String,
-        @Field(value = "password") passwordHash: String?,
-        @Field(value = "deviceIdentifier") deviceIdentifier: String,
-        @Field(value = "deviceName") deviceName: String,
-        @Field(value = "deviceType") deviceType: String,
-        @Field(value = "grant_type") grantType: String,
-        @Field(value = "captchaResponse") captchaResponse: String?,
-        @Field(value = "code") ssoCode: String?,
-        @Field(value = "code_verifier") ssoCodeVerifier: String?,
-        @Field(value = "redirect_uri") ssoRedirectUri: String?,
-        @Field(value = "twoFactorToken") twoFactorCode: String?,
-        @Field(value = "twoFactorProvider") twoFactorMethod: String?,
-        @Field(value = "twoFactorRemember") twoFactorRemember: String?,
-        @Field(value = "authRequest") authRequestId: String?,
-        @Field(value = "newDeviceOtp") newDeviceOtp: String?,
-    ): NetworkResult<GetTokenResponseJson.Success>
-
-    @GET("/sso/prevalidate")
-    suspend fun prevalidateSso(
-        @Query("domainHint") organizationIdentifier: String,
-    ): NetworkResult<PrevalidateSsoResponseJson.Success>
-
-    /**
-     * This call needs to be synchronous so we need it to return a [Call] directly. The identity
-     * service will wrap it up for us.
-     */
-    @POST("/connect/token")
-    @FormUrlEncoded
-    fun refreshTokenCall(
-        @Field(value = "client_id") clientId: String,
-        @Field(value = "refresh_token") refreshToken: String,
-        @Field(value = "grant_type") grantType: String,
-    ): Call<RefreshTokenResponseJson>
-
-    @POST("/accounts/prelogin")
-    suspend fun preLogin(@Body body: PreLoginRequestJson): NetworkResult<PreLoginResponseJson>
-
-    @POST("/accounts/register")
-    suspend fun register(
-        @Body body: RegisterRequestJson,
-    ): NetworkResult<RegisterResponseJson.Success>
-
-    @POST("/accounts/register/finish")
-    suspend fun registerFinish(
-        @Body body: RegisterFinishRequestJson,
-    ): NetworkResult<RegisterResponseJson.Success>
-
-    @POST("/accounts/register/send-verification-email")
-    suspend fun sendVerificationEmail(
-        @Body body: SendVerificationEmailRequestJson,
-    ): NetworkResult<JsonPrimitive?>
-
-    @POST("/accounts/register/verification-email-clicked")
-    suspend fun verifyEmailToken(
-        @Body body: VerifyEmailTokenRequestJson,
-    ): NetworkResult<Unit>
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedKeyConnectorApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedKeyConnectorApi.kt
@@ -1,31 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import androidx.annotation.Keep
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyResponseJson
-import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
-import com.x8bit.bitwarden.data.platform.datasource.network.util.HEADER_KEY_AUTHORIZATION
-import retrofit2.http.Body
-import retrofit2.http.GET
-import retrofit2.http.Header
-import retrofit2.http.POST
-import retrofit2.http.Url
-
-/**
- * Defines raw calls specific for key connectors that use custom urls.
- */
-@Keep
-interface UnauthenticatedKeyConnectorApi {
-    @POST
-    suspend fun storeMasterKeyToKeyConnector(
-        @Url url: String,
-        @Header(HEADER_KEY_AUTHORIZATION) bearerToken: String,
-        @Body body: KeyConnectorMasterKeyRequestJson,
-    ): NetworkResult<Unit>
-
-    @GET
-    suspend fun getMasterKeyFromKeyConnector(
-        @Url url: String,
-        @Header(HEADER_KEY_AUTHORIZATION) bearerToken: String,
-    ): NetworkResult<KeyConnectorMasterKeyResponseJson>
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedOrganizationApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedOrganizationApi.kt
@@ -1,30 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationDomainSsoDetailsRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationDomainSsoDetailsResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifiedOrganizationDomainSsoDetailsRequest
-import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifiedOrganizationDomainSsoDetailsResponse
-import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
-import retrofit2.http.Body
-import retrofit2.http.POST
-
-/**
- * Defines raw calls under the /organizations API.
- */
-interface UnauthenticatedOrganizationApi {
-    /**
-     * Checks for the claimed domain organization of an email for SSO purposes.
-     */
-    @POST("/organizations/domain/sso/details")
-    suspend fun getClaimedDomainOrganizationDetails(
-        @Body body: OrganizationDomainSsoDetailsRequestJson,
-    ): NetworkResult<OrganizationDomainSsoDetailsResponseJson>
-
-    /**
-     * Checks for the verfied organization domains of an email for SSO purposes.
-     */
-    @POST("/organizations/domain/sso/verified")
-    suspend fun getVerifiedOrganizationDomainsByEmail(
-        @Body body: VerifiedOrganizationDomainSsoDetailsRequest,
-    ): NetworkResult<VerifiedOrganizationDomainSsoDetailsResponse>
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/di/AuthNetworkModule.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/di/AuthNetworkModule.kt
@@ -1,102 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.di
-
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AuthRequestsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AuthRequestsServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.HaveIBeenPwnedService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.HaveIBeenPwnedServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.IdentityService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.IdentityServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.NewAuthRequestService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.NewAuthRequestServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.OrganizationService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.OrganizationServiceImpl
-import com.x8bit.bitwarden.data.platform.datasource.network.retrofit.Retrofits
-import dagger.Module
-import dagger.Provides
-import dagger.hilt.InstallIn
-import dagger.hilt.components.SingletonComponent
-import kotlinx.serialization.json.Json
-import retrofit2.create
-import javax.inject.Singleton
-
-/**
- * Provides network dependencies in the auth package.
