Adding more debug info

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.checkmarx/config.yml

@@ -8,4 +8,4 @@ checkmarx:
     configs:
       sast:
         # Exclude test directories
-        filter: "!app/src/test/**"
+        filter: "**/test/**,!**/androidTest/**,!**/commonTest/**,!**/jvmTest/**,!**/jsTest/**,!**/iosTest/**"

.editorconfig

@@ -12,127 +12,20 @@ end_of_line = lf
 charset = utf-8
 trim_trailing_whitespace = true
 insert_final_newline = true
-guidelines = 120
-
-# Code files
-[*.{cs,csx,vb,vbx}]
-indent_size = 4
-
-# Xml project files
-[*.{csproj,vbproj,vcxproj,vcxproj.filters,proj,projitems,shproj}]
-indent_size = 2
-
-# Xml config files
-[*.{props,targets,ruleset,config,nuspec,resx,vsixmanifest,vsct}]
-indent_size = 2
 
 # JSON files
 [*.json]
 indent_size = 2
 
-# JS files
-[*.{js,ts,scss,html}]
+# Kotlin files
+# noinspection EditorConfigKeyCorrectness
+[*.{kt,kts}]
+# https://pinterest.github.io/ktlint/1.0.1/rules/configuration-ktlint/#trailing-comma-on-declaration-site
+ij_kotlin_allow_trailing_comma = true
+# https://pinterest.github.io/ktlint/1.0.1/rules/configuration-ktlint/#trailing-comma-on-declaration-site
+trailing-comma-on-declaration-site = true
+# https://pinterest.github.io/ktlint/1.0.1/rules/configuration-ktlint/#trailing-comma-on-call-site
+ij_kotlin_allow_trailing_comma_on_call_site = true
+
+[*.{scss,yml}]
 indent_size = 2
-
-[*.{ts}]
-quote_type = single
-
-[*.{scss,yml,csproj}]
-indent_size = 2
-
-[*.sln]
-indent_style = tab
-
-# Dotnet code style settings:
-[*.{cs,vb}]
-# Sort using and Import directives with System.* appearing first
-dotnet_sort_system_directives_first = true
-# Avoid "this." and "Me." if not necessary
-dotnet_style_qualification_for_field = false:suggestion
-dotnet_style_qualification_for_property = false:suggestion
-dotnet_style_qualification_for_method = false:suggestion
-dotnet_style_qualification_for_event = false:suggestion
-
-# Use language keywords instead of framework type names for type references
-dotnet_style_predefined_type_for_locals_parameters_members = true:suggestion
-dotnet_style_predefined_type_for_member_access = true:suggestion
-
-# Suggest more modern language features when available
-dotnet_style_object_initializer = true:suggestion
-dotnet_style_collection_initializer = true:suggestion
-dotnet_style_coalesce_expression = true:suggestion
-dotnet_style_null_propagation = true:suggestion
-dotnet_style_explicit_tuple_names = true:suggestion
-
-# Prefix private members with underscore
-dotnet_naming_rule.private_members_with_underscore.symbols = private_fields
-dotnet_naming_rule.private_members_with_underscore.style = prefix_underscore
-dotnet_naming_rule.private_members_with_underscore.severity = suggestion
-
-dotnet_naming_symbols.private_fields.applicable_kinds = field
-dotnet_naming_symbols.private_fields.applicable_accessibilities = private
-
-dotnet_naming_style.prefix_underscore.capitalization = camel_case
-dotnet_naming_style.prefix_underscore.required_prefix = _
-
-# Async methods should have "Async" suffix
-dotnet_naming_rule.async_methods_end_in_async.symbols = any_async_methods
-dotnet_naming_rule.async_methods_end_in_async.style = end_in_async
-dotnet_naming_rule.async_methods_end_in_async.severity = suggestion
-
-dotnet_naming_symbols.any_async_methods.applicable_kinds = method
-dotnet_naming_symbols.any_async_methods.applicable_accessibilities = *
-dotnet_naming_symbols.any_async_methods.required_modifiers = async
-
-dotnet_naming_style.end_in_async.required_prefix = 
-dotnet_naming_style.end_in_async.required_suffix = Async
-dotnet_naming_style.end_in_async.capitalization = pascal_case
-dotnet_naming_style.end_in_async.word_separator = 
-
-# Obsolete warnings, this should be removed or changed to warning once we address some of the obsolete items.
-dotnet_diagnostic.CS0618.severity = suggestion
-
-# Obsolete warnings, this should be removed or changed to warning once we address some of the obsolete items.
-dotnet_diagnostic.CS0612.severity = suggestion
-
-# Remove unnecessary using directives https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/style-rules/ide0005
-dotnet_diagnostic.IDE0005.severity = warning
-
-# CSharp code style settings:
-[*.cs]
-# Prefer "var" everywhere
-csharp_style_var_for_built_in_types = true:suggestion
-csharp_style_var_when_type_is_apparent = true:suggestion
-csharp_style_var_elsewhere = true:suggestion
-
-# Prefer method-like constructs to have a expression-body
-csharp_style_expression_bodied_methods = true:none
-csharp_style_expression_bodied_constructors = true:none
-csharp_style_expression_bodied_operators = true:none
-
-# Prefer property-like constructs to have an expression-body
-csharp_style_expression_bodied_properties = true:none
-csharp_style_expression_bodied_indexers = true:none
-csharp_style_expression_bodied_accessors = true:none
-
-# Suggest more modern language features when available
-csharp_style_pattern_matching_over_is_with_cast_check = true:suggestion
-csharp_style_pattern_matching_over_as_with_null_check = true:suggestion
-csharp_style_inlined_variable_declaration = true:suggestion
-csharp_style_throw_expression = true:suggestion
-csharp_style_conditional_delegate_call = true:suggestion
-
-# Newline settings
-csharp_new_line_before_open_brace = all
-csharp_new_line_before_else = true
-csharp_new_line_before_catch = true
-csharp_new_line_before_finally = true
-csharp_new_line_before_members_in_object_initializers = true
-csharp_new_line_before_members_in_anonymous_types = true
-
-# Namespace settings
-csharp_style_namespace_declarations = file_scoped:warning
-
-# Switch expression
-dotnet_diagnostic.CS8509.severity = error # missing switch case for named enum value
-dotnet_diagnostic.CS8524.severity = none # missing switch case for unnamed enum value

.github/CODEOWNERS

@@ -5,7 +5,10 @@
 # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
 
 # Default file owners.
-# * @bitwarden/tech-leads
+* @bitwarden/team-android @brian-livefront @david-livefront
+
+# Actions and workflow changes.
+.github/ @bitwarden/dept-development-mobile
 
 # Auth
 # app/src/main/java/com/x8bit/bitwarden/data/auth @bitwarden/team-auth-dev

.github/ISSUE_TEMPLATE/bug-bwa.yml

@@ -0,0 +1,84 @@
+name: Authenticator Android App Bug Report
+description: File a bug report
+labels: [ "app:authenticator", "bug" ]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+
+        Please do not submit feature requests. The [Community Forums](https://community.bitwarden.com) has a section for submitting, voting for, and discussing product feature requests.
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Steps To Reproduce
+      description: How can we reproduce the behavior.
+      value: |
+        1. Go to '...'
+        2. Click on '...'
+        3. Scroll down to '...'
+        4. Click on '...'
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Result
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual Result
+      description: A clear and concise description of what is happening.
+    validations:
+      required: true
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: Screenshots or Videos
+      description: If applicable, add screenshots and/or a short video to help explain your problem.
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional Context
+      description: Add any other context about the problem here.
+  - type: input
+    id: version
+    attributes:
+      label: Build Version
+      description: What version of our software are you running?
+    validations:
+      required: true
+  - type: dropdown
+    id: server-region
+    attributes:
+      label: What server are you connecting to?
+      options:
+        - US
+        - EU
+        - Self-host
+        - N/A
+    validations:
+      required: true
+  - type: input
+    id: server-version
+    attributes:
+      label: Self-host Server Version
+      description: If self-hosting, what version of Bitwarden Server are you running?
+  - type: textarea
+    id: environment-details
+    attributes:
+      label: Environment Details
+      placeholder: |
+        - Device: [e.g. Pixel Tablet, Samsung Galaxy S24 ]
+        - OS Version: [e.g. API 32, Tiramisu ]
+  - type: checkboxes
+    id: issue-tracking-info
+    attributes:
+      label: Issue Tracking Info
+      description: |
+        Issue tracking information
+      options:
+        - label: I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

.github/ISSUE_TEMPLATE/bug-passkey.yml

@@ -0,0 +1,64 @@
+name: Passkey Bug Report
+description: File a Passkey / FIDO2 related bug report
+labels: [ "app:password-manager", "bug-passkey" ]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this Passkey-related bug report!
+
+        Please provide as much detail as possible to help us investigate the issue.
+
+  - type: dropdown
+    id: origin
+    attributes:
+      label: Origin
+      description: Are you using a web browser or a native application?
+      options:
+        - Web (Browser)
+        - Native Application (non-browser app)
+    validations:
+      required: true
+
+  - type: input
+    id: rp-id
+    attributes:
+      label: Web URL or App name
+      description: The website domain or app name you were trying to use the Passkey with
+      placeholder: "e.g. example.com or ExampleApp"
+    validations:
+      required: true
+
+  - type: checkboxes
+    id: operation-type
+    attributes:
+      label: Passkey Action
+      description: What passkey related action(s) were you trying to perform?
+      options:
+        - label: Creating new passkey (Registration)
+        - label: Signing in (Authentication)
+    validations:
+      required: true
+
+  - type: textarea
+    id: build-info
+    attributes:
+      label: Build Information
+      description: Please retrieve the build information from the About screen by tapping the Version number field
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-info
+    attributes:
+      label: Additional Information
+      description: Any additional context, steps to reproduce, error messages, or relevant information about the issue
+
+  - type: checkboxes
+    id: issue-tracking-info
+    attributes:
+      label: Issue Tracking Info
+      description: |
+        Issue tracking information
+      options:
+        - label: I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

.github/ISSUE_TEMPLATE/bug.yml

@@ -1,6 +1,6 @@
-name: Android Bug Report
+name: Password Manager Android App Bug Report
 description: File a bug report
-labels: [ bug ]
+labels: [ "app:password-manager", "bug" ]
 body:
   - type: markdown
     attributes:
@@ -51,6 +51,22 @@ body:
       description: What version of our software are you running?
     validations:
       required: true
+  - type: dropdown
+    id: server-region
+    attributes:
+      label: What server are you connecting to?
+      options:
+        - US
+        - EU
+        - Self-host
+        - N/A
+    validations:
+      required: true
+  - type: input
+    id: server-version
+    attributes:
+      label: Self-host Server Version
+      description: If self-hosting, what version of Bitwarden Server are you running?
   - type: textarea
     id: environment-details
     attributes:

.github/ISSUE_TEMPLATE/config.yml

@@ -12,3 +12,5 @@ contact_links:
   - name: Security Issues
     url: https://hackerone.com/bitwarden
     about: We use HackerOne to manage security disclosures.
+  - name: Report mobile autofill failure
+    url: https://docs.google.com/forms/d/e/1FAIpQLScMopHyN7KGJs8hW562VTzbIGL4KcFnx0wJcsW0GYE1BnPiGA/viewform

.github/PULL_REQUEST_TEMPLATE.md

@@ -15,10 +15,11 @@
 - Contributor guidelines followed
 - All formatters and local linters executed and passed
 - Written new unit and / or integration tests where applicable
+- Protected functional changes with optionality (feature flags)
 - Used internationalization (i18n) for all UI strings
 - CI builds passed
 - Communicated to DevOps any deployment requirements
-- Updated any necessary documentation or informed the documentation team
+- Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team
 
 ## 🦮 Reviewer guidelines
 
@@ -27,8 +28,7 @@
 - 👍 (`:+1:`) or similar for great changes
 - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
 - ❓ (`:question:`) for questions
-- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed
-  issue and could potentially benefit from discussion
+- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
 - 🎨 (`:art:`) for suggestions / improvements
 - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention
 - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt

.github/actions/log-inputs/action.yml

@@ -0,0 +1,20 @@
+name: 'Log Inputs to Job Summary'
+description: 'Log workflow inputs to the GitHub Actions job summary'
+
+inputs:
+  inputs:
+    description: 'Workflow inputs as JSON'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Log inputs to job summary
+      shell: bash
+      run: |
+        echo "<details><summary>Job Inputs</summary>" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo '```json' >> $GITHUB_STEP_SUMMARY
+        echo '${{ inputs.inputs }}' >> $GITHUB_STEP_SUMMARY
+        echo '```' >> $GITHUB_STEP_SUMMARY
+        echo "</details>" >> $GITHUB_STEP_SUMMARY

.github/actions/setup-android-build/action.yml

@@ -0,0 +1,49 @@
+name: 'Setup Android Build'
+description: 'Setup Android build environment with Gradle, Ruby, and Fastlane'
+inputs:
+  java-version:
+    description: 'Java version to use'
+    required: false
+    default: '17'
+runs:
+  using: 'composite'
+  steps:
+    - name: Validate Gradle wrapper
+      uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+
+    - name: Cache Gradle files
+      uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
+      with:
+        path: |
+          ~/.gradle/caches
+          ~/.gradle/wrapper
+        key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
+        restore-keys: |
+          ${{ runner.os }}-gradle-v2-
+
+    - name: Cache build output
+      uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
+      with:
+        path: |
+          ${{ github.workspace }}/build-cache
+        key: ${{ runner.os }}-build-cache-${{ github.sha }}
+        restore-keys: |
+          ${{ runner.os }}-build-
+
+    - name: Configure Ruby
+      uses: ruby/setup-ruby@829114fc20da43a41d27359103ec7a63020954d4 # v1.255.0
+      with:
+        bundler-cache: true
+
+    - name: Configure JDK
+      uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+      with:
+        distribution: "temurin"
+        java-version: ${{ inputs.java-version }}
+
+    - name: Install Fastlane
+      shell: bash
+      run: |
+        gem install bundler:2.2.27
+        bundle config path vendor/bundle
+        bundle install --jobs 4 --retry 3

.github/codecov.yml

@@ -0,0 +1,2 @@
+ignore:
+  - "src/test/**" # Tests

.github/renovate.json

@@ -1,32 +1,56 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["github>bitwarden/renovate-config"],
-  "enabledManagers": ["github-actions", "gradle", "bundler"],
+  "extends": [
+    "github>bitwarden/renovate-config"
+  ],
+  "enabledManagers": [
+    "github-actions",
+    "gradle",
+    "bundler"
+  ],
   "packageRules": [
     {
       "groupName": "gh minor",
-      "matchManagers": ["github-actions"],
-      "matchUpdateTypes": ["minor", "patch"]
+      "matchManagers": [
+        "github-actions"
+      ],
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ]
     },
     {
       "groupName": "gradle minor",
-      "matchUpdateTypes": ["minor", "patch"],
-      "matchManagers": ["gradle"]
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ],
+      "matchManagers": [
+        "gradle"
+      ]
     },
     {
       "groupName": "kotlin",
       "description": "Kotlin and Compose dependencies that must be updated together to maintain compatibility.",
-      "matchPackagePatterns": [
-        "androidx.compose:compose-bom",
-        "org.jetbrains.kotlin.*",
-        "com.google.devtools.ksp"
+      "matchManagers": [
+        "gradle"
       ],
-      "matchManagers": ["gradle"]
+      "matchPackageNames": [
+        "/androidx.compose:compose-bom/",
+        "/androidx.lifecycle:*/",
+        "/org.jetbrains.kotlin.*/",
+        "/com.google.devtools.ksp/"
+      ]
     },
     {
       "groupName": "bundler minor",
-      "matchUpdateTypes": ["minor", "patch"],
-      "matchManagers": ["bundler"]
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ],
+      "matchManagers": [
+        "bundler"
+      ]
     }
   ]
 }

.github/scripts/jira-get-release-notes/README.md

@@ -0,0 +1,133 @@
+# Get Release Notes from Jira script
+
+Fetches release notes from Jira issues.
+
+## Prerequisites
+
+- Python dev environment - use [uv](https://github.com/astral-sh/uv)
+- Jira API token. Generate one at: https://id.atlassian.com/manage-profile/security/api-tokens
+- Install dependencies:
+
+```bash
+uv pip install -r pyproject.toml
+```
+
+## Usage
+
+```bash
+./jira_release_notes.py RELEASE-1762 example@example.com T0k3n123
+```
+
+# Output Format
+
+The script retrieves the content from a custom field and handles two types of Jira release notes formats:
+
+1. Bullet Points:
+```
+• Point 1
+• Point 2
+• Point 3
+```
+
+2. Single Line:
+```
+Single line of release notes text
+```
+
+## Jira JSON format example
+
+### Single line
+
+```json
+...
+"customfield_10335": {
+    "type": "doc",
+    "version": 1,
+    "content": [
+        {
+            "type": "paragraph",
+            "content": [
+                {
+                    "type": "text",
+                    "text": "Single line release notes"
+                }
+            ]
+        }
+    ]
+},
+...
+```
+
+### Bullet points
+
+```json
+...
+"customfield_10335": {
+    "type": "doc",
+    "version": 1,
+    "content": [
+        {
+            "type": "bulletList",
+            "content": [
+                {
+                    "type": "listItem",
+                    "content": [
+                        {
+                            "type": "paragraph",
+                            "content": [
+                                {
+                                    "type": "text",
+                                    "text": "Release notes list item 1"
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "type": "listItem",
+                    "content": [
+                        {
+                            "type": "paragraph",
+                            "content": [
+                                {
+                                    "type": "text",
+                                    "text": "Release notes list item 2"
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "type": "listItem",
+                    "content": [
+                        {
+                            "type": "paragraph",
+                            "content": [
+                                {
+                                    "type": "text",
+                                    "text": "Release notes list item 3"
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "type": "listItem",
+                    "content": [
+                        {
+                            "type": "paragraph",
+                            "content": [
+                                {
+                                    "type": "text",
+                                    "text": "Release notes list item 4"
+                                }
+                            ]
+                        }
+                    ]
+                }
+            ]
+        }
+    ]
+},
+...
+```

.github/scripts/jira-get-release-notes/jira_release_notes.py

@@ -0,0 +1,70 @@
+#!/usr/bin/env python3
+
+import sys
+import base64
+import json
+import requests
+
+def extract_text_from_content(content):
+    if isinstance(content, list):
+        texts = [extract_text_from_content(item) for item in content]
+        return '\n'.join(text for text in texts if text.strip())
+
+    if isinstance(content, dict):
+        if content.get('type') == 'text':
+            return content.get('text', '')
+        elif content.get('type') == 'paragraph':
+            return extract_text_from_content(content.get('content', []))
+        elif content.get('type') == 'bulletList':
+            return extract_text_from_content(content.get('content', []))
+        elif content.get('type') == 'listItem':
+            item_text = extract_text_from_content(content.get('content', []))
+            return f"* {item_text.strip()}"
+
+    return ''
+
+def parse_release_notes(response_json):
+    try:
+        fields = response_json.get('fields', {})
+        release_notes_field = fields.get('customfield_10335', {})
+
+        if not release_notes_field or not release_notes_field.get('content'):
+            return ''
+
+        release_notes = extract_text_from_content(release_notes_field.get('content', []))
+        return release_notes
+
+    except Exception as e:
+        print(f"Error parsing release notes: {str(e)}", file=sys.stderr)
+        return ''
+
+def main():
+    if len(sys.argv) != 4:
+        print(f"Usage: {sys.argv[0]} <issue_id> <jira_email> <jira_api_token>")
+        sys.exit(1)
+
+    jira_issue_id = sys.argv[1]
+    jira_email = sys.argv[2]
+    jira_api_token = sys.argv[3]
+    jira_base_url = "https://bitwarden.atlassian.net"
+
+    auth = base64.b64encode(f"{jira_email}:{jira_api_token}".encode()).decode()
+    headers = {
+        "Authorization": f"Basic {auth}",
+        "Content-Type": "application/json"
+    }
+
+    response = requests.get(
+        f"{jira_base_url}/rest/api/3/issue/{jira_issue_id}",
+        headers=headers
+    )
+
+    if response.status_code != 200:
+        print(f"Error fetching Jira issue: {response.status_code}", file=sys.stderr)
+        sys.exit(1)
+
+    release_notes = parse_release_notes(response.json())
+    print(release_notes)
+
+if __name__ == "__main__":
+    main()

.github/scripts/jira-get-release-notes/pyproject.toml

@@ -0,0 +1,9 @@
+[project]
+name = "jira-get-release-notes"
+version = "0.1.0"
+description = "Add your description here"
+readme = "README.md"
+requires-python = ">=3.12"
+dependencies = [
+    "requests>=2.32.3",
+]

.github/scripts/jira-get-release-notes/uv.lock

@@ -0,0 +1,91 @@
+version = 1
+revision = 2
+requires-python = ">=3.12"
+
+[[package]]
+name = "certifi"
+version = "2025.4.26"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/e8/9e/c05b3920a3b7d20d3d3310465f50348e5b3694f4f88c6daf736eef3024c4/certifi-2025.4.26.tar.gz", hash = "sha256:0a816057ea3cdefcef70270d2c515e4506bbc954f417fa5ade2021213bb8f0c6", size = 160705, upload-time = "2025-04-26T02:12:29.51Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/4a/7e/3db2bd1b1f9e95f7cddca6d6e75e2f2bd9f51b1246e546d88addca0106bd/certifi-2025.4.26-py3-none-any.whl", hash = "sha256:30350364dfe371162649852c63336a15c70c6510c2ad5015b21c2345311805f3", size = 159618, upload-time = "2025-04-26T02:12:27.662Z" },
+]
+
+[[package]]
+name = "charset-normalizer"
+version = "3.4.2"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/e4/33/89c2ced2b67d1c2a61c19c6751aa8902d46ce3dacb23600a283619f5a12d/charset_normalizer-3.4.2.tar.gz", hash = "sha256:5baececa9ecba31eff645232d59845c07aa030f0c81ee70184a90d35099a0e63", size = 126367, upload-time = "2025-05-02T08:34:42.01Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/d7/a4/37f4d6035c89cac7930395a35cc0f1b872e652eaafb76a6075943754f095/charset_normalizer-3.4.2-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:0c29de6a1a95f24b9a1aa7aefd27d2487263f00dfd55a77719b530788f75cff7", size = 199936, upload-time = "2025-05-02T08:32:33.712Z" },
+    { url = "https://files.pythonhosted.org/packages/ee/8a/1a5e33b73e0d9287274f899d967907cd0bf9c343e651755d9307e0dbf2b3/charset_normalizer-3.4.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cddf7bd982eaa998934a91f69d182aec997c6c468898efe6679af88283b498d3", size = 143790, upload-time = "2025-05-02T08:32:35.768Z" },
+    { url = "https://files.pythonhosted.org/packages/66/52/59521f1d8e6ab1482164fa21409c5ef44da3e9f653c13ba71becdd98dec3/charset_normalizer-3.4.2-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:fcbe676a55d7445b22c10967bceaaf0ee69407fbe0ece4d032b6eb8d4565982a", size = 153924, upload-time = "2025-05-02T08:32:37.284Z" },
+    { url = "https://files.pythonhosted.org/packages/86/2d/fb55fdf41964ec782febbf33cb64be480a6b8f16ded2dbe8db27a405c09f/charset_normalizer-3.4.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:d41c4d287cfc69060fa91cae9683eacffad989f1a10811995fa309df656ec214", size = 146626, upload-time = "2025-05-02T08:32:38.803Z" },
+    { url = "https://files.pythonhosted.org/packages/8c/73/6ede2ec59bce19b3edf4209d70004253ec5f4e319f9a2e3f2f15601ed5f7/charset_normalizer-3.4.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4e594135de17ab3866138f496755f302b72157d115086d100c3f19370839dd3a", size = 148567, upload-time = "2025-05-02T08:32:40.251Z" },
+    { url = "https://files.pythonhosted.org/packages/09/14/957d03c6dc343c04904530b6bef4e5efae5ec7d7990a7cbb868e4595ee30/charset_normalizer-3.4.2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:cf713fe9a71ef6fd5adf7a79670135081cd4431c2943864757f0fa3a65b1fafd", size = 150957, upload-time = "2025-05-02T08:32:41.705Z" },
+    { url = "https://files.pythonhosted.org/packages/0d/c8/8174d0e5c10ccebdcb1b53cc959591c4c722a3ad92461a273e86b9f5a302/charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:a370b3e078e418187da8c3674eddb9d983ec09445c99a3a263c2011993522981", size = 145408, upload-time = "2025-05-02T08:32:43.709Z" },
+    { url = "https://files.pythonhosted.org/packages/58/aa/8904b84bc8084ac19dc52feb4f5952c6df03ffb460a887b42615ee1382e8/charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:a955b438e62efdf7e0b7b52a64dc5c3396e2634baa62471768a64bc2adb73d5c", size = 153399, upload-time = "2025-05-02T08:32:46.197Z" },
+    { url = "https://files.pythonhosted.org/packages/c2/26/89ee1f0e264d201cb65cf054aca6038c03b1a0c6b4ae998070392a3ce605/charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:7222ffd5e4de8e57e03ce2cef95a4c43c98fcb72ad86909abdfc2c17d227fc1b", size = 156815, upload-time = "2025-05-02T08:32:48.105Z" },
+    { url = "https://files.pythonhosted.org/packages/fd/07/68e95b4b345bad3dbbd3a8681737b4338ff2c9df29856a6d6d23ac4c73cb/charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:bee093bf902e1d8fc0ac143c88902c3dfc8941f7ea1d6a8dd2bcb786d33db03d", size = 154537, upload-time = "2025-05-02T08:32:49.719Z" },
+    { url = "https://files.pythonhosted.org/packages/77/1a/5eefc0ce04affb98af07bc05f3bac9094513c0e23b0562d64af46a06aae4/charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:dedb8adb91d11846ee08bec4c8236c8549ac721c245678282dcb06b221aab59f", size = 149565, upload-time = "2025-05-02T08:32:51.404Z" },
+    { url = "https://files.pythonhosted.org/packages/37/a0/2410e5e6032a174c95e0806b1a6585eb21e12f445ebe239fac441995226a/charset_normalizer-3.4.2-cp312-cp312-win32.whl", hash = "sha256:db4c7bf0e07fc3b7d89ac2a5880a6a8062056801b83ff56d8464b70f65482b6c", size = 98357, upload-time = "2025-05-02T08:32:53.079Z" },
+    { url = "https://files.pythonhosted.org/packages/6c/4f/c02d5c493967af3eda9c771ad4d2bbc8df6f99ddbeb37ceea6e8716a32bc/charset_normalizer-3.4.2-cp312-cp312-win_amd64.whl", hash = "sha256:5a9979887252a82fefd3d3ed2a8e3b937a7a809f65dcb1e068b090e165bbe99e", size = 105776, upload-time = "2025-05-02T08:32:54.573Z" },
+    { url = "https://files.pythonhosted.org/packages/ea/12/a93df3366ed32db1d907d7593a94f1fe6293903e3e92967bebd6950ed12c/charset_normalizer-3.4.2-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:926ca93accd5d36ccdabd803392ddc3e03e6d4cd1cf17deff3b989ab8e9dbcf0", size = 199622, upload-time = "2025-05-02T08:32:56.363Z" },
+    { url = "https://files.pythonhosted.org/packages/04/93/bf204e6f344c39d9937d3c13c8cd5bbfc266472e51fc8c07cb7f64fcd2de/charset_normalizer-3.4.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:eba9904b0f38a143592d9fc0e19e2df0fa2e41c3c3745554761c5f6447eedabf", size = 143435, upload-time = "2025-05-02T08:32:58.551Z" },
+    { url = "https://files.pythonhosted.org/packages/22/2a/ea8a2095b0bafa6c5b5a55ffdc2f924455233ee7b91c69b7edfcc9e02284/charset_normalizer-3.4.2-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3fddb7e2c84ac87ac3a947cb4e66d143ca5863ef48e4a5ecb83bd48619e4634e", size = 153653, upload-time = "2025-05-02T08:33:00.342Z" },
+    { url = "https://files.pythonhosted.org/packages/b6/57/1b090ff183d13cef485dfbe272e2fe57622a76694061353c59da52c9a659/charset_normalizer-3.4.2-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:98f862da73774290f251b9df8d11161b6cf25b599a66baf087c1ffe340e9bfd1", size = 146231, upload-time = "2025-05-02T08:33:02.081Z" },
+    { url = "https://files.pythonhosted.org/packages/e2/28/ffc026b26f441fc67bd21ab7f03b313ab3fe46714a14b516f931abe1a2d8/charset_normalizer-3.4.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6c9379d65defcab82d07b2a9dfbfc2e95bc8fe0ebb1b176a3190230a3ef0e07c", size = 148243, upload-time = "2025-05-02T08:33:04.063Z" },
+    { url = "https://files.pythonhosted.org/packages/c0/0f/9abe9bd191629c33e69e47c6ef45ef99773320e9ad8e9cb08b8ab4a8d4cb/charset_normalizer-3.4.2-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e635b87f01ebc977342e2697d05b56632f5f879a4f15955dfe8cef2448b51691", size = 150442, upload-time = "2025-05-02T08:33:06.418Z" },
+    { url = "https://files.pythonhosted.org/packages/67/7c/a123bbcedca91d5916c056407f89a7f5e8fdfce12ba825d7d6b9954a1a3c/charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:1c95a1e2902a8b722868587c0e1184ad5c55631de5afc0eb96bc4b0d738092c0", size = 145147, upload-time = "2025-05-02T08:33:08.183Z" },
+    { url = "https://files.pythonhosted.org/packages/ec/fe/1ac556fa4899d967b83e9893788e86b6af4d83e4726511eaaad035e36595/charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:ef8de666d6179b009dce7bcb2ad4c4a779f113f12caf8dc77f0162c29d20490b", size = 153057, upload-time = "2025-05-02T08:33:09.986Z" },
+    { url = "https://files.pythonhosted.org/packages/2b/ff/acfc0b0a70b19e3e54febdd5301a98b72fa07635e56f24f60502e954c461/charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:32fc0341d72e0f73f80acb0a2c94216bd704f4f0bce10aedea38f30502b271ff", size = 156454, upload-time = "2025-05-02T08:33:11.814Z" },
+    { url = "https://files.pythonhosted.org/packages/92/08/95b458ce9c740d0645feb0e96cea1f5ec946ea9c580a94adfe0b617f3573/charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:289200a18fa698949d2b39c671c2cc7a24d44096784e76614899a7ccf2574b7b", size = 154174, upload-time = "2025-05-02T08:33:13.707Z" },
+    { url = "https://files.pythonhosted.org/packages/78/be/8392efc43487ac051eee6c36d5fbd63032d78f7728cb37aebcc98191f1ff/charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:4a476b06fbcf359ad25d34a057b7219281286ae2477cc5ff5e3f70a246971148", size = 149166, upload-time = "2025-05-02T08:33:15.458Z" },
+    { url = "https://files.pythonhosted.org/packages/44/96/392abd49b094d30b91d9fbda6a69519e95802250b777841cf3bda8fe136c/charset_normalizer-3.4.2-cp313-cp313-win32.whl", hash = "sha256:aaeeb6a479c7667fbe1099af9617c83aaca22182d6cf8c53966491a0f1b7ffb7", size = 98064, upload-time = "2025-05-02T08:33:17.06Z" },
+    { url = "https://files.pythonhosted.org/packages/e9/b0/0200da600134e001d91851ddc797809e2fe0ea72de90e09bec5a2fbdaccb/charset_normalizer-3.4.2-cp313-cp313-win_amd64.whl", hash = "sha256:aa6af9e7d59f9c12b33ae4e9450619cf2488e2bbe9b44030905877f0b2324980", size = 105641, upload-time = "2025-05-02T08:33:18.753Z" },
+    { url = "https://files.pythonhosted.org/packages/20/94/c5790835a017658cbfabd07f3bfb549140c3ac458cfc196323996b10095a/charset_normalizer-3.4.2-py3-none-any.whl", hash = "sha256:7f56930ab0abd1c45cd15be65cc741c28b1c9a34876ce8c17a2fa107810c0af0", size = 52626, upload-time = "2025-05-02T08:34:40.053Z" },
+]
+
+[[package]]
+name = "jira-get-release-notes"
+version = "0.1.0"
+source = { virtual = "." }
+dependencies = [
+    { name = "requests" },
+]
+
+[package.metadata]
+requires-dist = [{ name = "requests", specifier = ">=2.32.3" }]
+
+[[package]]
+name = "idna"
+version = "3.10"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/f1/70/7703c29685631f5a7590aa73f1f1d3fa9a380e654b86af429e0934a32f7d/idna-3.10.tar.gz", hash = "sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9", size = 190490, upload-time = "2024-09-15T18:07:39.745Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/76/c6/c88e154df9c4e1a2a66ccf0005a88dfb2650c1dffb6f5ce603dfbd452ce3/idna-3.10-py3-none-any.whl", hash = "sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3", size = 70442, upload-time = "2024-09-15T18:07:37.964Z" },
+]
+
+[[package]]
+name = "requests"
+version = "2.32.3"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "certifi" },
+    { name = "charset-normalizer" },
+    { name = "idna" },
+    { name = "urllib3" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/63/70/2bf7780ad2d390a8d301ad0b550f1581eadbd9a20f896afe06353c2a2913/requests-2.32.3.tar.gz", hash = "sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760", size = 131218, upload-time = "2024-05-29T15:37:49.536Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/f9/9b/335f9764261e915ed497fcdeb11df5dfd6f7bf257d4a6a2a686d80da4d54/requests-2.32.3-py3-none-any.whl", hash = "sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6", size = 64928, upload-time = "2024-05-29T15:37:47.027Z" },
+]
+
+[[package]]
+name = "urllib3"
+version = "2.4.0"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/8a/78/16493d9c386d8e60e442a35feac5e00f0913c0f4b7c217c11e8ec2ff53e0/urllib3-2.4.0.tar.gz", hash = "sha256:414bc6535b787febd7567804cc015fee39daab8ad86268f1310a9250697de466", size = 390672, upload-time = "2025-04-10T15:23:39.232Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/6b/11/cc635220681e93a0183390e26485430ca2c7b5f9d33b15c74c2861cb8091/urllib3-2.4.0-py3-none-any.whl", hash = "sha256:4e16665048960a0900c702d4a66415956a584919c03361cac9f1df5c5dd7e813", size = 128680, upload-time = "2025-04-10T15:23:37.377Z" },
+]

.github/scripts/validate-json/.python-version

@@ -0,0 +1 @@
+3.13

.github/scripts/validate-json/README.md

@@ -0,0 +1,39 @@
+# JSON Validation Scripts
+
+Utility scripts for validating JSON files and checking for duplicate package names between Google and Community privileged browser lists.
+
+## Usage
+
+### Validate a JSON file
+
+```bash
+python validate_json.py validate <json_file>
+```
+
+### Check for duplicates between two JSON files
+
+```bash
+python validate_json.py duplicates <json_file1> <json_file2> [output_file]
+```
+
+If `output_file` is not specified, duplicates will be saved to `duplicates.txt`.
+
+## Running Tests
+
+```bash
+# Run all tests
+python -m unittest test_validate_json.py
+
+# Run the invalid JSON test individually
+python -m unittest test_validate_json.TestValidateJson.test_validate_json_invalid
+```
+
+## Examples
+
+```bash
+# Validate Google privileged browsers list
+python validate_json.py validate ../../app/src/main/assets/fido2_privileged_google.json
+
+# Check for duplicates between Google and Community lists
+python validate_json.py duplicates ../../app/src/main/assets/fido2_privileged_google.json ../../app/src/main/assets/fido2_privileged_community.json duplicates.txt
+```

