mirror of
https://github.com/bitwarden/android.git
synced 2026-05-07 19:39:41 -05:00
[GH-ISSUE #6241] [PM-29302] Credential Manager unlock loop - without any corresponding credentials in my vault #21659
Open
opened 2026-04-16 22:13:34 -05:00 by GiteaMirror
·
6 comments
No Branch/Tag Specified
main
beta-for-qa
new-item-types/PM-32810_bank-account
target-sdk-37
PM-33982/build-device-screen
new-item-types/PM-32806_passport
new-item-types/PM-32808_drivers-license
BWA-99/show-next-totp
BWA-99/add-preview-next-totp-code-setting
renovate/glidecompose
sync-min-sdk
release/2026.4-rc51
fix/security-sast-22741894-bvwj
related-origin-passkey-creation
release/2026.4-rc50
platform/android-breaking-change-detection
innovation-sprint-2026-send-folder
release/2026.3-rc49
PM-34193-vault-lockout
android-collections
llm/add-resolving-sdk-updates-skill
QA-1523/sanity-test-saucelabs
release/2026.3-rc48
PM-26577-app-links-support
PM-26896-autofill-fix
release/2026.2-rc47
pr-6572
release/2026.2-rc46
release/2026.1-rc45
PM-30644/added-logs-for-debug
PM-30644/quicktile-nav-not-showing-migration
minor-gradle-updates
release/2026.1-rc42
release/2026.1-rc44
release/2026.1-rc43
PM-28834/set-landscape-on-horizonos-devices
PM-28468/validate-and-navigate-to-vault-migration
PM-20026/force-ltr-passwords-and-codes
release/2025.12-rc41
cmcg/testCoverage
PM-29014/talkback-support-for-passwords
release/2025.12-rc40
BRE-1305/publish_test
accept-user-certs
autofill-permissions
release/2025.11-rc39
PM-22479/check-all-certificates-validate-asset-links
release/2025.10-rc38
agalles/android-latest
retro-agent
PM-27001/skip-account-selection-only-one-exists-cxp
release/2025.10-rc37
agalles/test-1118
release/2025.10-rc36
PM-20593-token-refresh
QA-1126b/adding-native-sanity-test
release/2025.9-rc35
pm-25933/sdk-update-password
release/2025.9-rc34
release/2025.8-rc33
agalles/20250821-release
debug-release-issues
pm-24249-allow-automated-prs-for-sdk-updates
release/2025.8-rc32
release/WORKFLOW-TEST-2025.8-rc28
agalles/20250807release
release/2025.07-rc25
release/hotfix-v2025.7.0-bwa
pm-23311/export-vault-policy-bypass
release/2025.07-rc24
authenticator-pm-sync-flags-issue
release/hotfix-v2025.6.0-bwpm
release/2025.06-rc21
agalles/automate-android-fastlane-patch
release/2025.05-rc20
release/2025.04-rc19
languages/basque
release/2025.03-rc19
update-readme
qrcode/feature
innovation/archive/pm-19153-archive-items
qrcode/2-ui-fields
qrcode/1-page
hold-on-biometric-prompt-alternative
release-notes-process
release/2025.02-rc16
bwa-monorepo
PM-8223/new-device-verification-ux-improvements
pm-18451/exempt-from-policies
test-bwa
release/2025.01-rc15
release/2025.01-rc14
release/2024.12-rc13
pm-16670/sync-leave-notice
821
PM-16695/backport-lean-more-new-device-verification
release/hotfix-v2024.11.7
release/2024.11-rc1
pm-11304/collection-add-item-button
PM-14241/disabling-logs-app-crash
poc/offline-editing
new-version-calc
pm-11649/expired-link-services
pm-6702/add-feature-flag
pm-6702/email-verification-feature
pm-9933/marketing-copy-update
pm-6702/registration-flows
update-templates
pm-6701/email-verification-selfhost-registration
v2026.4.1-bwa
v2026.4.1-bwpm
v2026.4.0-bwa
v2026.4.0-bwpm
v2026.3.1-bwa
v2026.3.1-bwpm
v2026.3.0-bwpm
v2026.3.0-bwa
v2026.2.1-bwpm
v2026.2.1-bwa
v2026.2.0-bwpm
v2026.2.0-bwa
v2026.1.1-bwa
v2026.1.1-bwpm
temp-test
v2026.1.0-bwpm
v2026.1.0-bwa
v2025.12.1-bwa
v2025.12.1-bwpm
v2025.12.0-bwa
v2025.12.0-bwpm
v2025.11.1-bwpm
v2025.11.1-bwa
v2025.11.0-bwpm
v2025.11.0-bwa
v2025.10.1-bwa
v2025.10.1-bwpm
v2025.10.0-bwa
v2025.10.0-bwpm
v2025.9.1-bwa
v2025.9.1-bwpm
v2025.9.0-bwa
v2025.9.0-bwpm
v2025.8.1-bwa
v2025.8.1-bwpm
v2025.8.0-bwa
v2025.8.0-bwpm
v2025.7.2-bwa
v2025.7.2-bwpm
v2025.7.1-bwa
v2025.7.1-bwpm
v2025.7.0-bwa
v2025.7.0-bwpm
v2025.6.1-bwpm
v2025.6.0-bwa
v2025.6.0-bwpm
v2025.1.0-bwa
v2025.5.0-bwa
v2025.5.0-bwpm
v2025.5.999
2025.4.0
v2025.4.0
untagged-4731eaadac73f3dfbbb8
v2025.3.0
v2025.2.0
untagged-815a165c5d70ffe75bc7
v2025.1.2
v2025.1.1
v2025.1.0
v2024.12.0
untagged-5a76b6392a4c8998c63a
v2024.11.7
v2024.11.6
v2024.11.5
v2024.11.4
v2024.11.3
v2024.11.2