- */
-@Module
-@InstallIn(SingletonComponent::class)
-object AuthNetworkModule {
-
-    @Provides
-    @Singleton
-    fun providesAccountService(
-        retrofits: Retrofits,
-        json: Json,
-    ): AccountsService = AccountsServiceImpl(
-        unauthenticatedAccountsApi = retrofits.unauthenticatedApiRetrofit.create(),
-        authenticatedAccountsApi = retrofits.authenticatedApiRetrofit.create(),
-        unauthenticatedKeyConnectorApi = retrofits.createStaticRetrofit().create(),
-        authenticatedKeyConnectorApi = retrofits
-            .createStaticRetrofit(isAuthenticated = true)
-            .create(),
-        json = json,
-    )
-
-    @Provides
-    @Singleton
-    fun providesAuthRequestsService(
-        retrofits: Retrofits,
-    ): AuthRequestsService = AuthRequestsServiceImpl(
-        authenticatedAuthRequestsApi = retrofits.authenticatedApiRetrofit.create(),
-    )
-
-    @Provides
-    @Singleton
-    fun providesDevicesService(
-        retrofits: Retrofits,
-    ): DevicesService = DevicesServiceImpl(
-        authenticatedDevicesApi = retrofits.authenticatedApiRetrofit.create(),
-        unauthenticatedDevicesApi = retrofits.unauthenticatedApiRetrofit.create(),
-    )
-
-    @Provides
-    @Singleton
-    fun providesIdentityService(
-        retrofits: Retrofits,
-        json: Json,
-    ): IdentityService = IdentityServiceImpl(
-        unauthenticatedIdentityApi = retrofits.unauthenticatedIdentityRetrofit.create(),
-        json = json,
-    )
-
-    @Provides
-    @Singleton
-    fun providesHaveIBeenPwnedService(
-        retrofits: Retrofits,
-    ): HaveIBeenPwnedService = HaveIBeenPwnedServiceImpl(
-        api = retrofits
-            .createStaticRetrofit(baseUrl = "https://api.pwnedpasswords.com")
-            .create(),
-    )
-
-    @Provides
-    @Singleton
-    fun providesNewAuthRequestService(
-        retrofits: Retrofits,
-    ): NewAuthRequestService = NewAuthRequestServiceImpl(
-        authenticatedAuthRequestsApi = retrofits.authenticatedApiRetrofit.create(),
-        unauthenticatedAuthRequestsApi = retrofits.unauthenticatedApiRetrofit.create(),
-    )
-
-    @Provides
-    @Singleton
-    fun providesOrganizationService(
-        retrofits: Retrofits,
-    ): OrganizationService = OrganizationServiceImpl(
-        authenticatedOrganizationApi = retrofits.authenticatedApiRetrofit.create(),
-        unauthenticatedOrganizationApi = retrofits.unauthenticatedApiRetrofit.create(),
-    )
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/OrganizationDomainSsoDetailsRequestJson.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/OrganizationDomainSsoDetailsRequestJson.kt
@@ -1,14 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.model
-
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-
-/**
- * Request body object when retrieving organization domain SSO info.
- *
- * @param email The email address to check against.
- */
-@Serializable
-data class OrganizationDomainSsoDetailsRequestJson(
-    @SerialName("email") val email: String,
-)
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/OrganizationDomainSsoDetailsResponseJson.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/OrganizationDomainSsoDetailsResponseJson.kt
@@ -1,26 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.model
-
-import kotlinx.serialization.Contextual
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-import java.time.ZonedDateTime
-
-/**
- * Response object returned when requesting organization domain SSO details.
- *
- * @property isSsoAvailable Whether or not SSO is available for this domain.
- * @property organizationIdentifier The organization's identifier.
- * @property verifiedDate The date the domain was verified.
- */
-@Serializable
-data class OrganizationDomainSsoDetailsResponseJson(
-    @SerialName("ssoAvailable")
-    val isSsoAvailable: Boolean,
-
-    @SerialName("organizationIdentifier")
-    val organizationIdentifier: String,
-
-    @SerialName("verifiedDate")
-    @Contextual
-    val verifiedDate: ZonedDateTime?,
-)
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/RefreshTokenResponseJson.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/RefreshTokenResponseJson.kt
@@ -1,27 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.model
-
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-
-/**
- * Models the response body from the refresh token request.
- *
- * @property accessToken The new access token.
- * @property expiresIn When the new [accessToken] expires.
- * @property refreshToken The new refresh token.
- * @property tokenType The type of token the new [accessToken] is.
- */
-@Serializable
-data class RefreshTokenResponseJson(
-    @SerialName("access_token")
-    val accessToken: String,
-
-    @SerialName("expires_in")
-    val expiresIn: Int,
-
-    @SerialName("refresh_token")
-    val refreshToken: String,
-
-    @SerialName("token_type")
-    val tokenType: String,
-)
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/RegisterResponseJson.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/RegisterResponseJson.kt
@@ -1,75 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.model
-
-import kotlinx.serialization.ExperimentalSerializationApi
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-import kotlinx.serialization.json.JsonNames
-
-/**
- * Models response bodies for the register request.
- */
-@Serializable
-sealed class RegisterResponseJson {
-
-    /**
-     * Models a successful json response of the register request.
-     *
-     * @param captchaBypassToken the bypass token.
-     */
-    @Serializable
-    data class Success(
-        @SerialName("captchaBypassToken")
-        val captchaBypassToken: String,
-    ) : RegisterResponseJson()
-
-    /**
-     * Models a json body of a captcha error.
-     *
-     * @param validationErrors object containing error validations of the response.
-     */
-    @Serializable
-    data class CaptchaRequired(
-        @SerialName("validationErrors")
-        val validationErrors: ValidationErrors,
-    ) : RegisterResponseJson() {
-
-        /**
-         * Error validations containing a HCaptcha Site Key.
-         *
-         * @param captchaKeys keys for attempting captcha verification.
-         */
-        @Serializable
-        data class ValidationErrors(
-            @SerialName("HCaptcha_SiteKey")
-            val captchaKeys: List<String>,
-        )
-    }
-
-    /**
-     * Represents the json body of an invalid register request.
-     *
-     * @param validationErrors a map where each value is a list of error messages for each key.