.github/scripts/validate-json/fixtures/sample-invalid.json

@@ -0,0 +1,20 @@
+{
+  "apps": [
+
+      "type": "android",
+      "info": {
+        "package_name": "com.android.chrome",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+          }
+        ]
+      }
+    }
+  ]
+}

.github/scripts/validate-json/fixtures/sample-valid1.json

@@ -0,0 +1,48 @@
+{
+  "apps": [
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.android.chrome",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.chrome.dev",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "90:44:EE:5F:EE:4B:BC:5E:21:DD:44:66:54:31:C4:EB:1F:1F:71:A3:27:16:A0:BC:92:7B:CB:B3:92:33:CA:BF"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "3D:7A:12:23:01:9A:A3:9D:9E:A0:E3:43:6A:B7:C0:89:6B:FB:4F:B6:79:F4:DE:5F:E7:C2:3F:32:6C:8F:99:4A"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.chrome.canary",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "DF:A1:FB:23:EF:BF:70:C5:BC:D1:44:3C:5B:EA:B0:4F:3F:2F:F4:36:6E:9A:C1:E3:45:76:39:A2:4C:FC"
+          }
+        ]
+      }
+    }
+  ]
+}

.github/scripts/validate-json/fixtures/sample-valid2.json

@@ -0,0 +1,20 @@
+{
+  "apps": [
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.chromium.chrome",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "C6:AD:B8:B8:3C:6D:4C:17:D2:92:AF:DE:56:FD:48:8A:51:D3:16:FF:8F:2C:11:C5:41:02:23:BF:F8:A7:DB:B3"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+          }
+        ]
+      }
+    }
+  ]
+}

.github/scripts/validate-json/test_validate_json.py

@@ -0,0 +1,48 @@
+#!/usr/bin/env python3
+import unittest
+import os
+import json
+from validate_json import validate_json, find_duplicates, get_package_names
+from unittest.mock import patch
+import io
+
+
+class TestValidateJson(unittest.TestCase):
+    def setUp(self):
+        self.valid_file = os.path.join(os.path.dirname(__file__), "fixtures/sample-valid1.json")
+        self.valid_file2 = os.path.join(os.path.dirname(__file__), "fixtures/sample-valid2.json")
+        self.invalid_file = os.path.join(os.path.dirname(__file__), "fixtures/sample-invalid.json")
+
+        # Suppress stdout
+        self.stdout_patcher = patch('sys.stdout', new=io.StringIO())
+        self.stdout_patcher.start()
+
+    def tearDown(self):
+        self.stdout_patcher.stop()
+
+    def test_validate_json_valid(self):
+        """Test validation of valid JSON file"""
+        self.assertTrue(validate_json(self.valid_file))
+
+    def test_validate_json_invalid(self):
+        """Test validation of invalid JSON file"""
+        self.assertFalse(validate_json(self.invalid_file))
+
+    def test_find_duplicates(self):
+        """Test when using the same file (should find duplicates)"""
+        expected_package_names = get_package_names(self.valid_file)
+
+        duplicates = find_duplicates(self.valid_file, self.valid_file)
+
+        self.assertEqual(len(duplicates), len(expected_package_names))
+        for package_name in expected_package_names:
+            self.assertIn(package_name, duplicates)
+
+    def test_find_duplicates_returns_empty_list_when_no_duplicates(self):
+        """Test when using different files (should not find duplicates)"""
+        duplicates = find_duplicates(self.valid_file, self.valid_file2)
+        self.assertEqual(len(duplicates), 0)
+
+
+if __name__ == "__main__":
+    unittest.main()

.github/scripts/validate-json/validate_json.py

@@ -0,0 +1,145 @@
+#!/usr/bin/env python3
+import json
+import sys
+import os
+from typing import List, Dict, Any, Set
+
+
+def get_package_names(file_path: str) -> Set[str]:
+    """
+    Extracts package names from a JSON file.
+
+    Args:
+        file_path: Path to the JSON file
+
+    Returns:
+        Set of package names
+    """
+    with open(file_path, 'r') as f:
+        data = json.load(f)
+
+    package_names = set()
+    for app in data["apps"]:
+        package_names.add(app["info"]["package_name"])
+
+    return package_names
+
+
+def validate_json(file_path: str) -> bool:
+    """
+    Validates if a JSON file is correctly formatted by attempting to deserialize it.
+
+    Args:
+        file_path: Path to the JSON file to validate
+
+    Returns:
+        True if valid, False otherwise
+    """
+    try:
+        if not os.path.exists(file_path):
+            print(f"Error: File {file_path} does not exist")
+            return False
+
+        with open(file_path, 'r') as f:
+            json.load(f)
+        print(f"✅ JSON file {file_path} is valid")
+        return True
+    except json.JSONDecodeError as e:
+        print(f"❌ Invalid JSON in {file_path}: {str(e)}")
+        return False
+    except Exception as e:
+        print(f"❌ Error validating {file_path}: {str(e)}")
+        return False
+
+
+def find_duplicates(file1_path: str, file2_path: str) -> List[str]:
+    """
+    Checks for duplicate package_name entries between two JSON files.
+
+    Args:
+        file1_path: Path to the first JSON file
+        file2_path: Path to the second JSON file
+
+    Returns:
+        List of duplicate package names, empty list if none found
+    """
+    try:
+        # Get package names from both files
+        packages1 = get_package_names(file1_path)
+        packages2 = get_package_names(file2_path)
+
+        # Find duplicates
+        duplicates = list(packages1.intersection(packages2))
+
+        if duplicates:
+            print(f"❌ Found {len(duplicates)} duplicate package names between {file1_path} and {file2_path}:")
+            for dup in duplicates:
+                print(f"  - {dup}")
+            return duplicates
+        else:
+            print(f"✅ No duplicate package names found between {file1_path} and {file2_path}")
+            return []
+
+    except Exception as e:
+        print(f"❌ Error checking duplicates: {str(e)}")
+        return []
+
+
+def save_duplicates_to_file(duplicates: List[str], output_file: str) -> None:
+    """
+    Saves the list of duplicates to a file.
+
+    Args:
+        duplicates: List of duplicate package names
+        output_file: Path to save the list of duplicates
+    """
+    try:
+        with open(output_file, 'w') as f:
+            for dup in duplicates:
+                f.write(f"{dup}\n")
+        print(f"Duplicates saved to {output_file}")
+    except Exception as e:
+        print(f"❌ Error saving duplicates to file: {str(e)}")
+
+
+def main():
+    if len(sys.argv) < 2:
+        print("Usage:")
+        print("  Validate JSON: python validate_json.py validate <json_file>")
+        print("  Check duplicates: python validate_json.py duplicates <json_file1> <json_file2> [output_file]")
+        sys.exit(1)
+
+    command = sys.argv[1]
+
+    match command:
+        case "validate":
+            if len(sys.argv) < 3:
+                print("Error: Missing JSON file path")
+                sys.exit(1)
+
+            file_path = sys.argv[2]
+            success = validate_json(file_path)
+            sys.exit(0 if success else 1)
+
+        case "duplicates":
+            if len(sys.argv) < 4:
+                print("Error: Missing JSON file paths")
+                sys.exit(1)
+
+            file1_path = sys.argv[2]
+            file2_path = sys.argv[3]
+            output_file = sys.argv[4] if len(sys.argv) > 4 else "duplicates.txt"
+
+            duplicates = find_duplicates(file1_path, file2_path)
+            if duplicates:
+                save_duplicates_to_file(duplicates, output_file)
+
+            sys.exit(0)
+
+        case _:
+            print(f"Unknown command: {command}")
+            sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()

.github/workflows/build-authenticator.yml

@@ -0,0 +1,325 @@
+name: Build Authenticator
+
+on:
+  push:
+    branches:
+      - main
+      - release/**/*
+  workflow_dispatch:
+    inputs:
+      version-name:
+        description: "Optional. Version string to use, in X.Y.Z format. Overrides default in the project."
+        required: false
+        type: string
+      version-code:
+        description: "Optional. Build number to use. Overrides default of GitHub run number."
+        required: false
+        type: number
+      distribute-to-firebase:
+        description: "Optional. Distribute artifacts to Firebase."
+        required: false
+        default: false
+        type: boolean
+      publish-to-play-store:
+        description: "Optional. Deploy bundle artifact to Google Play Store"
+        required: false
+        default: false
+        type: boolean
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  JAVA_VERSION: 17
+
+permissions:
+  contents: read
+  packages: read
+  id-token: write
+
+jobs:
+  build:
+    name: Build Authenticator
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Log inputs to job summary
+        run: |
+          echo "<details><summary>Job Inputs</summary>" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo '```json' >> $GITHUB_STEP_SUMMARY
+          echo '${{ toJson(inputs) }}' >> $GITHUB_STEP_SUMMARY
+          echo '```' >> $GITHUB_STEP_SUMMARY
+          echo "</details>" >> $GITHUB_STEP_SUMMARY
+
+      - name: Check out repo
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Validate Gradle wrapper
+        uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+
+      - name: Cache Gradle files
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-v2-
+
+      - name: Cache build output
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
+        with:
+          path: |
+            ${{ github.workspace }}/build-cache
+          key: ${{ runner.os }}-build-cache-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-build-
+
+      - name: Configure JDK
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        with:
+          distribution: "temurin"
+          java-version: ${{ env.JAVA_VERSION }}
+
+      - name: Configure Ruby
+        uses: ruby/setup-ruby@829114fc20da43a41d27359103ec7a63020954d4 # v1.255.0
+        with:
+          bundler-cache: true
+
+      - name: Install Fastlane
+        run: |
+          gem install bundler:2.2.27
+          bundle config path vendor/bundle
+          bundle install --jobs 4 --retry 3
+
+      - name: Check Authenticator
+        run: bundle exec fastlane check
+
+      - name: Build Authenticator
+        run: bundle exec fastlane buildAuthenticatorDebug
+
+  publish_playstore:
+    name: Publish Authenticator Play Store artifacts
+    needs:
+      - build
+    runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      matrix:
+        variant: ["aab", "apk"]
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Configure Ruby
+        uses: ruby/setup-ruby@829114fc20da43a41d27359103ec7a63020954d4 # v1.255.0
+        with:
+          bundler-cache: true
+
+      - name: Install Fastlane
+        run: |
+          gem install bundler:2.2.27
+          bundle config path vendor/bundle
+          bundle install --jobs 4 --retry 3
+
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-android
+          secrets: "BWA-AAB-KEYSTORE-STORE-PASSWORD,BWA-AAB-KEYSTORE-KEY-PASSWORD,BWA-APK-KEYSTORE-STORE-PASSWORD,BWA-APK-KEYSTORE-KEY-PASSWORD"
+
+      - name: Retrieve secrets
+        env:
+          ACCOUNT_NAME: bitwardenci
+          CONTAINER_NAME: mobile
+        run: |
+          mkdir -p ${{ github.workspace }}/secrets
+          mkdir -p ${{ github.workspace }}/keystores
+
+          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          --name authenticator_apk-keystore.jks --file ${{ github.workspace }}/keystores/authenticator_apk-keystore.jks --output none
+
+          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          --name authenticator_aab-keystore.jks --file ${{ github.workspace }}/keystores/authenticator_aab-keystore.jks --output none
+
+          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          --name com.bitwarden.authenticator-google-services.json --file ${{ github.workspace }}/authenticator/src/google-services.json --output none
+
+          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          --name com.bitwarden.authenticator.dev-google-services.json --file ${{ github.workspace }}/authenticator/src/debug/google-services.json --output none
+
+      - name: Download Firebase credentials
+        if : ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
+        env:
+          ACCOUNT_NAME: bitwardenci
+          CONTAINER_NAME: mobile
+        run: |
+          mkdir -p ${{ github.workspace }}/secrets
+
+          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          --name authenticator_play_firebase-creds.json --file ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json --output none
+
+      - name: Download Play Store credentials
+        if: ${{ inputs.publish-to-play-store }}
+        env:
+          ACCOUNT_NAME: bitwardenci
+          CONTAINER_NAME: mobile
+        run: |
+          mkdir -p ${{ github.workspace }}/secrets
+
+          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          --name authenticator_play_store-creds.json --file ${{ github.workspace }}/secrets/authenticator_play_store-creds.json --output none
+
+      - name: AZ Logout
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Verify Play Store credentials
+        if: ${{ inputs.publish-to-play-store }}
+        run: |
+          bundle exec fastlane run validate_play_store_json_key \
+          json_key:${{ github.workspace }}/secrets/authenticator_play_store-creds.json }}
+
+      - name: Validate Gradle wrapper
+        uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+
+      - name: Cache Gradle files
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-v2-
+
+      - name: Cache build output
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
+        with:
+          path: |
+            ${{ github.workspace }}/build-cache
+          key: ${{ runner.os }}-build-cache-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-build-
+
+      - name: Configure JDK
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        with:
+          distribution: "temurin"
+          java-version: ${{ env.JAVA_VERSION }}
+
+      - name: Update app CI Build info
+        run: |
+          ./scripts/update_app_ci_build_info.sh \
+          $GITHUB_REPOSITORY \
+          $GITHUB_REF_NAME \
+          $GITHUB_SHA \
+          $GITHUB_RUN_ID \
+          $GITHUB_RUN_ATTEMPT
+
+      - name: Increment version
+        run: |
+          DEFAULT_VERSION_CODE=$GITHUB_RUN_NUMBER
+          VERSION_CODE="${{ inputs.version-code || '$DEFAULT_VERSION_CODE' }}"
+          bundle exec fastlane setBuildVersionInfo \
+          versionCode:$VERSION_CODE \
+          versionName:${{ inputs.version-name || '' }}
+
+          regex='appVersionName = "([^"]+)"'
+          if [[ "$(cat gradle/libs.versions.toml)" =~ $regex ]]; then
+            VERSION_NAME="${BASH_REMATCH[1]}"
+          fi
+          echo "Version Name: ${VERSION_NAME}" >> $GITHUB_STEP_SUMMARY
+          echo "Version Number: $VERSION_CODE" >> $GITHUB_STEP_SUMMARY
+
+      - name: Generate release Play Store bundle
+        if: ${{ matrix.variant == 'aab' }}
+        run: |
+          bundle exec fastlane bundleAuthenticatorRelease \
+          storeFile:${{ github.workspace }}/keystores/authenticator_aab-keystore.jks \
+          storePassword:'${{ steps.get-kv-secrets.outputs.BWA-AAB-KEYSTORE-STORE-PASSWORD }}' \
+          keyAlias:authenticatorupload \
+          keyPassword:'${{ steps.get-kv-secrets.outputs.BWA-AAB-KEYSTORE-KEY-PASSWORD }}'
+
+      - name: Generate release Play Store APK
+        if: ${{ matrix.variant == 'apk' }}
+        run: |
+          bundle exec fastlane buildAuthenticatorRelease \
+          storeFile:${{ github.workspace }}/keystores/authenticator_apk-keystore.jks \
+          storePassword:'${{ steps.get-kv-secrets.outputs.BWA-APK-KEYSTORE-STORE-PASSWORD }}' \
+          keyAlias:bitwardenauthenticator \
+          keyPassword:'${{ steps.get-kv-secrets.outputs.BWA-APK-KEYSTORE-KEY-PASSWORD }}'
+
+      - name: Upload release Play Store .aab artifact
+        if: ${{ matrix.variant == 'aab' }}
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: com.bitwarden.authenticator.aab
+          path: authenticator/build/outputs/bundle/release/com.bitwarden.authenticator.aab
+          if-no-files-found: error
+
+      - name: Upload release .apk artifact
+        if: ${{ matrix.variant == 'apk' }}
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: com.bitwarden.authenticator.apk
+          path: authenticator/build/outputs/apk/release/com.bitwarden.authenticator.apk
+          if-no-files-found: error
+
+      - name: Create checksum file for Release AAB
+        if: ${{ matrix.variant == 'aab' }}
+        run: |
+          sha256sum "authenticator/build/outputs/bundle/release/com.bitwarden.authenticator.aab" \
+            > ./authenticator-android-aab-sha256.txt
+
+      - name: Create checksum for release .apk artifact
+        if: ${{ matrix.variant == 'apk' }}
+        run: |
+          sha256sum "authenticator/build/outputs/apk/release/com.bitwarden.authenticator.apk" \
+            > ./authenticator-android-apk-sha256.txt
+
+      - name: Upload .apk SHA file for release
+        if: ${{ matrix.variant == 'apk' }}
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: authenticator-android-apk-sha256.txt
+          path: ./authenticator-android-apk-sha256.txt
+          if-no-files-found: error
+
+      - name: Upload .aab SHA file for release
+        if: ${{ matrix.variant == 'aab' }}
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: authenticator-android-aab-sha256.txt
+          path: ./authenticator-android-aab-sha256.txt
+          if-no-files-found: error
+
+      - name: Install Firebase app distribution plugin
+        if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
+        run: bundle exec fastlane add_plugin firebase_app_distribution
+
+      - name: Publish release bundle to Firebase
+        if: ${{ matrix.variant == 'aab' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
+        env:
+          FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json
+        run: |
+          bundle exec fastlane distributeAuthenticatorReleaseBundleToFirebase \
+          serviceCredentialsFile:${{ env.FIREBASE_CREDS_PATH }}
+
+      # Only publish bundles to Play Store when `publish-to-play-store` is true while building
+      # bundles
+      - name: Publish release bundle to Google Play Store
+        if: ${{ inputs.publish-to-play-store && matrix.variant == 'aab' }}
+        env:
+          PLAY_STORE_CREDS_FILE: ${{ github.workspace }}/secrets/authenticator_play_store-creds.json
+        run: |
+          bundle exec fastlane publishAuthenticatorReleaseToGooglePlayStore \
+          serviceCredentialsFile:${{ env.PLAY_STORE_CREDS_FILE }} \

.github/workflows/build.yml

@@ -1,6 +1,10 @@
 name: Build
 
 on:
+  push:
+    branches:
+      - main
+      - release/**/*
   workflow_dispatch:
     inputs:
       version-name:
@@ -25,21 +29,36 @@ on:
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   JAVA_VERSION: 17
+  GITHUB_ACTION_RUN_URL: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+
+permissions:
+  contents: read
+  packages: read
+  id-token: write
 
 jobs:
   build:
     name: Build
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     steps:
+      - name: Log inputs to job summary
+        run: |
+          echo "<details><summary>Job Inputs</summary>" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo '```json' >> $GITHUB_STEP_SUMMARY
+          echo '${{ toJson(inputs) }}' >> $GITHUB_STEP_SUMMARY
+          echo '```' >> $GITHUB_STEP_SUMMARY
+          echo "</details>" >> $GITHUB_STEP_SUMMARY
+
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2
+        uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
 
       - name: Cache Gradle files
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: |
             ~/.gradle/caches
@@ -49,7 +68,7 @@ jobs:
             ${{ runner.os }}-gradle-v2-
 
       - name: Cache build output
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: |
             ${{ github.workspace }}/build-cache
@@ -58,13 +77,13 @@ jobs:
             ${{ runner.os }}-build-
 
       - name: Configure JDK
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
           distribution: "temurin"
           java-version: ${{ env.JAVA_VERSION }}
 
       - name: Configure Ruby
-        uses: ruby/setup-ruby@3783f195e29b74ae398d7caca108814bbafde90e # v1.180.1
+        uses: ruby/setup-ruby@829114fc20da43a41d27359103ec7a63020954d4 # v1.255.0
         with:
           bundler-cache: true
 
@@ -75,27 +94,34 @@ jobs:
           bundle install --jobs 4 --retry 3
 
       - name: Check
-        run: bundle exec fastlane test
+        run: bundle exec fastlane check
 
       - name: Build
         run: bundle exec fastlane assembleDebugApks
 
+      - name: Upload test reports on failure
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        if: failure()
+        with:
+          name: test-reports
+          path: app/build/reports/tests/
+
   publish_playstore:
     name: Publish Play Store artifacts
     needs:
       - build
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
-        variant: ["prod", "qa"]
+        variant: ["prod", "dev"]
         artifact: ["apk", "aab"]
     steps:
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Configure Ruby
-        uses: ruby/setup-ruby@3783f195e29b74ae398d7caca108814bbafde90e # v1.180.1
+        uses: ruby/setup-ruby@829114fc20da43a41d27359103ec7a63020954d4 # v1.255.0
         with:
           bundler-cache: true
 
@@ -106,9 +132,18 @@ jobs:
           bundle install --jobs 4 --retry 3
 
       - name: Log in to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-android
+          secrets: "UPLOAD-KEYSTORE-PASSWORD,UPLOAD-BETA-KEYSTORE-PASSWORD,UPLOAD-BETA-KEY-PASSWORD,PLAY-KEYSTORE-PASSWORD,PLAY-BETA-KEYSTORE-PASSWORD,PLAY-BETA-KEY-PASSWORD"
 
       - name: Retrieve secrets
         env:
@@ -135,7 +170,7 @@ jobs:
           --name google-services.json --file ${{ github.workspace }}/app/src/standardBeta/google-services.json --output none
 
       - name: Download Firebase credentials
-        if: ${{ matrix.variant == 'prod' && inputs.distribute-to-firebase }}
+        if: ${{ matrix.variant == 'prod' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
         env:
           ACCOUNT_NAME: bitwardenci
           CONTAINER_NAME: mobile
@@ -145,11 +180,14 @@ jobs:
           az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
           --name app_play_prod_firebase-creds.json --file ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json --output none
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2
+        uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
 
       - name: Cache Gradle files
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: |
             ~/.gradle/caches
@@ -159,7 +197,7 @@ jobs:
             ${{ runner.os }}-gradle-v2-
 
       - name: Cache build output
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: |
             ${{ github.workspace }}/build-cache
@@ -168,14 +206,23 @@ jobs:
             ${{ runner.os }}-build-
 
       - name: Configure JDK
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
           distribution: "temurin"
           java-version: ${{ env.JAVA_VERSION }}
 
+      - name: Update app CI Build info
+        run: |
+          ./scripts/update_app_ci_build_info.sh \
+          $GITHUB_REPOSITORY \
+          $GITHUB_REF_NAME \
+          $GITHUB_SHA \
+          $GITHUB_RUN_ID \
+          $GITHUB_RUN_ATTEMPT
+
       - name: Increment version
         run: |
-          DEFAULT_VERSION_CODE=$((11000+$GITHUB_RUN_NUMBER))
+          DEFAULT_VERSION_CODE=$((11000+GITHUB_RUN_NUMBER))
           bundle exec fastlane setBuildVersionInfo \
           versionCode:${{ inputs.version-code || '$DEFAULT_VERSION_CODE' }} \
           versionName:${{ inputs.version-name }}
@@ -183,183 +230,185 @@ jobs:
       - name: Generate release Play Store bundle
         if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' }}
         env:
-          UPLOAD_KEYSTORE_PASSWORD: ${{ secrets.UPLOAD_KEYSTORE_PASSWORD }}
+          UPLOAD-KEYSTORE-PASSWORD: ${{ steps.get-kv-secrets.outputs.UPLOAD-KEYSTORE-PASSWORD }}
         run: |
           bundle exec fastlane bundlePlayStoreRelease \
           storeFile:app_upload-keystore.jks \
-          storePassword:${{ env.UPLOAD_KEYSTORE_PASSWORD }} \
+          storePassword:${{ env.UPLOAD-KEYSTORE-PASSWORD }} \
           keyAlias:upload \
-          keyPassword:${{ env.UPLOAD_KEYSTORE_PASSWORD }}
+          keyPassword:${{ env.UPLOAD-KEYSTORE-PASSWORD }}
 
       - name: Generate beta Play Store bundle
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
         env:
-          UPLOAD_BETA_KEYSTORE_PASSWORD: ${{ secrets.UPLOAD_BETA_KEYSTORE_PASSWORD }}
-          UPLOAD_BETA_KEY_PASSWORD: ${{ secrets.UPLOAD_BETA_KEY_PASSWORD }}
+          UPLOAD-BETA-KEYSTORE-PASSWORD: ${{ steps.get-kv-secrets.outputs.UPLOAD-BETA-KEYSTORE-PASSWORD }}
+          UPLOAD-BETA-KEY-PASSWORD: ${{ steps.get-kv-secrets.outputs.UPLOAD-BETA-KEY-PASSWORD }}
         run: |
           bundle exec fastlane bundlePlayStoreBeta \
           storeFile:app_beta_upload-keystore.jks \
-          storePassword:${{ env.UPLOAD_BETA_KEYSTORE_PASSWORD }} \
+          storePassword:${{ env.UPLOAD-BETA-KEYSTORE-PASSWORD }} \
           keyAlias:bitwarden-beta-upload \
-          keyPassword:${{ env.UPLOAD_BETA_KEY_PASSWORD }}
+          keyPassword:${{ env.UPLOAD-BETA-KEY-PASSWORD }}
 
       - name: Generate release Play Store APK
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
         env:
-          PLAY_KEYSTORE_PASSWORD: ${{ secrets.PLAY_KEYSTORE_PASSWORD }}
+          PLAY-KEYSTORE-PASSWORD: ${{ steps.get-kv-secrets.outputs.PLAY-KEYSTORE-PASSWORD }}
         run: |
           bundle exec fastlane assemblePlayStoreReleaseApk \
           storeFile:app_play-keystore.jks \
-          storePassword:${{ env.PLAY_KEYSTORE_PASSWORD }} \
+          storePassword:${{ env.PLAY-KEYSTORE-PASSWORD }} \
           keyAlias:bitwarden \
-          keyPassword:${{ env.PLAY_KEYSTORE_PASSWORD }}
+          keyPassword:${{ env.PLAY-KEYSTORE-PASSWORD }}
 
       - name: Generate beta Play Store APK
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
         env:
-          PLAY_BETA_KEYSTORE_PASSWORD: ${{ secrets.PLAY_BETA_KEYSTORE_PASSWORD }}
-          PLAY_BETA_KEY_PASSWORD: ${{ secrets.PLAY_BETA_KEY_PASSWORD }}
+          PLAY-BETA-KEYSTORE-PASSWORD: ${{ steps.get-kv-secrets.outputs.PLAY-BETA-KEYSTORE-PASSWORD }}
+          PLAY-BETA-KEY-PASSWORD: ${{ steps.get-kv-secrets.outputs.PLAY-BETA-KEY-PASSWORD }}
         run: |
           bundle exec fastlane assemblePlayStoreBetaApk \
           storeFile:app_beta_play-keystore.jks \
-          storePassword:${{ env.PLAY_BETA_KEYSTORE_PASSWORD }} \
+          storePassword:${{ env.PLAY-BETA-KEYSTORE-PASSWORD }} \
           keyAlias:bitwarden-beta \
-          keyPassword:${{ env.PLAY_BETA_KEY_PASSWORD }}
+          keyPassword:${{ env.PLAY-BETA-KEY-PASSWORD }}
 
-      - name: Generate QA Play Store APKs
+      - name: Generate debug Play Store APKs
         if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
         run: |
           bundle exec fastlane assembleDebugApks
 
       - name: Upload release Play Store .aab artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: com.x8bit.bitwarden.aab
-          path: app/build/outputs/bundle/standardRelease/com.x8bit.bitwarden-standard-release.aab
+          path: app/build/outputs/bundle/standardRelease/com.x8bit.bitwarden.aab
           if-no-files-found: error
 
       - name: Upload beta Play Store .aab artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: com.x8bit.bitwarden.beta.aab
-          path: app/build/outputs/bundle/standardBeta/com.x8bit.bitwarden-standard-beta.aab
+          path: app/build/outputs/bundle/standardBeta/com.x8bit.bitwarden.beta.aab
           if-no-files-found: error
 
       - name: Upload release .apk artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: com.x8bit.bitwarden.apk
-          path: app/build/outputs/apk/standard/release/com.x8bit.bitwarden-standard-release.apk
+          path: app/build/outputs/apk/standard/release/com.x8bit.bitwarden.apk
           if-no-files-found: error
 
       - name: Upload beta .apk artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: com.x8bit.bitwarden.beta.apk
-          path: app/build/outputs/apk/standard/beta/com.x8bit.bitwarden-standard-beta.apk
+          path: app/build/outputs/apk/standard/beta/com.x8bit.bitwarden.beta.apk
           if-no-files-found: error
 
       # When building variants other than 'prod'
-      - name: Upload other .apk artifact
+      - name: Upload debug .apk artifact
         if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
-          name: com.x8bit.bitwarden-${{ matrix.variant }}.apk
-          path: app/build/outputs/apk/standard/debug/com.x8bit.bitwarden-standard-debug.apk
+          name: com.x8bit.bitwarden.${{ matrix.variant }}.apk
+          path: app/build/outputs/apk/standard/debug/com.x8bit.bitwarden.dev.apk
           if-no-files-found: error
 
       - name: Create checksum for release .apk artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
         run: |
-          sha256sum "app/build/outputs/apk/standard/release/com.x8bit.bitwarden-standard-release.apk" \
-            > ./bw-android-apk-sha256.txt
+          sha256sum "app/build/outputs/apk/standard/release/com.x8bit.bitwarden.apk" \
+            > ./com.x8bit.bitwarden.apk-sha256.txt
 
       - name: Create checksum for beta .apk artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
         run: |
-          sha256sum "app/build/outputs/apk/standard/beta/com.x8bit.bitwarden-standard-beta.apk" \
-            > ./bw-android-beta-apk-sha256.txt
+          sha256sum "app/build/outputs/apk/standard/beta/com.x8bit.bitwarden.beta.apk" \
+            > ./com.x8bit.bitwarden.beta.apk-sha256.txt
 
       - name: Create checksum for release .aab artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
         run: |
-          sha256sum "app/build/outputs/bundle/standardRelease/com.x8bit.bitwarden-standard-release.aab" \
-            > ./bw-android-aab-sha256.txt
+          sha256sum "app/build/outputs/bundle/standardRelease/com.x8bit.bitwarden.aab" \
+            > ./com.x8bit.bitwarden.aab-sha256.txt
 
       - name: Create checksum for beta .aab artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
         run: |
-          sha256sum "app/build/outputs/bundle/standardBeta/com.x8bit.bitwarden-standard-beta.aab" \
-            > ./bw-android-beta-aab-sha256.txt
+          sha256sum "app/build/outputs/bundle/standardBeta/com.x8bit.bitwarden.beta.aab" \
+            > ./com.x8bit.bitwarden.beta.aab-sha256.txt
 
-      - name: Create checksum for other .apk artifact
+      - name: Create checksum for Debug .apk artifact
         if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
         run: |
-          sha256sum "app/build/outputs/apk/standard/debug/com.x8bit.bitwarden-standard-debug.apk" \
-           > ./bw-android-${{ matrix.variant }}-apk-sha256.txt
+          sha256sum "app/build/outputs/apk/standard/debug/com.x8bit.bitwarden.dev.apk" \
+           > ./com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
 
       - name: Upload .apk SHA file for release
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
-          name: bw-android-apk-sha256.txt
-          path: ./bw-android-apk-sha256.txt
+          name: com.x8bit.bitwarden.apk-sha256.txt
+          path: ./com.x8bit.bitwarden.apk-sha256.txt
           if-no-files-found: error
 
       - name: Upload .apk SHA file for beta
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
-          name: bw-android-beta-apk-sha256.txt
-          path: ./bw-android-beta-apk-sha256.txt
+          name: com.x8bit.bitwarden.beta.apk-sha256.txt
+          path: ./com.x8bit.bitwarden.beta.apk-sha256.txt
           if-no-files-found: error
 
       - name: Upload .aab SHA file for release
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
-          name: bw-android-aab-sha256.txt
-          path: ./bw-android-aab-sha256.txt
+          name: com.x8bit.bitwarden.aab-sha256.txt
+          path: ./com.x8bit.bitwarden.aab-sha256.txt
           if-no-files-found: error
 
       - name: Upload .aab SHA file for beta
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
-          name: bw-android-beta-aab-sha256.txt
-          path: ./bw-android-beta-aab-sha256.txt
+          name: com.x8bit.bitwarden.beta.aab-sha256.txt
+          path: ./com.x8bit.bitwarden.beta.aab-sha256.txt
           if-no-files-found: error
 
-      - name: Upload .apk SHA file for other
+      - name: Upload .apk SHA file for debug
         if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
-          name: bw-android-${{ matrix.variant }}-apk-sha256.txt
-          path: ./bw-android-${{ matrix.variant }}-apk-sha256.txt
+          name: com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
+          path: ./com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
           if-no-files-found: error
 
       - name: Install Firebase app distribution plugin
-        if: ${{ matrix.variant == 'prod' && github.ref_name == 'main' && inputs.distribute-to-firebase }}
+        if: ${{ matrix.variant == 'prod' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
         run: bundle exec fastlane add_plugin firebase_app_distribution
 
       - name: Publish release artifacts to Firebase
-        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'apk' && github.ref_name == 'main' && inputs.distribute-to-firebase }}
+        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'apk' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
         env:
           APP_PLAY_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json
         run: |
           bundle exec fastlane distributeReleasePlayStoreToFirebase \
+          actionUrl:${{ env.GITHUB_ACTION_RUN_URL }} \
           service_credentials_file:${{ env.APP_PLAY_FIREBASE_CREDS_PATH }}
 
       - name: Publish beta artifacts to Firebase
-        if: ${{ (matrix.variant == 'prod' && matrix.artifact == 'apk') && github.ref_name == 'main' && inputs.distribute-to-firebase }}
+        if: ${{ (matrix.variant == 'prod' && matrix.artifact == 'apk') && (inputs.distribute-to-firebase || github.event_name == 'push') }}
         env:
           APP_PLAY_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json
         run: |
           bundle exec fastlane distributeBetaPlayStoreToFirebase \
+          actionUrl:${{ env.GITHUB_ACTION_RUN_URL }} \
           service_credentials_file:${{ env.APP_PLAY_FIREBASE_CREDS_PATH }}
 
       - name: Verify Play Store credentials
@@ -368,20 +417,22 @@ jobs:
           bundle exec fastlane run validate_play_store_json_key
 
       - name: Publish Play Store bundle
-        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' && inputs.publish-to-play-store }}
-        run: bundle exec fastlane publishForInternalTesting
+        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' && (inputs.publish-to-play-store || github.ref_name == 'main') }}
+        run: |
+          bundle exec fastlane publishProdToPlayStore
+          bundle exec fastlane publishBetaToPlayStore
 
   publish_fdroid:
     name: Publish F-Droid artifacts
     needs:
       - build
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Configure Ruby
-        uses: ruby/setup-ruby@3783f195e29b74ae398d7caca108814bbafde90e # v1.180.1
+        uses: ruby/setup-ruby@829114fc20da43a41d27359103ec7a63020954d4 # v1.255.0
         with:
           bundler-cache: true
 
@@ -392,9 +443,18 @@ jobs:
           bundle install --jobs 4 --retry 3
 
       - name: Log in to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-android
+          secrets: "FDROID-KEYSTORE-PASSWORD,FDROID-BETA-KEYSTORE-PASSWORD,FDROID-BETA-KEY-PASSWORD"
 
       - name: Retrieve secrets
         env:
@@ -407,7 +467,7 @@ jobs:
           --name app_beta_fdroid-keystore.jks --file ${{ github.workspace }}/keystores/app_beta_fdroid-keystore.jks --output none
 
       - name: Download Firebase credentials
-        if: ${{ inputs.distribute-to-firebase }}
+        if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
         env:
           ACCOUNT_NAME: bitwardenci
           CONTAINER_NAME: mobile
@@ -417,11 +477,14 @@ jobs:
           az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
           --name app_fdroid_firebase-creds.json --file ${{ github.workspace }}/secrets/app_fdroid_firebase-creds.json --output none
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2
+        uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
 
       - name: Cache Gradle files
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: |
             ~/.gradle/caches
@@ -431,7 +494,7 @@ jobs:
             ${{ runner.os }}-gradle-v2-
 
       - name: Cache build output
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: |
             ${{ github.workspace }}/build-cache
@@ -440,22 +503,38 @@ jobs:
             ${{ runner.os }}-build-
 
