github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-05-05 23:38:51 -05:00
Code Issues 1.1k Packages Projects Releases 122 Wiki Activity

[PR #6114] [PM-27736] Add FIDO privileged allowlist entry for vivo FIDO client (com.fido.client) #12469

New Issue
Open
opened 2026-04-11 03:43:32 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-11 03:43:32 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/bitwarden/android/pull/6114
Author: @zy6p
Created: 11/3/2025
Status: 🔄 Open

Base: mainHead: main

📝 Commits (3)

  • b33a1fc Add support for VIVO
  • f11c18c Merge branch 'main' into main
  • ebd427b Merge branch 'main' into main

📊 Changes

1 file changed (+12 additions, -0 deletions)

View changed files

📝 app/src/main/assets/fido2_privileged_community.json (+12 -0)

📄 Description

🎟️ Tracking

Community contribution to improve passkey support on vivo devices.

com.fido.client is the preinstalled vivo FIDO / passkey client on recent OriginOS builds.
This PR adds it to the community FIDO privileged allowlist so that Bitwarden can be used as a passkey provider when the system FIDO UI is involved.

📔 Objective

On recent vivo devices (e.g., OriginOS on Android 14), passkey flows that are routed through the system FIDO UI (com.fido.client) fail with:

The calling app 'com.fido.client' is not on the privileged list and cannot request authentication on behalf of the other app.

The objective of this PR is to treat the vivo system FIDO client as a trusted FIDO caller, similar to IronFox Nightly in PR #6046, by adding an entry for com.fido.client (with its SHA-256 certificate fingerprint) to app/src/main/assets/fido2_privileged_community.json.

This allows Bitwarden to successfully complete passkey registration and authentication when com.fido.client mediates the request.

📸 Screenshots

image image

Not applicable – no UI changes.
Verification was performed by:

  • Setting Bitwarden as the default passkey provider on a vivo device with com.fido.client.
  • Using https://passkeys.io and https://webauthn.io with QR / cross-device sign-in.
  • Confirming that, after this change, passkey registration and authentication succeed via com.fido.client without the “not on the privileged list” error.

Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/bitwarden/android/pull/6114 **Author:** [@zy6p](https://github.com/zy6p) **Created:** 11/3/2025 **Status:** 🔄 Open **Base:** `main` ← **Head:** `main` --- ### 📝 Commits (3) - [`b33a1fc`](https://github.com/bitwarden/android/commit/b33a1fcedd2f2cf422bb6241e8be4ffacdd60e9c) Add support for VIVO - [`f11c18c`](https://github.com/bitwarden/android/commit/f11c18c722f0c8fe0df3d756c0571ed7af053fad) Merge branch 'main' into main - [`ebd427b`](https://github.com/bitwarden/android/commit/ebd427be40aaf73acb2309d55d89fb01df157e40) Merge branch 'main' into main ### 📊 Changes **1 file changed** (+12 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `app/src/main/assets/fido2_privileged_community.json` (+12 -0) </details> ### 📄 Description ## 🎟️ Tracking Community contribution to improve passkey support on vivo devices. `com.fido.client` is the preinstalled vivo FIDO / passkey client on recent OriginOS builds. This PR adds it to the community FIDO privileged allowlist so that Bitwarden can be used as a passkey provider when the system FIDO UI is involved. ## 📔 Objective On recent vivo devices (e.g., OriginOS on Android 14), passkey flows that are routed through the system FIDO UI (`com.fido.client`) fail with: > The calling app 'com.fido.client' is not on the privileged list and cannot request authentication on behalf of the other app. The objective of this PR is to treat the vivo system FIDO client as a trusted FIDO caller, similar to IronFox Nightly in PR #6046, by adding an entry for `com.fido.client` (with its SHA-256 certificate fingerprint) to `app/src/main/assets/fido2_privileged_community.json`. This allows Bitwarden to successfully complete passkey registration and authentication when `com.fido.client` mediates the request. ## 📸 Screenshots <img width="1260" height="2800" alt="image" src="https://github.com/user-attachments/assets/eeb801da-4d77-42c7-bf59-a6ee78322e1e" /> <img width="1260" height="2800" alt="image" src="https://github.com/user-attachments/assets/52078dea-6788-4d87-b69b-678ae520acf5" /> Not applicable – no UI changes. Verification was performed by: - Setting Bitwarden as the default passkey provider on a vivo device with `com.fido.client`. - Using https://passkeys.io and https://webauthn.io with QR / cross-device sign-in. - Confirming that, after this change, passkey registration and authentication succeed via `com.fido.client` without the “not on the privileged list” error. ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Protected functional changes with optionality (feature flags) - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team ## 🦮 Reviewer guidelines - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-11 03:43:32 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#12469
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?