-     * The values in the array should be used for display to the user, since the keys tend to come
-     * back as nonsense. (eg: empty string key)
-     */
-    @OptIn(ExperimentalSerializationApi::class)
-    @Serializable
-    data class Invalid(
-        @JsonNames("message")
-        @SerialName("Message")
-        private val invalidMessage: String? = null,
-
-        @SerialName("validationErrors")
-        private val validationErrors: Map<String, List<String>>?,
-    ) : RegisterResponseJson() {
-        /**
-         * A generic error message.
-         */
-        val message: String?
-            get() = validationErrors
-                ?.values
-                ?.firstOrNull()
-                ?.firstOrNull()
-                ?: invalidMessage
-    }
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/SendVerificationEmailResponseJson.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/SendVerificationEmailResponseJson.kt
@@ -1,45 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.model
-
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-
-/**
- * The response body for sending a verification email.
- */
-@Serializable
-sealed class SendVerificationEmailResponseJson {
-
-    /**
-     * Models a successful json response.
-     *
-     * @param emailVerificationToken the token to verify the email.
-     */
-    @Serializable
-    data class Success(
-        val emailVerificationToken: String?,
-    ) : SendVerificationEmailResponseJson()
-
-    /**
-     * Represents the json body of an invalid request.
-     *
-     * @param validationErrors a map where each value is a list of error messages for each key.
-     * The values in the array should be used for display to the user, since the keys tend to come
-     * back as nonsense. (eg: empty string key)
-     */
-    @Serializable
-    data class Invalid(
-        @SerialName("message")
-        private val invalidMessage: String? = null,
-
-        @SerialName("Message")
-        private val errorMessage: String? = null,
-
-        @SerialName("validationErrors")
-        val validationErrors: Map<String, List<String>>?,
-    ) : SendVerificationEmailResponseJson() {
-        /**
-         * A generic error message.
-         */
-        val message: String? get() = invalidMessage ?: errorMessage
-    }
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/AccountsService.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/AccountsService.kt
@@ -1,112 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.service
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.DeleteAccountResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorKeyRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PasswordHintResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendEmailRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendNewDeviceOtpRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResetPasswordRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.SetPasswordRequestJson
-
-/**
- * Provides an API for querying accounts endpoints.
- */
-@Suppress("TooManyFunctions")
-interface AccountsService {
-
-    /**
-     * Converts the currently active account to a key-connector account.
-     */
-    suspend fun convertToKeyConnector(): Result<Unit>
-
-    /**
-     * Creates a new account's keys.
-     */
-    suspend fun createAccountKeys(publicKey: String, encryptedPrivateKey: String): Result<Unit>
-
-    /**
-     * Make delete account request.
-     */
-    suspend fun deleteAccount(
-        masterPasswordHash: String?,
-        oneTimePassword: String?,
-    ): Result<DeleteAccountResponseJson>
-
-    /**
-     * Request a one-time passcode that is sent to the user's email.
-     */
-    suspend fun requestOneTimePasscode(): Result<Unit>
-
-    /**
-     * Verify that the provided [passcode] is correct.
-     */
-    suspend fun verifyOneTimePasscode(passcode: String): Result<Unit>
-
-    /**
-     * Request a password hint.
-     */
-    suspend fun requestPasswordHint(email: String): Result<PasswordHintResponseJson>
-
-    /**
-     * Resend the email with the two-factor verification code.
-     */
-    suspend fun resendVerificationCodeEmail(body: ResendEmailRequestJson): Result<Unit>
-
-    /**
-     * Resend the email with the verification code for new devices
-     */
-    suspend fun resendNewDeviceOtp(body: ResendNewDeviceOtpRequestJson): Result<Unit>
-
-    /**
-     * Reset the password.
-     */
-    suspend fun resetPassword(body: ResetPasswordRequestJson): Result<Unit>
-
-    /**
-     * Set the key connector key.
-     *
-     * This API requires the [accessToken] to be passed in manually because it occurs during the
-     * login process.
-     */
-    suspend fun setKeyConnectorKey(
-        accessToken: String,
-        body: KeyConnectorKeyRequestJson,
-    ): Result<Unit>
-
-    /**
-     * Set the password.
-     */
-    suspend fun setPassword(body: SetPasswordRequestJson): Result<Unit>
-
-    /**
-     * Retrieves the master key from the key connector.
-     *
-     * This API requires the [accessToken] to be passed in manually because it occurs during the
-     * login process.
-     */
-    suspend fun getMasterKeyFromKeyConnector(
-        url: String,
-        accessToken: String,
-    ): Result<KeyConnectorMasterKeyResponseJson>
-
-    /**
-     * Stores the master key to the key connector.
-     */
-    suspend fun storeMasterKeyToKeyConnector(
-        url: String,
-        masterKey: String,
-    ): Result<Unit>
-
-    /**
-     * Stores the master key to the key connector.
-     *
-     * This API requires the [accessToken] to be passed in manually because it occurs during the
-     * login process.
-     */
-    suspend fun storeMasterKeyToKeyConnector(
-        url: String,
-        accessToken: String,
-        masterKey: String,
-    ): Result<Unit>
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/AccountsServiceImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/AccountsServiceImpl.kt
@@ -1,186 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.service
-
-import com.x8bit.bitwarden.data.auth.datasource.network.api.AuthenticatedAccountsApi
-import com.x8bit.bitwarden.data.auth.datasource.network.api.AuthenticatedKeyConnectorApi
-import com.x8bit.bitwarden.data.auth.datasource.network.api.UnauthenticatedAccountsApi
-import com.x8bit.bitwarden.data.auth.datasource.network.api.UnauthenticatedKeyConnectorApi
-import com.x8bit.bitwarden.data.auth.datasource.network.model.CreateAccountKeysRequest
-import com.x8bit.bitwarden.data.auth.datasource.network.model.DeleteAccountRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.DeleteAccountResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorKeyRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PasswordHintRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PasswordHintResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendEmailRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendNewDeviceOtpRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResetPasswordRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.SetPasswordRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyOtpRequestJson
-import com.x8bit.bitwarden.data.platform.datasource.network.model.toBitwardenError
-import com.x8bit.bitwarden.data.platform.datasource.network.util.HEADER_VALUE_BEARER_PREFIX
-import com.x8bit.bitwarden.data.platform.datasource.network.util.NetworkErrorCode
-import com.x8bit.bitwarden.data.platform.datasource.network.util.parseErrorBodyOrNull
-import com.x8bit.bitwarden.data.platform.datasource.network.util.toResult
-import kotlinx.serialization.json.Json
-
-/**
- * The default implementation of the [AccountsService].