       - name: Configure JDK
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
           distribution: "temurin"
           java-version: ${{ env.JAVA_VERSION }}
 
+      - name: Update app CI Build info
+        run: |
+          ./scripts/update_app_ci_build_info.sh \
+          $GITHUB_REPOSITORY \
+          $GITHUB_REF_NAME \
+          $GITHUB_SHA \
+          $GITHUB_RUN_ID \
+          $GITHUB_RUN_ATTEMPT
+
       # Start from 11000 to prevent collisions with mobile build version codes
       - name: Increment version
         run: |
-          DEFAULT_VERSION_CODE=$((11000+$GITHUB_RUN_NUMBER))
+          DEFAULT_VERSION_CODE=$((11000+GITHUB_RUN_NUMBER))
+          VERSION_CODE="${{ inputs.version-code || '$DEFAULT_VERSION_CODE' }}"
           bundle exec fastlane setBuildVersionInfo \
-          versionCode:${{ inputs.version-code || '$DEFAULT_VERSION_CODE' }} \
+          versionCode:$VERSION_CODE \
           versionName:${{ inputs.version-name || '' }}
 
+          regex='appVersionName = "([^"]+)"'
+          if [[ "$(cat gradle/libs.versions.toml)" =~ $regex ]]; then
+            VERSION_NAME="${BASH_REMATCH[1]}"
+          fi
+          echo "Version Name: ${VERSION_NAME}" >> $GITHUB_STEP_SUMMARY
+          echo "Version Number: $VERSION_CODE" >> $GITHUB_STEP_SUMMARY
       - name: Generate F-Droid artifacts
         env:
-          FDROID_STORE_PASSWORD: ${{ secrets.FDROID_KEYSTORE_PASSWORD }}
+          FDROID_STORE_PASSWORD: ${{ steps.get-kv-secrets.outputs.FDROID-KEYSTORE-PASSWORD }}
         run: |
           bundle exec fastlane assembleFDroidReleaseApk \
           storeFile:app_fdroid-keystore.jks \
@@ -463,45 +542,64 @@ jobs:
           keyAlias:bitwarden \
           keyPassword:"${{ env.FDROID_STORE_PASSWORD }}"
 
-            # Generate the F-Droid APK for publishing
       - name: Generate F-Droid Beta Artifacts
         env:
-          FDROID_BETA_KEYSTORE_PASSWORD: ${{ secrets.FDROID_BETA_KEYSTORE_PASSWORD }}
-          FDROID_BETA_KEY_PASSWORD: ${{ secrets.FDROID_BETA_KEY_PASSWORD }}
+          FDROID-BETA-KEYSTORE-PASSWORD: ${{ steps.get-kv-secrets.outputs.FDROID-BETA-KEYSTORE-PASSWORD }}
+          FDROID-BETA-KEY-PASSWORD: ${{ steps.get-kv-secrets.outputs.FDROID-BETA-KEY-PASSWORD }}
         run: |
           bundle exec fastlane assembleFDroidBetaApk \
           storeFile:app_beta_fdroid-keystore.jks \
-          storePassword:"${{ env.FDROID_BETA_KEYSTORE_PASSWORD }}" \
+          storePassword:"${{ env.FDROID-BETA-KEYSTORE-PASSWORD }}" \
           keyAlias:bitwarden-beta \
-          keyPassword:"${{ env.FDROID_BETA_KEY_PASSWORD }}"
+          keyPassword:"${{ env.FDROID-BETA-KEY-PASSWORD }}"
 
       - name: Upload F-Droid .apk artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: com.x8bit.bitwarden-fdroid.apk
-          path: app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid-release.apk
+          path: app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid.apk
           if-no-files-found: error
 
       - name: Create checksum for F-Droid artifact
         run: |
-          sha256sum "app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid-release.apk" \
-          > ./bw-fdroid-apk-sha256.txt
+          sha256sum "app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid.apk" \
+          > ./com.x8bit.bitwarden-fdroid.apk-sha256.txt
 
       - name: Upload F-Droid SHA file
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
-          name: bw-fdroid-apk-sha256.txt
-          path: ./bw-fdroid-apk-sha256.txt
+          name: com.x8bit.bitwarden-fdroid.apk-sha256.txt
+          path: ./com.x8bit.bitwarden-fdroid.apk-sha256.txt
+          if-no-files-found: error
+
+      - name: Upload F-Droid Beta .apk artifact
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: com.x8bit.bitwarden.beta-fdroid.apk
+          path: app/build/outputs/apk/fdroid/beta/com.x8bit.bitwarden.beta-fdroid.apk
+          if-no-files-found: error
+
+      - name: Create checksum for F-Droid Beta artifact
+        run: |
+          sha256sum "app/build/outputs/apk/fdroid/beta/com.x8bit.bitwarden.beta-fdroid.apk" \
+          > ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
+
+      - name: Upload F-Droid Beta SHA file
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
+          path: ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
           if-no-files-found: error
 
       - name: Install Firebase app distribution plugin
-        if: ${{ github.ref_name == 'main' && inputs.distribute_to_firebase }}
+        if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
         run: bundle exec fastlane add_plugin firebase_app_distribution
 
       - name: Publish release F-Droid artifacts to Firebase
-        if: ${{ github.ref_name == 'main' && inputs.distribute_to_firebase }}
+        if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
         env:
           APP_FDROID_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_fdroid_firebase-creds.json
         run: |
           bundle exec fastlane distributeReleaseFDroidToFirebase \
+          actionUrl:${{ env.GITHUB_ACTION_RUN_URL }} \
           service_credentials_file:${{ env.APP_FDROID_FIREBASE_CREDS_PATH }}

.github/workflows/cron-sync-google-priviledged-browsers.yml

@@ -0,0 +1,98 @@
+name: Cron / Sync Google Privileged Browsers List
+
+on:
+  schedule:
+    # Run weekly on Monday at 00:00 UTC
+    - cron: '0 0 * * 1'
+  workflow_dispatch:
+
+env:
+  SOURCE_URL: https://www.gstatic.com/gpm-passkeys-privileged-apps/apps.json
+  GOOGLE_FILE: app/src/main/assets/fido2_privileged_google.json
+  COMMUNITY_FILE: app/src/main/assets/fido2_privileged_community.json
+
+jobs:
+  sync-privileged-browsers:
+    name: Sync Google Privileged Browsers List
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Download Google Privileged Browsers List
+        run: curl -s $SOURCE_URL -o $GOOGLE_FILE
+
+      - name: Check for changes
+        id: check-changes
+        run: |
+          if git diff --quiet -- $GOOGLE_FILE; then
+            echo "👀 No changes detected, skipping..."
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          echo "has_changes=true" >> $GITHUB_OUTPUT
+          echo "👀 Changes detected, validating fido2_privileged_google.json..."
+
+          python .github/scripts/validate-json/validate_json.py validate $GOOGLE_FILE
+          if [ $? -ne 0 ]; then
+            echo "::error::JSON validation failed for $GOOGLE_FILE"
+            exit 1
+          fi
+
+          echo "👀 fido2_privileged_google.json is valid, checking for duplicates..."
+
+          # Check for duplicates between Google and Community files
+          python .github/scripts/validate-json/validate_json.py duplicates $GOOGLE_FILE $COMMUNITY_FILE duplicates.txt
+
+          if [ -f duplicates.txt ]; then
+            echo "::warning::Duplicate package names found between Google and Community files."
+            echo "duplicates_found=true" >> $GITHUB_OUTPUT
+          else
+            echo "✅ No duplicate package names found between Google and Community files"
+            echo "duplicates_found=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create branch and commit
+        if: steps.check-changes.outputs.has_changes == 'true'
+        run: |
+          echo "👀 Committing fido2_privileged_google.json..."
+
+          BRANCH_NAME="cron-sync-privileged-browsers/$GITHUB_RUN_NUMBER-sync"
+          git config user.name "GitHub Actions Bot"
+          git config user.email "actions@github.com"
+          git checkout -b $BRANCH_NAME
+          git add $GOOGLE_FILE
+          git commit -m "Update Google privileged browsers list"
+          git push origin $BRANCH_NAME
+          echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
+          echo "🌱 Branch created: $BRANCH_NAME"
+
+      - name: Create Pull Request
+        if: steps.check-changes.outputs.has_changes == 'true'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DUPLICATES_FOUND: ${{ steps.check-changes.outputs.duplicates_found }}
+          BASE_PR_URL: ${{ github.server_url }}/${{ github.repository }}/pull/
+        run: |
+          PR_BODY="Updates the Google privileged browsers list with the latest data from $SOURCE_URL"
+
+          if [ "$DUPLICATES_FOUND" = "true" ]; then
+            PR_BODY="$PR_BODY\n\n> [!WARNING]\n> :suspect: The following package(s) appear in both Google and Community files:"
+            while IFS= read -r line; do
+              PR_BODY="$PR_BODY\n> - $line"
+            done < duplicates.txt
+          fi
+
+          # Use echo -e to interpret escape sequences and pipe to gh pr create
+          PR_URL=$(echo -e "$PR_BODY" | gh pr create \
+            --title "Update Google privileged browsers list" \
+            --body-file - \
+            --base main \
+            --head $BRANCH_NAME \
+            --label "automated-pr" \
+            --label "t:ci")

.github/workflows/crowdin-pull.yml

@@ -0,0 +1,71 @@
+name: Cron / Crowdin Pull
+run-name: Crowdin Pull - ${{ github.event_name == 'workflow_dispatch' && 'Manual' || 'Scheduled' }}
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * 5'
+
+jobs:
+  crowdin-sync:
+    name: Crowdin Pull - ${{ github.event_name }}
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write
+      pull-requests: write
+      id-token: write
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Generate GH App token
+        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
+        id: app-token
+        with:
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
+
+      - name: Download translations
+        uses: crowdin/github-action@590c05e09a29f392b203faf4d6aa8e0cd32c7835 # v2.9.1
+        env:
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+          CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
+          _CROWDIN_PROJECT_ID: "269690"
+        with:
+          config: crowdin.yml
+          upload_sources: false
+          upload_translations: false
+          download_translations: true
+          github_user_name: "bitwarden-devops-bot"
+          github_user_email: "106330231+bitwarden-devops-bot@users.noreply.github.com"
+          commit_message: "Crowdin Pull"
+          localization_branch_name: "crowdin-pull"
+          create_pull_request: true
+          pull_request_title: "Crowdin Pull"
+          pull_request_body: ":inbox_tray: New translations received!"
+          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
+          gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}

.github/workflows/crowdin-push.yml

@@ -0,0 +1,47 @@
+name: CI / Crowdin Push
+run-name: Crowdin Push - ${{ github.event_name == 'workflow_dispatch' && 'Manual' || 'CI' }}
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  crowdin-push:
+    name: Crowdin Push - ${{ github.event_name }}
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "crowdin-api-token"
+
+      - name: Upload sources
+        uses: crowdin/github-action@590c05e09a29f392b203faf4d6aa8e0cd32c7835 # v2.9.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
+          _CROWDIN_PROJECT_ID: "269690"
+        with:
+          config: crowdin.yml
+          upload_sources: true
+          upload_translations: false
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main

.github/workflows/github-release.yml

@@ -0,0 +1,282 @@
+name: Create GitHub Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      artifact-run-id:
+        description: 'GitHub Action Run ID containing artifacts'
+        required: true
+        type: string
+      release-ticket-id:
+        description: 'Release Ticket ID - e.g. RELEASE-1762'
+        required: true
+        type: string
+
+env:
+    ARTIFACTS_PATH: artifacts
+
+jobs:
+  create-release:
+    name: Create GitHub Release
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write
+      id-token: write
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        with:
+          fetch-depth: 0
+
+      - name: Log inputs to job summary
+        uses: ./.github/actions/log-inputs
+        with:
+          inputs: ${{ toJson(inputs) }}
+
+      - name: Get branch from workflow run
+        id: get_release_branch
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
+        run: |
+          workflow_data=$(gh run view $ARTIFACT_RUN_ID --json headBranch,workflowName)
+          release_branch=$(echo "$workflow_data" | jq -r .headBranch)
+          workflow_name=$(echo "$workflow_data" | jq -r .workflowName)
+
+          # branch protection check
+          if [[ "$release_branch" != "main" && ! "$release_branch" =~ ^release/ ]]; then
+            echo "::error::Branch '$release_branch' is not 'main' or a release branch starting with 'release/'. Releases must be created from protected branches."
+            exit 1
+          fi
+
+          echo "🔖 Release branch: $release_branch"
+          echo "🔖 Workflow name: $workflow_name"
+          echo "release_branch=$release_branch" >> $GITHUB_OUTPUT
+          echo "workflow_name=$workflow_name" >> $GITHUB_OUTPUT
+
+          case "$workflow_name" in
+            *"Password Manager"* | "Build")
+              app_name="Password Manager"
+              app_name_suffix="bwpm"
+              ;;
+            *"Authenticator"*)
+              app_name="Authenticator"
+              app_name_suffix="bwa"
+              ;;
+            *)
+              echo "::error::Unknown workflow name: $workflow_name"
+              exit 1
+              ;;
+          esac
+          echo "🔖 App name: $app_name"
+          echo "🔖 App name suffix: $app_name_suffix"
+          echo "app_name=$app_name" >> $GITHUB_OUTPUT
+          echo "app_name_suffix=$app_name_suffix" >> $GITHUB_OUTPUT
+
+      - name: Get version info from run logs and set release tag name
+        id: get_release_info
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
+          _APP_NAME_SUFFIX: ${{ steps.get_release_branch.outputs.app_name_suffix }}
+        run: |
+          workflow_log=$(gh run view $ARTIFACT_RUN_ID --log)
+
+          version_number_with_trailing_dot=$(grep -m 1 "Setting version code to" <<< "$workflow_log" | sed 's/.*Setting version code to //')
+          version_number=${version_number_with_trailing_dot%.} # remove trailing dot
+
+          version_name_with_trailing_dot=$(grep -m 1 "Setting version name to" <<< "$workflow_log" | sed 's/.*Setting version name to //')
+          version_name=${version_name_with_trailing_dot%.} # remove trailing dot
+
+          if [[ -z "$version_name" ]]; then
+            echo "::warning::Version name not found. Using default value - 0.0.0"
+            version_name="0.0.0"
+          else
+            echo "✅ Found version name: $version_name"
+          fi
+
+          if [[ -z "$version_number" ]]; then
+            echo "::warning::Version number not found. Using default value - 0"
+            version_number="0"
+          else
+            echo "✅ Found version number: $version_number"
+          fi
+
+          echo "version_number=$version_number" >> $GITHUB_OUTPUT
+          echo "version_name=$version_name" >> $GITHUB_OUTPUT
+
+          tag_name="v$version_name-$_APP_NAME_SUFFIX" # e.g. v2025.6.0-bwpm
+          echo "🔖 New tag name: $tag_name"
+          echo "tag_name=$tag_name" >> $GITHUB_OUTPUT
+
+          last_release_tag=$(git tag -l --sort=-authordate | grep "$_APP_NAME_SUFFIX" | head -n 1)
+          echo "🔖 Last release tag: $last_release_tag"
+          echo "last_release_tag=$last_release_tag" >> $GITHUB_OUTPUT
+
+      - name: Download artifacts
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
+        run: |
+          gh run download $ARTIFACT_RUN_ID -D $ARTIFACTS_PATH
+          file_count=$(find $ARTIFACTS_PATH -type f | wc -l)
+          echo "Downloaded $file_count file(s)."
+          if [ "$file_count" -gt 0 ]; then
+            echo "Downloaded files:"
+            find $ARTIFACTS_PATH -type f
+          fi
+
+          # Files that won't be included in any release
+          files_to_remove=(
+            "com.x8bit.bitwarden.aab"
+            "com.x8bit.bitwarden.aab-sha256.txt"
+
+            "com.x8bit.bitwarden.beta.apk"
+            "com.x8bit.bitwarden.beta.apk-sha256.txt"
+            "com.x8bit.bitwarden.beta.aab"
+            "com.x8bit.bitwarden.beta.aab-sha256.txt"
+
+            "com.x8bit.bitwarden.beta-fdroid.apk"
+            "com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt"
+
+            "com.x8bit.bitwarden.dev.apk"
+            "com.x8bit.bitwarden.dev.apk-sha256.txt"
+
+            "com.bitwarden.authenticator.aab"
+            "authenticator-android-aab-sha256.txt"
+          )
+
+          for file in "${files_to_remove[@]}"; do
+            find $ARTIFACTS_PATH -name "$file" -type f -delete
+          done
+          echo "🔖 Removed internal artifacts."
+          echo ""
+          echo "🔖 Files to be included in the release:"
+          find $ARTIFACTS_PATH -type f
+
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-android
+          secrets: "JIRA-API-EMAIL,JIRA-API-TOKEN"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Get product release notes
+        id: get_release_notes
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
+          _VERSION_NAME: ${{ steps.get_release_info.outputs.version_name }}
+          _RELEASE_TICKET_ID: ${{ inputs.release-ticket-id }}
+          _JIRA_API_EMAIL: ${{ steps.get-kv-secrets.outputs.JIRA-API-EMAIL }}
+          _JIRA_API_TOKEN: ${{ steps.get-kv-secrets.outputs.JIRA-API-TOKEN }}
+        run: |
+          echo "Getting product release notes"
+          product_release_notes=$(python3 .github/scripts/jira-get-release-notes/jira_release_notes.py $_RELEASE_TICKET_ID $_JIRA_API_EMAIL $_JIRA_API_TOKEN)
+
+          if [[ -z "$product_release_notes" || $product_release_notes == "Error checking"* ]]; then
+            echo "::warning::Failed to fetch release notes from Jira. Output: $product_release_notes"
+            product_release_notes="<insert product release notes here>"
+          else
+            echo "✅ Product release notes:"
+            echo "$product_release_notes"
+          fi
+
+          echo "$product_release_notes" > product_release_notes.txt
+
+      - name: Create Release
+        id: create_release
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          _APP_NAME: ${{ steps.get_release_branch.outputs.app_name }}
+          _VERSION_NAME: ${{ steps.get_release_info.outputs.version_name }}
+          _VERSION_NUMBER: ${{ steps.get_release_info.outputs.version_number }}
+          _TARGET_COMMIT: ${{ steps.get_release_branch.outputs.release_branch }}
+          _TAG_NAME: ${{ steps.get_release_info.outputs.tag_name }}
+          _LAST_RELEASE_TAG: ${{ steps.get_release_info.outputs.last_release_tag }}
+        run: |
+          is_latest_release=false
+          if [[ "$_APP_NAME" == "Password Manager" ]]; then
+            is_latest_release=true
+          fi
+
+          echo "⌛️ Creating release for $_APP_NAME $_VERSION_NAME ($_VERSION_NUMBER) on $_TARGET_COMMIT"
+          release_url=$(gh release create "$_TAG_NAME" \
+            --title "$_APP_NAME $_VERSION_NAME ($_VERSION_NUMBER)" \
+            --target "$_TARGET_COMMIT" \
+            --generate-notes \
+            --notes-start-tag "$_LAST_RELEASE_TAG" \
+            --latest=$is_latest_release \
+            --draft \
+            $ARTIFACTS_PATH/*/*)
+
+          # Extract release tag from URL
+          release_id_from_url=$(echo "$release_url" | sed 's/.*\/tag\///')
+          echo "release_id_from_url=$release_id_from_url" >> $GITHUB_OUTPUT
+          echo "url=$release_url" >> $GITHUB_OUTPUT
+
+          echo "✅ Release created: $release_url"
+          echo "🔖 Release ID from URL: $release_id_from_url"
+
+      - name: Update Release Description
+        id: update_release_description
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
+          _VERSION_NAME: ${{ steps.get_release_info.outputs.version_name }}
+          _RELEASE_ID: ${{ steps.create_release.outputs.release_id_from_url }}
+        run: |
+          echo "Getting current release body. Release ID: $_RELEASE_ID"
+          current_body=$(gh release view "$_RELEASE_ID" --json body --jq .body)
+
+          product_release_notes=$(cat product_release_notes.txt)
+
+          # Update release description with product release notes and builds source
+          updated_body="# Overview
+          ${product_release_notes}
+
+          ${current_body}
+          **Builds Source:** https://github.com/${{ github.repository }}/actions/runs/$ARTIFACT_RUN_ID"
+
+          new_release_url=$(gh release edit "$_RELEASE_ID" --notes "$updated_body")
+
+          # draft release links change after editing
+          echo "release_url=$new_release_url" >> $GITHUB_OUTPUT
+
+      - name: Add Release Summary
+        env:
+          _RELEASE_TAG: ${{ steps.get_release_info.outputs.tag_name }}
+          _LAST_RELEASE_TAG: ${{ steps.get_release_info.outputs.last_release_tag }}
+          _VERSION_NAME: ${{ steps.get_release_info.outputs.version_name }}
+          _VERSION_NUMBER: ${{ steps.get_release_info.outputs.version_number }}
+          _RELEASE_BRANCH: ${{ steps.get_release_branch.outputs.release_branch }}
+          _RELEASE_URL: ${{ steps.update_release_description.outputs.release_url }}
+        run: |
+          echo "# :fish_cake: Release ready at:" >> $GITHUB_STEP_SUMMARY
+          echo "$_RELEASE_URL" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+
+          if [[ "$_VERSION_NAME" == "0.0.0" || "$_VERSION_NUMBER" == "0" ]]; then
+            echo "> [!CAUTION]" >> $GITHUB_STEP_SUMMARY
+            echo "> Version name or number wasn't previously found and a default value was used. You'll need to manually update the release Title, Tag and Description, specifically, the "Full Changelog" link." >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+          fi
+
+          echo ":clipboard: Confirm that the defined GitHub Release options are correct:"  >> $GITHUB_STEP_SUMMARY
+          echo " * :bookmark: New tag name: \`$_RELEASE_TAG\`" >> $GITHUB_STEP_SUMMARY
+          echo " * :palm_tree: Target branch: \`$_RELEASE_BRANCH\`" >> $GITHUB_STEP_SUMMARY
+          echo " * :ocean: Previous tag set in the description \"Full Changelog\" link: \`$_LAST_RELEASE_TAG\`" >> $GITHUB_STEP_SUMMARY
+          echo " * :white_check_mark: Description has automated release notes and they match the commits in the release branch" >> $GITHUB_STEP_SUMMARY
+          echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
+          echo "> Commits directly pushed to branches without a Pull Request won't appear in the automated release notes." >> $GITHUB_STEP_SUMMARY

.github/workflows/publish-github-release.yml

@@ -0,0 +1,36 @@
+name: Publish Password Manager and Authenticator GitHub Release as newest
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 3 * * 1-5'
+
+permissions:
+  contents: write
+  id-token: write
+  actions: read
+
+jobs:
+  publish-release-password-manager:
+    name: Publish Password Manager Release
+    uses: bitwarden/gh-actions/.github/workflows/_publish-mobile-github-release.yml@main
+    with:
+      release_name: "Password Manager"
+      workflow_name: "publish-github-release.yml"
+      credentials_filename: "play_creds.json"
+      project_type: android
+      check_release_command: >
+        bundle exec fastlane getLatestPlayStoreVersion package_name:com.x8bit.bitwarden track:production
+    secrets: inherit
+
+  publish-release-authenticator:
+    name: Publish Authenticator Release
+    uses: bitwarden/gh-actions/.github/workflows/_publish-mobile-github-release.yml@main
+    with:
+      release_name: "Authenticator"
+      workflow_name: "publish-github-release.yml"
+      credentials_filename: "authenticator_play_store-creds.json"
+      project_type: android
+      check_release_command: >
+        bundle exec fastlane getLatestPlayStoreVersion package_name:com.bitwarden.authenticator track:production
+    secrets: inherit

.github/workflows/publish-store.yml

@@ -0,0 +1,160 @@
+name: Publish to Google Play
+run-name: "Promoting ${{ inputs.product }} ${{ inputs.version-code }} from ${{ inputs.track-from }} to ${{ inputs.track-target }}"
+on:
+  workflow_dispatch:
+    inputs:
+      product:
+        description: "Which app is being released."
+        type: choice
+        options:
+          - Password Manager
+          - Authenticator
+      version-name:
+        description: "Version name to promote to production ex 2025.1.1"
+        type: string
+      version-code:
+        description: "Build number to promote to production."
+        required: true
+        type: string
+      rollout-percentage:
+          description: "Percentage of users who will receive this version update."
+          required: true
+          type: choice
+          options:
+            - 10%
+            - 30%
+            - 50%
+            - 100%
+          default: 10%
+      release-notes:
+        description: "Change notes to be included with this release."
+        type: string
+        default: "Bug fixes."
+        required: true
+      track-from:
+        description: "Track to promote from."
+        type: choice
+        options:
+          - internal
+          - Fastlane Automation Source
+        required: true
+        default: "internal"
+      track-target:
+        description: "Track to promote to."
+        type: choice
+        options:
+          - production
+          - Fastlane Automation Target
+        required: true
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GITHUB_ACTION_RUN_URL: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+
+permissions:
+  contents: read
+  packages: read
+  id-token: write
+
+jobs:
+    promote:
+      runs-on: ubuntu-24.04
+      name: Promote build to Production in Play Store
+
+      steps:
+        - name: Log inputs to job summary
+          run: |
+            echo "<details><summary>Job Inputs</summary>" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo '```json' >> $GITHUB_STEP_SUMMARY
+            echo '${{ toJson(inputs) }}' >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            echo "</details>" >> $GITHUB_STEP_SUMMARY
+
+        - name: Check out repo
+          uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+        - name: Configure Ruby
+          uses: ruby/setup-ruby@829114fc20da43a41d27359103ec7a63020954d4 # v1.255.0
+          with:
+            bundler-cache: true
+
+        - name: Install Fastlane
+          run: |
+            gem install bundler:2.2.27
+            bundle config path vendor/bundle
+            bundle install --jobs 4 --retry 3
+
+        - name: Log in to Azure
+          uses: bitwarden/gh-actions/azure-login@main
+          with:
+            subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+            tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+            client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+        - name: Get Azure Key Vault secrets
+          id: get-kv-secrets
+          uses: bitwarden/gh-actions/get-keyvault-secrets@main
+          with:
+            keyvault: gh-android
+            secrets: "PLAY-BETA-KEYSTORE-PASSWORD,PLAY-BETA-KEY-PASSWORD"
+
+        - name: Retrieve secrets
+          env:
+            ACCOUNT_NAME: bitwardenci
+            CONTAINER_NAME: mobile
+          run: |
+            mkdir -p ${{ github.workspace }}/secrets
+            mkdir -p ${{ github.workspace }}/app/src/standardRelease
+
+            az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+            --name play_creds.json --file ${{ github.workspace }}/secrets/play_creds.json --output none
+
+            az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+            --name authenticator_play_store-creds.json --file ${{ github.workspace }}/secrets/authenticator_play_store-creds.json --output none
+
+        - name: Log out from Azure
+          uses: bitwarden/gh-actions/azure-logout@main
+
+        - name: Format Release Notes
+          run: |
+            FORMATTED_MESSAGE="$(echo "${{ inputs.release-notes }}" | sed 's/  /\n/g')"
+            echo "RELEASE_NOTES<<EOF" >> $GITHUB_ENV
+            echo "$FORMATTED_MESSAGE" >> $GITHUB_ENV
+            echo "EOF" >> $GITHUB_ENV
+        - name: Promote Play Store version to production
+          env:
+            PLAY_KEYSTORE_PASSWORD: ${{ steps.get-kv-secrets.outputs.PLAY-BETA-KEYSTORE-PASSWORD }}
+            PLAY_KEY_PASSWORD: ${{ steps.get-kv-secrets.outputs.PLAY-BETA-KEY-PASSWORD }}
+            VERSION_CODE_INPUT: ${{ inputs.version-code }}
+            VERSION_NAME: ${{inputs.version-name}}
+            ROLLOUT_PERCENTAGE: ${{ inputs.rollout-percentage }}
+            PRODUCT: ${{ inputs.product }}
+            TRACK_FROM: ${{ inputs.track-from }}
+            TRACK_TARGET: ${{ inputs.track-target }}
+          run: |
+            if [ "$PRODUCT" = "Password Manager" ]; then
+              PACKAGE_NAME="com.x8bit.bitwarden"
+            elif [ "$PRODUCT" = "Authenticator" ]; then
+              PACKAGE_NAME="com.bitwarden.authenticator"
+            else
+              echo "Unsupported product: $PRODUCT"
+              exit 1
+            fi
+
+            VERSION_CODE=$(echo "${VERSION_CODE_INPUT}" | tr -d ',')
+
+            decimal=$(echo "scale=2; ${ROLLOUT_PERCENTAGE/\%/} / 100" | bc)
+
+            bundle exec fastlane updateReleaseNotes \
+              releaseNotes:"$RELEASE_NOTES" \
+              versionCode:"$VERSION_CODE" \
+              packageName:"$PACKAGE_NAME"
+
+            bundle exec fastlane promoteToProduction \
+              versionCode:"$VERSION_CODE" \
+              versionName:"$VERSION_NAME" \
+              rolloutPercentage:"$decimal" \
+              packageName:"$PACKAGE_NAME" \
+              releaseNotes:"$RELEASE_NOTES" \
+              track:"$TRACK_FROM" \
+              trackPromoteTo:"$TRACK_TARGET"

.github/workflows/release-branch.yml

@@ -0,0 +1,85 @@
+name: Cut Release Branch
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_type:
+        description: 'Release Type'
+        required: true
+        type: choice
+        options:
+          - RC
+          - Hotfix Password Manager
+          - Hotfix Authenticator
+          - Test
+
+jobs:
+  create-release-branch:
+    name: Create Release Branch
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write
+      actions: write
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        with:
+          fetch-depth: 0
+
+      - name: Create RC or Test Branch
+        id: rc_branch
+        if: inputs.release_type == 'RC' || inputs.release_type == 'Test'
+        env:
+          _TEST_MODE: ${{ inputs.release_type == 'Test' }}
+          _RELEASE_TYPE: ${{ inputs.release_type }}
+        run: |
+          current_date=$(date +'%Y.%-m')
+          branch_name="${current_date}-rc${{ github.run_number }}"
+
+          if [ "$_TEST_MODE" = "true" ]; then
+            branch_name="WORKFLOW-TEST-${branch_name}"
+          fi
+          branch_name="release/${branch_name}"
+
+          git switch main
+          git switch -c $branch_name
+          git push origin $branch_name
+          echo "# :cherry_blossom: ${_RELEASE_TYPE} branch: ${branch_name}" >> $GITHUB_STEP_SUMMARY
+          echo "branch_name=$branch_name" >> $GITHUB_OUTPUT
+
+      - name: Create Hotfix Branch
+        id: hotfix_branch
+        if: startsWith(inputs.release_type, 'Hotfix')
+        env:
+          _RELEASE_TYPE: ${{ inputs.release_type }}
+        run: |
+          app_codename="bwpm"
+          if [ "$_RELEASE_TYPE" == "Hotfix Authenticator" ]; then
+            app_codename="bwa"
+          fi
+          echo "🌿 app codename: $app_codename"
+
+          latest_tag=$(git tag -l --sort=-creatordate | grep "$app_codename" | head -n 1)
+          if [ -z "$latest_tag" ]; then
+            echo "::error::No tags found in the repository"
+            exit 1
+          fi
+          branch_name="release/hotfix-${latest_tag}"
+          echo "🌿 branch name: $branch_name"
+          echo "branch_name=$branch_name" >> $GITHUB_OUTPUT
+          if git show-ref --verify --quiet "refs/remotes/origin/$branch_name"; then
+            echo "# :fire: :warning: Hotfix branch already exists: ${branch_name}" >> $GITHUB_STEP_SUMMARY
+            exit 0
+          fi
+          git switch -c $branch_name $latest_tag
+          git push origin $branch_name
+          echo "# :fire: Hotfix branch: ${branch_name}" >> $GITHUB_STEP_SUMMARY
+
+      - name: Trigger CI Workflows
+        env:
+          GH_TOKEN: ${{ github.token }}
+          _BRANCH_NAME: ${{ steps.rc_branch.outputs.branch_name || steps.hotfix_branch.outputs.branch_name }}
+        run: |
+          echo "🌿 branch name: $_BRANCH_NAME"
+          gh workflow run build.yml --ref $_BRANCH_NAME -f distribute-to-firebase=true -f publish-to-play-store=true
+          gh workflow run build-authenticator.yml --ref $_BRANCH_NAME -f distribute-to-firebase=true -f publish-to-play-store=true

.github/workflows/scan-ci.yml

@@ -0,0 +1,35 @@
+name: Scan Protected Branches On Push
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+
+permissions: {}
+
+jobs:
+  sast:
+    name: Checkmarx
+    uses: bitwarden/gh-actions/.github/workflows/_checkmarx.yml@main
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      contents: read
+      pull-requests: write
+      security-events: write
+      id-token: write
+
+  quality:
+    name: Sonar
+    uses: bitwarden/gh-actions/.github/workflows/_sonar.yml@main
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      contents: read
+      pull-requests: write
+      id-token: write

.github/workflows/scan.yml

@@ -1,42 +1,48 @@
-name: Scan
+name: Scan Pull Requests
 
 on:
   workflow_dispatch:
-  push:
-    branches:
-      - "main"
-      - "rc"
-      - "hotfix-rc"
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches-ignore:
+      - main
   pull_request_target:
-    types: [opened, synchronize]
+    types: [opened, synchronize, reopened]
+    branches:
+      - main
+
+permissions: {}
 
 jobs:
   check-run:
     name: Check PR run
     uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+    permissions:
+      contents: read
 
   sast:
-    name: SAST scan
-    runs-on: ubuntu-22.04
+    name: Checkmarx
+    uses: bitwarden/gh-actions/.github/workflows/_checkmarx.yml@main
     needs: check-run
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
     permissions:
       contents: read
       pull-requests: write
       security-events: write
+      id-token: write
 
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{  github.event.pull_request.head.sha }}
-
-      - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@831a8d51a8a0535c0399f9c12728d8d3cc22d850 # 2.0.28
-        env:
-          INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
-        with:
-          project_name: ${{ github.repository }}
-          cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
-          base_uri: https://ast.checkmarx.net/
-          cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
-          cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
+  quality:
+    name: Sonar
+    uses: bitwarden/gh-actions/.github/workflows/_sonar.yml@main
+    needs: check-run
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      contents: read
+      pull-requests: write
+      id-token: write

.github/workflows/sdlc-sdk-update.yml

@@ -0,0 +1,167 @@
+name: SDLC / SDK Update
+run-name: "SDK ${{inputs.run-mode == 'Update' && format('Update - {0}', inputs.sdk-version) || format('Test #{0} - {1}', inputs.pr-id, inputs.sdk-version)}}"
+
+on:
+  workflow_dispatch:
+    inputs:
+      run-mode:
+        description: "Run Mode"
+        type: choice
+        options:
+          - Test # used for testing sdk-internal repo PRs
+          - Update # opens a PR in this repo updating the SDK
+        default: Test
+      sdk-package:
+        description: "SDK Package ID"
+        required: true
+        default: "com.bitwarden:sdk-android.dev"
+      sdk-version:
+        description: "SDK Version"
+        required: true
+        default: "1.0.0-2686-km-update-kdf-sdk"
+      pr-id:
+        description: "Pull Request ID"
+
+jobs:
+  update:
+    name: Update and PR
+    if: ${{ inputs.run-mode == 'Update' }}
+    runs-on: ubuntu-24.04
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Generate GH App token
+        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
+        id: app-token
+        with:
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
+
+      - name: Check out repo
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+
+      - name: Log inputs to job summary
+        uses: ./.github/actions/log-inputs
+        with:
+          inputs: ${{ toJson(inputs) }}
+
+      - name: Switch to branch
+        id: switch-branch
+        run: |
+          BRANCH_NAME="sdlc/sdk-update"
+          echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
+          git switch -c $BRANCH_NAME
+
+      - name: Get current SDK version
+        id: get-current-sdk
+        run: |
+          SDK_VERSION=$(grep "bitwardenSdk =" gradle/libs.versions.toml | cut -d'"' -f2)
+          GIT_REF=$(echo "$SDK_VERSION" | cut -d'-' -f3-) # handles both commit hashes and branch names
+          echo "Current SDK version: $SDK_VERSION"
+          echo "Current SDK git ref: $GIT_REF"
+          echo "version=$SDK_VERSION" >> $GITHUB_OUTPUT
+          echo "git_ref=$GIT_REF" >> $GITHUB_OUTPUT
+
+      - name: Update SDK Version
+        env:
+          _SDK_PACKAGE: ${{ inputs.sdk-package }}
+          _SDK_VERSION: ${{ inputs.sdk-version }}
+        run: |
+          ./scripts/update-sdk-version.sh "$_SDK_PACKAGE" "$_SDK_VERSION"
+
+      - name: Create branch and commit
+        env:
+          _SDK_PACKAGE: ${{ inputs.sdk-package }}
+          _SDK_VERSION: ${{ inputs.sdk-version }}
+          _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }}
+        run: |
+          echo "👀 Committing SDK version update..."
+
+          git config user.name "bw-ghapp[bot]"
+          git config user.email "178206702+bw-ghapp[bot]@users.noreply.github.com"
+
+          git add gradle/libs.versions.toml
+          git commit -m "SDK Update - $_SDK_PACKAGE $_SDK_VERSION"
+          git push origin $_BRANCH_NAME
+
+      - name: Create Pull Request
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }}
+          _SDK_PACKAGE: ${{ inputs.sdk-package }}
+          _SDK_VERSION: ${{ inputs.sdk-version }}
+          _OLD_SDK_VERSION: ${{ steps.get-current-sdk.outputs.version }}
+          _OLD_SDK_GIT_REF: ${{ steps.get-current-sdk.outputs.git_ref }}
+        run: |
+          NEW_SDK_GIT_REF=$(echo "$_SDK_VERSION" | cut -d'-' -f3-)
+          CHANGELOG=$(./scripts/get-repo-changelog.sh "bitwarden/sdk-internal" "$_OLD_SDK_GIT_REF" "$NEW_SDK_GIT_REF")
+          PR_BODY="Updates the SDK version from \`$_OLD_SDK_VERSION\` to \`$_SDK_PACKAGE $_SDK_VERSION\`
+
+          ## What's Changed
+
+          $CHANGELOG"
+
+          # Use echo -e to interpret escape sequences and pipe to gh pr create
+          PR_URL=$(echo -e "$PR_BODY" | gh pr create \
+            --title "Update SDK to $_SDK_VERSION" \
+            --body-file - \
+            --base main \
+            --head $_BRANCH_NAME \
+            --label "automated-pr" \
+            --label "t:ci")
+
+          echo "🚀 Created PR: $PR_URL"
+          echo "## 🚀 Created PR: $PR_URL" >> $GITHUB_STEP_SUMMARY
+
+  test:
+    name: Test Update
+    if: ${{ inputs.run-mode == 'Test' }}
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      packages: read
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Log inputs to job summary
+        uses: ./.github/actions/log-inputs
+        with:
+          inputs: ${{ toJson(inputs) }}
+
+      - name: Setup Android Build
+        uses: ./.github/actions/setup-android-build
+
+      - name: Update SDK Version
+        env:
+          _SDK_PACKAGE: ${{ inputs.sdk-package }}
+          _SDK_VERSION: ${{ inputs.sdk-version }}
+        run: |
+          ./scripts/update-sdk-version.sh "$_SDK_PACKAGE" "$_SDK_VERSION"
+
+      - name: Build
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Used in settings.gradle.kts to download the SDK from GitHub Maven Packages
+        run: |
+          ./gradlew assembleDebug --warn

.github/workflows/test-device.yml

@@ -0,0 +1,16 @@
+name: Test Device
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: Test Device
+    runs-on: ubuntu-24.04
+
+    steps:
+    - name: Placeholder step
+      run: echo "Placeholder workflow step"

.github/workflows/test.yml

@@ -6,40 +6,34 @@ on:
       - "main"
       - "rc"
       - "hotfix-rc"
-  pull_request_target:
+  pull_request:
     types: [opened, synchronize]
+  merge_group:
+    types: [checks_requested]
   workflow_dispatch:
 
 env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  JAVA_VERSION: 17
+  _JAVA_VERSION: 17
+  _GITHUB_ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }}
+
 
 jobs:
-  check-run:
-    name: Check PR run
-    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
-
   test:
     name: Test
-    runs-on: ubuntu-22.04
-    needs: check-run
+    runs-on: ubuntu-24.04
     permissions:
-      contents: read
-      issues: write
       packages: read
       pull-requests: write
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{  github.event.pull_request.head.sha }}
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2
+        uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
 
       - name: Cache Gradle files
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: |
             ~/.gradle/caches
@@ -49,7 +43,7 @@ jobs:
             ${{ runner.os }}-gradle-v2-
 
       - name: Cache build output
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: |
             ${{ github.workspace }}/build-cache
@@ -58,27 +52,65 @@ jobs:
             ${{ runner.os }}-build-
 
       - name: Configure Ruby
-        uses: ruby/setup-ruby@3783f195e29b74ae398d7caca108814bbafde90e # v1.180.1
+        uses: ruby/setup-ruby@829114fc20da43a41d27359103ec7a63020954d4 # v1.255.0
         with:
           bundler-cache: true
 
       - name: Configure JDK
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
           distribution: "temurin"
-          java-version: ${{ env.JAVA_VERSION }}
+          java-version: ${{ env._JAVA_VERSION }}
+
+      - name: Install Fastlane
+        run: |
+          gem install bundler:2.2.27
+          bundle config path vendor/bundle
+          bundle install --jobs 4 --retry 3
 
       - name: Build and test
-        # Run checks on standard variant only because release and beta builds are not configured to
-        # work properly with the Compose testing library. F-Droid related tasks are also skipped as
-        # there is no significant code difference between the builds.
-        run: |
-          ./gradlew testStandardDebug \
-            lintStandardDebug \
-            detektStandardDebug \
-            koverXmlReportStandardDebug
-
-      - name: Danger
         env:
-          DANGER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: bundle exec danger
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Used in settings.gradle.kts to download the SDK from GitHub Maven Packages
+        run: |
+          bundle exec fastlane check
+
+      - name: Upload test reports
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        if: always()
+        with:
+          name: test-reports
+          path: |
+            build/reports/kover/reportMergedCoverage.xml
+            app/build/reports/tests/
+            authenticator/build/reports/tests/
+            authenticatorbridge/build/reports/tests/
+            core/build/reports/tests/
+            data/build/reports/tests/
+            network/build/reports/tests/
+            ui/build/reports/tests/
+
+      - name: Upload to codecov.io
+        id: upload-to-codecov
+        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        if: github.event_name == 'push' || github.event_name == 'pull_request'
+        continue-on-error: true
+        with:
+          os: linux
+          files: build/reports/kover/reportMergedCoverage.xml
+          fail_ci_if_error: true
+          disable_search: true
+
+      - name: Comment PR if tests failed
+        if: steps.upload-to-codecov.outcome == 'failure' && (github.event_name == 'push' || github.event_name == 'pull_request')
+        env:
+            PR_NUMBER: ${{ github.event.number }}
+            GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            RUN_ACTOR: ${{ github.triggering_actor }}
+        run: |
+          echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+          echo "> Uploading code coverage report failed. Please check the \"Upload to codecov.io\" step of \"Process Test Reports\" job for more details." >> $GITHUB_STEP_SUMMARY
+
+          if [ -n "$PR_NUMBER" ]; then
+            message=$'> [!WARNING]\n> @'$RUN_ACTOR' Uploading code coverage report failed. Please check the "Upload to codecov.io" step of [Process Test Reports job]('$_GITHUB_ACTION_RUN_URL') for more details.'
+            gh pr comment --repo $GITHUB_REPOSITORY $PR_NUMBER --body "$message"
+          fi

.gitignore

@@ -3,6 +3,13 @@
 fastlane/report.xml
 fastlane/README.md
 
+# Ruby / Bundler
+.bundle/
+vendor/
+
+# Backup files
+*.bak
+
 # General
 .DS_Store
 Thumbs.db
@@ -25,5 +32,13 @@ user.properties
 
 # Secrets
 /keystores/*.jks
-/app/src/standardDebug/google-services.json
+/app/src/standardBeta/google-services.json
 /app/src/standardRelease/google-services.json
+/authenticator/src/google-services.json
+
+# Python
+.python-version
+__pycache__/
+
+# Generated by .github/scripts/validate-json/validate-json.py
+duplicates.txt

.husky/pre-commit

@@ -0,0 +1 @@
+npx lint-staged

.ruby-version

@@ -1 +1 @@
-3.3.1
+3.4.2

Dangerfile

@@ -1 +0,0 @@
-shroud.reportKover 'App', 'app/build/reports/kover/reportStandardDebug.xml', 80, 80, false

Gemfile

@@ -2,10 +2,17 @@ source "https://rubygems.org"
 
 ruby File.read(".ruby-version").strip
 
-gem 'danger'
-gem 'danger-shroud'
 gem 'fastlane'
 gem 'time'
 
 plugins_path = File.join(File.dirname(__FILE__), 'fastlane', 'Pluginfile')
 eval_gemfile(plugins_path) if File.exist?(plugins_path)
+
+# Since ruby 3.4.0 these are not included in the standard library
+gem 'abbrev'
+gem 'logger'
+gem 'mutex_m'
+gem 'csv'
+
+# Starting with Ruby 3.5.0, these are not included in the standard library
+gem 'ostruct'

Gemfile.lock

@@ -5,66 +5,48 @@ GEM
       base64
       nkf
       rexml
-    addressable (2.8.6)
-      public_suffix (>= 2.0.2, < 6.0)
+    abbrev (0.1.2)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
     artifactory (3.0.17)
     atomos (0.1.3)
-    aws-eventstream (1.3.0)
-    aws-partitions (1.944.0)
-    aws-sdk-core (3.197.0)
+    aws-eventstream (1.4.0)
+    aws-partitions (1.1139.0)
+    aws-sdk-core (3.228.0)
       aws-eventstream (~> 1, >= 1.3.0)
-      aws-partitions (~> 1, >= 1.651.0)
-      aws-sigv4 (~> 1.8)
+      aws-partitions (~> 1, >= 1.992.0)
+      aws-sigv4 (~> 1.9)
+      base64
+      bigdecimal
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.85.0)
-      aws-sdk-core (~> 3, >= 3.197.0)
-      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.152.3)
-      aws-sdk-core (~> 3, >= 3.197.0)
+      logger
+    aws-sdk-kms (1.109.0)
+      aws-sdk-core (~> 3, >= 3.228.0)
+      aws-sigv4 (~> 1.5)
+    aws-sdk-s3 (1.195.0)
+      aws-sdk-core (~> 3, >= 3.228.0)
       aws-sdk-kms (~> 1)
-      aws-sigv4 (~> 1.8)
-    aws-sigv4 (1.8.0)
+      aws-sigv4 (~> 1.5)
+    aws-sigv4 (1.12.1)
       aws-eventstream (~> 1, >= 1.0.2)
     babosa (1.0.4)
-    base64 (0.2.0)
+    base64 (0.3.0)
+    bigdecimal (3.2.2)
     claide (1.1.0)
-    claide-plugins (0.9.2)
-      cork
-      nap
-      open4 (~> 1.3)
     colored (1.2)
     colored2 (3.1.2)
     commander (4.6.0)
       highline (~> 2.0.0)
-    cork (0.3.0)
-      colored2 (~> 3.1)
-    danger (9.4.3)
-      claide (~> 1.0)
-      claide-plugins (>= 0.9.2)
-      colored2 (~> 3.1)
-      cork (~> 0.1)
-      faraday (>= 0.9.0, < 3.0)
-      faraday-http-cache (~> 2.0)
-      git (~> 1.13)
-      kramdown (~> 2.3)
-      kramdown-parser-gfm (~> 1.0)
-      no_proxy_fix
-      octokit (>= 4.0)
-      terminal-table (>= 1, < 4)
-    danger-plugin-api (1.0.0)
-      danger (> 2.0)
-    danger-shroud (0.0.7)
-      danger-plugin-api (~> 1.0)
-      nokogiri
-    date (3.3.4)
+    csv (3.3.5)
+    date (3.4.1)
     declarative (0.0.20)
-    digest-crc (0.6.5)
+    digest-crc (0.7.0)
       rake (>= 12.0.0, < 14.0.0)
     domain_name (0.6.20240107)
     dotenv (2.8.1)
     emoji_regex (3.2.3)
-    excon (0.110.0)
-    faraday (1.10.3)
+    excon (0.112.0)
+    faraday (1.10.4)
       faraday-em_http (~> 1.0)
       faraday-em_synchrony (~> 1.0)
       faraday-excon (~> 1.1)
@@ -80,22 +62,20 @@ GEM
       faraday (>= 0.8.0)
       http-cookie (~> 1.0.0)
     faraday-em_http (1.0.0)
-    faraday-em_synchrony (1.0.0)
+    faraday-em_synchrony (1.0.1)
     faraday-excon (1.1.0)
-    faraday-http-cache (2.5.1)
-      faraday (>= 0.8)
     faraday-httpclient (1.0.1)
-    faraday-multipart (1.0.4)
-      multipart-post (~> 2)
-    faraday-net_http (1.0.1)
+    faraday-multipart (1.1.1)
+      multipart-post (~> 2.0)
+    faraday-net_http (1.0.2)
     faraday-net_http_persistent (1.2.0)
     faraday-patron (1.0.0)
     faraday-rack (1.0.0)
     faraday-retry (1.0.3)
-    faraday_middleware (1.2.0)
+    faraday_middleware (1.2.1)
       faraday (~> 1.0)
-    fastimage (2.3.1)
-    fastlane (2.221.0)
+    fastimage (2.4.0)
+    fastlane (2.228.0)
       CFPropertyList (>= 2.3, < 4.0.0)
       addressable (>= 2.8, < 3.0.0)
       artifactory (~> 3.0)
@@ -111,6 +91,7 @@ GEM
       faraday-cookie_jar (~> 0.0.6)
       faraday_middleware (~> 1.0)
       fastimage (>= 2.1.0, < 3.0.0)
+      fastlane-sirp (>= 1.0.0)
       gh_inspector (>= 1.1.2, < 2.0.0)
       google-apis-androidpublisher_v3 (~> 0.3)
       google-apis-playcustomapp_v1 (~> 0.1)
@@ -134,15 +115,14 @@ GEM
       tty-spinner (>= 0.8.0, < 1.0.0)
       word_wrap (~> 1.0.0)
       xcodeproj (>= 1.13.0, < 2.0.0)
-      xcpretty (~> 0.3.0)
+      xcpretty (~> 0.4.1)
       xcpretty-travis-formatter (>= 0.0.3, < 2.0.0)
-    fastlane-plugin-firebase_app_distribution (0.9.1)
+    fastlane-plugin-firebase_app_distribution (0.10.1)
       google-apis-firebaseappdistribution_v1 (~> 0.3.0)
       google-apis-firebaseappdistribution_v1alpha (~> 0.2.0)
+    fastlane-sirp (1.0.0)
+      sysrandom (~> 1.0)
     gh_inspector (1.1.3)
-    git (1.19.1)
-      addressable (~> 2.8)
-      rchardet (~> 1.8)
     google-apis-androidpublisher_v3 (0.54.0)
       google-apis-core (>= 0.11.0, < 2.a)
     google-apis-core (0.11.3)
@@ -163,12 +143,12 @@ GEM
       google-apis-core (>= 0.11.0, < 2.a)
     google-apis-storage_v1 (0.31.0)
       google-apis-core (>= 0.11.0, < 2.a)
-    google-cloud-core (1.7.0)
+    google-cloud-core (1.8.0)
       google-cloud-env (>= 1.0, < 3.a)
       google-cloud-errors (~> 1.0)
     google-cloud-env (1.6.0)
       faraday (>= 0.17.3, < 3.0)
-    google-cloud-errors (1.4.0)
+    google-cloud-errors (1.5.0)
     google-cloud-storage (1.47.0)
       addressable (~> 2.8)
       digest-crc (~> 0.4)
@@ -184,56 +164,40 @@ GEM
       os (>= 0.9, < 2.0)
       signet (>= 0.16, < 2.a)
     highline (2.0.3)
-    http-cookie (1.0.6)
+    http-cookie (1.0.8)
       domain_name (~> 0.5)
-    httpclient (2.8.3)
+    httpclient (2.9.0)
+      mutex_m
     jmespath (1.6.2)
-    json (2.7.2)
-    jwt (2.8.1)
+    json (2.13.2)
+    jwt (2.10.2)
       base64
-    kramdown (2.4.0)
-      rexml
-    kramdown-parser-gfm (1.1.0)
-      kramdown (~> 2.0)
-    mini_magick (4.13.1)
+    logger (1.7.0)
+    mini_magick (4.13.2)
     mini_mime (1.1.5)
-    mini_portile2 (2.8.7)
-    multi_json (1.15.0)
+    multi_json (1.17.0)
     multipart-post (2.4.1)
-    nanaimo (0.3.0)
-    nap (1.1.0)
-    naturally (2.2.1)
+    mutex_m (0.3.0)
+    nanaimo (0.4.0)
+    naturally (2.3.0)
     nkf (0.2.0)
-    no_proxy_fix (0.1.2)
-    nokogiri (1.16.6)
-      mini_portile2 (~> 2.8.2)
-      racc (~> 1.4)
-    octokit (9.1.0)
-      faraday (>= 1, < 3)
-      sawyer (~> 0.9)
-    open4 (1.3.4)
-    optparse (0.5.0)
+    optparse (0.6.0)
     os (1.1.4)
-    plist (3.7.1)
-    public_suffix (5.1.1)
-    racc (1.8.0)
-    rake (13.2.1)
-    rchardet (1.8.0)
+    ostruct (0.6.3)
+    plist (3.7.2)
+    public_suffix (6.0.2)
+    rake (13.3.0)
     representable (3.2.0)
       declarative (< 0.1.0)
       trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
     retriable (3.1.2)
-    rexml (3.2.9)
-      strscan
-    rouge (2.0.7)
+    rexml (3.4.1)
+    rouge (3.28.0)
     ruby2_keywords (0.0.5)
-    rubyzip (2.3.2)
-    sawyer (0.9.2)
-      addressable (>= 2.3.5)
-      faraday (>= 0.17.3, < 3)
+    rubyzip (2.4.1)
     security (0.1.5)
-    signet (0.19.0)
+    signet (0.20.0)
       addressable (~> 2.8)
       faraday (>= 0.17.5, < 3.a)
       jwt (>= 1.5, < 3.0)
@@ -241,11 +205,11 @@ GEM
     simctl (1.6.10)
       CFPropertyList
       naturally
-    strscan (3.1.0)
+    sysrandom (1.0.5)
     terminal-notifier (2.0.0)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
-    time (0.3.0)
+    time (0.4.1)
       date
     trailblazer-option (0.1.2)
     tty-cursor (0.7.1)
@@ -253,17 +217,17 @@ GEM
     tty-spinner (0.9.3)
       tty-cursor (~> 0.7)
     uber (0.1.0)
-    unicode-display_width (2.5.0)
+    unicode-display_width (2.6.0)
     word_wrap (1.0.0)
-    xcodeproj (1.24.0)
+    xcodeproj (1.27.0)
       CFPropertyList (>= 2.3.3, < 4.0)
       atomos (~> 0.1.3)
       claide (>= 1.0.2, < 2.0)
       colored2 (~> 3.1)
-      nanaimo (~> 0.3.0)
-      rexml (~> 3.2.4)
-    xcpretty (0.3.0)
-      rouge (~> 2.0.7)
+      nanaimo (~> 0.4.0)
+      rexml (>= 3.3.6, < 4.0)
+    xcpretty (0.4.1)
+      rouge (~> 3.28.0)
     xcpretty-travis-formatter (1.0.1)
       xcpretty (~> 0.2, >= 0.0.7)
 
@@ -271,14 +235,17 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  danger
-  danger-shroud
+  abbrev
+  csv
   fastlane
   fastlane-plugin-firebase_app_distribution
+  logger
+  mutex_m
+  ostruct
   time
 
 RUBY VERSION
-   ruby 3.3.1p55
+   ruby 3.4.2p28
 
 BUNDLED WITH
-   2.5.9
+   2.6.9

README-bwa.md

@@ -0,0 +1,61 @@
+[![Github Workflow build on main](https://github.com/bitwarden/authenticator-android/actions/workflows/build-authenticator.yml/badge.svg?branch=main)](https://github.com/bitwarden/authenticator-android/actions/workflows/build-authenticator.yml?query=branch:main)
+[![Join the chat at https://gitter.im/bitwarden/Lobby](https://badges.gitter.im/bitwarden/Lobby.svg)](https://gitter.im/bitwarden/Lobby)
+
+# Bitwarden Authenticator Android App
+
+<a href="https://play.google.com/store/apps/details?id=com.bitwarden.authenticator" target="_blank"><img alt="Get it on Google Play" src="https://imgur.com/YQzmZi9.png" width="153" height="46"></a>
+
+Bitwarden Authenticator allows you easily store and generate two-factor authentication codes on your device. The Bitwarden Authenticator Android application is written in Kotlin.
+
+<img src="https://raw.githubusercontent.com/bitwarden/brand/master/screenshots/authenticator-android-codes.png" alt="" width="325" height="650" />
+
+## Compatibility
+
+- **Minimum SDK**: 28
+- **Target SDK**: 34
+- **Device Types Supported**: Phone and Tablet
+- **Orientations Supported**: Portrait and Landscape
+
+## Setup
+
+
+1. Clone the repository:
+
+    ```sh
+    $ git clone https://github.com/bitwarden/authenticator-android
+    ```
+
+2. Create a `user.properties` file in the root directory of the project and add the following properties:
+
+    - `gitHubToken`: A "classic" Github Personal Access Token (PAT) with the `read:packages` scope (ex: `gitHubToken=gph_xx...xx`). These can be generated by going to the [Github tokens page](https://github.com/settings/tokens). See [the Github Packages user documentation concerning authentication](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-gradle-registry#authenticating-to-github-packages) for more details.
+
+3. Setup the code style formatter:
+
+    All code must follow the guidelines described in the [Code Style Guidelines document](docs/STYLE_AND_BEST_PRACTICES.md). To aid in adhering to these rules, all contributors should apply `docs/bitwarden-style.xml` as their code style scheme. In IntelliJ / Android Studio:
+
+    - Navigate to `Preferences > Editor > Code Style`.
+    - Hit the `Manage` button next to `Scheme`.
+    - Select `Import`.
+    - Find the `bitwarden-style.xml` file in the project's `docs/` directory.
+    - Import "from" `BitwardenStyle` "to" `BitwardenStyle`.
+    - Hit `Apply` and `OK` to save the changes and exit Preferences.
+
+    Note that in some cases you may need to restart Android Studio for the changes to take effect.
+
+    All code should be formatted before submitting a pull request. This can be done manually but it can also be helpful to create a macro with a custom keyboard binding to auto-format when saving. In Android Studio on OS X:
+
+    - Select `Edit > Macros > Start Macro Recording`
+    - Select `Code > Optimize Imports`
+    - Select `Code > Reformat Code`
+    - Select `File > Save All`
+    - Select `Edit > Macros > Stop Macro Recording`
+
+    This can then be mapped to a set of keys by navigating to `Android Studio > Preferences` and editing the macro under `Keymap` (ex : shift + command + s).
+
+    Please avoid mixing formatting and logical changes in the same commit/PR. When possible, fix any large formatting issues in a separate PR before opening one to make logical changes to the same code. This helps others focus on the meaningful code changes when reviewing the code.
+
+## Contribute
+
+Code contributions are welcome! Please commit any pull requests against the `main` branch. Learn more about how to contribute by reading the [Contributing Guidelines](https://contributing.bitwarden.com/contributing/). Check out the [Contributing Documentation](https://contributing.bitwarden.com/) for how to get started with your first contribution.
+
+Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the [`SECURITY.md`](SECURITY.md) file.

README.md

@@ -4,18 +4,18 @@
 
 - [Compatibility](#compatibility)
 - [Setup](#setup)
+- [Theme](#theme)
 - [Dependencies](#dependencies)
 
 ## Compatibility
 
-- **Minimum SDK**: 28
-- **Target SDK**: 34
+- **Minimum SDK**: 29
+- **Target SDK**: 35
 - **Device Types Supported**: Phone and Tablet
 - **Orientations Supported**: Portrait and Landscape
 
 ## Setup
 
-
 1. Clone the repository:
 
     ```sh
@@ -25,6 +25,7 @@
 2. Create a `user.properties` file in the root directory of the project and add the following properties:
 
     - `gitHubToken`: A "classic" Github Personal Access Token (PAT) with the `read:packages` scope (ex: `gitHubToken=gph_xx...xx`). These can be generated by going to the [Github tokens page](https://github.com/settings/tokens). See [the Github Packages user documentation concerning authentication](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-gradle-registry#authenticating-to-github-packages) for more details.
+    - `localSdk`: A boolean value to determine if the SDK should be loaded from the local maven artifactory (ex: `localSdk=true`). This is particularly useful when developing new SDK capabilities. Review [Linking SDK to clients](https://contributing.bitwarden.com/getting-started/sdk/#linking-the-sdk-to-clients) for more details.
 
 3. Setup the code style formatter:
 
@@ -51,12 +52,77 @@
 
     Please avoid mixing formatting and logical changes in the same commit/PR. When possible, fix any large formatting issues in a separate PR before opening one to make logical changes to the same code. This helps others focus on the meaningful code changes when reviewing the code.
 
+4. Setup JDK `Version` `17`:
+
+    - Navigate to `Preferences > Build, Execution, Deployment > Build Tools > Gradle`.
+    - Hit the selected Gradle JDK next to `Gradle JDK:`.
+    - Select a `17.x` version or hit `Download JDK...` if not present.
+    - Select `Version` `17`.
+    - Select your preferred `Vendor`.
+    - Hit `Download`.
+    - Hit `Apply`.
+
+5. Setup `detekt` pre-commit hook (optional):
+
+Run the following script from the root of the repository to install the hook. This will overwrite any existing pre-commit hook if present.
+
+```shell
+echo "Writing detekt pre-commit hook..."
+cat << 'EOL' > .git/hooks/pre-commit
+#!/usr/bin/env bash
+
+echo "Running detekt check..."
+OUTPUT="/tmp/detekt-$(date +%s)"
+./gradlew -Pprecommit=true detekt > $OUTPUT
+EXIT_CODE=$?
+if [ $EXIT_CODE -ne 0 ]; then
+  cat $OUTPUT
+  rm $OUTPUT
+  echo "***********************************************"
+  echo "                 detekt failed                 "
+  echo " Please fix the above issues before committing "
+  echo "***********************************************"
+  exit $EXIT_CODE
+fi
+rm $OUTPUT
+EOL
+echo "detekt pre-commit hook written to .git/hooks/pre-commit"
+echo "Making the hook executable"
+chmod +x .git/hooks/pre-commit
+
+echo "detekt pre-commit hook installed successfully to .git/hooks/pre-commit"
+```
+
+## Theme
+
+### Icons & Illustrations
+
+The app supports light mode, dark mode and dynamic colors. Most icons in the app will display correctly using tinting but multi-tonal icons and illustrations require extra processing in order to be displayed properly with dynamic colors.
+
+All illustrations and multi-tonal icons require the svg paths to be tagged with the `name` attribute in order for each individual path to be tinted the appropriate color. Any untagged path will not be tinted and the resulting image will be incorrect.
+
+The supported tags are as follows:
+
+* outline
+* primary
+* secondary
+* tertiary
+* accent
+* logo
+* navigation
+* navigationActiveAccent
+
 ## Dependencies
 
 ### Application Dependencies
 
 The following is a list of all third-party dependencies included as part of the application beyond the standard Android SDK.
 
+- **AndroidX Activity**
+    - https://developer.android.com/jetpack/androidx/releases/activity
+    - Purpose: Allows access composable APIs built on top of Activity.
+    - License: Apache 2.0
+
 - **AndroidX Appcompat**
     - https://developer.android.com/jetpack/androidx/releases/appcompat
     - Purpose: Allows access to new APIs on older API versions.
@@ -77,7 +143,7 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: Displays webpages with the user's default browser.
     - License: Apache 2.0
 
-- **AndroidX CameraX Camera2**
+- **AndroidX Camera**
     - https://developer.android.com/jetpack/androidx/releases/camera
     - Purpose: Display and capture images for barcode scanning.
     - License: Apache 2.0
@@ -87,9 +153,9 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: A Kotlin-based declarative UI framework.
     - License: Apache 2.0
 
-- **AndroidX Core SplashScreen**
+- **AndroidX Core**
     - https://developer.android.com/jetpack/androidx/releases/core
-    - Purpose: Backwards compatible SplashScreen API implementation.
+    - Purpose: Backwards compatible platform features and APIs.
     - License: Apache 2.0
 
 - **AndroidX Credentials**
@@ -102,6 +168,11 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: Lifecycle aware components and tooling.
     - License: Apache 2.0
 
+- **AndroidX Navigation**
+    - https://developer.android.com/jetpack/androidx/releases/navigation
+    - Purpose: Provides a consistent API for navigating between Android components.
+    - License: Apache 2.0
+
 - **AndroidX Room**
     - https://developer.android.com/jetpack/androidx/releases/room
     - Purpose: A convenient SQLite-based persistence layer for Android.
@@ -122,16 +193,6 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: Dependency injection framework.
     - License: Apache 2.0
 
-- **Firebase Cloud Messaging**
-    - https://github.com/firebase/firebase-android-sdk
-    - Purpose: Allows for push notification support. (**NOTE:** This dependency is not included in builds distributed via F-Droid.)
-    - License: Apache 2.0
-
-- **Firebase Crashlytics**
-    - https://github.com/firebase/firebase-android-sdk
-    - Purpose: SDK for crash and non-fatal error reporting. (**NOTE:** This dependency is not included in builds distributed via F-Droid.)
-    - License: Apache 2.0
-
 - **Glide**
     - https://github.com/bumptech/glide
     - Purpose: Image loading and caching.
@@ -152,11 +213,6 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: JSON serialization library for Kotlin.
     - License: Apache 2.0
 
-- **kotlinx.serialization converter**
-    - https://github.com/square/retrofit/tree/trunk/retrofit-converters/kotlinx-serialization
-    - Purpose: Converter for Retrofit 2 and kotlinx.serialization.
-    - License: Apache 2.0
-
 - **OkHttp 3**
     - https://github.com/square/okhttp
     - Purpose: An HTTP client used by the library to intercept and log traffic.
@@ -167,16 +223,33 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: A networking layer interface.
     - License: Apache 2.0
 
-- **zxcvbn4j**
-    - https://github.com/nulab/zxcvbn4j
-    - Purpose: Password strength estimation.
-    - License: MIT
+- **Timber**
+    - https://github.com/JakeWharton/timber
+    - Purpose: Extensible logging library for Android.
+    - License: Apache 2.0
 
 - **ZXing**
     - https://github.com/zxing/zxing
     - Purpose: Barcode scanning and generation.
     - License: Apache 2.0
 
+The following is an additional list of third-party dependencies that are only included in the non-F-Droid build variants of the application.
+
+- **Firebase Cloud Messaging**
+    - https://github.com/firebase/firebase-android-sdk
+    - Purpose: Allows for push notification support.
+    - License: Apache 2.0
+
+- **Firebase Crashlytics**
+    - https://github.com/firebase/firebase-android-sdk
+    - Purpose: SDK for crash and non-fatal error reporting.
+    - License: Apache 2.0
+
+- **Google Play Reviews**
+    - https://developer.android.com/reference/com/google/android/play/core/release-notes
+    - Purpose: On standard builds provide an interface to add a review for the password manager application in Google Play.
+    - License: Apache 2.0
+
 ### Development Environment Dependencies
 
 The following is a list of additional third-party dependencies used as part of the local development environment. This includes test-related artifacts as well as tools related to code quality and linting. These are not present in the final packaged application.
@@ -210,16 +283,6 @@ The following is a list of additional third-party dependencies used as part of t
 
 The following is a list of additional third-party dependencies used as part of the CI/CD workflows. These are not present in the final packaged application.
 
-- **Danger**
-    - https://github.com/danger/danger
-    - Purpose: Provides a system for enforcing common Pull Request rules.
-    - License: MIT
-
-- **Danger Shroud**
-    - https://github.com/livefront/danger-shroud
-    - Purpose: A Danger plugin for enforcing code coverage via Kover / Jacoco.
-    - License: Apache 2.0
-
 - **Fastlane**
     - https://fastlane.tools/
     - Purpose: Automates building, signing, and distributing applications.

SECURITY.md

@@ -1,21 +1,32 @@
-Bitwarden believes that working with security researchers across the globe is crucial to keeping our users safe. If you believe you've found a security issue in our product or service, we encourage you to please submit a report through our [HackerOne Program](https://hackerone.com/bitwarden/). We welcome working with you to resolve the issue promptly. Thanks in advance!
+Bitwarden believes that working with security researchers across the globe is crucial to keeping our
+users safe. If you believe you've found a security issue in our product or service, we encourage you
+to please submit a report through our [HackerOne Program](https://hackerone.com/bitwarden/). We
+welcome working with you to resolve the issue promptly. Thanks in advance!
 
 # Disclosure Policy
 
--   Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
--   Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. We may publicly disclose the issue before resolving it, if appropriate.
--   Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
--   If you would like to encrypt your report, please use the PGP key with long ID `0xDE6887086F892325FEC04CC0D847525B6931381F` (available in the public keyserver pool).
+- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every
+  effort to quickly resolve the issue.
+- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or
+  a third-party. We may publicly disclose the issue before resolving it, if appropriate.
+- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or
+  degradation of our service. Only interact with accounts you own or with explicit permission of the
+  account holder.
+- If you would like to encrypt your report, please use the PGP key with long ID
+  `0xDE6887086F892325FEC04CC0D847525B6931381F` (available in the public keyserver pool).
 
 While researching, we'd like to ask you to refrain from:
 
--   Denial of service
--   Spamming
--   Social engineering (including phishing) of Bitwarden staff or contractors
--   Any physical attempts against Bitwarden property or data centers
+- Denial of service
+- Spamming
+- Social engineering (including phishing) of Bitwarden staff or contractors
+- Any physical attempts against Bitwarden property or data centers
 
 # We want to help you!
 
-If you have something that you feel is close to exploitation, or if you'd like some information regarding the internal API, or generally have any questions regarding the app that would help in your efforts, please email us at https://bitwarden.com/contact and ask for that information. As stated above, Bitwarden wants to help you find issues, and is more than willing to help.
+If you have something that you feel is close to exploitation, or if you'd like some information
+regarding the internal API, or generally have any questions regarding the app that would help in
+your efforts, please email us at https://bitwarden.com/contact and ask for that information. As
+stated above, Bitwarden wants to help you find issues, and is more than willing to help.
 