- */
-@Suppress("TooManyFunctions")
-class AccountsServiceImpl(
-    private val unauthenticatedAccountsApi: UnauthenticatedAccountsApi,
-    private val authenticatedAccountsApi: AuthenticatedAccountsApi,
-    private val unauthenticatedKeyConnectorApi: UnauthenticatedKeyConnectorApi,
-    private val authenticatedKeyConnectorApi: AuthenticatedKeyConnectorApi,
-    private val json: Json,
-) : AccountsService {
-
-    /**
-     * Converts the currently active account to a key-connector account.
-     */
-    override suspend fun convertToKeyConnector(): Result<Unit> =
-        authenticatedAccountsApi
-            .convertToKeyConnector()
-            .toResult()
-
-    override suspend fun createAccountKeys(
-        publicKey: String,
-        encryptedPrivateKey: String,
-    ): Result<Unit> =
-        authenticatedAccountsApi
-            .createAccountKeys(
-                body = CreateAccountKeysRequest(
-                    publicKey = publicKey,
-                    encryptedPrivateKey = encryptedPrivateKey,
-                ),
-            )
-            .toResult()
-
-    override suspend fun deleteAccount(
-        masterPasswordHash: String?,
-        oneTimePassword: String?,
-    ): Result<DeleteAccountResponseJson> =
-        authenticatedAccountsApi
-            .deleteAccount(
-                DeleteAccountRequestJson(
-                    masterPasswordHash = masterPasswordHash,
-                    oneTimePassword = oneTimePassword,
-                ),
-            )
-            .toResult()
-            .map { DeleteAccountResponseJson.Success }
-            .recoverCatching { throwable ->
-                throwable
-                    .toBitwardenError()
-                    .parseErrorBodyOrNull<DeleteAccountResponseJson.Invalid>(
-                        code = NetworkErrorCode.BAD_REQUEST,
-                        json = json,
-                    )
-                    ?: throw throwable
-            }
-
-    override suspend fun requestOneTimePasscode(): Result<Unit> =
-        authenticatedAccountsApi
-            .requestOtp()
-            .toResult()
-
-    override suspend fun verifyOneTimePasscode(passcode: String): Result<Unit> =
-        authenticatedAccountsApi
-            .verifyOtp(
-                VerifyOtpRequestJson(
-                    oneTimePasscode = passcode,
-                ),
-            )
-            .toResult()
-
-    override suspend fun requestPasswordHint(
-        email: String,
-    ): Result<PasswordHintResponseJson> =
-        unauthenticatedAccountsApi
-            .passwordHintRequest(PasswordHintRequestJson(email))
-            .toResult()
-            .map { PasswordHintResponseJson.Success }
-            .recoverCatching { throwable ->
-                throwable
-                    .toBitwardenError()
-                    .parseErrorBodyOrNull<PasswordHintResponseJson.Error>(
-                        code = NetworkErrorCode.TOO_MANY_REQUESTS,
-                        json = json,
-                    )
-                    ?: throw throwable
-            }
-
-    override suspend fun resendVerificationCodeEmail(body: ResendEmailRequestJson): Result<Unit> =
-        unauthenticatedAccountsApi
-            .resendVerificationCodeEmail(body = body)
-            .toResult()
-
-    override suspend fun resendNewDeviceOtp(body: ResendNewDeviceOtpRequestJson): Result<Unit> =
-        unauthenticatedAccountsApi
-            .resendNewDeviceOtp(body = body)
-            .toResult()
-
-    override suspend fun resetPassword(body: ResetPasswordRequestJson): Result<Unit> =
-        if (body.currentPasswordHash == null) {
-            authenticatedAccountsApi
-                .resetTempPassword(body = body)
-                .toResult()
-        } else {
-            authenticatedAccountsApi
-                .resetPassword(body = body)
-                .toResult()
-        }
-
-    override suspend fun setKeyConnectorKey(
-        accessToken: String,
-        body: KeyConnectorKeyRequestJson,
-    ): Result<Unit> =
-        unauthenticatedAccountsApi
-            .setKeyConnectorKey(
-                body = body,
-                bearerToken = "$HEADER_VALUE_BEARER_PREFIX$accessToken",
-            )
-            .toResult()
-
-    override suspend fun setPassword(
-        body: SetPasswordRequestJson,
-    ): Result<Unit> = authenticatedAccountsApi
-        .setPassword(body)
-        .toResult()
-
-    override suspend fun getMasterKeyFromKeyConnector(
-        url: String,
-        accessToken: String,
-    ): Result<KeyConnectorMasterKeyResponseJson> =
-        unauthenticatedKeyConnectorApi
-            .getMasterKeyFromKeyConnector(
-                url = "$url/user-keys",
-                bearerToken = "$HEADER_VALUE_BEARER_PREFIX$accessToken",
-            )
-            .toResult()
-
-    override suspend fun storeMasterKeyToKeyConnector(
-        url: String,
-        masterKey: String,
-    ): Result<Unit> =
-        authenticatedKeyConnectorApi
-            .storeMasterKeyToKeyConnector(
-                url = "$url/user-keys",
-                body = KeyConnectorMasterKeyRequestJson(masterKey = masterKey),
-            )
-            .toResult()
-
-    override suspend fun storeMasterKeyToKeyConnector(
-        url: String,
-        accessToken: String,
-        masterKey: String,
-    ): Result<Unit> =
-        unauthenticatedKeyConnectorApi
-            .storeMasterKeyToKeyConnector(
-                url = "$url/user-keys",
-                bearerToken = "$HEADER_VALUE_BEARER_PREFIX$accessToken",
-                body = KeyConnectorMasterKeyRequestJson(masterKey = masterKey),
-            )
-            .toResult()
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/AuthRequestsServiceImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/AuthRequestsServiceImpl.kt
@@ -1,41 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.service
-
-import com.x8bit.bitwarden.data.auth.datasource.network.api.AuthenticatedAuthRequestsApi
-import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestUpdateRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestsResponseJson
-import com.x8bit.bitwarden.data.platform.datasource.network.util.toResult
-