 Thank you for helping keep Bitwarden and our users safe!

annotation/.gitignore

@@ -0,0 +1 @@
+/build

annotation/build.gradle.kts

@@ -0,0 +1,42 @@
+import org.jetbrains.kotlin.gradle.dsl.JvmTarget
+
+plugins {
+    alias(libs.plugins.android.library)
+    alias(libs.plugins.kotlin.android)
+}
+
+android {
+    namespace = "com.bitwarden.annotation"
+    compileSdk = libs.versions.compileSdk.get().toInt()
+
+    defaultConfig {
+        minSdk = libs.versions.minSdkBwa.get().toInt()
+
+        testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
+        consumerProguardFiles("consumer-rules.pro")
+    }
+
+    buildTypes {
+        release {
+            isMinifyEnabled = false
+            proguardFiles(
+                getDefaultProguardFile("proguard-android-optimize.txt"),
+                "proguard-rules.pro",
+            )
+        }
+    }
+    compileOptions {
+        sourceCompatibility(libs.versions.jvmTarget.get())
+        targetCompatibility(libs.versions.jvmTarget.get())
+    }
+    @Suppress("UnstableApiUsage")
+    testFixtures {
+        enable = true
+    }
+}
+
+kotlin {
+    compilerOptions {
+        jvmTarget = JvmTarget.fromTarget(libs.versions.jvmTarget.get())
+    }
+}

annotation/src/main/kotlin/com/bitwarden/annotation/OmitFromCoverage.kt

@@ -1,4 +1,4 @@
-package com.x8bit.bitwarden.data.platform.annotation
+package com.bitwarden.annotation
 
 /**
  * Used to omit the annotated class from test coverage reporting. This should be used sparingly and

app/build.gradle.kts

@@ -1,43 +1,79 @@
+import com.android.build.gradle.internal.api.BaseVariantOutputImpl
+import com.android.utils.cxx.io.removeExtensionIfPresent
 import com.google.firebase.crashlytics.buildtools.gradle.tasks.InjectMappingFileIdTask
 import com.google.firebase.crashlytics.buildtools.gradle.tasks.UploadMappingFileTask
 import com.google.gms.googleservices.GoogleServicesTask
+import dagger.hilt.android.plugin.util.capitalize
 import org.jetbrains.kotlin.gradle.dsl.JvmTarget
+import java.io.FileInputStream
+import java.util.Properties
 
 plugins {
     alias(libs.plugins.android.application)
+    alias(libs.plugins.androidx.room)
     // Crashlytics is enabled for all builds initially but removed for FDroid builds in gradle and
     // standardDebug builds in the merged manifest.
     alias(libs.plugins.crashlytics)
-    alias(libs.plugins.detekt)
     alias(libs.plugins.hilt)
     alias(libs.plugins.kotlin.android)
     alias(libs.plugins.kotlin.compose.compiler)
     alias(libs.plugins.kotlin.parcelize)
     alias(libs.plugins.kotlin.serialization)
-    alias(libs.plugins.kotlinx.kover)
     alias(libs.plugins.ksp)
     alias(libs.plugins.google.services)
 }
 
+/**
+ * Loads local user-specific build properties that are not checked into source control.
+ */
+val userProperties = Properties().apply {
+    val buildPropertiesFile = File(rootDir, "user.properties")
+    if (buildPropertiesFile.exists()) {
+        FileInputStream(buildPropertiesFile).use { load(it) }
+    }
+}
+
+/**
+ * Loads CI-specific build properties that are not checked into source control.
+ */
+val ciProperties = Properties().apply {
+    val ciPropsFile = File(rootDir, "ci.properties")
+    if (ciPropsFile.exists()) {
+        FileInputStream(ciPropsFile).use { load(it) }
+    }
+}
+
 android {
     namespace = "com.x8bit.bitwarden"
     compileSdk = libs.versions.compileSdk.get().toInt()
 
+    room {
+        schemaDirectory("$projectDir/schemas")
+    }
+
     defaultConfig {
         applicationId = "com.x8bit.bitwarden"
         minSdk = libs.versions.minSdk.get().toInt()
         targetSdk = libs.versions.targetSdk.get().toInt()
-        versionCode = 1
-        versionName = "2024.06.00"
-
-        setProperty("archivesBaseName", "com.x8bit.bitwarden")
-
-        ksp {
-            // The location in which the generated Room Database Schemas will be stored in the repo.
-            arg("room.schemaLocation", "$projectDir/schemas")
-        }
+        versionCode = libs.versions.appVersionCode.get().toInt()
+        versionName = libs.versions.appVersionName.get()
 
         testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
+
+        // Set the base archive name for publishing purposes. This is used to derive the APK and AAB
+        // artifact names when uploading to Firebase and Play Store.
+        base.archivesName = "com.x8bit.bitwarden"
+
+        buildConfigField(
+            type = "String",
+            name = "CI_INFO",
+            value = "${ciProperties.getOrDefault("ci.info", "\"\uD83D\uDCBB local\"")}",
+        )
+        buildConfigField(
+            type = "String",
+            name = "SDK_VERSION",
+            value = "\"${libs.versions.bitwardenSdk.get()}\"",
+        )
     }
 
     androidResources {
@@ -60,20 +96,37 @@ android {
             signingConfig = signingConfigs.getByName("debug")
             isDebuggable = true
             isMinifyEnabled = false
+
+            buildConfigField(type = "boolean", name = "HAS_DEBUG_MENU", value = "true")
+            buildConfigField(type = "boolean", name = "HAS_LOGS_ENABLED", value = "true")
         }
 
         // Beta and Release variants are identical except beta has a different package name
         create("beta") {
-            initWith(buildTypes.getByName("release"))
             applicationIdSuffix = ".beta"
+            isDebuggable = false
+            isMinifyEnabled = true
+            isShrinkResources = true
+            matchingFallbacks += listOf("release")
+            proguardFiles(
+                getDefaultProguardFile("proguard-android-optimize.txt"),
+                "proguard-rules.pro",
+            )
+
+            buildConfigField(type = "boolean", name = "HAS_DEBUG_MENU", value = "false")
+            buildConfigField(type = "boolean", name = "HAS_LOGS_ENABLED", value = "false")
         }
         release {
             isDebuggable = false
             isMinifyEnabled = true
+            isShrinkResources = true
             proguardFiles(
                 getDefaultProguardFile("proguard-android-optimize.txt"),
-                "proguard-rules.pro"
+                "proguard-rules.pro",
             )
+
+            buildConfigField(type = "boolean", name = "HAS_DEBUG_MENU", value = "false")
+            buildConfigField(type = "boolean", name = "HAS_LOGS_ENABLED", value = "false")
         }
     }
 
@@ -88,6 +141,39 @@ android {
         }
     }
 
+    applicationVariants.all {
+        val bundlesDir = "${layout.buildDirectory.get()}/outputs/bundle"
+        outputs
+            .mapNotNull { it as? BaseVariantOutputImpl }
+            .forEach { output ->
+                val fileNameWithoutExtension = when (flavorName) {
+                    "fdroid" -> "$applicationId-$flavorName"
+                    "standard" -> "$applicationId"
+                    else -> output.outputFileName.removeExtensionIfPresent(".apk")
+                }
+
+                // Set the APK output filename.
+                output.outputFileName = "$fileNameWithoutExtension.apk"
+
+                val variantName = name
+                val renameTaskName = "rename${variantName.capitalize()}AabFiles"
+                tasks.register(renameTaskName) {
+                    group = "build"
+                    description = "Renames the bundle files for $variantName variant"
+                    doLast {
+                        renameFile(
+                            "$bundlesDir/$variantName/$namespace-$flavorName-${buildType.name}.aab",
+                            "$fileNameWithoutExtension.aab",
+                        )
+                    }
+                }
+                // Force renaming task to execute after the variant is built.
+                tasks
+                    .getByName("bundle${variantName.capitalize()}")
+                    .finalizedBy(renameTaskName)
+            }
+    }
+
     compileOptions {
         sourceCompatibility(libs.versions.jvmTarget.get())
         targetCompatibility(libs.versions.jvmTarget.get())
@@ -101,17 +187,31 @@ android {
             excludes += "/META-INF/{AL2.0,LGPL2.1}"
         }
     }
-    @Suppress("UnstableApiUsage")
     testOptions {
         // Required for Robolectric
         unitTests.isIncludeAndroidResources = true
         unitTests.isReturnDefaultValues = true
     }
+    lint {
+        disable += listOf(
+            "MissingTranslation",
+            "ExtraTranslation",
+        )
+    }
 }
 
 kotlin {
     compilerOptions {
-        jvmTarget.set(JvmTarget.fromTarget(libs.versions.jvmTarget.get()))
+        jvmTarget = JvmTarget.fromTarget(libs.versions.jvmTarget.get())
+    }
+}
+
+configurations.all {
+    resolutionStrategy.dependencySubstitution {
+        if ((userProperties["localSdk"] as String?).toBoolean()) {
+            substitute(module("com.bitwarden:sdk-android"))
+                .using(module("com.bitwarden:sdk-android:LOCAL"))
+        }
     }
 }
 
@@ -120,6 +220,14 @@ dependencies {
         add("standardImplementation", dependencyNotation)
     }
 
+    implementation(files("libs/authenticatorbridge-1.0.1-release.aar"))
+
+    implementation(project(":annotation"))
+    implementation(project(":core"))
+    implementation(project(":data"))
+    implementation(project(":network"))
+    implementation(project(":ui"))
+
     implementation(libs.androidx.activity.compose)
     implementation(libs.androidx.appcompat)
     implementation(libs.androidx.autofill)
@@ -131,6 +239,7 @@ dependencies {
     implementation(platform(libs.androidx.compose.bom))
     implementation(libs.androidx.compose.animation)
     implementation(libs.androidx.compose.material3)
+    implementation(libs.androidx.compose.material3.adaptive)
     implementation(libs.androidx.compose.runtime)
     implementation(libs.androidx.compose.ui)
     implementation(libs.androidx.compose.ui.graphics)
@@ -155,12 +264,11 @@ dependencies {
     implementation(libs.kotlinx.collections.immutable)
     implementation(libs.kotlinx.coroutines.android)
     implementation(libs.kotlinx.serialization)
-    implementation(libs.nulab.zxcvbn4j)
+    implementation(platform(libs.square.okhttp.bom))
     implementation(libs.square.okhttp)
-    implementation(libs.square.okhttp.logging)
     implementation(platform(libs.square.retrofit.bom))
     implementation(libs.square.retrofit)
-    implementation(libs.square.retrofit.kotlinx.serialization)
+    implementation(libs.timber)
     implementation(libs.zxing.zxing.core)
 
     // For now we are restricted to running Compose tests for debug builds only
@@ -171,108 +279,56 @@ dependencies {
     standardImplementation(libs.google.firebase.cloud.messaging)
     standardImplementation(platform(libs.google.firebase.bom))
     standardImplementation(libs.google.firebase.crashlytics)
+    standardImplementation(libs.google.play.review)
+
+    // Pull in test fixtures from other modules
+    testImplementation(testFixtures(project(":data")))
+    testImplementation(testFixtures(project(":network")))
+    testImplementation(testFixtures(project(":ui")))
 
     testImplementation(libs.androidx.compose.ui.test)
     testImplementation(libs.google.hilt.android.testing)
+    testImplementation(platform(libs.junit.bom))
+    testRuntimeOnly(libs.junit.platform.launcher)
     testImplementation(libs.junit.junit5)
     testImplementation(libs.junit.vintage)
     testImplementation(libs.kotlinx.coroutines.test)
     testImplementation(libs.mockk.mockk)
     testImplementation(libs.robolectric.robolectric)
-    testImplementation(libs.square.okhttp.mockwebserver)
     testImplementation(libs.square.turbine)
-
-    detektPlugins(libs.detekt.detekt.formatting)
-    detektPlugins(libs.detekt.detekt.rules)
-}
-
-detekt {
-    autoCorrect = true
-    config.from(files("$rootDir/detekt-config.yml"))
-}
-
-kover {
-    currentProject {
-        sources {
-            excludeJava = true
-        }
-    }
-    reports {
-        filters {
-            excludes {
-                androidGeneratedClasses()
-                annotatedBy(
-                    // Compose previews
-                    "androidx.compose.ui.tooling.preview.Preview",
-                    // Manually excluded classes/files/etc.
-                    "com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage",
-                )
-                classes(
-                    // Navigation helpers
-                    "*.*NavigationKt*",
-                    // Composable singletons
-                    "*.*ComposableSingletons*",
-                    // Generated classes related to interfaces with default values
-                    "*.*DefaultImpls*",
-                    // Databases
-                    "*.database.*Database*",
-                    "*.dao.*Dao*",
-                    // Dagger Hilt
-                    "dagger.hilt.*",
-                    "hilt_aggregated_deps.*",
-                    "*_Factory",
-                    "*_Factory\$*",
-                    "*_*Factory",
-                    "*_*Factory\$*",
-                    "*.Hilt_*",
-                    "*_HiltModules",
-                    "*_HiltModules\$*",
-                    "*_Impl",
-                    "*_Impl\$*",
-                    "*_MembersInjector",
-                )
-                packages(
-                    // Dependency injection
-                    "*.di",
-                    // Models
-                    "*.model",
-                    // Custom UI components
-                    "com.x8bit.bitwarden.ui.platform.components",
-                    // Theme-related code
-                    "com.x8bit.bitwarden.ui.platform.theme",
-                )
-            }
-        }
-    }
 }
 
 tasks {
-    getByName("check") {
-        // Add detekt with type resolution to check
-        dependsOn("detektMain")
-    }
-
-    withType<io.gitlab.arturbosch.detekt.Detekt>().configureEach {
-        jvmTarget = libs.versions.jvmTarget.get()
-    }
-    withType<io.gitlab.arturbosch.detekt.DetektCreateBaselineTask>().configureEach {
-        jvmTarget = libs.versions.jvmTarget.get()
-    }
-
     withType<Test> {
         useJUnitPlatform()
         maxHeapSize = "2g"
         maxParallelForks = Runtime.getRuntime().availableProcessors()
-        jvmArgs = jvmArgs.orEmpty() + "-XX:+UseParallelGC"
+        jvmArgs = jvmArgs.orEmpty() + "-XX:+UseParallelGC" + "-Duser.country=US"
     }
 }
 
 afterEvaluate {
     // Disable Fdroid-specific tasks that we want to exclude
-    val tasks = tasks.withType<GoogleServicesTask>() +
+    val fdroidTasksToDisable = tasks.withType<GoogleServicesTask>() +
         tasks.withType<InjectMappingFileIdTask>() +
         tasks.withType<UploadMappingFileTask>()
-    tasks
+    fdroidTasksToDisable
         .filter { it.name.contains("Fdroid") }
         .forEach { it.enabled = false }
 }
+
+private fun renameFile(path: String, newName: String) {
+    val originalFile = File(path)
+    if (!originalFile.exists()) {
+        println("File $originalFile does not exist!")
+        return
+    }
+
+    val newFile = File(originalFile.parentFile, newName)
+    if (originalFile.renameTo(newFile)) {
+        println("Renamed $originalFile to $newFile")
+    } else {
+        @Suppress("TooGenericExceptionThrown")
+        throw RuntimeException("Failed to rename $originalFile to $newFile")
+    }
+}

app/proguard-rules.pro

@@ -6,6 +6,10 @@
 # we keep it here.
 -keep class com.bitwarden.** { *; }
 
+# The Android Verifier component must be kept because it looks like dead code. Proguard is unable to
+# see any JNI usage, so our rules must manually opt into keeping it.
+-keep, includedescriptorclasses class org.rustls.platformverifier.** { *; }
+
 ################################################################################
 # Bitwarden Models
 ################################################################################

app/schemas/com.x8bit.bitwarden.data.credentials.datasource.disk.database.PrivilegedAppDatabase/1.json

@@ -0,0 +1,38 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 1,
+    "identityHash": "ce40856ec88770d11b7afb587c7deabc",
+    "entities": [
+      {
+        "tableName": "privileged_apps",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`package_name` TEXT NOT NULL, `signature` TEXT NOT NULL, PRIMARY KEY(`package_name`, `signature`))",
+        "fields": [
+          {
+            "fieldPath": "packageName",
+            "columnName": "package_name",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "signature",
+            "columnName": "signature",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "package_name",
+            "signature"
+          ]
+        }
+      }
+    ],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, 'ce40856ec88770d11b7afb587c7deabc')"
+    ]
+  }
+}

app/schemas/com.x8bit.bitwarden.data.platform.datasource.disk.database.PlatformDatabase/1.json

@@ -0,0 +1,68 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 1,
+    "identityHash": "f40d7a933b2f353d8d5b5ca619f28e24",
+    "entities": [
+      {
+        "tableName": "organization_events",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `user_id` TEXT NOT NULL, `organization_event_type` TEXT NOT NULL, `cipher_id` TEXT, `date` INTEGER NOT NULL)",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "organizationEventType",
+            "columnName": "organization_event_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherId",
+            "columnName": "cipher_id",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "date",
+            "columnName": "date",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": true,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_organization_events_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_organization_events_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      }
+    ],
+    "views": [],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, 'f40d7a933b2f353d8d5b5ca619f28e24')"
+    ]
+  }
+}

app/schemas/com.x8bit.bitwarden.data.vault.datasource.disk.database.VaultDatabase/4.json

@@ -0,0 +1,256 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 4,
+    "identityHash": "f7906c69e0a2c065d4d3be140fc721b6",
+    "entities": [
+      {
+        "tableName": "ciphers",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `cipher_type` TEXT NOT NULL, `cipher_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherType",
+            "columnName": "cipher_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherJson",
+            "columnName": "cipher_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_ciphers_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_ciphers_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "collections",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `organization_id` TEXT NOT NULL, `should_hide_passwords` INTEGER NOT NULL, `name` TEXT NOT NULL, `external_id` TEXT, `read_only` INTEGER NOT NULL, `manage` INTEGER NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "organizationId",
+            "columnName": "organization_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "shouldHidePasswords",
+            "columnName": "should_hide_passwords",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "externalId",
+            "columnName": "external_id",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "isReadOnly",
+            "columnName": "read_only",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "canManage",
+            "columnName": "manage",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_collections_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_collections_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "domains",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`user_id` TEXT NOT NULL, `domains_json` TEXT NOT NULL, PRIMARY KEY(`user_id`))",
+        "fields": [
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "domainsJson",
+            "columnName": "domains_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "user_id"
+          ]
+        },
+        "indices": [],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "folders",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `name` TEXT, `revision_date` INTEGER NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "revisionDate",
+            "columnName": "revision_date",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_folders_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_folders_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "sends",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `send_type` TEXT NOT NULL, `send_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendType",
+            "columnName": "send_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendJson",
+            "columnName": "send_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_sends_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_sends_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      }
+    ],
+    "views": [],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, 'f7906c69e0a2c065d4d3be140fc721b6')"
+    ]
+  }
+}

app/schemas/com.x8bit.bitwarden.data.vault.datasource.disk.database.VaultDatabase/5.json

@@ -0,0 +1,256 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 5,
+    "identityHash": "ee697e71290c92fe5b607d0b7665481b",
+    "entities": [
+      {
+        "tableName": "ciphers",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `cipher_type` TEXT NOT NULL, `cipher_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherType",
+            "columnName": "cipher_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherJson",
+            "columnName": "cipher_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_ciphers_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_ciphers_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "collections",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `organization_id` TEXT NOT NULL, `should_hide_passwords` INTEGER NOT NULL, `name` TEXT NOT NULL, `external_id` TEXT, `read_only` INTEGER NOT NULL, `manage` INTEGER NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "organizationId",
+            "columnName": "organization_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "shouldHidePasswords",
+            "columnName": "should_hide_passwords",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "externalId",
+            "columnName": "external_id",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "isReadOnly",
+            "columnName": "read_only",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "canManage",
+            "columnName": "manage",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_collections_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_collections_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "domains",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`user_id` TEXT NOT NULL, `domains_json` TEXT, PRIMARY KEY(`user_id`))",
+        "fields": [
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "domainsJson",
+            "columnName": "domains_json",
+            "affinity": "TEXT",
+            "notNull": false
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "user_id"
+          ]
+        },
+        "indices": [],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "folders",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `name` TEXT, `revision_date` INTEGER NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "revisionDate",
+            "columnName": "revision_date",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_folders_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_folders_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "sends",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `send_type` TEXT NOT NULL, `send_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendType",
+            "columnName": "send_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendJson",
+            "columnName": "send_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_sends_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_sends_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      }
+    ],
+    "views": [],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, 'ee697e71290c92fe5b607d0b7665481b')"
+    ]
+  }
+}

app/schemas/com.x8bit.bitwarden.data.vault.datasource.disk.database.VaultDatabase/6.json

@@ -0,0 +1,256 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 6,
+    "identityHash": "ee158c483edfe5102504670f3d9845d4",
+    "entities": [
+      {
+        "tableName": "ciphers",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `cipher_type` TEXT NOT NULL, `cipher_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherType",
+            "columnName": "cipher_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherJson",
+            "columnName": "cipher_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_ciphers_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_ciphers_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "collections",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `organization_id` TEXT NOT NULL, `should_hide_passwords` INTEGER NOT NULL, `name` TEXT NOT NULL, `external_id` TEXT, `read_only` INTEGER NOT NULL, `manage` INTEGER, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "organizationId",
+            "columnName": "organization_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "shouldHidePasswords",
+            "columnName": "should_hide_passwords",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "externalId",
+            "columnName": "external_id",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "isReadOnly",
+            "columnName": "read_only",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "canManage",
+            "columnName": "manage",
+            "affinity": "INTEGER",
+            "notNull": false
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_collections_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_collections_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "domains",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`user_id` TEXT NOT NULL, `domains_json` TEXT, PRIMARY KEY(`user_id`))",
+        "fields": [
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "domainsJson",
+            "columnName": "domains_json",
+            "affinity": "TEXT",
+            "notNull": false
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "user_id"
+          ]
+        },
+        "indices": [],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "folders",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `name` TEXT, `revision_date` INTEGER NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "revisionDate",
+            "columnName": "revision_date",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_folders_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_folders_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "sends",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `send_type` TEXT NOT NULL, `send_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendType",
+            "columnName": "send_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendJson",
+            "columnName": "send_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_sends_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_sends_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      }
+    ],
+    "views": [],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, 'ee158c483edfe5102504670f3d9845d4')"
+    ]
+  }
+}

app/schemas/com.x8bit.bitwarden.data.vault.datasource.disk.database.VaultDatabase/7.json

@@ -0,0 +1,252 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 7,
+    "identityHash": "4c6ad1f5268d7e8add7407201788aa2e",
+    "entities": [
+      {
+        "tableName": "ciphers",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `has_totp` INTEGER NOT NULL DEFAULT 1, `cipher_type` TEXT NOT NULL, `cipher_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "hasTotp",
+            "columnName": "has_totp",
+            "affinity": "INTEGER",
+            "notNull": true,
+            "defaultValue": "1"
+          },
+          {
+            "fieldPath": "cipherType",
+            "columnName": "cipher_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherJson",
+            "columnName": "cipher_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_ciphers_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_ciphers_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      },
+      {
+        "tableName": "collections",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `organization_id` TEXT NOT NULL, `should_hide_passwords` INTEGER NOT NULL, `name` TEXT NOT NULL, `external_id` TEXT, `read_only` INTEGER NOT NULL, `manage` INTEGER, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "organizationId",
+            "columnName": "organization_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "shouldHidePasswords",
+            "columnName": "should_hide_passwords",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "externalId",
+            "columnName": "external_id",
+            "affinity": "TEXT"
+          },
+          {
+            "fieldPath": "isReadOnly",
+            "columnName": "read_only",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "canManage",
+            "columnName": "manage",
+            "affinity": "INTEGER"
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_collections_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_collections_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      },
+      {
+        "tableName": "domains",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`user_id` TEXT NOT NULL, `domains_json` TEXT, PRIMARY KEY(`user_id`))",
+        "fields": [
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "domainsJson",
+            "columnName": "domains_json",
+            "affinity": "TEXT"
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "user_id"
+          ]
+        }
+      },
+      {
+        "tableName": "folders",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `name` TEXT, `revision_date` INTEGER NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT"
+          },
+          {
+            "fieldPath": "revisionDate",
+            "columnName": "revision_date",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_folders_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_folders_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      },
+      {
+        "tableName": "sends",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `send_type` TEXT NOT NULL, `send_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendType",
+            "columnName": "send_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendJson",
+            "columnName": "send_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_sends_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_sends_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      }
+    ],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, '4c6ad1f5268d7e8add7407201788aa2e')"
+    ]
+  }
+}

app/src/beta/AndroidManifest.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools">
+
+    <application tools:ignore="MissingApplicationIcon">
+        <activity
+            android:name=".MainActivity">
+            <intent-filter android:autoVerify="true">
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+                <category android:name="android.intent.category.BROWSABLE" />
+
+                <data android:scheme="https" />
+                <data android:host="*.bitwarden.pw" />
+                <data android:pathPattern="/redirect-connector.*" />
+            </intent-filter>
+        </activity>
+    </application>
+
+</manifest>

app/src/beta/res/values/manifest.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <!-- For beta variant, we don't have a matching variant of the Bitwarden Authenticator app.
+    Therefore, we leave the known app cert null here so that no clients can connect to
+    AuthenticatorBridgeService in the beta variant. If later another variant of the
+    Bitwarden Authenticator app is added, a SHA-256 digest of that variant's APK can be added here.
+    -->
+    <string-array name="known_authenticator_app_certs" />
+</resources>

app/src/beta/res/xml/shortcuts.xml

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<shortcuts xmlns:android="http://schemas.android.com/apk/res/android">
+    <shortcut
+        android:enabled="true"
+        android:icon="@mipmap/ic_generator_shortcut"
+        android:shortcutId="bitwarden_password_generator"
+        android:shortcutLongLabel="@string/password_generator"
+        android:shortcutShortLabel="@string/password_generator">
+        <intent
+            android:action="android.intent.action.VIEW"
+            android:data="bitwarden://password_generator"
+            android:targetClass="com.x8bit.bitwarden.MainActivity"
+            android:targetPackage="com.x8bit.bitwarden.beta" />
+    </shortcut>
+    <shortcut
+        android:enabled="true"
+        android:icon="@mipmap/ic_vault_shortcut"
+        android:shortcutId="bitwarden_my_vault"
+        android:shortcutLongLabel="@string/my_vault"
+        android:shortcutShortLabel="@string/my_vault">
+        <intent
+            android:action="android.intent.action.VIEW"
+            android:data="bitwarden://my_vault"
+            android:targetClass="com.x8bit.bitwarden.MainActivity"
+            android:targetPackage="com.x8bit.bitwarden.beta" />
+    </shortcut>
+</shortcuts>

app/src/debug/AndroidManifest.xml

@@ -3,19 +3,24 @@
     xmlns:tools="http://schemas.android.com/tools">
 
     <application tools:ignore="MissingApplicationIcon">
-
-        <activity
-            android:name=".MainActivity"
-            android:exported="true">
-            <intent-filter>
-                <action android:name="com.x8bit.bitwarden.fido2.ACTION_CREATE_PASSKEY" />
-                <category android:name="android.intent.category.DEFAULT" />
-            </intent-filter>
-        </activity>
         <!-- Disable Crashlytics for debug builds -->
         <meta-data
             android:name="firebase_crashlytics_collection_enabled"
             android:value="false" />
+        <activity
+            android:name=".MainActivity"
+            tools:ignore="IntentFilterExportedReceiver">
+            <intent-filter android:autoVerify="true">
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+                <category android:name="android.intent.category.BROWSABLE" />
+
+                <data android:scheme="https" />
+                <data android:host="*.bitwarden.pw" />
+                <data android:pathPattern="/redirect-connector.*" />
+            </intent-filter>
+        </activity>
     </application>
 
 </manifest>

app/src/debug/res/values/manifest.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <string-array name="known_authenticator_app_certs">
+        <!-- This is the SHA-256 digest for the Authenticator App debug variant:-->
+        <item>13144ab52af797a88c2fe292674461ef1715e0e1e4f5f538f63f1c174696f476</item>
+    </string-array>
+</resources>

app/src/debug/res/xml/network_security_config.xml

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config xmlns:tools="http://schemas.android.com/tools">
+
+    <base-config
+        cleartextTrafficPermitted="true"
+        tools:ignore="InsecureBaseConfiguration">
+        <trust-anchors>
+            <!-- Trust pre-installed CAs -->
+            <certificates src="system" />
+            <!-- Additionally trust user added CAs -->
+            <certificates
+                src="user"
+                tools:ignore="AcceptsUserCertificates" />
+        </trust-anchors>
+    </base-config>
+
+    <domain-config cleartextTrafficPermitted="false">
+        <domain includeSubdomains="true">bitwarden.com</domain>
+        <domain includeSubdomains="true">bitwarden.eu</domain>
+        <domain includeSubdomains="true">bitwarden.pw</domain>
+        <trust-anchors>
+            <!-- Only trust pre-installed CAs for Bitwarden domains and all subdomains -->
+            <certificates src="system" />
+        </trust-anchors>
+    </domain-config>
+
+</network-security-config>

app/src/debug/res/xml/provider.xml

@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <credential-provider>
     <capabilities>
+        <capability name="android.credentials.TYPE_PASSWORD_CREDENTIAL" />
         <capability name="androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" />
     </capabilities>
 </credential-provider>

app/src/fdroid/java/com/x8bit/bitwarden/data/platform/manager/CrashLogsManagerImpl.kt

@@ -1,14 +0,0 @@
-package com.x8bit.bitwarden.data.platform.manager
-
-import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacyAppCenterMigrator
-import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
-
-/**
- * CrashLogsManager implementation for F-droid flavor builds.
- */
-class CrashLogsManagerImpl(
-    settingsRepository: SettingsRepository,
-    legacyAppCenterMigrator: LegacyAppCenterMigrator,
-) : CrashLogsManager {
-    override var isEnabled: Boolean = true
-}

app/src/fdroid/kotlin/com/x8bit/bitwarden/data/platform/manager/LogsManagerImpl.kt

@@ -0,0 +1,27 @@
+package com.x8bit.bitwarden.data.platform.manager
+
+import com.bitwarden.data.repository.model.Environment
+import com.x8bit.bitwarden.BuildConfig
+import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacyAppCenterMigrator
+import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
+import timber.log.Timber
+
+/**
+ * [LogsManager] implementation for F-droid flavor builds.
+ */
+class LogsManagerImpl(
+    settingsRepository: SettingsRepository,
+    legacyAppCenterMigrator: LegacyAppCenterMigrator,
+) : LogsManager {
+    init {
+        if (BuildConfig.HAS_LOGS_ENABLED) {
+            Timber.plant(Timber.DebugTree())
+        }
+    }
+
+    override var isEnabled: Boolean = false
+
+    override fun setUserData(userId: String?, environmentType: Environment.Type) = Unit
+
+    override fun trackNonFatalException(throwable: Throwable) = Unit
+}

app/src/fdroid/kotlin/com/x8bit/bitwarden/ui/platform/manager/review/AppReviewManagerImpl.kt

@@ -0,0 +1,12 @@
+package com.x8bit.bitwarden.ui.platform.manager.review
+
+import android.app.Activity
+
+/**
+ * No-op implementation of [AppReviewManager] for F-Droid builds.
+ */
+class AppReviewManagerImpl(
+    activity: Activity,
+) : AppReviewManager {
+    override fun promptForReview() = Unit
+}

app/src/main/AndroidManifest.xml

@@ -15,6 +15,20 @@
     <uses-permission android:name="android.permission.CAMERA" />
     <uses-permission android:name="android.permission.INTERNET" />
     <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
+    <uses-permission android:name="android.permission.READ_USER_DICTIONARY" />
+    <!-- Protect access to AuthenticatorBridgeService using this custom permission.
+
+    Note that each build type uses a different value for knownCerts.
+
+    This in effect means that the only application that can connect to the debug/release/etc
+    variant AuthenticatorBridgeService is the debug/release/etc variant Bitwarden Authenticator
+    app. -->
+    <permission
+        android:name="${applicationId}.permission.AUTHENTICATOR_BRIDGE_SERVICE"
+        android:knownCerts="@array/known_authenticator_app_certs"
+        android:label="Bitwarden Bridge"
+        android:protectionLevel="signature|knownSigner"
+        tools:targetApi="s" />
 
     <application
         android:name=".BitwardenApplication"
@@ -23,15 +37,18 @@
         android:dataExtractionRules="@xml/data_extraction_rules"
         android:fullBackupContent="@xml/backup_rules"
         android:icon="@mipmap/ic_launcher"
+        android:intentMatchingFlags="enforceIntentFilter"
         android:label="@string/app_name"
         android:networkSecurityConfig="@xml/network_security_config"
         android:roundIcon="@mipmap/ic_launcher_round"
         android:supportsRtl="true"
         android:theme="@style/LaunchTheme"
+        tools:ignore="CredentialDependency"
         tools:replace="appComponentFactory"
-        tools:targetApi="33">
+        tools:targetApi="36">
         <activity
             android:name=".MainActivity"
+            android:configChanges="uiMode"
             android:exported="true"
             android:launchMode="@integer/launchModeAPIlevel"
             android:theme="@style/LaunchTheme"
@@ -55,14 +72,54 @@
                 <data android:mimeType="video/*" />
                 <data android:mimeType="text/*" />
             </intent-filter>
+            <intent-filter android:autoVerify="true">
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+                <category android:name="android.intent.category.BROWSABLE" />
+
+                <data android:scheme="https" />
+                <data android:host="*.bitwarden.com" />
+                <data android:host="*.bitwarden.eu" />
+                <data android:pathPattern="/redirect-connector.*" />
+            </intent-filter>
+            <intent-filter>
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_CREATE_PASSKEY" />
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_GET_PASSKEY" />
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_GET_PASSWORD" />
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_UNLOCK_ACCOUNT" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+            </intent-filter>
+            <intent-filter>
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+                <category android:name="android.intent.category.BROWSABLE" />
+
+                <data android:scheme="otpauth" />
+                <data android:host="totp" />
+            </intent-filter>
+            <intent-filter>
+                <action android:name="android.intent.action.VIEW" />
+                <category android:name="android.intent.category.DEFAULT" />
+                <data android:scheme="bitwarden" />
+            </intent-filter>
         </activity>
 
         <activity
-            android:name=".AutofillTotpCopyActivity"
+            android:name=".AccessibilityActivity"
+            android:exported="false"
+            android:launchMode="singleTop"
+            android:noHistory="true"
+            android:theme="@android:style/Theme.NoDisplay" />
+
+        <activity
+            android:name=".AutofillCallbackActivity"
             android:exported="true"
             android:launchMode="singleTop"
             android:noHistory="true"
-            android:theme="@style/AutofillTotpCopyTheme" />
+            android:theme="@style/AutofillCallbackTheme" />
 
         <activity
             android:name=".AuthCallbackActivity"
@@ -76,16 +133,6 @@
                 <category android:name="android.intent.category.DEFAULT" />
                 <category android:name="android.intent.category.BROWSABLE" />
 
-                <data
-                    android:host="captcha-callback"
-                    android:scheme="bitwarden" />
-            </intent-filter>
-            <intent-filter>
-                <action android:name="android.intent.action.VIEW" />
-
-                <category android:name="android.intent.category.DEFAULT" />
-                <category android:name="android.intent.category.BROWSABLE" />
-
                 <data
                     android:host="duo-callback"
                     android:scheme="bitwarden" />
@@ -141,6 +188,47 @@
             </intent-filter>
         </service>
 