-class AuthRequestsServiceImpl(
-    private val authenticatedAuthRequestsApi: AuthenticatedAuthRequestsApi,
-) : AuthRequestsService {
-    override suspend fun getAuthRequests(): Result<AuthRequestsResponseJson> =
-        authenticatedAuthRequestsApi
-            .getAuthRequests()
-            .toResult()
-
-    override suspend fun getAuthRequest(
-        requestId: String,
-    ): Result<AuthRequestsResponseJson.AuthRequest> =
-        authenticatedAuthRequestsApi
-            .getAuthRequest(requestId = requestId)
-            .toResult()
-
-    override suspend fun updateAuthRequest(
-        requestId: String,
-        key: String,
-        masterPasswordHash: String?,
-        deviceId: String,
-        isApproved: Boolean,
-    ): Result<AuthRequestsResponseJson.AuthRequest> =
-        authenticatedAuthRequestsApi
-            .updateAuthRequest(
-                userId = requestId,
-                body = AuthRequestUpdateRequestJson(
-                    key = key,
-                    masterPasswordHash = masterPasswordHash,
-                    deviceId = deviceId,
-                    isApproved = isApproved,
-                ),
-            )
-            .toResult()
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/DevicesServiceImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/DevicesServiceImpl.kt
@@ -1,39 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.service
-
-import com.x8bit.bitwarden.data.auth.datasource.network.api.AuthenticatedDevicesApi
-import com.x8bit.bitwarden.data.auth.datasource.network.api.UnauthenticatedDevicesApi
-import com.x8bit.bitwarden.data.auth.datasource.network.model.TrustedDeviceKeysRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.TrustedDeviceKeysResponseJson
-import com.x8bit.bitwarden.data.platform.datasource.network.util.base64UrlEncode
-import com.x8bit.bitwarden.data.platform.datasource.network.util.toResult
-
-class DevicesServiceImpl(
-    private val authenticatedDevicesApi: AuthenticatedDevicesApi,
-    private val unauthenticatedDevicesApi: UnauthenticatedDevicesApi,
-) : DevicesService {
-    override suspend fun getIsKnownDevice(
-        emailAddress: String,
-        deviceId: String,
-    ): Result<Boolean> = unauthenticatedDevicesApi
-        .getIsKnownDevice(
-            emailAddress = emailAddress.base64UrlEncode(),
-            deviceId = deviceId,
-        )
-        .toResult()
-
-    override suspend fun trustDevice(
-        appId: String,
-        encryptedUserKey: String,
-        encryptedDevicePublicKey: String,
-        encryptedDevicePrivateKey: String,
-    ): Result<TrustedDeviceKeysResponseJson> = authenticatedDevicesApi
-        .updateTrustedDeviceKeys(
-            appId = appId,
-            request = TrustedDeviceKeysRequestJson(
-                encryptedUserKey = encryptedUserKey,
-                encryptedDevicePublicKey = encryptedDevicePublicKey,
-                encryptedDevicePrivateKey = encryptedDevicePrivateKey,
-            ),
-        )
-        .toResult()
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/IdentityService.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/IdentityService.kt
@@ -1,87 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.service
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.GetTokenResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.IdentityTokenAuthModel
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PreLoginResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PrevalidateSsoResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RefreshTokenResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterFinishRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.SendVerificationEmailRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.SendVerificationEmailResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.TwoFactorDataModel
-import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyEmailTokenRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyEmailTokenResponseJson
-
-/**
- * Provides an API for querying identity endpoints.
- */
-interface IdentityService {
-
-    /**
-     * Make pre login request to get KDF params.
-     */
-    suspend fun preLogin(email: String): Result<PreLoginResponseJson>
-
-    /**
-     * Register a new account to Bitwarden.
-     */
-    suspend fun register(body: RegisterRequestJson): Result<RegisterResponseJson>
-
-    /**
-     * Make request to get an access token.
-     *
-     * @param uniqueAppId applications unique identifier.
-     * @param email user's email address.
-     * @param authModel information necessary to authenticate with any
-     * of the available login methods.
-     * @param captchaToken captcha token to be passed to the API (nullable).
-     * @param twoFactorData the two-factor data, if applicable.
-     */
-    @Suppress("LongParameterList")
-    suspend fun getToken(
-        uniqueAppId: String,
-        email: String,
-        authModel: IdentityTokenAuthModel,
-        captchaToken: String?,
-        twoFactorData: TwoFactorDataModel? = null,
-        newDeviceOtp: String? = null,
-    ): Result<GetTokenResponseJson>
-
-    /**
-     * Prevalidates the organization identifier used in an SSO request.
-     *
-     * @param organizationIdentifier The SSO organization identifier.
-     */
-    suspend fun prevalidateSso(
-        organizationIdentifier: String,
-    ): Result<PrevalidateSsoResponseJson>
-
-    /**
-     * Synchronously makes a request to get refresh the access token.
-     *
-     * @param refreshToken The refresh token needed to obtain a new token.
-     */
-    fun refreshTokenSynchronously(refreshToken: String): Result<RefreshTokenResponseJson>
-
-    /**
-     * Send a verification email.
-     */
-    suspend fun sendVerificationEmail(
-        body: SendVerificationEmailRequestJson,
-    ): Result<SendVerificationEmailResponseJson>
-
-    /**
-     * Register a new account to Bitwarden using email verification flow.
-     */
-    suspend fun registerFinish(body: RegisterFinishRequestJson): Result<RegisterResponseJson>
-
-    /**
-     * Makes request to verify email registration token. If the token provided is
-     * still valid will return success.