+        <!--
+        The AccessibilityService name below refers to the legacy Xamarin app's service name. This
+        must always match in order for the app to properly query if it is providing accessibility
+        services.
+        -->
+        <!--suppress AndroidDomInspection -->
+        <service
+            android:name="com.x8bit.bitwarden.Accessibility.AccessibilityService"
+            android:exported="true"
+            android:label="@string/app_name"
+            android:permission="android.permission.BIND_ACCESSIBILITY_SERVICE"
+            tools:ignore="MissingClass">
+            <intent-filter>
+                <action android:name="android.accessibilityservice.AccessibilityService" />
+            </intent-filter>
+            <meta-data
+                android:name="android.accessibilityservice"
+                android:resource="@xml/accessibility_service" />
+        </service>
+
+        <!--
+        The CredentialProviderService name below refers to the legacy Xamarin app's service name.
+        This must always match in order for the app to properly query if it is providing credential
+        services.
+        -->
+        <!--suppress AndroidDomInspection -->
+        <service
+            android:name="com.x8bit.bitwarden.Autofill.CredentialProviderService"
+            android:enabled="true"
+            android:exported="true"
+            android:label="@string/bitwarden"
+            android:permission="android.permission.BIND_CREDENTIAL_PROVIDER_SERVICE"
+            tools:ignore="MissingClass">
+            <intent-filter>
+                <action android:name="android.service.credentials.CredentialProviderService" />
+            </intent-filter>
+            <meta-data
+                android:name="android.credentials.provider"
+                android:resource="@xml/provider" />
+        </service>
+
         <!-- This is required to support in-app language picker in Android 12 (API 32) and below -->
         <service
             android:name="androidx.appcompat.app.AppLocalesMetadataHolderService"
@@ -150,12 +238,101 @@
                 android:name="autoStoreLocales"
                 android:value="true" />
         </service>
+
+        <!--
+        The AutofillTileService name below refers to the legacy Xamarin app's service name.
+        This must always match in order for the app to properly query if it is providing autofill
+        tile services.
+        -->
+        <!--suppress AndroidDomInspection -->
+        <service
+            android:name="com.x8bit.bitwarden.AutofillTileService"
+            android:exported="true"
+            android:icon="@drawable/ic_notification"
+            android:label="@string/autofill"
+            android:permission="android.permission.BIND_QUICK_SETTINGS_TILE"
+            tools:ignore="MissingClass">
+            <intent-filter>
+                <action android:name="android.service.quicksettings.action.QS_TILE" />
+            </intent-filter>
+        </service>
+
+        <!--
+        The GeneratorTileService name below refers to the legacy Xamarin app's service name.
+        This must always match in order for the app to properly query if it is providing generator
+        tile services.
+        -->
+        <!--suppress AndroidDomInspection -->
+        <service
+            android:name="com.x8bit.bitwarden.GeneratorTileService"
+            android:exported="true"
+            android:icon="@drawable/ic_generator"
+            android:label="@string/password_generator"
+            android:permission="android.permission.BIND_QUICK_SETTINGS_TILE"
+            tools:ignore="MissingClass">
+            <intent-filter>
+                <action android:name="android.service.quicksettings.action.QS_TILE" />
+            </intent-filter>
+        </service>
+
+        <!--
+        The MyVaultTileService name below refers to the legacy Xamarin app's service name.
+        This must always match in order for the app to properly query if it is providing vault
+        tile services.
+        -->
+        <!--suppress AndroidDomInspection -->
+        <service
+            android:name="com.x8bit.bitwarden.MyVaultTileService"
+            android:exported="true"
+            android:icon="@drawable/ic_notification"
+            android:label="@string/my_vault"
+            android:permission="android.permission.BIND_QUICK_SETTINGS_TILE"
+            tools:ignore="MissingClass">
+            <intent-filter>
+                <action android:name="android.service.quicksettings.action.QS_TILE" />
+            </intent-filter>
+        </service>
+
+        <meta-data
+            android:name="android.content.APP_RESTRICTIONS"
+            android:resource="@xml/app_restrictions" />
+
+        <service
+            android:name="com.x8bit.bitwarden.data.platform.service.AuthenticatorBridgeService"
+            android:exported="true"
+            android:permission="${applicationId}.permission.AUTHENTICATOR_BRIDGE_SERVICE" />
+
+        <!-- Firebase SDK initOrder is 100. We use a higher order to initialize first -->
+        <provider
+            android:name=".data.platform.contentprovider.UncaughtErrorLoggingContentProvider"
+            android:authorities="${applicationId}"
+            android:exported="false"
+            android:grantUriPermissions="false"
+            android:initOrder="101" />
+
     </application>
 
     <queries>
         <intent>
             <action android:name="android.media.action.IMAGE_CAPTURE" />
         </intent>
+        <intent>
+            <action android:name="android.intent.action.MAIN" />
+            <category android:name="android.intent.category.HOME" />
+        </intent>
+        <!-- To Query Privileged Apps -->
+        <intent>
+            <action android:name="android.intent.action.VIEW" />
+            <data android:scheme="http" />
+        </intent>
+        <!-- To Query Chrome Beta: -->
+        <package android:name="com.chrome.beta" />
+
+        <!-- To Query Chrome Stable: -->
+        <package android:name="com.android.chrome" />
+
+        <!-- To Query Brave Stable: -->
+        <package android:name="com.brave.browser" />
     </queries>
 
 </manifest>

app/src/main/assets/fido2_privileged_allow_list.json

@@ -1,481 +0,0 @@
-{
-  "apps": [
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.android.chrome",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83"
-          },
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.chrome.beta",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "DA:63:3D:34:B6:9E:63:AE:21:03:B4:9D:53:CE:05:2F:C5:F7:F3:C5:3A:AB:94:FD:C2:A2:08:BD:FD:14:24:9C"
-          },
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "3D:7A:12:23:01:9A:A3:9D:9E:A0:E3:43:6A:B7:C0:89:6B:FB:4F:B6:79:F4:DE:5F:E7:C2:3F:32:6C:8F:99:4A"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.chrome.dev",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "90:44:EE:5F:EE:4B:BC:5E:21:DD:44:66:54:31:C4:EB:1F:1F:71:A3:27:16:A0:BC:92:7B:CB:B3:92:33:CA:BF"
-          },
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "3D:7A:12:23:01:9A:A3:9D:9E:A0:E3:43:6A:B7:C0:89:6B:FB:4F:B6:79:F4:DE:5F:E7:C2:3F:32:6C:8F:99:4A"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.chrome.canary",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "20:19:DF:A1:FB:23:EF:BF:70:C5:BC:D1:44:3C:5B:EA:B0:4F:3F:2F:F4:36:6E:9A:C1:E3:45:76:39:A2:4C:FC"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.chromium.chrome",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "C6:AD:B8:B8:3C:6D:4C:17:D2:92:AF:DE:56:FD:48:8A:51:D3:16:FF:8F:2C:11:C5:41:02:23:BF:F8:A7:DB:B3"
-          },
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.google.android.apps.chrome",
-        "signatures": [
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.mozilla.fennec_webauthndebug",
-        "signatures": [
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "BD:AE:82:02:80:D2:AF:B7:74:94:EF:22:58:AA:78:A9:AE:A1:36:41:7E:8B:C2:3D:C9:87:75:2E:6F:48:E8:48"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.mozilla.firefox",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "A7:8B:62:A5:16:5B:44:94:B2:FE:AD:9E:76:A2:80:D2:2D:93:7F:EE:62:51:AE:CE:59:94:46:B2:EA:31:9B:04"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.mozilla.firefox_beta",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "A7:8B:62:A5:16:5B:44:94:B2:FE:AD:9E:76:A2:80:D2:2D:93:7F:EE:62:51:AE:CE:59:94:46:B2:EA:31:9B:04"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.mozilla.focus",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.mozilla.fennec_aurora",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "BC:04:88:83:8D:06:F4:CA:6B:F3:23:86:DA:AB:0D:D8:EB:CF:3E:77:30:78:74:59:F6:2F:B3:CD:14:A1:BA:AA"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.mozilla.rocket",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "86:3A:46:F0:97:39:32:B7:D0:19:9B:54:91:12:74:1C:2D:27:31:AC:72:EA:11:B7:52:3A:A9:0A:11:BF:56:91"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.microsoft.emmx.canary",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "01:E1:99:97:10:A8:2C:27:49:B4:D5:0C:44:5D:C8:5D:67:0B:61:36:08:9D:0A:76:6A:73:82:7C:82:A1:EA:C9"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.microsoft.emmx.dev",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "01:E1:99:97:10:A8:2C:27:49:B4:D5:0C:44:5D:C8:5D:67:0B:61:36:08:9D:0A:76:6A:73:82:7C:82:A1:EA:C9"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.microsoft.emmx.beta",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "01:E1:99:97:10:A8:2C:27:49:B4:D5:0C:44:5D:C8:5D:67:0B:61:36:08:9D:0A:76:6A:73:82:7C:82:A1:EA:C9"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.microsoft.emmx",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "01:E1:99:97:10:A8:2C:27:49:B4:D5:0C:44:5D:C8:5D:67:0B:61:36:08:9D:0A:76:6A:73:82:7C:82:A1:EA:C9"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.microsoft.emmx.rolling",
-        "signatures": [
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "32:A2:FC:74:D7:31:10:58:59:E5:A8:5D:F1:6D:95:F1:02:D8:5B:22:09:9B:80:64:C5:D8:91:5C:61:DA:D1:E0"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.microsoft.emmx.local",
-        "signatures": [
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "32:A2:FC:74:D7:31:10:58:59:E5:A8:5D:F1:6D:95:F1:02:D8:5B:22:09:9B:80:64:C5:D8:91:5C:61:DA:D1:E0"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.brave.browser",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "9C:2D:B7:05:13:51:5F:DB:FB:BC:58:5B:3E:DF:3D:71:23:D4:DC:67:C9:4F:FD:30:63:61:C1:D7:9B:BF:18:AC"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.brave.browser_beta",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "9C:2D:B7:05:13:51:5F:DB:FB:BC:58:5B:3E:DF:3D:71:23:D4:DC:67:C9:4F:FD:30:63:61:C1:D7:9B:BF:18:AC"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.brave.browser_nightly",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "9C:2D:B7:05:13:51:5F:DB:FB:BC:58:5B:3E:DF:3D:71:23:D4:DC:67:C9:4F:FD:30:63:61:C1:D7:9B:BF:18:AC"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "app.vanadium.browser",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "C6:AD:B8:B8:3C:6D:4C:17:D2:92:AF:DE:56:FD:48:8A:51:D3:16:FF:8F:2C:11:C5:41:02:23:BF:F8:A7:DB:B3"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.vivaldi.browser",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "E8:A7:85:44:65:5B:A8:C0:98:17:F7:32:76:8F:56:89:B1:66:2E:C4:B2:BC:5A:0B:C0:EC:13:8D:33:CA:3D:1E"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.vivaldi.browser.snapshot",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "E8:A7:85:44:65:5B:A8:C0:98:17:F7:32:76:8F:56:89:B1:66:2E:C4:B2:BC:5A:0B:C0:EC:13:8D:33:CA:3D:1E"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.vivaldi.browser.sopranos",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "E8:A7:85:44:65:5B:A8:C0:98:17:F7:32:76:8F:56:89:B1:66:2E:C4:B2:BC:5A:0B:C0:EC:13:8D:33:CA:3D:1E"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.citrix.Receiver",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "3D:D1:12:67:10:69:AB:36:4E:F9:BE:73:9A:B7:B5:EE:15:E1:CD:E9:D8:75:7B:1B:F0:64:F5:0C:55:68:9A:49"
-          },
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "CE:B2:23:D7:77:09:F2:B6:BC:0B:3A:78:36:F5:A5:AF:4C:E1:D3:55:F4:A7:28:86:F7:9D:F8:0D:C9:D6:12:2E"
-          },
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "AA:D0:D4:57:E6:33:C3:78:25:77:30:5B:C1:B2:D9:E3:81:41:C7:21:DF:0D:AA:6E:29:07:2F:C4:1D:34:F0:AB"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.android.browser",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "C9:00:9D:01:EB:F9:F5:D0:30:2B:C7:1B:2F:E9:AA:9A:47:A4:32:BB:A1:73:08:A3:11:1B:75:D7:B2:14:90:25"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.sec.android.app.sbrowser",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "C8:A2:E9:BC:CF:59:7C:2F:B6:DC:66:BE:E2:93:FC:13:F2:FC:47:EC:77:BC:6B:2B:0D:52:C1:1F:51:19:2A:B8"
-          },
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "34:DF:0E:7A:9F:1C:F1:89:2E:45:C0:56:B4:97:3C:D8:1C:CF:14:8A:40:50:D1:1A:EA:4A:C5:A6:5F:90:0A:42"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.sec.android.app.sbrowser.beta",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "C8:A2:E9:BC:CF:59:7C:2F:B6:DC:66:BE:E2:93:FC:13:F2:FC:47:EC:77:BC:6B:2B:0D:52:C1:1F:51:19:2A:B8"
-          },
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "34:DF:0E:7A:9F:1C:F1:89:2E:45:C0:56:B4:97:3C:D8:1C:CF:14:8A:40:50:D1:1A:EA:4A:C5:A6:5F:90:0A:42"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.google.android.gms",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "7C:E8:3C:1B:71:F3:D5:72:FE:D0:4C:8D:40:C5:CB:10:FF:75:E6:D8:7D:9D:F6:FB:D5:3F:04:68:C2:90:50:53"
-          },
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "D2:2C:C5:00:29:9F:B2:28:73:A0:1A:01:0D:E1:C8:2F:BE:4D:06:11:19:B9:48:14:DD:30:1D:AB:50:CB:76:78"
-          },
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83"
-          },
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.yandex.browser",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "AC:A4:05:DE:D8:B2:5C:B2:E8:C6:DA:69:42:5D:2B:43:07:D0:87:C1:27:6F:C0:6A:D5:94:27:31:CC:C5:1D:BA"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.yandex.browser.beta",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "AC:A4:05:DE:D8:B2:5C:B2:E8:C6:DA:69:42:5D:2B:43:07:D0:87:C1:27:6F:C0:6A:D5:94:27:31:CC:C5:1D:BA"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.yandex.browser.alpha",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "AC:A4:05:DE:D8:B2:5C:B2:E8:C6:DA:69:42:5D:2B:43:07:D0:87:C1:27:6F:C0:6A:D5:94:27:31:CC:C5:1D:BA"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.yandex.browser.corp",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "AC:A4:05:DE:D8:B2:5C:B2:E8:C6:DA:69:42:5D:2B:43:07:D0:87:C1:27:6F:C0:6A:D5:94:27:31:CC:C5:1D:BA"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.yandex.browser.canary",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "1D:A9:CB:AE:2D:CC:C6:A5:8D:6C:94:7B:E9:4C:DB:B7:33:D6:5D:A4:D1:77:0F:A1:4A:53:64:CB:4A:28:EB:49"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.yandex.browser.broteam",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "1D:A9:CB:AE:2D:CC:C6:A5:8D:6C:94:7B:E9:4C:DB:B7:33:D6:5D:A4:D1:77:0F:A1:4A:53:64:CB:4A:28:EB:49"
-          }
-        ]
-      }
-    }
-  ]
-}
-

app/src/main/assets/fido2_privileged_community.json

@@ -0,0 +1,64 @@
+{
+  "apps": [
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.github.forkmaintainers.iceraven",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "9C:0D:22:37:9F:48:7B:70:A4:F9:F8:BE:C0:17:3C:F9:1A:16:44:F0:8F:93:38:5B:5B:78:2C:E3:76:60:BA:81"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.chromium.chrome",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "A8:56:48:50:79:BC:B3:57:BF:BE:69:BA:19:A9:BA:43:CD:0A:D9:AB:22:67:52:C7:80:B6:88:8A:FD:48:21:6B"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.cromite.cromite",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "63:3F:A4:1D:82:11:D6:D0:91:6A:81:9B:89:66:8C:6D:E9:2E:64:23:2D:A6:7F:9D:16:FD:81:C3:B7:E9:23:FF"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.ironfoxoss.ironfox",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "C5:E2:91:B5:A5:71:F9:C8:CD:9A:97:99:C2:C9:4E:02:EC:97:03:94:88:93:F2:CA:75:6D:67:B9:42:04:F9:04"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.fennec_fdroid",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "06:66:53:58:EF:D8:BA:05:BE:23:6A:47:A1:2C:B0:95:8D:7D:75:DD:93:9D:77:C2:B3:1F:53:98:53:7E:BD:C5"
+          }
+        ]
+      }
+    }
+  ]
+}

app/src/main/assets/fido2_privileged_google.json

@@ -0,0 +1,820 @@
+{
+  "apps": [
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.android.chrome",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.chrome.beta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "DA:63:3D:34:B6:9E:63:AE:21:03:B4:9D:53:CE:05:2F:C5:F7:F3:C5:3A:AB:94:FD:C2:A2:08:BD:FD:14:24:9C"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "3D:7A:12:23:01:9A:A3:9D:9E:A0:E3:43:6A:B7:C0:89:6B:FB:4F:B6:79:F4:DE:5F:E7:C2:3F:32:6C:8F:99:4A"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.chrome.dev",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "90:44:EE:5F:EE:4B:BC:5E:21:DD:44:66:54:31:C4:EB:1F:1F:71:A3:27:16:A0:BC:92:7B:CB:B3:92:33:CA:BF"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "3D:7A:12:23:01:9A:A3:9D:9E:A0:E3:43:6A:B7:C0:89:6B:FB:4F:B6:79:F4:DE:5F:E7:C2:3F:32:6C:8F:99:4A"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.chrome.canary",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "20:19:DF:A1:FB:23:EF:BF:70:C5:BC:D1:44:3C:5B:EA:B0:4F:3F:2F:F4:36:6E:9A:C1:E3:45:76:39:A2:4C:FC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.chromium.chrome",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "C6:AD:B8:B8:3C:6D:4C:17:D2:92:AF:DE:56:FD:48:8A:51:D3:16:FF:8F:2C:11:C5:41:02:23:BF:F8:A7:DB:B3"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.google.android.apps.chrome",
+        "signatures": [
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.fennec_webauthndebug",
+        "signatures": [
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "BD:AE:82:02:80:D2:AF:B7:74:94:EF:22:58:AA:78:A9:AE:A1:36:41:7E:8B:C2:3D:C9:87:75:2E:6F:48:E8:48"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.firefox",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "A7:8B:62:A5:16:5B:44:94:B2:FE:AD:9E:76:A2:80:D2:2D:93:7F:EE:62:51:AE:CE:59:94:46:B2:EA:31:9B:04"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.firefox_beta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "A7:8B:62:A5:16:5B:44:94:B2:FE:AD:9E:76:A2:80:D2:2D:93:7F:EE:62:51:AE:CE:59:94:46:B2:EA:31:9B:04"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.focus",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.fennec_aurora",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "BC:04:88:83:8D:06:F4:CA:6B:F3:23:86:DA:AB:0D:D8:EB:CF:3E:77:30:78:74:59:F6:2F:B3:CD:14:A1:BA:AA"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.rocket",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "86:3A:46:F0:97:39:32:B7:D0:19:9B:54:91:12:74:1C:2D:27:31:AC:72:EA:11:B7:52:3A:A9:0A:11:BF:56:91"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.fenix",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "50:04:77:90:88:E7:F9:88:D5:BC:5C:C5:F8:79:8F:EB:F4:F8:CD:08:4A:1B:2A:46:EF:D4:C8:EE:4A:EA:F2:11"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.fenix.debug",
+        "signatures": [
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "BD:AE:82:02:80:D2:AF:B7:74:94:EF:22:58:AA:78:A9:AE:A1:36:41:7E:8B:C2:3D:C9:87:75:2E:6F:48:E8:48"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.focus.beta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.focus.nightly",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.klar",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.reference.browser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "B0:09:90:E3:0F:9D:81:5D:2E:BC:7B:9B:B2:21:CE:47:E5:C9:D5:17:AA:C7:0E:7F:D5:95:B1:E5:3E:9A:4B:14"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.microsoft.emmx.canary",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "01:E1:99:97:10:A8:2C:27:49:B4:D5:0C:44:5D:C8:5D:67:0B:61:36:08:9D:0A:76:6A:73:82:7C:82:A1:EA:C9"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.microsoft.emmx.dev",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "01:E1:99:97:10:A8:2C:27:49:B4:D5:0C:44:5D:C8:5D:67:0B:61:36:08:9D:0A:76:6A:73:82:7C:82:A1:EA:C9"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.microsoft.emmx.beta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "01:E1:99:97:10:A8:2C:27:49:B4:D5:0C:44:5D:C8:5D:67:0B:61:36:08:9D:0A:76:6A:73:82:7C:82:A1:EA:C9"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.microsoft.emmx",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "01:E1:99:97:10:A8:2C:27:49:B4:D5:0C:44:5D:C8:5D:67:0B:61:36:08:9D:0A:76:6A:73:82:7C:82:A1:EA:C9"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.microsoft.emmx.rolling",
+        "signatures": [
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "32:A2:FC:74:D7:31:10:58:59:E5:A8:5D:F1:6D:95:F1:02:D8:5B:22:09:9B:80:64:C5:D8:91:5C:61:DA:D1:E0"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.microsoft.emmx.local",
+        "signatures": [
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "32:A2:FC:74:D7:31:10:58:59:E5:A8:5D:F1:6D:95:F1:02:D8:5B:22:09:9B:80:64:C5:D8:91:5C:61:DA:D1:E0"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.brave.browser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "9C:2D:B7:05:13:51:5F:DB:FB:BC:58:5B:3E:DF:3D:71:23:D4:DC:67:C9:4F:FD:30:63:61:C1:D7:9B:BF:18:AC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.brave.browser_beta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "9C:2D:B7:05:13:51:5F:DB:FB:BC:58:5B:3E:DF:3D:71:23:D4:DC:67:C9:4F:FD:30:63:61:C1:D7:9B:BF:18:AC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.brave.browser_nightly",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "9C:2D:B7:05:13:51:5F:DB:FB:BC:58:5B:3E:DF:3D:71:23:D4:DC:67:C9:4F:FD:30:63:61:C1:D7:9B:BF:18:AC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "app.vanadium.browser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "C6:AD:B8:B8:3C:6D:4C:17:D2:92:AF:DE:56:FD:48:8A:51:D3:16:FF:8F:2C:11:C5:41:02:23:BF:F8:A7:DB:B3"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.vivaldi.browser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "E8:A7:85:44:65:5B:A8:C0:98:17:F7:32:76:8F:56:89:B1:66:2E:C4:B2:BC:5A:0B:C0:EC:13:8D:33:CA:3D:1E"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.vivaldi.browser.snapshot",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "E8:A7:85:44:65:5B:A8:C0:98:17:F7:32:76:8F:56:89:B1:66:2E:C4:B2:BC:5A:0B:C0:EC:13:8D:33:CA:3D:1E"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.vivaldi.browser.sopranos",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "E8:A7:85:44:65:5B:A8:C0:98:17:F7:32:76:8F:56:89:B1:66:2E:C4:B2:BC:5A:0B:C0:EC:13:8D:33:CA:3D:1E"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.citrix.Receiver",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "3D:D1:12:67:10:69:AB:36:4E:F9:BE:73:9A:B7:B5:EE:15:E1:CD:E9:D8:75:7B:1B:F0:64:F5:0C:55:68:9A:49"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "CE:B2:23:D7:77:09:F2:B6:BC:0B:3A:78:36:F5:A5:AF:4C:E1:D3:55:F4:A7:28:86:F7:9D:F8:0D:C9:D6:12:2E"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "AA:D0:D4:57:E6:33:C3:78:25:77:30:5B:C1:B2:D9:E3:81:41:C7:21:DF:0D:AA:6E:29:07:2F:C4:1D:34:F0:AB"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.android.browser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "C9:00:9D:01:EB:F9:F5:D0:30:2B:C7:1B:2F:E9:AA:9A:47:A4:32:BB:A1:73:08:A3:11:1B:75:D7:B2:14:90:25"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.sec.android.app.sbrowser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "C8:A2:E9:BC:CF:59:7C:2F:B6:DC:66:BE:E2:93:FC:13:F2:FC:47:EC:77:BC:6B:2B:0D:52:C1:1F:51:19:2A:B8"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "34:DF:0E:7A:9F:1C:F1:89:2E:45:C0:56:B4:97:3C:D8:1C:CF:14:8A:40:50:D1:1A:EA:4A:C5:A6:5F:90:0A:42"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.sec.android.app.sbrowser.beta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "C8:A2:E9:BC:CF:59:7C:2F:B6:DC:66:BE:E2:93:FC:13:F2:FC:47:EC:77:BC:6B:2B:0D:52:C1:1F:51:19:2A:B8"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "34:DF:0E:7A:9F:1C:F1:89:2E:45:C0:56:B4:97:3C:D8:1C:CF:14:8A:40:50:D1:1A:EA:4A:C5:A6:5F:90:0A:42"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.google.android.gms",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "7C:E8:3C:1B:71:F3:D5:72:FE:D0:4C:8D:40:C5:CB:10:FF:75:E6:D8:7D:9D:F6:FB:D5:3F:04:68:C2:90:50:53"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "D2:2C:C5:00:29:9F:B2:28:73:A0:1A:01:0D:E1:C8:2F:BE:4D:06:11:19:B9:48:14:DD:30:1D:AB:50:CB:76:78"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.yandex.browser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "AC:A4:05:DE:D8:B2:5C:B2:E8:C6:DA:69:42:5D:2B:43:07:D0:87:C1:27:6F:C0:6A:D5:94:27:31:CC:C5:1D:BA"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.yandex.browser.beta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "AC:A4:05:DE:D8:B2:5C:B2:E8:C6:DA:69:42:5D:2B:43:07:D0:87:C1:27:6F:C0:6A:D5:94:27:31:CC:C5:1D:BA"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.yandex.browser.alpha",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "AC:A4:05:DE:D8:B2:5C:B2:E8:C6:DA:69:42:5D:2B:43:07:D0:87:C1:27:6F:C0:6A:D5:94:27:31:CC:C5:1D:BA"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.yandex.browser.corp",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "AC:A4:05:DE:D8:B2:5C:B2:E8:C6:DA:69:42:5D:2B:43:07:D0:87:C1:27:6F:C0:6A:D5:94:27:31:CC:C5:1D:BA"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.yandex.browser.canary",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "1D:A9:CB:AE:2D:CC:C6:A5:8D:6C:94:7B:E9:4C:DB:B7:33:D6:5D:A4:D1:77:0F:A1:4A:53:64:CB:4A:28:EB:49"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.yandex.browser.broteam",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "1D:A9:CB:AE:2D:CC:C6:A5:8D:6C:94:7B:E9:4C:DB:B7:33:D6:5D:A4:D1:77:0F:A1:4A:53:64:CB:4A:28:EB:49"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.talonsec.talon",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "A3:66:03:44:A6:F6:AF:CA:81:8C:BF:43:96:A2:3C:CF:D5:ED:7A:78:1B:B4:A3:D1:85:03:01:E2:F4:6D:23:83"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "E2:A5:64:74:EA:23:7B:06:67:B6:F5:2C:DC:E9:04:5E:24:88:3B:AE:D0:82:59:9A:A2:DF:0B:60:3A:CF:6A:3B"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.talonsec.talon_beta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "F5:86:62:7A:32:C8:9F:E6:7E:00:6D:B1:8C:34:31:9E:01:7F:B3:B2:BE:D6:9D:01:01:B7:F9:43:E7:7C:48:AE"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "9A:A1:25:D5:E5:5E:3F:B0:DE:96:72:D9:A9:5D:04:65:3F:49:4A:1E:C3:EE:76:1E:94:C4:4E:5D:2F:65:8E:2F"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.duckduckgo.mobile.android.debug",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "C4:F0:9E:2B:D7:25:AD:F5:AD:92:0B:A2:80:27:66:AC:16:4A:C1:53:B3:EA:9E:08:48:B0:57:98:37:F7:6A:29"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.duckduckgo.mobile.android",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "BB:7B:B3:1C:57:3C:46:A1:DA:7F:C5:C5:28:A6:AC:F4:32:10:84:56:FE:EC:50:81:0C:7F:33:69:4E:B3:D2:D4"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.naver.whale",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "0B:8B:85:23:BB:4A:EF:FA:34:6E:4B:DD:4F:BF:7D:19:34:50:56:9A:A1:4A:AA:D4:AD:FD:94:A3:F7:B2:27:BB"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.fido.fido2client",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "FC:98:DA:E6:3A:D3:96:26:C8:C6:7F:BE:83:F2:F0:6F:74:93:2A:9C:D1:46:B9:2C:EC:FC:6A:04:7A:90:43:86"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.heytap.browser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "AF:F8:A7:49:CF:0E:7D:75:44:65:D0:FB:FA:7B:8D:0C:64:5E:22:5C:10:C6:E2:32:AD:A0:D9:74:88:36:B8:E5"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "A8:FE:A4:CA:FB:93:32:DA:26:B8:E6:81:08:17:C1:DA:90:A5:03:0E:35:A6:0A:79:E0:6C:90:97:AA:C6:A4:42"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.Island",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "D9:C3:39:AC:9C:3A:EE:E1:75:1D:85:8C:35:D9:BA:C5:CC:87:B3:CE:76:30:93:F0:F5:10:64:F5:A2:F6:9B:04"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.IslandCanary",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "90:17:13:23:45:6E:6F:39:CB:FD:CF:B2:56:BE:1D:CF:F3:BC:1C:59:8A:15:93:30:E4:97:73:D0:4C:B9:C9:05"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.IslandBeta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "35:31:83:1A:9E:2B:21:1D:E6:AA:C3:69:4B:45:83:6E:56:09:B9:D7:D0:04:C3:1B:21:87:40:FB:77:17:38:D1"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.IslandDev",
+        "signatures": [
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.island.intune",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "C2:38:24:15:41:20:A0:8F:C3:95:42:AC:D8:2A:E9:24:94:78:80:1E:47:FD:6C:66:2B:18:1C:28:CA:7E:59:4E"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.island.canary.intune",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "1E:16:74:BB:79:EA:09:FB:37:CF:9F:1B:07:1B:1D:51:8D:46:03:0E:D3:EE:F2:C1:4E:AD:93:9E:C6:EE:3A:4C"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.island.beta.intune",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "D2:5E:AD:F6:1C:E6:36:6C:A4:23:A4:7F:C4:DB:9B:8C:9C:8A:35:B4:B0:19:E8:D9:82:FB:D0:8A:D9:DB:49:5A"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.island.dev.intune",
+        "signatures": [
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "net.quetta.browser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "BE:FE:E7:31:12:6A:A5:6E:7E:FD:AE:AF:5E:F3:FA:EA:44:1C:19:CC:E0:CA:EC:42:6B:65:BB:F8:2C:59:46:80"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "F1:38:00:4F:38:04:51:D4:8A:05:2B:B3:A3:EF:17:24:23:D4:B0:D0:C8:A3:AA:DD:FB:DB:66:30:31:48:EC:A4"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "cz.seznam.sbrowser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "DB:95:40:66:10:78:83:6E:4E:B1:66:F6:9E:F4:07:30:9E:8D:AE:33:34:68:5E:C8:F6:FA:2F:13:81:B9:AC:F6"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.opera.mini.native",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "57:AC:BC:52:5F:1B:2E:BD:19:19:6C:D6:F0:14:39:7C:C9:10:FD:18:84:1E:0A:E8:50:FE:BC:3E:1E:59:3F:F2"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.opera.mini.native.beta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "57:AC:BC:52:5F:1B:2E:BD:19:19:6C:D6:F0:14:39:7C:C9:10:FD:18:84:1E:0A:E8:50:FE:BC:3E:1E:59:3F:F2"
+          }
+        ]
+      }
+    }
+  ]
+}

app/src/main/java/com/x8bit/bitwarden/AuthCallbackActivity.kt

@@ -1,38 +0,0 @@
-package com.x8bit.bitwarden
-
-import android.content.Intent
-import android.os.Bundle
-import androidx.activity.viewModels
-import androidx.appcompat.app.AppCompatActivity
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
-import dagger.hilt.android.AndroidEntryPoint
-
-/**
- * An activity to receive external authentication-related callbacks so the current state of the
- * task holding the [MainActivity] can remain undisturbed.
- *
- * These callbacks can be from Custom Chrome tabs or other auth related flows, including NFC
- * related transmissions.
- */
-@OmitFromCoverage
-@AndroidEntryPoint
-class AuthCallbackActivity : AppCompatActivity() {
-
-    private val viewModel: AuthCallbackViewModel by viewModels()
-
-    override fun onCreate(savedInstanceState: Bundle?) {
-        super.onCreate(savedInstanceState)
-
-        viewModel.trySendAction(AuthCallbackAction.IntentReceive(intent = intent))
-
-        val intent = Intent(this, MainActivity::class.java)
-            .apply {
-                addFlags(
-                    Intent.FLAG_ACTIVITY_CLEAR_TOP or
-                        Intent.FLAG_ACTIVITY_SINGLE_TOP,
-                )
-            }
-        startActivity(intent)
-        finish()
-    }
-}

app/src/main/java/com/x8bit/bitwarden/AutofillTotpCopyActivity.kt

@@ -1,74 +0,0 @@
-package com.x8bit.bitwarden
-
-import android.os.Bundle
-import androidx.activity.viewModels
-import androidx.appcompat.app.AppCompatActivity
-import androidx.lifecycle.lifecycleScope
-import com.x8bit.bitwarden.data.autofill.manager.AutofillCompletionManager
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
-import dagger.hilt.android.AndroidEntryPoint
-import kotlinx.coroutines.flow.launchIn
-import kotlinx.coroutines.flow.onEach
-import javax.inject.Inject
-
-/**
- * An activity for copying a TOTP code to the clipboard. This is done when an autofill item is
- * selected and it requires TOTP authentication. Due to the constraints of the autofill framework,
- * we also have to re-fulfill the autofill for the views that are being filled.
- */
-@OmitFromCoverage
-@AndroidEntryPoint
-class AutofillTotpCopyActivity : AppCompatActivity() {
-
-    @Inject
-    lateinit var autofillCompletionManager: AutofillCompletionManager
-
-    private val autofillTotpCopyViewModel: AutofillTotpCopyViewModel by viewModels()
-
-    override fun onCreate(savedInstanceState: Bundle?) {
-        super.onCreate(savedInstanceState)
-
-        observeViewModelEvents()
-
-        autofillTotpCopyViewModel.trySendAction(
-            AutofillTotpCopyAction.IntentReceived(
-                intent = intent,
-            ),
-        )
-    }
-
-    private fun observeViewModelEvents() {
-        autofillTotpCopyViewModel
-            .eventFlow
-            .onEach { event ->
-                when (event) {
-                    is AutofillTotpCopyEvent.CompleteAutofill -> {
-                        handleCompleteAutofill(event)
-                    }
-
-                    is AutofillTotpCopyEvent.FinishActivity -> {
-                        finishActivity()
-                    }
-                }
-            }
-            .launchIn(lifecycleScope)
-    }
-
-    /**
-     * Complete autofill with the provided data.
-     */
-    private fun handleCompleteAutofill(event: AutofillTotpCopyEvent.CompleteAutofill) {
-        autofillCompletionManager.completeAutofill(
-            activity = this,
-            cipherView = event.cipherView,
-        )
-    }
-
-    /**
-     * Finish the activity.
-     */
-    private fun finishActivity() {
-        setResult(RESULT_CANCELED)
-        finish()
-    }
-}