-     */
-    suspend fun verifyEmailRegistrationToken(
-        body: VerifyEmailTokenRequestJson,
-    ): Result<VerifyEmailTokenResponseJson>
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/IdentityServiceImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/IdentityServiceImpl.kt
@@ -1,200 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.service
-
-import com.x8bit.bitwarden.data.auth.datasource.network.api.UnauthenticatedIdentityApi
-import com.x8bit.bitwarden.data.auth.datasource.network.model.GetTokenResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.IdentityTokenAuthModel
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PreLoginRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PreLoginResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PrevalidateSsoResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RefreshTokenResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterFinishRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.SendVerificationEmailRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.SendVerificationEmailResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.TwoFactorDataModel
-import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyEmailTokenRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyEmailTokenResponseJson
-import com.x8bit.bitwarden.data.platform.datasource.network.model.toBitwardenError
-import com.x8bit.bitwarden.data.platform.datasource.network.util.NetworkErrorCode
-import com.x8bit.bitwarden.data.platform.datasource.network.util.base64UrlEncode
-import com.x8bit.bitwarden.data.platform.datasource.network.util.executeForNetworkResult
-import com.x8bit.bitwarden.data.platform.datasource.network.util.parseErrorBodyOrNull
-import com.x8bit.bitwarden.data.platform.datasource.network.util.toResult
-import com.x8bit.bitwarden.data.platform.util.DeviceModelProvider
-import kotlinx.serialization.json.Json
-
-class IdentityServiceImpl(
-    private val unauthenticatedIdentityApi: UnauthenticatedIdentityApi,
-    private val json: Json,
-    private val deviceModelProvider: DeviceModelProvider = DeviceModelProvider(),
-) : IdentityService {
-
-    override suspend fun preLogin(email: String): Result<PreLoginResponseJson> =
-        unauthenticatedIdentityApi
-            .preLogin(PreLoginRequestJson(email = email))
-            .toResult()
-
-    override suspend fun register(body: RegisterRequestJson): Result<RegisterResponseJson> =
-        unauthenticatedIdentityApi
-            .register(body)
-            .toResult()
-            .recoverCatching { throwable ->
-                val bitwardenError = throwable.toBitwardenError()
-                bitwardenError
-                    .parseErrorBodyOrNull<RegisterResponseJson.CaptchaRequired>(
-                        code = NetworkErrorCode.BAD_REQUEST,
-                        json = json,
-                    )
-                    ?: bitwardenError.parseErrorBodyOrNull<RegisterResponseJson.Invalid>(
-                        codes = listOf(
-                            NetworkErrorCode.BAD_REQUEST,
-                            NetworkErrorCode.TOO_MANY_REQUESTS,
-                        ),
-                        json = json,
-                    )
-                    ?: throw throwable
-            }
-
-    override suspend fun getToken(
-        uniqueAppId: String,
-        email: String,
-        authModel: IdentityTokenAuthModel,
-        captchaToken: String?,
-        twoFactorData: TwoFactorDataModel?,
-        newDeviceOtp: String?,
-    ): Result<GetTokenResponseJson> = unauthenticatedIdentityApi
-        .getToken(
-            scope = "api offline_access",
-            clientId = "mobile",
-            authEmail = email.base64UrlEncode(),
-            deviceIdentifier = uniqueAppId,
-            deviceName = deviceModelProvider.deviceModel,
-            deviceType = "0",
-            grantType = authModel.grantType,
-            passwordHash = authModel.password,
-            email = email,
-            ssoCode = authModel.ssoCode,
-            ssoCodeVerifier = authModel.ssoCodeVerifier,
-            ssoRedirectUri = authModel.ssoRedirectUri,
-            twoFactorCode = twoFactorData?.code,
-            twoFactorMethod = twoFactorData?.method,
-            twoFactorRemember = twoFactorData?.remember?.let { if (it) "1" else "0 " },
-            captchaResponse = captchaToken,
-            authRequestId = authModel.authRequestId,
-            newDeviceOtp = newDeviceOtp,
-        )
-        .toResult()
-        .recoverCatching { throwable ->
-            val bitwardenError = throwable.toBitwardenError()
-            bitwardenError
-                .parseErrorBodyOrNull<GetTokenResponseJson.CaptchaRequired>(
-                    code = NetworkErrorCode.BAD_REQUEST,
-                    json = json,
-                )
-                ?: bitwardenError.parseErrorBodyOrNull<GetTokenResponseJson.TwoFactorRequired>(
-                    code = NetworkErrorCode.BAD_REQUEST,
-                    json = json,
-                )
-                ?: bitwardenError.parseErrorBodyOrNull<GetTokenResponseJson.Invalid>(
-                    code = NetworkErrorCode.BAD_REQUEST,
-                    json = json,
-                )
-                ?: throw throwable
-        }
-
-    override suspend fun prevalidateSso(
-        organizationIdentifier: String,
-    ): Result<PrevalidateSsoResponseJson> = unauthenticatedIdentityApi
-        .prevalidateSso(
-            organizationIdentifier = organizationIdentifier,
-        )
-        .toResult()
-        .recoverCatching { throwable ->
-            val bitwardenError = throwable.toBitwardenError()
-            bitwardenError
-                .parseErrorBodyOrNull<PrevalidateSsoResponseJson.Error>(
-                    code = NetworkErrorCode.BAD_REQUEST,
-                    json = json,
-                )
-                ?: throw throwable
-        }
-
-    override fun refreshTokenSynchronously(
-        refreshToken: String,
-    ): Result<RefreshTokenResponseJson> = unauthenticatedIdentityApi
-        .refreshTokenCall(
-            clientId = "mobile",
-            grantType = "refresh_token",
-            refreshToken = refreshToken,
-        )
-        .executeForNetworkResult()
-        .toResult()
-
-    override suspend fun registerFinish(
-        body: RegisterFinishRequestJson,
-    ): Result<RegisterResponseJson> =
-        unauthenticatedIdentityApi
-            .registerFinish(body)
-            .toResult()
-            .recoverCatching { throwable ->
-                val bitwardenError = throwable.toBitwardenError()
-                bitwardenError
-                    .parseErrorBodyOrNull<RegisterResponseJson.Invalid>(
-                        codes = listOf(
-                            NetworkErrorCode.BAD_REQUEST,
-                            NetworkErrorCode.TOO_MANY_REQUESTS,
-                        ),
-                        json = json,
-                    )
-                    ?: throw throwable
-            }
-
-    override suspend fun sendVerificationEmail(
-        body: SendVerificationEmailRequestJson,
-    ): Result<SendVerificationEmailResponseJson> {
-        return unauthenticatedIdentityApi
-            .sendVerificationEmail(body = body)
-            .toResult()
-            .map { SendVerificationEmailResponseJson.Success(it?.content) }
-            .recoverCatching { throwable ->
-                throwable
-                    .toBitwardenError()
-                    .parseErrorBodyOrNull<SendVerificationEmailResponseJson.Invalid>(
-                        code = NetworkErrorCode.BAD_REQUEST,
-                        json = json,
-                    )
-                    ?: throw throwable
-            }
-    }
-
-    override suspend fun verifyEmailRegistrationToken(
-        body: VerifyEmailTokenRequestJson,
-    ): Result<VerifyEmailTokenResponseJson> = unauthenticatedIdentityApi
-        .verifyEmailToken(
-            body = body,
-        )
-        .toResult()
-        .map { VerifyEmailTokenResponseJson.Valid }
-        .recoverCatching { throwable ->
-            val bitwardenError = throwable.toBitwardenError()
-            bitwardenError
-                .parseErrorBodyOrNull<VerifyEmailTokenResponseJson.Invalid>(
-                    code = NetworkErrorCode.BAD_REQUEST,
-                    json = json,
-                )
-                ?.checkForExpiredMessage()
-                ?: throw throwable
-        }
-}
-
-/**
- * If the message body contains text related to the token being expired, return
- * the TokenExpired type. Otherwise, return the original Invalid response.
- */
-private fun VerifyEmailTokenResponseJson.Invalid.checkForExpiredMessage() =
-    if (message.contains(other = "expired", ignoreCase = true)) {
-        VerifyEmailTokenResponseJson.TokenExpired
-    } else {
-        this
-    }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/OrganizationService.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/OrganizationService.kt
@@ -1,50 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.service
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationAutoEnrollStatusResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationDomainSsoDetailsResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationKeysResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifiedOrganizationDomainSsoDetailsResponse
-
-/**
- * Provides an API for querying organization endpoints.
- */
-interface OrganizationService {
-    /**
-     * Enrolls a user with the given [userId] in this organizations reset password functionality.
-     */
-    suspend fun organizationResetPasswordEnroll(
-        organizationId: String,
-        userId: String,
-        passwordHash: String?,
-        resetPasswordKey: String,
-    ): Result<Unit>
-
-    /**
-     * Request claimed organization domain information for an [email] needed for SSO requests.
-     */
-    suspend fun getOrganizationDomainSsoDetails(
-        email: String,
-    ): Result<OrganizationDomainSsoDetailsResponseJson>
-
-    /**
-     * Gets info regarding whether this organization enforces reset password auto enrollment.
-     */
-    suspend fun getOrganizationAutoEnrollStatus(
-        organizationIdentifier: String,
-    ): Result<OrganizationAutoEnrollStatusResponseJson>
-
-    /**
-     * Gets the public and private keys for this organization.
-     */
-    suspend fun getOrganizationKeys(
-        organizationId: String,
-    ): Result<OrganizationKeysResponseJson>
-
-    /**
-     * Request organization verified domain details for an [email] needed for SSO
-     * requests.
-     */
-    suspend fun getVerifiedOrganizationDomainSsoDetails(
-        email: String,
-    ): Result<VerifiedOrganizationDomainSsoDetailsResponse>
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/OrganizationServiceImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/OrganizationServiceImpl.kt
@@ -1,72 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.service
-
-import com.x8bit.bitwarden.data.auth.datasource.network.api.AuthenticatedOrganizationApi
-import com.x8bit.bitwarden.data.auth.datasource.network.api.UnauthenticatedOrganizationApi
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationAutoEnrollStatusResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationDomainSsoDetailsRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationDomainSsoDetailsResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationKeysResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationResetPasswordEnrollRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifiedOrganizationDomainSsoDetailsRequest
-import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifiedOrganizationDomainSsoDetailsResponse
-import com.x8bit.bitwarden.data.platform.datasource.network.util.toResult
-
-/**
- * Default implementation of [OrganizationService].
- */
-class OrganizationServiceImpl(
-    private val authenticatedOrganizationApi: AuthenticatedOrganizationApi,
-    private val unauthenticatedOrganizationApi: UnauthenticatedOrganizationApi,
-) : OrganizationService {
-    override suspend fun organizationResetPasswordEnroll(
-        organizationId: String,
-        userId: String,
-        passwordHash: String?,
-        resetPasswordKey: String,
-    ): Result<Unit> = authenticatedOrganizationApi
-        .organizationResetPasswordEnroll(
-            organizationId = organizationId,
-            userId = userId,
-            body = OrganizationResetPasswordEnrollRequestJson(
-                passwordHash = passwordHash,
-                resetPasswordKey = resetPasswordKey,
-            ),
-        )
-        .toResult()
-
-    override suspend fun getOrganizationDomainSsoDetails(
-        email: String,
-    ): Result<OrganizationDomainSsoDetailsResponseJson> = unauthenticatedOrganizationApi
-        .getClaimedDomainOrganizationDetails(
-            body = OrganizationDomainSsoDetailsRequestJson(
-                email = email,
-            ),
-        )
-        .toResult()
-
-    override suspend fun getOrganizationAutoEnrollStatus(
-        organizationIdentifier: String,
-    ): Result<OrganizationAutoEnrollStatusResponseJson> = authenticatedOrganizationApi
-        .getOrganizationAutoEnrollResponse(
-            organizationIdentifier = organizationIdentifier,
-        )
-        .toResult()
-
-    override suspend fun getOrganizationKeys(
-        organizationId: String,
-    ): Result<OrganizationKeysResponseJson> = authenticatedOrganizationApi
-        .getOrganizationKeys(
-            organizationId = organizationId,
-        )
-        .toResult()
-
-    override suspend fun getVerifiedOrganizationDomainSsoDetails(
-        email: String,
-    ): Result<VerifiedOrganizationDomainSsoDetailsResponse> = unauthenticatedOrganizationApi
-        .getVerifiedOrganizationDomainsByEmail(
-            body = VerifiedOrganizationDomainSsoDetailsRequest(
-                email = email,
-            ),
-        )
-        .toResult()
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/util/TwoFactorAuthMethodExtensions.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/util/TwoFactorAuthMethodExtensions.kt
@@ -1,19 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.util
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.TwoFactorAuthMethod
-
-/**
- * The priority, used to determine the default method from a list of available methods.