app/src/main/java/com/x8bit/bitwarden/AutofillTotpCopyViewModel.kt

@@ -1,121 +0,0 @@
-package com.x8bit.bitwarden
-
-import android.content.Intent
-import androidx.lifecycle.viewModelScope
-import com.bitwarden.vault.CipherView
-import com.x8bit.bitwarden.data.auth.repository.AuthRepository
-import com.x8bit.bitwarden.data.autofill.util.getTotpCopyIntentOrNull
-import com.x8bit.bitwarden.data.platform.util.launchWithTimeout
-import com.x8bit.bitwarden.data.vault.repository.VaultRepository
-import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockData
-import com.x8bit.bitwarden.data.vault.repository.util.statusFor
-import com.x8bit.bitwarden.ui.platform.base.BaseViewModel
-import dagger.hilt.android.lifecycle.HiltViewModel
-import kotlinx.coroutines.flow.first
-import kotlinx.coroutines.flow.mapNotNull
-import javax.inject.Inject
-
-/**
- * The amount of time we should wait for ciphers to be loaded before timing out.
- */
-private const val CIPHER_WAIT_TIMEOUT_MILLIS: Long = 500
-
-/**
- * A view model that handles logic for the [AutofillTotpCopyActivity].
- */
-@HiltViewModel
-class AutofillTotpCopyViewModel @Inject constructor(
-    private val authRepository: AuthRepository,
-    private val vaultRepository: VaultRepository,
-) : BaseViewModel<Unit, AutofillTotpCopyEvent, AutofillTotpCopyAction>(Unit) {
-    private val activeUserId: String? get() = authRepository.activeUserId
-
-    override fun handleAction(action: AutofillTotpCopyAction): Unit = when (action) {
-        is AutofillTotpCopyAction.IntentReceived -> handleIntentReceived(action)
-    }
-
-    /**
-     * Process the received intent and alert the activity of what to do next.
-     */
-    private fun handleIntentReceived(action: AutofillTotpCopyAction.IntentReceived) {
-        viewModelScope
-            .launchWithTimeout(
-                timeoutBlock = { finishActivity() },
-                timeoutDuration = CIPHER_WAIT_TIMEOUT_MILLIS,
-            ) {
-                // Extract TOTP copy data from the intent.
-                val cipherId = action
-                    .intent
-                    .getTotpCopyIntentOrNull()
-                    ?.cipherId
-
-                if (cipherId == null || isVaultLocked()) {
-                    finishActivity()
-                    return@launchWithTimeout
-                }
-
-                // Try and find the matching cipher.
-                vaultRepository
-                    .ciphersStateFlow
-                    .mapNotNull { it.data }
-                    .first()
-                    .find { it.id == cipherId }
-                    ?.let { cipherView ->
-                        sendEvent(
-                            AutofillTotpCopyEvent.CompleteAutofill(
-                                cipherView = cipherView,
-                            ),
-                        )
-                    }
-                    ?: finishActivity()
-            }
-    }
-
-    /**
-     * Send an event to the activity that signals it to finish.
-     */
-    private fun finishActivity() {
-        sendEvent(AutofillTotpCopyEvent.FinishActivity)
-    }
-
-    private suspend fun isVaultLocked(): Boolean {
-        val userId = activeUserId ?: return true
-
-        // Wait for any unlocking actions to finish. This can be relevant on startup for Never lock
-        // accounts.
-        vaultRepository.vaultUnlockDataStateFlow.first {
-            it.statusFor(userId) != VaultUnlockData.Status.UNLOCKING
-        }
-
-        return !vaultRepository.isVaultUnlocked(userId = userId)
-    }
-}
-
-/**
- * Represents actions that can be sent to the [AutofillTotpCopyViewModel].
- */
-sealed class AutofillTotpCopyAction {
-    /**
-     * An [intent] has been received and is ready to be processed.
-     */
-    data class IntentReceived(
-        val intent: Intent,
-    ) : AutofillTotpCopyAction()
-}
-
-/**
- * Represents events emitted by the [AutofillTotpCopyViewModel].
- */
-sealed class AutofillTotpCopyEvent {
-    /**
-     * Complete autofill with the provided [cipherView].
-     */
-    data class CompleteAutofill(
-        val cipherView: CipherView,
-    ) : AutofillTotpCopyEvent()
-
-    /**
-     * Finish the activity.
-     */
-    data object FinishActivity : AutofillTotpCopyEvent()
-}

app/src/main/java/com/x8bit/bitwarden/BitwardenAppComponentFactory.kt

@@ -1,53 +0,0 @@
-package com.x8bit.bitwarden
-
-import android.app.Service
-import android.content.Intent
-import android.os.Build
-import androidx.core.app.AppComponentFactory
-import com.x8bit.bitwarden.data.autofill.BitwardenAutofillService
-import com.x8bit.bitwarden.data.autofill.fido2.BitwardenFido2ProviderService
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
-
-private const val LEGACY_AUTOFILL_SERVICE_NAME = "com.x8bit.bitwarden.Autofill.AutofillService"
-private const val LEGACY_CREDENTIAL_SERVICE_NAME =
-    "com.x8bit.bitwarden.Autofill.CredentialProviderService"
-
-/**
- * A factory class that allows us to intercept when a manifest element is being instantiated
- * and modify various characteristics before initialization.
- */
-@Suppress("unused")
-@OmitFromCoverage
-class BitwardenAppComponentFactory : AppComponentFactory() {
-    /**
-     * Used to intercept when the [BitwardenAutofillService] or [BitwardenFido2ProviderService] is
-     * being instantiated and modify which service is created. This is required because the
-     * [className] used in the manifest must match the legacy Xamarin app service name but the
-     * service name in this app is different.
-     */
-    override fun instantiateServiceCompat(
-        cl: ClassLoader,
-        className: String,
-        intent: Intent?,
-    ): Service = when (className) {
-        LEGACY_AUTOFILL_SERVICE_NAME -> {
-            super.instantiateServiceCompat(cl, BitwardenAutofillService::class.java.name, intent)
-        }
-
-        LEGACY_CREDENTIAL_SERVICE_NAME -> {
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
-                super.instantiateServiceCompat(
-                    cl,
-                    BitwardenFido2ProviderService::class.java.name,
-                    intent,
-                )
-            } else {
-                throw UnsupportedOperationException(
-                    "The CredentialProviderService requires API 34 or higher.",
-                )
-            }
-        }
-
-        else -> super.instantiateServiceCompat(cl, className, intent)
-    }
-}

app/src/main/java/com/x8bit/bitwarden/BitwardenApplication.kt

@@ -1,27 +0,0 @@
-package com.x8bit.bitwarden
-
-import android.app.Application
-import com.x8bit.bitwarden.data.auth.manager.AuthRequestNotificationManager
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
-import com.x8bit.bitwarden.data.platform.manager.CrashLogsManager
-import com.x8bit.bitwarden.data.platform.manager.NetworkConfigManager
-import dagger.hilt.android.HiltAndroidApp
-import javax.inject.Inject
-
-/**
- * Custom application class.
- */
-@OmitFromCoverage
-@HiltAndroidApp
-class BitwardenApplication : Application() {
-    // Inject classes here that must be triggered on startup but are not otherwise consumed by
-    // other callers.
-    @Inject
-    lateinit var networkConfigManager: NetworkConfigManager
-
-    @Inject
-    lateinit var crashLogsManager: CrashLogsManager
-
-    @Inject
-    lateinit var authRequestNotificationManager: AuthRequestNotificationManager
-}

app/src/main/java/com/x8bit/bitwarden/MainActivity.kt

@@ -1,132 +0,0 @@
-package com.x8bit.bitwarden
-
-import android.content.Intent
-import android.os.Bundle
-import android.view.WindowManager
-import androidx.activity.compose.setContent
-import androidx.activity.viewModels
-import androidx.appcompat.app.AppCompatActivity
-import androidx.appcompat.app.AppCompatDelegate
-import androidx.compose.runtime.getValue
-import androidx.core.os.LocaleListCompat
-import androidx.core.splashscreen.SplashScreen.Companion.installSplashScreen
-import androidx.lifecycle.compose.collectAsStateWithLifecycle
-import androidx.lifecycle.lifecycleScope
-import com.x8bit.bitwarden.data.autofill.manager.AutofillActivityManager
-import com.x8bit.bitwarden.data.autofill.manager.AutofillCompletionManager
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
-import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
-import com.x8bit.bitwarden.ui.platform.composition.LocalManagerProvider
-import com.x8bit.bitwarden.ui.platform.feature.rootnav.RootNavScreen
-import com.x8bit.bitwarden.ui.platform.theme.BitwardenTheme
-import dagger.hilt.android.AndroidEntryPoint
-import kotlinx.coroutines.flow.launchIn
-import kotlinx.coroutines.flow.onEach
-import javax.inject.Inject
-
-/**
- * Primary entry point for the application.
- */
-@OmitFromCoverage
-@AndroidEntryPoint
-class MainActivity : AppCompatActivity() {
-
-    private val mainViewModel: MainViewModel by viewModels()
-
-    @Inject
-    lateinit var autofillActivityManager: AutofillActivityManager
-
-    @Inject
-    lateinit var autofillCompletionManager: AutofillCompletionManager
-
-    @Inject
-    lateinit var settingsRepository: SettingsRepository
-
-    override fun onCreate(savedInstanceState: Bundle?) {
-        var shouldShowSplashScreen = true
-        installSplashScreen().setKeepOnScreenCondition { shouldShowSplashScreen }
-        super.onCreate(savedInstanceState)
-
-        observeViewModelEvents()
-
-        if (savedInstanceState == null) {
-            mainViewModel.trySendAction(
-                MainAction.ReceiveFirstIntent(
-                    intent = intent,
-                ),
-            )
-        }
-
-        // Within the app the language will change dynamically and will be managed
-        // by the OS, but we need to ensure we properly set the language when
-        // upgrading from older versions that handle this differently.
-        settingsRepository.appLanguage.localeName?.let { localeName ->
-            val localeList = LocaleListCompat.forLanguageTags(localeName)
-            AppCompatDelegate.setApplicationLocales(localeList)
-        }
-        setContent {
-            val state by mainViewModel.stateFlow.collectAsStateWithLifecycle()
-            LocalManagerProvider {
-                BitwardenTheme(theme = state.theme) {
-                    RootNavScreen(
-                        onSplashScreenRemoved = { shouldShowSplashScreen = false },
-                    )
-                }
-            }
-        }
-    }
-
-    override fun onNewIntent(intent: Intent) {
-        super.onNewIntent(intent)
-        mainViewModel.trySendAction(
-            action = MainAction.ReceiveNewIntent(
-                intent = intent,
-            ),
-        )
-    }
-
-    override fun onStop() {
-        super.onStop()
-        // In some scenarios on an emulator the Activity can leak when recreated
-        // if we don't first clear focus anytime we exit and return to the app.
-        currentFocus?.clearFocus()
-    }
-
-    private fun observeViewModelEvents() {
-        mainViewModel
-            .eventFlow
-            .onEach { event ->
-                when (event) {
-                    is MainEvent.CompleteAutofill -> {
-                        handleCompleteAutofill(event)
-                    }
-
-                    MainEvent.Recreate -> handleRecreate()
-
-                    is MainEvent.ScreenCaptureSettingChange -> {
-                        handleScreenCaptureSettingChange(event)
-                    }
-                }
-            }
-            .launchIn(lifecycleScope)
-    }
-
-    private fun handleCompleteAutofill(event: MainEvent.CompleteAutofill) {
-        autofillCompletionManager.completeAutofill(
-            activity = this,
-            cipherView = event.cipherView,
-        )
-    }
-
-    private fun handleScreenCaptureSettingChange(event: MainEvent.ScreenCaptureSettingChange) {
-        if (event.isAllowed) {
-            window.clearFlags(WindowManager.LayoutParams.FLAG_SECURE)
-        } else {
-            window.addFlags(WindowManager.LayoutParams.FLAG_SECURE)
-        }
-    }
-
-    private fun handleRecreate() {
-        recreate()
-    }
-}

app/src/main/java/com/x8bit/bitwarden/MainViewModel.kt

@@ -1,317 +0,0 @@
-package com.x8bit.bitwarden
-
-import android.content.Intent
-import android.os.Parcelable
-import androidx.lifecycle.SavedStateHandle
-import androidx.lifecycle.viewModelScope
-import com.bitwarden.vault.CipherView
-import com.x8bit.bitwarden.data.auth.repository.AuthRepository
-import com.x8bit.bitwarden.data.auth.util.getPasswordlessRequestDataIntentOrNull
-import com.x8bit.bitwarden.data.autofill.fido2.util.getFido2CredentialRequestOrNull
-import com.x8bit.bitwarden.data.autofill.manager.AutofillSelectionManager
-import com.x8bit.bitwarden.data.autofill.util.getAutofillSaveItemOrNull
-import com.x8bit.bitwarden.data.autofill.util.getAutofillSelectionDataOrNull
-import com.x8bit.bitwarden.data.platform.manager.SpecialCircumstanceManager
-import com.x8bit.bitwarden.data.platform.manager.garbage.GarbageCollectionManager
-import com.x8bit.bitwarden.data.platform.manager.model.SpecialCircumstance
-import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
-import com.x8bit.bitwarden.data.vault.manager.model.VaultStateEvent
-import com.x8bit.bitwarden.data.vault.repository.VaultRepository
-import com.x8bit.bitwarden.ui.platform.base.BaseViewModel
-import com.x8bit.bitwarden.ui.platform.feature.settings.appearance.model.AppTheme
-import com.x8bit.bitwarden.ui.platform.manager.intent.IntentManager
-import com.x8bit.bitwarden.ui.platform.util.isMyVaultShortcut
-import com.x8bit.bitwarden.ui.platform.util.isPasswordGeneratorShortcut
-import dagger.hilt.android.lifecycle.HiltViewModel
-import kotlinx.coroutines.delay
-import kotlinx.coroutines.flow.distinctUntilChanged
-import kotlinx.coroutines.flow.drop
-import kotlinx.coroutines.flow.launchIn
-import kotlinx.coroutines.flow.map
-import kotlinx.coroutines.flow.onEach
-import kotlinx.coroutines.flow.update
-import kotlinx.parcelize.Parcelize
-import javax.inject.Inject
-
-private const val SPECIAL_CIRCUMSTANCE_KEY = "special-circumstance"
-
-/**
- * A view model that helps launch actions for the [MainActivity].
- */
-@Suppress("LongParameterList", "TooManyFunctions")
-@HiltViewModel
-class MainViewModel @Inject constructor(
-    autofillSelectionManager: AutofillSelectionManager,
-    private val specialCircumstanceManager: SpecialCircumstanceManager,
-    private val garbageCollectionManager: GarbageCollectionManager,
-    private val intentManager: IntentManager,
-    settingsRepository: SettingsRepository,
-    vaultRepository: VaultRepository,
-    private val authRepository: AuthRepository,
-    private val savedStateHandle: SavedStateHandle,
-) : BaseViewModel<MainState, MainEvent, MainAction>(
-    MainState(
-        theme = settingsRepository.appTheme,
-    ),
-) {
-    private var specialCircumstance: SpecialCircumstance?
-        get() = savedStateHandle[SPECIAL_CIRCUMSTANCE_KEY]
-        set(value) {
-            savedStateHandle[SPECIAL_CIRCUMSTANCE_KEY] = value
-        }
-
-    init {
-        // Immediately restore the special circumstance if we have one and then listen for changes
-        specialCircumstanceManager.specialCircumstance = specialCircumstance
-
-        specialCircumstanceManager
-            .specialCircumstanceStateFlow
-            .onEach { specialCircumstance = it }
-            .launchIn(viewModelScope)
-
-        autofillSelectionManager
-            .autofillSelectionFlow
-            .onEach { trySendAction(MainAction.Internal.AutofillSelectionReceive(it)) }
-            .launchIn(viewModelScope)
-
-        settingsRepository
-            .appThemeStateFlow
-            .onEach { trySendAction(MainAction.Internal.ThemeUpdate(it)) }
-            .launchIn(viewModelScope)
-
-        settingsRepository
-            .isScreenCaptureAllowedStateFlow
-            .onEach { isAllowed ->
-                sendEvent(MainEvent.ScreenCaptureSettingChange(isAllowed))
-            }
-            .launchIn(viewModelScope)
-
-        authRepository
-            .userStateFlow
-            .drop(count = 1)
-            // Trigger an action whenever the current user changes or we go into/out of a pending
-            // account state (which acts like switching to a temporary user).
-            .map { it?.activeUserId to it?.hasPendingAccountAddition }
-            .distinctUntilChanged()
-            .onEach {
-                // Switching between account states often involves some kind of animation (ex:
-                // account switcher) that we might want to give time to finish before triggering
-                // a refresh.
-                @Suppress("MagicNumber")
-                delay(500)
-                trySendAction(MainAction.Internal.CurrentUserStateChange)
-            }
-            .launchIn(viewModelScope)
-
-        vaultRepository
-            .vaultStateEventFlow
-            .onEach {
-                when (it) {
-                    is VaultStateEvent.Locked -> {
-                        trySendAction(MainAction.Internal.VaultUnlockStateChange)
-                    }
-
-                    is VaultStateEvent.Unlocked -> Unit
-                }
-            }
-            .launchIn(viewModelScope)
-    }
-
-    override fun handleAction(action: MainAction) {
-        when (action) {
-            is MainAction.Internal.AutofillSelectionReceive -> {
-                handleAutofillSelectionReceive(action)
-            }
-
-            is MainAction.Internal.CurrentUserStateChange -> handleCurrentUserStateChange()
-            is MainAction.Internal.ThemeUpdate -> handleAppThemeUpdated(action)
-            is MainAction.Internal.VaultUnlockStateChange -> handleVaultUnlockStateChange()
-            is MainAction.ReceiveFirstIntent -> handleFirstIntentReceived(action)
-            is MainAction.ReceiveNewIntent -> handleNewIntentReceived(action)
-        }
-    }
-
-    private fun handleAutofillSelectionReceive(
-        action: MainAction.Internal.AutofillSelectionReceive,
-    ) {
-        sendEvent(MainEvent.CompleteAutofill(cipherView = action.cipherView))
-    }
-
-    private fun handleCurrentUserStateChange() {
-        recreateUiAndGarbageCollect()
-    }
-
-    private fun handleAppThemeUpdated(action: MainAction.Internal.ThemeUpdate) {
-        mutableStateFlow.update { it.copy(theme = action.theme) }
-    }
-
-    private fun handleVaultUnlockStateChange() {
-        recreateUiAndGarbageCollect()
-    }
-
-    private fun handleFirstIntentReceived(action: MainAction.ReceiveFirstIntent) {
-        handleIntent(
-            intent = action.intent,
-            isFirstIntent = true,
-        )
-    }
-
-    private fun handleNewIntentReceived(action: MainAction.ReceiveNewIntent) {
-        handleIntent(
-            intent = action.intent,
-            isFirstIntent = false,
-        )
-    }
-
-    private fun handleIntent(
-        intent: Intent,
-        isFirstIntent: Boolean,
-    ) {
-        val passwordlessRequestData = intent.getPasswordlessRequestDataIntentOrNull()
-        val autofillSaveItem = intent.getAutofillSaveItemOrNull()
-        val autofillSelectionData = intent.getAutofillSelectionDataOrNull()
-        val shareData = intentManager.getShareDataFromIntent(intent)
-        val hasGeneratorShortcut = intent.isPasswordGeneratorShortcut
-        val hasVaultShortcut = intent.isMyVaultShortcut
-        val fido2CredentialRequestData = intent.getFido2CredentialRequestOrNull()
-        when {
-            passwordlessRequestData != null -> {
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.PasswordlessRequest(
-                        passwordlessRequestData = passwordlessRequestData,
-                        // Allow users back into the already-running app when completing the
-                        // autofill task when this is not the first intent.
-                        shouldFinishWhenComplete = isFirstIntent,
-                    )
-            }
-
-            autofillSaveItem != null -> {
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.AutofillSave(
-                        autofillSaveItem = autofillSaveItem,
-                    )
-            }
-
-            autofillSelectionData != null -> {
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.AutofillSelection(
-                        autofillSelectionData = autofillSelectionData,
-                        // Allow users back into the already-running app when completing the
-                        // autofill task when this is not the first intent.
-                        shouldFinishWhenComplete = isFirstIntent,
-                    )
-            }
-
-            shareData != null -> {
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.ShareNewSend(
-                        data = shareData,
-                        // Allow users back into the already-running app when completing the
-                        // Send task when this is not the first intent.
-                        shouldFinishWhenComplete = isFirstIntent,
-                    )
-            }
-
-            fido2CredentialRequestData != null -> {
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.Fido2Save(
-                        fido2CredentialRequest = fido2CredentialRequestData,
-                    )
-
-                // Switch accounts if the selected user is not the active user.
-                if (authRepository.activeUserId != null &&
-                    authRepository.activeUserId != fido2CredentialRequestData.userId
-                ) {
-                    authRepository.switchAccount(fido2CredentialRequestData.userId)
-                }
-            }
-
-            hasGeneratorShortcut -> {
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.GeneratorShortcut
-            }
-
-            hasVaultShortcut -> {
-                specialCircumstanceManager.specialCircumstance = SpecialCircumstance.VaultShortcut
-            }
-        }
-    }
-
-    private fun recreateUiAndGarbageCollect() {
-        sendEvent(MainEvent.Recreate)
-        garbageCollectionManager.tryCollect()
-    }
-}
-
-/**
- * Models state for the [MainActivity].
- */
-@Parcelize
-data class MainState(
-    val theme: AppTheme,
-) : Parcelable
-
-/**
- * Models actions for the [MainActivity].
- */
-sealed class MainAction {
-    /**
-     * Receive first Intent by the application.
-     */
-    data class ReceiveFirstIntent(val intent: Intent) : MainAction()
-
-    /**
-     * Receive Intent by the application.
-     */
-    data class ReceiveNewIntent(val intent: Intent) : MainAction()
-
-    /**
-     * Actions for internal use by the ViewModel.
-     */
-    sealed class Internal : MainAction() {
-        /**
-         * Indicates the user has manually selected the given [cipherView] for autofill.
-         */
-        data class AutofillSelectionReceive(
-            val cipherView: CipherView,
-        ) : Internal()
-
-        /**
-         * Indicates a relevant change in the current user state.
-         */
-        data object CurrentUserStateChange : Internal()
-
-        /**
-         * Indicates that the app theme has changed.
-         */
-        data class ThemeUpdate(
-            val theme: AppTheme,
-        ) : Internal()
-
-        /**
-         * Indicates a relevant change in the current vault lock state.
-         */
-        data object VaultUnlockStateChange : Internal()
-    }
-}
-
-/**
- * Represents events that are emitted by the [MainViewModel].
- */
-sealed class MainEvent {
-    /**
-     * Event indicating that the user has chosen the given [cipherView] for autofill and that the
-     * process is ready to complete.
-     */
-    data class CompleteAutofill(val cipherView: CipherView) : MainEvent()
-
-    /**
-     * Event indicating a change in the screen capture setting.
-     */
-    data class ScreenCaptureSettingChange(val isAllowed: Boolean) : MainEvent()
-
-    /**
-     * Event indicating that the UI should recreate itself.
-     */
-    data object Recreate : MainEvent()
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSource.kt

@@ -1,267 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.disk
-
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountTokensJson
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.PendingAuthRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson
-import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
-import kotlinx.coroutines.flow.Flow
-
-/**
- * Primary access point for disk information.
- */
-@Suppress("TooManyFunctions")
-interface AuthDiskSource {
-    /**
-     * Retrieves a unique ID for the application that is stored locally. This will generate a new
-     * one if it does not yet exist and it will only be reset for new installs or when clearing
-     * application data.
-     */
-    val uniqueAppId: String
-
-    /**
-     * The currently persisted saved email address (or `null` if not set).
-     */
-    var rememberedEmailAddress: String?
-
-    /**
-     * The currently persisted organization identifier (or `null` if not set).
-     */
-    var rememberedOrgIdentifier: String?
-
-    /**
-     * The currently persisted user state information (or `null` if not set).
-     */
-    var userState: UserStateJson?
-
-    /**
-     * Emits updates that track [userState]. This will replay the last known value, if any.
-     */
-    val userStateFlow: Flow<UserStateJson?>
-
-    /**
-     * Clears all the settings data for the given user.
-     *
-     * Note that this does not include any data saved in the [userState].
-     */
-    fun clearData(userId: String)
-
-    /**
-     * Retrieves the state indicating that the user has chosen to trust this device.
-     *
-     * Note: This indicates intent to trust the device, the device may not be trusted yet.
-     */
-    fun getShouldTrustDevice(userId: String): Boolean
-
-    /**
-     * Stores the boolean indicating that the user has chosen to trust this device for the given
-     * [userId].
-     *
-     * Note: This indicates intent to trust the device, the device may not be trusted yet.
-     */
-    fun storeShouldTrustDevice(userId: String, shouldTrustDevice: Boolean?)
-
-    /**
-     * Retrieves the "last active time" for the given [userId], in milliseconds.
-     *
-     * This time is intended to be derived from a call to
-     * [SystemClock.elapsedRealtime()](https://developer.android.com/reference/android/os/SystemClock#elapsedRealtime())
-     */
-    fun getLastActiveTimeMillis(userId: String): Long?
-
-    /**
-     * Stores the [lastActiveTimeMillis] for the given [userId].
-     *
-     * This time is intended to be derived from a call to
-     * [SystemClock.elapsedRealtime()](https://developer.android.com/reference/android/os/SystemClock#elapsedRealtime())
-     */
-    fun storeLastActiveTimeMillis(
-        userId: String,
-        lastActiveTimeMillis: Long?,
-    )
-
-    /**
-     * Retrieves the number of consecutive invalid lock attempts for the given [userId].
-     */
-    fun getInvalidUnlockAttempts(userId: String): Int?
-
-    /**
-     * Stores the number of consecutive invalid lock attempts for the given [userId].
-     */
-    fun storeInvalidUnlockAttempts(
-        userId: String,
-        invalidUnlockAttempts: Int?,
-    )
-
-    /**
-     * Retrieves a user key using a [userId].
-     */
-    fun getUserKey(userId: String): String?
-
-    /**
-     * Stores a user key using a [userId].
-     */
-    fun storeUserKey(userId: String, userKey: String?)
-
-    /**
-     * Retrieves a private key using a [userId].
-     */
-    fun getPrivateKey(userId: String): String?
-
-    /**
-     * Stores a private key using a [userId].
-     */
-    fun storePrivateKey(userId: String, privateKey: String?)
-
-    /**
-     * Retrieves a user auto-unlock key for the given [userId].
-     */
-    fun getUserAutoUnlockKey(userId: String): String?
-
-    /**
-     * Stores a user auto-unlock key for the given [userId].
-     */
-    fun storeUserAutoUnlockKey(userId: String, userAutoUnlockKey: String?)
-
-    /**
-     * Gets the device key for the given [userId].
-     */
-    fun getDeviceKey(userId: String): String?
-
-    /**
-     * Stores the device key for the given [userId].
-     */
-    fun storeDeviceKey(userId: String, deviceKey: String?)
-
-    /**
-     * Gets the stored [PendingAuthRequestJson] for the given [userId].
-     */
-    fun getPendingAuthRequest(userId: String): PendingAuthRequestJson?
-
-    /**
-     * Stores the [PendingAuthRequestJson] for the given [userId].
-     */
-    fun storePendingAuthRequest(
-        userId: String,
-        pendingAuthRequest: PendingAuthRequestJson?,
-    )
-
-    /**
-     * Gets the biometrics key for the given [userId].
-     */
-    fun getUserBiometricUnlockKey(userId: String): String?
-
-    /**
-     * Stores the biometrics key for the given [userId].
-     */
-    fun storeUserBiometricUnlockKey(userId: String, biometricsKey: String?)
-
-    /**
-     * Retrieves a pin-protected user key for the given [userId].
-     */
-    fun getPinProtectedUserKey(userId: String): String?
-
-    /**
-     * Stores a pin-protected user key for the given [userId].
-     *
-     * When [inMemoryOnly] is `true`, the value will only be available via a call to
-     * [getPinProtectedUserKey] during the current app session.
-     */
-    fun storePinProtectedUserKey(
-        userId: String,
-        pinProtectedUserKey: String?,
-        inMemoryOnly: Boolean = false,
-    )
-
-    /**
-     * Gets a two-factor auth token using a user's [email].
-     */
-    fun getTwoFactorToken(email: String): String?
-
-    /**
-     * Stores a two-factor auth token using a user's [email].
-     */
-    fun storeTwoFactorToken(email: String, twoFactorToken: String?)
-
-    /**
-     * Retrieves an encrypted PIN for the given [userId].
-     */
-    fun getEncryptedPin(userId: String): String?
-
-    /**
-     * Stores an encrypted PIN for the given [userId].
-     */
-    fun storeEncryptedPin(userId: String, encryptedPin: String?)
-
-    /**
-     * Gets the organization keys for the given [userId] in the form of a mapping from organization
-     * ID to encrypted organization key.
-     */
-    fun getOrganizationKeys(userId: String): Map<String, String>?
-
-    /**
-     * Stores the organization keys for the given [userId] in the form of a mapping from
-     * organization ID to encrypted organization key.
-     */
-    fun storeOrganizationKeys(
-        userId: String,
-        organizationKeys: Map<String, String>?,
-    )
-
-    /**
-     * Gets the organization data for the given [userId].
-     */
-    fun getOrganizations(userId: String): List<SyncResponseJson.Profile.Organization>?
-
-    /**
-     * Emits updates that track [getOrganizations]. This will replay the last known value, if any.
-     */
-    fun getOrganizationsFlow(userId: String): Flow<List<SyncResponseJson.Profile.Organization>?>
-
-    /**
-     * Stores the organization data for the given [userId].
-     */
-    fun storeOrganizations(
-        userId: String,
-        organizations: List<SyncResponseJson.Profile.Organization>?,
-    )
-
-    /**
-     * Gets the master password hash for the given [userId].
-     */
-    fun getMasterPasswordHash(userId: String): String?
-
-    /**
-     * Stores the [passwordHash] for the given [userId].
-     */
-    fun storeMasterPasswordHash(userId: String, passwordHash: String?)
-
-    /**
-     * Gets the policies for the given [userId].
-     */
-    fun getPolicies(userId: String): List<SyncResponseJson.Policy>?
-
-    /**
-     * Emits updates that track [getPolicies]. This will replay the last known value, if any.
-     */
-    fun getPoliciesFlow(userId: String): Flow<List<SyncResponseJson.Policy>?>
-
-    /**
-     * Stores the [policies] for the given [userId].
-     */
-    fun storePolicies(userId: String, policies: List<SyncResponseJson.Policy>?)
-
-    /**
-     * Gets the account tokens for the given [userId].
-     */
-    fun getAccountTokens(userId: String): AccountTokensJson?
-
-    /**
-     * Emits updates that track [getAccountTokens]. This will replay the last known value, if any.
-     */
-    fun getAccountTokensFlow(userId: String): Flow<AccountTokensJson?>
-
-    /**
-     * Stores the [accountTokens] for the given [userId].
-     */
-    fun storeAccountTokens(userId: String, accountTokens: AccountTokensJson?)
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSourceImpl.kt

@@ -1,424 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.disk
-
-import android.content.SharedPreferences
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountTokensJson
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.PendingAuthRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson
-import com.x8bit.bitwarden.data.platform.datasource.disk.BaseEncryptedDiskSource
-import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacySecureStorageMigrator
-import com.x8bit.bitwarden.data.platform.repository.util.bufferedMutableSharedFlow
-import com.x8bit.bitwarden.data.platform.util.decodeFromStringOrNull
-import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
-import kotlinx.coroutines.flow.Flow
-import kotlinx.coroutines.flow.MutableSharedFlow
-import kotlinx.coroutines.flow.onSubscription
-import kotlinx.serialization.encodeToString
-import kotlinx.serialization.json.Json
-import java.util.UUID
-
-// These keys should be encrypted
-private const val ACCOUNT_TOKENS_KEY = "accountTokens"
-private const val BIOMETRICS_UNLOCK_KEY = "userKeyBiometricUnlock"
-private const val USER_AUTO_UNLOCK_KEY_KEY = "userKeyAutoUnlock"
-private const val DEVICE_KEY_KEY = "deviceKey"
-private const val PENDING_ADMIN_AUTH_REQUEST_KEY = "pendingAdminAuthRequest"
-
-// These keys should not be encrypted
-private const val UNIQUE_APP_ID_KEY = "appId"
-private const val REMEMBERED_EMAIL_ADDRESS_KEY = "rememberedEmail"
-private const val REMEMBERED_ORG_IDENTIFIER_KEY = "rememberedOrgIdentifier"
-private const val STATE_KEY = "state"
-private const val LAST_ACTIVE_TIME_KEY = "lastActiveTime"
-private const val INVALID_UNLOCK_ATTEMPTS_KEY = "invalidUnlockAttempts"
-private const val MASTER_KEY_ENCRYPTION_USER_KEY = "masterKeyEncryptedUserKey"
-private const val MASTER_KEY_ENCRYPTION_PRIVATE_KEY = "encPrivateKey"
-private const val PIN_PROTECTED_USER_KEY_KEY = "pinKeyEncryptedUserKey"
-private const val ENCRYPTED_PIN_KEY = "protectedPin"
-private const val ORGANIZATIONS_KEY = "organizations"
-private const val ORGANIZATION_KEYS_KEY = "encOrgKeys"
-private const val TWO_FACTOR_TOKEN_KEY = "twoFactorToken"
-private const val MASTER_PASSWORD_HASH_KEY = "keyHash"
-private const val POLICIES_KEY = "policies"
-private const val SHOULD_TRUST_DEVICE_KEY = "shouldTrustDevice"
-
-/**
- * Primary implementation of [AuthDiskSource].
- */
-@Suppress("TooManyFunctions")
-class AuthDiskSourceImpl(
-    encryptedSharedPreferences: SharedPreferences,
-    sharedPreferences: SharedPreferences,
-    legacySecureStorageMigrator: LegacySecureStorageMigrator,
-    private val json: Json,
-) : BaseEncryptedDiskSource(
-    encryptedSharedPreferences = encryptedSharedPreferences,
-    sharedPreferences = sharedPreferences,
-),
-    AuthDiskSource {
-
-    private val inMemoryPinProtectedUserKeys = mutableMapOf<String, String?>()
-    private val mutableOrganizationsFlowMap =
-        mutableMapOf<String, MutableSharedFlow<List<SyncResponseJson.Profile.Organization>?>>()
-    private val mutablePoliciesFlowMap =
-        mutableMapOf<String, MutableSharedFlow<List<SyncResponseJson.Policy>?>>()
-    private val mutableAccountTokensFlowMap =
-        mutableMapOf<String, MutableSharedFlow<AccountTokensJson?>>()
-    private val mutableUserStateFlow = bufferedMutableSharedFlow<UserStateJson?>(replay = 1)
-
-    override var userState: UserStateJson?
-        get() = getString(key = STATE_KEY)?.let { json.decodeFromStringOrNull(it) }
-        set(value) {
-            putString(
-                key = STATE_KEY,
-                value = value?.let { json.encodeToString(value) },
-            )
-            mutableUserStateFlow.tryEmit(value)
-        }
-
-    init {
-        // We must migrate if necessary before any of the migrated values would be initialized
-        // and accessed.
-        legacySecureStorageMigrator.migrateIfNecessary()
-
-        // We must migrate the tokens from being stored in the UserState(shared preferences) to
-        // being stored separately in encrypted shared preferences.
-        migrateAccountTokens()
-    }
-
-    override val uniqueAppId: String
-        get() = getString(key = UNIQUE_APP_ID_KEY) ?: generateAndStoreUniqueAppId()
-
-    override var rememberedEmailAddress: String?
-        get() = getString(key = REMEMBERED_EMAIL_ADDRESS_KEY)
-        set(value) {
-            putString(
-                key = REMEMBERED_EMAIL_ADDRESS_KEY,
-                value = value,
-            )
-        }
-
-    override var rememberedOrgIdentifier: String?
-        get() = getString(key = REMEMBERED_ORG_IDENTIFIER_KEY)
-        set(value) {
-            putString(
-                key = REMEMBERED_ORG_IDENTIFIER_KEY,
-                value = value,
-            )
-        }
-
-    override val userStateFlow: Flow<UserStateJson?>
-        get() = mutableUserStateFlow
-            .onSubscription { emit(userState) }
-
-    override fun clearData(userId: String) {
-        storeLastActiveTimeMillis(userId = userId, lastActiveTimeMillis = null)
-        storeInvalidUnlockAttempts(userId = userId, invalidUnlockAttempts = null)
-        storeUserKey(userId = userId, userKey = null)
-        storeUserAutoUnlockKey(userId = userId, userAutoUnlockKey = null)
-        storePinProtectedUserKey(userId = userId, pinProtectedUserKey = null)
-        storeEncryptedPin(userId = userId, encryptedPin = null)
-        storePrivateKey(userId = userId, privateKey = null)
-        storeOrganizationKeys(userId = userId, organizationKeys = null)
-        storeOrganizations(userId = userId, organizations = null)
-        storeUserBiometricUnlockKey(userId = userId, biometricsKey = null)
-        storeMasterPasswordHash(userId = userId, passwordHash = null)
-        storePolicies(userId = userId, policies = null)
-        storeAccountTokens(userId = userId, accountTokens = null)
-
-        // Do not remove the DeviceKey or PendingAuthRequest on logout, these are persisted
-        // indefinitely unless the TDE flow explicitly removes them.
-    }
-
-    override fun getShouldTrustDevice(userId: String): Boolean =
-        requireNotNull(
-            getBoolean(key = SHOULD_TRUST_DEVICE_KEY.appendIdentifier(userId), default = false),
-        )
-
-    override fun storeShouldTrustDevice(userId: String, shouldTrustDevice: Boolean?) {
-        putBoolean(SHOULD_TRUST_DEVICE_KEY.appendIdentifier(userId), shouldTrustDevice)
-    }
-
-    override fun getLastActiveTimeMillis(userId: String): Long? =
-        getLong(key = LAST_ACTIVE_TIME_KEY.appendIdentifier(userId))
-
-    override fun storeLastActiveTimeMillis(
-        userId: String,
-        lastActiveTimeMillis: Long?,
-    ) {
-        putLong(
-            key = LAST_ACTIVE_TIME_KEY.appendIdentifier(userId),
-            value = lastActiveTimeMillis,
-        )
-    }
-
-    override fun getInvalidUnlockAttempts(userId: String): Int? =
-        getInt(key = INVALID_UNLOCK_ATTEMPTS_KEY.appendIdentifier(userId))
-
-    override fun storeInvalidUnlockAttempts(
-        userId: String,
-        invalidUnlockAttempts: Int?,
-    ) {
-        putInt(
-            key = INVALID_UNLOCK_ATTEMPTS_KEY.appendIdentifier(userId),
-            value = invalidUnlockAttempts,
-        )
-    }
-
-    override fun getUserKey(userId: String): String? =
-        getString(key = MASTER_KEY_ENCRYPTION_USER_KEY.appendIdentifier(userId))
-
-    override fun storeUserKey(userId: String, userKey: String?) {
-        putString(
-            key = MASTER_KEY_ENCRYPTION_USER_KEY.appendIdentifier(userId),
-            value = userKey,
-        )
-    }
-
-    override fun getPrivateKey(userId: String): String? =
-        getString(key = MASTER_KEY_ENCRYPTION_PRIVATE_KEY.appendIdentifier(userId))
-
-    override fun storePrivateKey(userId: String, privateKey: String?) {
-        putString(
-            key = MASTER_KEY_ENCRYPTION_PRIVATE_KEY.appendIdentifier(userId),
-            value = privateKey,
-        )
-    }
-
-    override fun getUserAutoUnlockKey(userId: String): String? =
-        getEncryptedString(
-            key = USER_AUTO_UNLOCK_KEY_KEY.appendIdentifier(userId),
-            default = null,
-        )
-
-    override fun storeUserAutoUnlockKey(
-        userId: String,
-        userAutoUnlockKey: String?,
-    ) {
-        putEncryptedString(
-            key = USER_AUTO_UNLOCK_KEY_KEY.appendIdentifier(userId),
-            value = userAutoUnlockKey,
-        )
-    }
-
-    override fun getDeviceKey(
-        userId: String,
-    ): String? = getEncryptedString(key = DEVICE_KEY_KEY.appendIdentifier(userId))
-
-    override fun storeDeviceKey(
-        userId: String,
-        deviceKey: String?,
-    ) {
-        putEncryptedString(key = DEVICE_KEY_KEY.appendIdentifier(userId), value = deviceKey)
-    }
-
-    override fun getPendingAuthRequest(
-        userId: String,
-    ): PendingAuthRequestJson? =
-        getEncryptedString(key = PENDING_ADMIN_AUTH_REQUEST_KEY.appendIdentifier(userId))
-            ?.let { json.decodeFromStringOrNull(it) }
-
-    override fun storePendingAuthRequest(
-        userId: String,
-        pendingAuthRequest: PendingAuthRequestJson?,
-    ) {
-        putEncryptedString(
-            key = PENDING_ADMIN_AUTH_REQUEST_KEY.appendIdentifier(userId),
-            value = pendingAuthRequest?.let { json.encodeToString(it) },
-        )
-    }
-
-    override fun getUserBiometricUnlockKey(userId: String): String? =
-        getEncryptedString(key = BIOMETRICS_UNLOCK_KEY.appendIdentifier(userId))
-
-    override fun storeUserBiometricUnlockKey(
-        userId: String,
-        biometricsKey: String?,
-    ) {
-        putEncryptedString(
-            key = BIOMETRICS_UNLOCK_KEY.appendIdentifier(userId),
-            value = biometricsKey,
-        )
-    }
-
-    override fun getPinProtectedUserKey(userId: String): String? =
-        inMemoryPinProtectedUserKeys[userId]
-            ?: getString(key = PIN_PROTECTED_USER_KEY_KEY.appendIdentifier(userId))
-
-    override fun storePinProtectedUserKey(
-        userId: String,
-        pinProtectedUserKey: String?,
-        inMemoryOnly: Boolean,
-    ) {
-        inMemoryPinProtectedUserKeys[userId] = pinProtectedUserKey
-        if (inMemoryOnly) return
-        putString(
-            key = PIN_PROTECTED_USER_KEY_KEY.appendIdentifier(userId),
-            value = pinProtectedUserKey,
-        )
-    }
-
-    override fun getTwoFactorToken(email: String): String? =
-        getString(key = TWO_FACTOR_TOKEN_KEY.appendIdentifier(email))
-
-    override fun storeTwoFactorToken(email: String, twoFactorToken: String?) {
-        putString(
-            key = TWO_FACTOR_TOKEN_KEY.appendIdentifier(email),
-            value = twoFactorToken,
-        )
-    }
-
-    override fun getEncryptedPin(userId: String): String? =
-        getString(key = ENCRYPTED_PIN_KEY.appendIdentifier(userId))
-
-    override fun storeEncryptedPin(
-        userId: String,
-        encryptedPin: String?,
-    ) {
-        putString(
-            key = ENCRYPTED_PIN_KEY.appendIdentifier(userId),
-            value = encryptedPin,
-        )
-    }
-
-    override fun getOrganizationKeys(userId: String): Map<String, String>? =
-        getString(key = ORGANIZATION_KEYS_KEY.appendIdentifier(userId))
-            ?.let { json.decodeFromStringOrNull(it) }
-
-    override fun storeOrganizationKeys(
-        userId: String,
-        organizationKeys: Map<String, String>?,
-    ) {
-        putString(
-            key = ORGANIZATION_KEYS_KEY.appendIdentifier(userId),
-            value = organizationKeys?.let { json.encodeToString(it) },
-        )
-    }
-
-    override fun getOrganizations(
-        userId: String,
-    ): List<SyncResponseJson.Profile.Organization>? =
-        getString(key = ORGANIZATIONS_KEY.appendIdentifier(userId))
-            ?.let {
-                // The organizations are stored as a map
-                val organizationMap: Map<String, SyncResponseJson.Profile.Organization>? =
-                    json.decodeFromStringOrNull(it)
-                organizationMap?.values?.toList()
-            }
-
-    override fun getOrganizationsFlow(
-        userId: String,
-    ): Flow<List<SyncResponseJson.Profile.Organization>?> =
-        getMutableOrganizationsFlow(userId = userId)
-            .onSubscription { emit(getOrganizations(userId = userId)) }
-
-    override fun storeOrganizations(
-        userId: String,
-        organizations: List<SyncResponseJson.Profile.Organization>?,
-    ) {
-        putString(
-            key = ORGANIZATIONS_KEY.appendIdentifier(userId),
-            value = organizations?.let { nonNullOrganizations ->
-                // The organizations are stored as a map
-                val organizationsMap = nonNullOrganizations.associateBy { it.id }
-                json.encodeToString(organizationsMap)
-            },
-        )
-        getMutableOrganizationsFlow(userId = userId).tryEmit(organizations)
-    }
-
-    override fun getMasterPasswordHash(userId: String): String? =
-        getString(key = MASTER_PASSWORD_HASH_KEY.appendIdentifier(userId))
-
-    override fun storeMasterPasswordHash(userId: String, passwordHash: String?) {
-        putString(key = MASTER_PASSWORD_HASH_KEY.appendIdentifier(userId), value = passwordHash)
-    }
-
-    override fun getPolicies(userId: String): List<SyncResponseJson.Policy>? =
-        getString(key = POLICIES_KEY.appendIdentifier(userId))
-            ?.let {
-                // The policies are stored as a map.
-                val policiesMap: Map<String, SyncResponseJson.Policy>? =
-                    json.decodeFromStringOrNull(it)
-                policiesMap?.values?.toList()
-            }
-
-    override fun getPoliciesFlow(
-        userId: String,
-    ): Flow<List<SyncResponseJson.Policy>?> =
-        getMutablePoliciesFlow(userId = userId)
-            .onSubscription { emit(getPolicies(userId = userId)) }
-
-    override fun storePolicies(userId: String, policies: List<SyncResponseJson.Policy>?) {
-        putString(
-            key = POLICIES_KEY.appendIdentifier(userId),
-            value = policies?.let { nonNullPolicies ->
-                // The policies are stored as a map.
-                val policiesMap = nonNullPolicies.associateBy { it.id }
-                json.encodeToString(policiesMap)
-            },
-        )
-        getMutablePoliciesFlow(userId = userId).tryEmit(policies)
-    }
-
-    override fun getAccountTokens(userId: String): AccountTokensJson? =
-        getEncryptedString(key = ACCOUNT_TOKENS_KEY.appendIdentifier(userId))
-            ?.let { json.decodeFromStringOrNull(it) }
-
-    override fun getAccountTokensFlow(userId: String): Flow<AccountTokensJson?> =
-        getMutableAccountTokensFlow(userId = userId)
-            .onSubscription { emit(getAccountTokens(userId = userId)) }
-
-    override fun storeAccountTokens(userId: String, accountTokens: AccountTokensJson?) {
-        putEncryptedString(
-            key = ACCOUNT_TOKENS_KEY.appendIdentifier(userId),
-            value = accountTokens?.let { json.encodeToString(it) },
-        )
-        getMutableAccountTokensFlow(userId = userId).tryEmit(accountTokens)
-    }
-
-    private fun generateAndStoreUniqueAppId(): String =
-        UUID
-            .randomUUID()
-            .toString()
-            .also {
-                putString(key = UNIQUE_APP_ID_KEY, value = it)
-            }
-
-    private fun getMutableOrganizationsFlow(
-        userId: String,
-    ): MutableSharedFlow<List<SyncResponseJson.Profile.Organization>?> =
-        mutableOrganizationsFlowMap.getOrPut(userId) {
-            bufferedMutableSharedFlow(replay = 1)
-        }
-
-    private fun getMutablePoliciesFlow(
-        userId: String,
-    ): MutableSharedFlow<List<SyncResponseJson.Policy>?> =
-        mutablePoliciesFlowMap.getOrPut(userId) {
-            bufferedMutableSharedFlow(replay = 1)
-        }
-
-    private fun getMutableAccountTokensFlow(
-        userId: String,
-    ): MutableSharedFlow<AccountTokensJson?> =
-        mutableAccountTokensFlowMap.getOrPut(userId) {
-            bufferedMutableSharedFlow(replay = 1)
-        }
-
-    private fun migrateAccountTokens() {
-        userState
-            ?.accounts
-            .orEmpty()
-            .values
-            .forEach { accountJson ->
-                @Suppress("DEPRECATION")
-                accountJson.tokens?.let { storeAccountTokens(accountJson.profile.userId, it) }
-            }
-        userState = userState?.copy(
-            accounts = userState
-                ?.accounts
-                ?.mapValues { (_, accountJson) -> accountJson.copy(tokens = null) }
-                .orEmpty(),
-        )
-    }
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/di/AuthDiskModule.kt

@@ -1,37 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.disk.di
-
-import android.content.SharedPreferences
-import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
-import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSourceImpl
-import com.x8bit.bitwarden.data.platform.datasource.di.EncryptedPreferences
-import com.x8bit.bitwarden.data.platform.datasource.di.UnencryptedPreferences
-import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacySecureStorageMigrator
-import dagger.Module
-import dagger.Provides
-import dagger.hilt.InstallIn
-import dagger.hilt.components.SingletonComponent
-import kotlinx.serialization.json.Json
-import javax.inject.Singleton
-
-/**
- * Provides persistence-related dependencies in the auth package.
- */
-@Module
-@InstallIn(SingletonComponent::class)
-object AuthDiskModule {
-
-    @Provides
-    @Singleton
-    fun provideAuthDiskSource(
-        @EncryptedPreferences encryptedSharedPreferences: SharedPreferences,
-        @UnencryptedPreferences sharedPreferences: SharedPreferences,
-        legacySecureStorageMigrator: LegacySecureStorageMigrator,
-        json: Json,
-    ): AuthDiskSource =
-        AuthDiskSourceImpl(
-            encryptedSharedPreferences = encryptedSharedPreferences,
-            sharedPreferences = sharedPreferences,
-            legacySecureStorageMigrator = legacySecureStorageMigrator,
-            json = json,
-        )
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/PendingAuthRequestJson.kt

@@ -1,19 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.disk.model
-
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-
-/**
- * Container for the user's API tokens.
- *
- * @property requestId The ID of the pending Auth Request.
- * @property requestPrivateKey The private of the pending Auth Request.
- */
-@Serializable
-data class PendingAuthRequestJson(
-    @SerialName("Id")
-    val requestId: String,
-
-    @SerialName("PrivateKey")
-    val requestPrivateKey: String,
-)

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AccountsApi.kt

@@ -1,21 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PasswordHintRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendEmailRequestJson
-import retrofit2.http.Body
-import retrofit2.http.POST
-
-/**
- * Defines raw calls under the /accounts API.
- */
-interface AccountsApi {
-    @POST("/accounts/password-hint")
-    suspend fun passwordHintRequest(
-        @Body body: PasswordHintRequestJson,
-    ): Result<Unit>
-
-    @POST("/two-factor/send-email-login")
-    suspend fun resendVerificationCodeEmail(
-        @Body body: ResendEmailRequestJson,
-    ): Result<Unit>
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedAccountsApi.kt

@@ -1,53 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.CreateAccountKeysRequest
-import com.x8bit.bitwarden.data.auth.datasource.network.model.DeleteAccountRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResetPasswordRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.SetPasswordRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyOtpRequestJson
-import retrofit2.http.Body
-import retrofit2.http.HTTP
-import retrofit2.http.POST
-
-/**
- * Defines raw calls under the /accounts API with authentication applied.
- */
-interface AuthenticatedAccountsApi {
-    /**
-     * Creates the keys for the current account.
-     */
-    @POST("/accounts/keys")
-    suspend fun createAccountKeys(@Body body: CreateAccountKeysRequest): Result<Unit>
-
-    /**
-     * Deletes the current account.
-     */
-    @HTTP(method = "DELETE", path = "/accounts", hasBody = true)
-    suspend fun deleteAccount(@Body body: DeleteAccountRequestJson): Result<Unit>
-
-    @POST("/accounts/request-otp")
-    suspend fun requestOtp(): Result<Unit>
-
-    @POST("/accounts/verify-otp")
-    suspend fun verifyOtp(
-        @Body body: VerifyOtpRequestJson,
-    ): Result<Unit>
-
-    /**
-     * Resets the temporary password.
-     */
-    @HTTP(method = "PUT", path = "/accounts/update-temp-password", hasBody = true)
-    suspend fun resetTempPassword(@Body body: ResetPasswordRequestJson): Result<Unit>
-
-    /**
-     * Resets the password.
-     */
-    @HTTP(method = "POST", path = "/accounts/password", hasBody = true)
-    suspend fun resetPassword(@Body body: ResetPasswordRequestJson): Result<Unit>
-
-    /**
-     * Sets the password.
-     */
-    @POST("/accounts/set-password")
-    suspend fun setPassword(@Body body: SetPasswordRequestJson): Result<Unit>
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedAuthRequestsApi.kt

@@ -1,49 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestUpdateRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestsResponseJson
-import retrofit2.http.Body
-import retrofit2.http.GET
-import retrofit2.http.Header
-import retrofit2.http.POST
-import retrofit2.http.PUT
-import retrofit2.http.Path
-
-/**
- * Defines authenticated raw calls under the /auth-requests API.
- */
-interface AuthenticatedAuthRequestsApi {
-
-    /**
-     * Notifies the server of a new admin authentication request.
-     */
-    @POST("/auth-requests/admin-request")
-    suspend fun createAdminAuthRequest(
-        @Header("Device-Identifier") deviceIdentifier: String,
-        @Body body: AuthRequestRequestJson,
-    ): Result<AuthRequestsResponseJson.AuthRequest>
-
-    /**
-     * Updates an authentication request.
-     */
-    @PUT("/auth-requests/{id}")
-    suspend fun updateAuthRequest(
-        @Path("id") userId: String,
-        @Body body: AuthRequestUpdateRequestJson,
-    ): Result<AuthRequestsResponseJson.AuthRequest>
-
-    /**
-     * Gets a list of auth requests for this device.
-     */
-    @GET("/auth-requests")
-    suspend fun getAuthRequests(): Result<AuthRequestsResponseJson>
-
-    /**
-     * Retrieves an existing authentication request by ID.
-     */
-    @GET("/auth-requests/{requestId}")
-    suspend fun getAuthRequest(
-        @Path("requestId") requestId: String,
-    ): Result<AuthRequestsResponseJson.AuthRequest>
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedDevicesApi.kt

@@ -1,20 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import androidx.annotation.Keep
-import com.x8bit.bitwarden.data.auth.datasource.network.model.TrustedDeviceKeysRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.TrustedDeviceKeysResponseJson
-import retrofit2.http.Body
-import retrofit2.http.PUT
-import retrofit2.http.Path
-
-/**
- * Defines raw calls under the /devices API that require authentication.
- */
-@Keep
-interface AuthenticatedDevicesApi {
-    @PUT("/devices/{appId}/keys")
-    suspend fun updateTrustedDeviceKeys(
-        @Path(value = "appId") appId: String,
-        @Body request: TrustedDeviceKeysRequestJson,
-    ): Result<TrustedDeviceKeysResponseJson>
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedOrganizationApi.kt

@@ -1,40 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationAutoEnrollStatusResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationKeysResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationResetPasswordEnrollRequestJson
-import retrofit2.http.Body
-import retrofit2.http.GET
-import retrofit2.http.PUT
-import retrofit2.http.Path
-
-/**
- * Defines raw calls under the authenticated /organizations API.
- */
-interface AuthenticatedOrganizationApi {
-    /**
-     * Enrolls this user in the organization's password reset.
-     */
-    @PUT("/organizations/{orgId}/users/{userId}/reset-password-enrollment")
-    suspend fun organizationResetPasswordEnroll(
-        @Path("orgId") organizationId: String,
-        @Path("userId") userId: String,
-        @Body body: OrganizationResetPasswordEnrollRequestJson,
-    ): Result<Unit>
-
-    /**
-     * Checks whether this organization auto enrolls users in password reset.
-     */
-    @GET("/organizations/{identifier}/auto-enroll-status")
-    suspend fun getOrganizationAutoEnrollResponse(
-        @Path("identifier") organizationIdentifier: String,
-    ): Result<OrganizationAutoEnrollStatusResponseJson>
-
-    /**
-     * Gets the public and private keys for this organization.
-     */
-    @GET("/organizations/{id}/keys")
-    suspend fun getOrganizationKeys(
-        @Path("id") organizationId: String,
-    ): Result<OrganizationKeysResponseJson>
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/HaveIBeenPwnedApi.kt

@@ -1,18 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import okhttp3.ResponseBody
-import retrofit2.http.GET
-import retrofit2.http.Path
-
-/**
- * Defines endpoints for the "have I been pwned" API. For docs see
- * https://haveibeenpwned.com/API/v2.
- */
-interface HaveIBeenPwnedApi {
-
-    @GET("/range/{hashPrefix}")
-    suspend fun fetchBreachedPasswords(
-        @Path("hashPrefix")
-        hashPrefix: String,
-    ): Result<ResponseBody>
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/IdentityApi.kt

@@ -1,69 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.GetTokenResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PreLoginRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PreLoginResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PrevalidateSsoResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RefreshTokenResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterResponseJson
-import retrofit2.Call
-import retrofit2.http.Body
-import retrofit2.http.Field
-import retrofit2.http.FormUrlEncoded
-import retrofit2.http.GET
-import retrofit2.http.Header
-import retrofit2.http.POST
-import retrofit2.http.Query
-
-/**
- * Defines raw calls under the /identity API.
- */
-interface IdentityApi {
-
-    @POST("/connect/token")
-    @Suppress("LongParameterList")
-    @FormUrlEncoded
-    suspend fun getToken(
-        @Field(value = "scope", encoded = true) scope: String,
-        @Field(value = "client_id") clientId: String,
-        @Field(value = "username") email: String,
-        @Header(value = "Auth-Email") authEmail: String,
-        @Field(value = "password") passwordHash: String?,
-        @Field(value = "deviceIdentifier") deviceIdentifier: String,
-        @Field(value = "deviceName") deviceName: String,
-        @Field(value = "deviceType") deviceType: String,
-        @Field(value = "grant_type") grantType: String,
-        @Field(value = "captchaResponse") captchaResponse: String?,
-        @Field(value = "code") ssoCode: String?,
-        @Field(value = "code_verifier") ssoCodeVerifier: String?,
-        @Field(value = "redirect_uri") ssoRedirectUri: String?,
-        @Field(value = "twoFactorToken") twoFactorCode: String?,
-        @Field(value = "twoFactorProvider") twoFactorMethod: String?,
-        @Field(value = "twoFactorRemember") twoFactorRemember: String?,
-        @Field(value = "authRequest") authRequestId: String?,
-    ): Result<GetTokenResponseJson.Success>
-
-    @GET("/sso/prevalidate")
-    suspend fun prevalidateSso(
-        @Query("domainHint") organizationIdentifier: String,
-    ): Result<PrevalidateSsoResponseJson>
-
-    /**
-     * This call needs to be synchronous so we need it to return a [Call] directly. The identity
-     * service will wrap it up for us.
-     */
-    @POST("/connect/token")
-    @FormUrlEncoded
-    fun refreshTokenCall(
-        @Field(value = "client_id") clientId: String,
-        @Field(value = "refresh_token") refreshToken: String,
-        @Field(value = "grant_type") grantType: String,
-    ): Call<RefreshTokenResponseJson>
-
-    @POST("/accounts/prelogin")
-    suspend fun preLogin(@Body body: PreLoginRequestJson): Result<PreLoginResponseJson>
-
-    @POST("/accounts/register")
-    suspend fun register(@Body body: RegisterRequestJson): Result<RegisterResponseJson.Success>
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/OrganizationApi.kt

@@ -1,19 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationDomainSsoDetailsRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationDomainSsoDetailsResponseJson
-import retrofit2.http.Body
-import retrofit2.http.POST
-
-/**
- * Defines raw calls under the /organizations API.
- */
-interface OrganizationApi {
-    /**
-     * Checks for the claimed domain organization of an email for SSO purposes.
-     */
-    @POST("/organizations/domain/sso/details")
-    suspend fun getClaimedDomainOrganizationDetails(
-        @Body body: OrganizationDomainSsoDetailsRequestJson,
-    ): Result<OrganizationDomainSsoDetailsResponseJson>
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedAuthRequestsApi.kt

@@ -1,34 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestsResponseJson
-import retrofit2.http.Body
-import retrofit2.http.GET
-import retrofit2.http.Header
-import retrofit2.http.POST
-import retrofit2.http.Path
-import retrofit2.http.Query
-
-/**
- * Defines unauthenticated raw calls under the /auth-requests API.
- */
-interface UnauthenticatedAuthRequestsApi {
-
-    /**
-     * Notifies the server of a new authentication request.
-     */
-    @POST("/auth-requests")
-    suspend fun createAuthRequest(
-        @Header("Device-Identifier") deviceIdentifier: String,
-        @Body body: AuthRequestRequestJson,
-    ): Result<AuthRequestsResponseJson.AuthRequest>
-
-    /**
-     * Queries for updates to a given auth request.
-     */
-    @GET("/auth-requests/{requestId}/response")
-    suspend fun getAuthRequestUpdate(
-        @Path("requestId") requestId: String,
-        @Query("code") accessCode: String,
-    ): Result<AuthRequestsResponseJson.AuthRequest>
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedDevicesApi.kt

@@ -1,15 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.api
-
-import retrofit2.http.GET
-import retrofit2.http.Header
-
-/**
- * Defines raw calls under the /devices API that do not require authentication.
- */
-interface UnauthenticatedDevicesApi {
-    @GET("/devices/knowndevice")
-    suspend fun getIsKnownDevice(
-        @Header(value = "X-Request-Email") emailAddress: String,
-        @Header(value = "X-Device-Identifier") deviceId: String,
-    ): Result<Boolean>
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/di/AuthNetworkModule.kt

@@ -1,100 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.di
-
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AuthRequestsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AuthRequestsServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.HaveIBeenPwnedService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.HaveIBeenPwnedServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.IdentityService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.IdentityServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.NewAuthRequestService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.NewAuthRequestServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.OrganizationService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.OrganizationServiceImpl
-import com.x8bit.bitwarden.data.platform.datasource.network.retrofit.Retrofits
-import dagger.Module
-import dagger.Provides
-import dagger.hilt.InstallIn
-import dagger.hilt.components.SingletonComponent
-import kotlinx.serialization.json.Json
-import retrofit2.create
-import javax.inject.Singleton
-
-/**
- * Provides network dependencies in the auth package.
- */
-@Module
-@InstallIn(SingletonComponent::class)
-object AuthNetworkModule {
-
-    @Provides
-    @Singleton
-    fun providesAccountService(
-        retrofits: Retrofits,
-        json: Json,
-    ): AccountsService = AccountsServiceImpl(
-        accountsApi = retrofits.unauthenticatedApiRetrofit.create(),
-        authenticatedAccountsApi = retrofits.authenticatedApiRetrofit.create(),
-        json = json,
-    )
-
-    @Provides
-    @Singleton
-    fun providesAuthRequestsService(
-        retrofits: Retrofits,
-    ): AuthRequestsService = AuthRequestsServiceImpl(
-        authenticatedAuthRequestsApi = retrofits.authenticatedApiRetrofit.create(),
-    )
-
-    @Provides
-    @Singleton
-    fun providesDevicesService(
-        retrofits: Retrofits,
-    ): DevicesService = DevicesServiceImpl(
-        authenticatedDevicesApi = retrofits.authenticatedApiRetrofit.create(),
-        unauthenticatedDevicesApi = retrofits.unauthenticatedApiRetrofit.create(),
-    )
-
-    @Provides
-    @Singleton
-    fun providesIdentityService(
-        retrofits: Retrofits,
-        json: Json,
-    ): IdentityService = IdentityServiceImpl(
-        api = retrofits.unauthenticatedIdentityRetrofit.create(),
-        json = json,
-    )
-
-    @Provides
-    @Singleton
-    fun providesHaveIBeenPwnedService(
-        retrofits: Retrofits,
-    ): HaveIBeenPwnedService = HaveIBeenPwnedServiceImpl(
-        retrofits
-            .staticRetrofitBuilder
-            .baseUrl("https://api.pwnedpasswords.com")
-            .build()
-            .create(),
-    )
-
-    @Provides
-    @Singleton
-    fun providesNewAuthRequestService(
-        retrofits: Retrofits,
-    ): NewAuthRequestService = NewAuthRequestServiceImpl(
-        authenticatedAuthRequestsApi = retrofits.authenticatedApiRetrofit.create(),
-        unauthenticatedAuthRequestsApi = retrofits.unauthenticatedApiRetrofit.create(),
-    )
-
-    @Provides
-    @Singleton
-    fun providesOrganizationService(
-        retrofits: Retrofits,
-    ): OrganizationService = OrganizationServiceImpl(
-        authenticatedOrganizationApi = retrofits.authenticatedApiRetrofit.create(),
-        organizationApi = retrofits.unauthenticatedApiRetrofit.create(),
-    )
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/AuthRequestTypeJson.kt

@@ -1,25 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.model
-
-import androidx.annotation.Keep
-import com.x8bit.bitwarden.data.platform.datasource.network.serializer.BaseEnumeratedIntSerializer
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-
-/**
- * Represents the different types of auth requests.
- */
-@Serializable(AuthRequestTypeSerializer::class)
-enum class AuthRequestTypeJson {
-    @SerialName("0")
-    LOGIN_WITH_DEVICE,
-
-    @SerialName("1")
-    UNLOCK,
-
-    @SerialName("2")
-    ADMIN_APPROVAL,
-}
-
-@Keep
-private class AuthRequestTypeSerializer :
-    BaseEnumeratedIntSerializer<AuthRequestTypeJson>(AuthRequestTypeJson.entries.toTypedArray())

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/DeleteAccountResponseJson.kt

@@ -1,28 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.model
-
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-
-/**
- * Models response bodies from the delete account request.
- */
-sealed class DeleteAccountResponseJson {
-
-    /**
-     * Models a successful deletion response.
-     */
-    data object Success : DeleteAccountResponseJson()
-
-    /**
-     * Models the json body of a deletion error.
-     *
-     * @param validationErrors a map where each value is a list of error messages for each key.
-     * The values in the array should be used for display to the user, since the keys tend to come
-     * back as nonsense. (eg: empty string key)
-     */
-    @Serializable
-    data class Invalid(
-        @SerialName("validationErrors")
-        val validationErrors: Map<String, List<String?>>?,
-    ) : DeleteAccountResponseJson()
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/GetTokenResponseJson.kt

@@ -1,136 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.model
-
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-import kotlinx.serialization.json.JsonObject
-
-/**
- * Models response bodies from the get token request.
- */
-sealed class GetTokenResponseJson {
-    /**
-     * Models json response of the get token request.
-     *
-     * @property accessToken The user's access token.
-     * @property refreshToken The user's refresh token.
-     * @property tokenType The type of token (ex: "Bearer").
-     * @property expiresInSeconds The amount of time (in seconds) before the [accessToken] expires.
-     * @property key The user's key.
-     * @property privateKey The user's private key.
-     * @property kdfType The KDF type.
-     * @property kdfIterations The number of iterations when calculating a user's password.
-     * @property kdfMemory The amount of memory to use when calculating a password hash (MB).
-     * @property kdfParallelism The number of threads to use when calculating a password hash.
-     * @property shouldForcePasswordReset Whether or not the app must force a password reset.
-     * @property shouldResetMasterPassword Whether or not the user is required to reset their
-     * master password.
-     * @property twoFactorToken If the user has chosen to remember the two-factor authorization,
-     * this token will be cached and used for future auth requests.
-     * @property masterPasswordPolicyOptions The options available for a user's master password.
-     * @property userDecryptionOptions The options available to a user for decryption.
-     */
-    @Serializable
-    data class Success(
-        @SerialName("access_token")
-        val accessToken: String,
-
-        @SerialName("refresh_token")
-        val refreshToken: String,
-
-        @SerialName("token_type")
-        val tokenType: String,
-
-        @SerialName("expires_in")
-        val expiresInSeconds: Int,
-
-        @SerialName("Key")
-        val key: String?,
-
-        @SerialName("PrivateKey")
-        val privateKey: String?,
-
-        @SerialName("Kdf")
-        val kdfType: KdfTypeJson,
-
-        @SerialName("KdfIterations")
-        val kdfIterations: Int?,
-
-        @SerialName("KdfMemory")
-        val kdfMemory: Int?,
-
-        @SerialName("KdfParallelism")
-        val kdfParallelism: Int?,
-
-        @SerialName("ForcePasswordReset")
-        val shouldForcePasswordReset: Boolean,
-
-        @SerialName("ResetMasterPassword")
-        val shouldResetMasterPassword: Boolean,
-
-        @SerialName("TwoFactorToken")
-        val twoFactorToken: String?,
-
-        @SerialName("MasterPasswordPolicy")
-        val masterPasswordPolicyOptions: MasterPasswordPolicyOptionsJson?,
-
-        @SerialName("UserDecryptionOptions")
-        val userDecryptionOptions: UserDecryptionOptionsJson?,
-    ) : GetTokenResponseJson()
-
-    /**
-     * Models json body of a captcha error.
-     */
-    @Serializable
-    data class CaptchaRequired(
-        @SerialName("HCaptcha_SiteKey")
-        val captchaKey: String,
-    ) : GetTokenResponseJson()
-
-    /**
-     * Models json body of an invalid request.
-     */
-    @Serializable
-    data class Invalid(
-        @SerialName("ErrorModel")
-        val errorModel: ErrorModel,
-    ) : GetTokenResponseJson() {
-
-        /**
-         * The error body of an invalid request containing a message.
-         */
-        @Serializable
-        data class ErrorModel(
-            @SerialName("Message")
-            val errorMessage: String,
-        )
-    }
-
-    /**
-     * Models json body of a two-factor error.
-     *
-     * @property authMethodsData A blob of data formatted as:
-     * `{"1":{"Email":"sh*****@example.com"},"0":{"Email":null}}`
-     * The keys are the raw values of the [TwoFactorAuthMethod],
-     * and the map is any extra information for the method.
-     * @property captchaToken The captcha token used in the second
-     * login attempt if the user has already passed a captcha
-     * authentication in the first attempt.
-     * @property ssoToken  If the user is logging on via Single
-     * Sign On, they'll need this value to complete authentication
-     * after entering their two-factor code.
-     */
-    @Serializable
-    data class TwoFactorRequired(
-        @SerialName("TwoFactorProviders2")
-        val authMethodsData: Map<TwoFactorAuthMethod, JsonObject?>,
-
-        @SerialName("TwoFactorProviders")
-        val twoFactorProviders: List<String>?,
-
-        @SerialName("CaptchaBypassToken")
-        val captchaToken: String?,
-
-        @SerialName("SsoEmail2faSessionToken")
-        val ssoToken: String?,
-    ) : GetTokenResponseJson()
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/KdfTypeJson.kt

@@ -1,22 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.model
-
-import androidx.annotation.Keep
-import com.x8bit.bitwarden.data.platform.datasource.network.serializer.BaseEnumeratedIntSerializer
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-
-/**
- * Represents different key derivation functions (KDFs).
- */
-@Serializable(KdfTypeSerializer::class)
-enum class KdfTypeJson {
-    @SerialName("1")
-    ARGON2_ID,
-
-    @SerialName("0")
-    PBKDF2_SHA256,
-}
-
-@Keep
-private class KdfTypeSerializer :
-    BaseEnumeratedIntSerializer<KdfTypeJson>(KdfTypeJson.entries.toTypedArray())

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/KeyConnectorUserDecryptionOptionsJson.kt

@@ -1,15 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.model
-
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-
-/**
- * Decryption options related to a user's key connector.
- *
- * @property keyConnectorUrl URL to the user's key connector.
- */
-@Serializable
-data class KeyConnectorUserDecryptionOptionsJson(
-    @SerialName("KeyConnectorUrl")
-    val keyConnectorUrl: String,
-)

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/OrganizationDomainSsoDetailsRequestJson.kt

@@ -1,14 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.model
-
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-
-/**
- * Request body object when retrieving organization domain SSO info.
- *
- * @param email The email address to check against.
- */
-@Serializable
-data class OrganizationDomainSsoDetailsRequestJson(
-    @SerialName("email") val email: String,
-)