- * (Higher value = preference to use the method if it's available)
- */
-@Suppress("MagicNumber")
-val TwoFactorAuthMethod.priority: Int
-    get() = when (this) {
-        TwoFactorAuthMethod.AUTHENTICATOR_APP -> 1
-        TwoFactorAuthMethod.EMAIL -> 0
-        TwoFactorAuthMethod.DUO -> 2
-        TwoFactorAuthMethod.YUBI_KEY -> 3
-        TwoFactorAuthMethod.DUO_ORGANIZATION -> 20
-        TwoFactorAuthMethod.WEB_AUTH -> 4
-        else -> -1
-    }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/sdk/util/KdfExtensions.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/sdk/util/KdfExtensions.kt
@@ -1,15 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.sdk.util
-
-import com.bitwarden.crypto.Kdf
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson.ARGON2_ID
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson.PBKDF2_SHA256
-
-/**
- * Convert a [Kdf] to a [KdfTypeJson].
- */
-fun Kdf.toKdfTypeJson(): KdfTypeJson =
-    when (this) {
-        is Kdf.Argon2id -> ARGON2_ID
-        is Kdf.Pbkdf2 -> PBKDF2_SHA256
-    }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/KeyConnectorManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/KeyConnectorManagerImpl.kt
@@ -1,88 +0,0 @@
-package com.x8bit.bitwarden.data.auth.manager
-
-import com.bitwarden.core.KeyConnectorResponse
-import com.bitwarden.crypto.Kdf
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorKeyRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsService
-import com.x8bit.bitwarden.data.auth.datasource.sdk.AuthSdkSource
-import com.x8bit.bitwarden.data.platform.util.flatMap
-import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
-
-/**
- * The default implementation of the [KeyConnectorManager].
- */
-class KeyConnectorManagerImpl(
-    private val accountsService: AccountsService,
-    private val authSdkSource: AuthSdkSource,
-    private val vaultSdkSource: VaultSdkSource,
-) : KeyConnectorManager {
-    override suspend fun getMasterKeyFromKeyConnector(
-        url: String,
-        accessToken: String,
-    ): Result<KeyConnectorMasterKeyResponseJson> =
-        accountsService.getMasterKeyFromKeyConnector(
-            url = url,
-            accessToken = accessToken,
-        )
-
-    override suspend fun migrateExistingUserToKeyConnector(
-        userId: String,
-        url: String,
-        userKeyEncrypted: String,
-        email: String,
-        masterPassword: String,
-        kdf: Kdf,
-    ): Result<Unit> =
-        vaultSdkSource
-            .deriveKeyConnector(
-                userId = userId,
-                userKeyEncrypted = userKeyEncrypted,
-                email = email,
-                password = masterPassword,
-                kdf = kdf,
-            )
-            .flatMap { masterKey ->
-                accountsService.storeMasterKeyToKeyConnector(url = url, masterKey = masterKey)
-            }
-            .flatMap { accountsService.convertToKeyConnector() }
-
-    override suspend fun migrateNewUserToKeyConnector(
-        url: String,
-        accessToken: String,
-        kdfType: KdfTypeJson,
-        kdfIterations: Int?,
-        kdfMemory: Int?,
-        kdfParallelism: Int?,
-        organizationIdentifier: String,
-    ): Result<KeyConnectorResponse> =
-        authSdkSource
-            .makeKeyConnectorKeys()
-            .flatMap { keyConnectorResponse ->
-                accountsService
-                    .storeMasterKeyToKeyConnector(
-                        url = url,
-                        accessToken = accessToken,
-                        masterKey = keyConnectorResponse.masterKey,
-                    )
-                    .flatMap {
-                        accountsService.setKeyConnectorKey(
-                            accessToken = accessToken,
-                            body = KeyConnectorKeyRequestJson(
-                                userKey = keyConnectorResponse.encryptedUserKey,
-                                keys = KeyConnectorKeyRequestJson.Keys(
-                                    publicKey = keyConnectorResponse.keys.public,
-                                    encryptedPrivateKey = keyConnectorResponse.keys.private,
-                                ),
-                                kdfType = kdfType,
-                                kdfIterations = kdfIterations,
-                                kdfMemory = kdfMemory,
-                                kdfParallelism = kdfParallelism,
-                                organizationIdentifier = organizationIdentifier,
-                            ),
-                        )
-                    }
-                    .map { keyConnectorResponse }
-            }
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/UserLogoutManager.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/UserLogoutManager.kt
@@ -1,28 +0,0 @@
-package com.x8bit.bitwarden.data.auth.manager
-
-import com.x8bit.bitwarden.data.auth.manager.model.LogoutEvent
-import kotlinx.coroutines.flow.SharedFlow
-
-/**
- * Manages the logging out of users and clearing of their data.
- */
-interface UserLogoutManager {
-
-    /**
-     * Observable flow of [LogoutEvent]s
-     */
-    val logoutEventFlow: SharedFlow<LogoutEvent>
-
-    /**
-     * Completely logs out the given [userId], removing all data. If [isExpired] is true, a toast
-     * will be displayed letting the user know the session has expired.
-     */
-    fun logout(userId: String, isExpired: Boolean = false)
-
-    /**
-     * Partially logs out the given [userId]. All data for the given [userId] will be removed with
-     * the exception of basic account data. If [isExpired] is true, a toast will be displayed
-     * letting the user know the session has expired.
-     */
-    fun softLogout(userId: String, isExpired: Boolean = false)
-}
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .3.1
 .4.2