v2024.11.1
v2024.11.0
v2024.10.2
v2024.10.1
v2024.10.0
v2024.9.0
v2024.8.1
v2024.8.0
v2024.7.3
v2024.7.2
v2024.7.1
v2024.7.0
v2024.6.1
v2024.6.0
v2024.5.1
v2024.4.1
v2024.4.2
v2024.4.0
v2024.3.3
v2024.3.1
v2024.3.0
v2024.2.1
v2024.2.0
v2024.1.1
v2024.1.0
v2023.12.0
v2023.10.0
v2023.9.2
maui-single-project-android
v2023.9.1
v2023.9.0
v2023.8.0
v2023.7.0
v2023.5.0
v2023.4.0
v2023.3.2
v2023.3.1
v2023.3.0
v2023.2.0
v2023.1.0
v2022.11.0
v2022.10.0
v2022.9.1
v2022.9.0
v2022.8.0
v2022.6.2
v2022.6.1
v2022.6.0
v2022.05.0
v2.18.0
v2.17.0
v2.16.4
v2.16.3
v2.16.2
v2.16.1
v2.15.0
v2.14.2
v2.14.1
v2.14.0
v2.13.0
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.0
v2.9.1
v2.9.0
v2.8.2
v2.8.1
v2.8.0
v2.7.2
v2.7.0
v2.6.1
v2.6.0
v2.5.6
v.2.5.5
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.1
v2.3.0
v2.2.8
v2.2.7
v2.2.6
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.0
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.22.1
v1.22.0
v1.21.0
v1.20.0
v1.19.0
v1.18.1
v1.18.0
v1.17.0
v1.16.0
v1.15.2
v1.15.1
v1.15.0
v1.14.4
v1.14.1
v1.14.0
v1.13.0
v1.12.2
v1.12.1
v1.12.0
v1.11.1
v1.11.0
v1.10.0
v1.9.0
v1.8.1
v1.8.0
v1.7.0
v1.6.5
v1.6.1
v1.6.0
v1.5.1
v1.5.0
v1.4.4
v1.4.3
v1.4.0
v1.3.0
v1.2.1
v1.2.0
v1.1.0
v1.0.0
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/android#21659
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @pamperer562580892423 on GitHub (Dec 6, 2025).
Original GitHub issue: https://github.com/bitwarden/android/issues/6241
Steps To Reproduce
Precondition: In my case, I now have no credentials for the target website (LinkedIn in my example) in my BW vault (no email/username, password, passkey... nothing)! And I would add, since the credential manager popping up here in general - which is a relatively new behaviour of the Android app - I think this may also be a (tangential) "passkey issue", since in other cases, I see the credential manager popping up offering me "automatic" passkey login to the website (so the credential manager popping up seems mostly to be connected to passkey-login to sites - but I may be in error here)...
Important for reproduction: that credential manager popup seems to be very browser dependent! On Vivaldi, as you can see in the video, it pops up for me. On Firefox, the credential manager doesn't even pop up on LinkedIn for me. - On Brave and Chrome, just as I tried it again, the credential manager does pop up now (but I think I tried it two days ago on Chrome and Brave before, and at least on one those two browsers, the credential manager didn't pop up then...?!)
Expected Result
In my case now, as I don't have any credentials in my BW vault for the website (LinkedIn): at least a message that no matching credentials were found.
And BW should show that my vault is already unlocked after the first unlock - and the app shouldn't let me go into an "unlock loop".
Actual Result
After I clicked continue, BW searches for credentials in my BW vault... doesn't find any... get's back to the credential manager popup and offers me to unlock again.
Though my vault should still be unlocked in the BW app... And if I click "continue" again, I end in a loop... (if I wanted to click "continue" always again...)
Screenshots or Videos
https://github.com/user-attachments/assets/49ec4d5d-f20a-4439-85c4-179ef3b4c0fc
At then end, you can also see in that video, that when I finally close the credential manager with the "x", then BW offers me nothing when I click in the login fields. (maybe BW needs to rest after that looping?! joke)
Additional Context
Since the credential manager coming up at all is not part of the official documentation (https://bitwarden.com/help/auto-fill-android/#use-passkeys) I would suggest - besides fixing this loop bug - that the whole new "credential manager thing" should also be documented there. This section of the Help Sites needs an update.
(Also, that the credential manager pops up automatically now when there is a valid passkey for a site in my BW vault is not yet documented in the Help Sites at all. - The Help Sites only mention a "passkey popup" on the Android app, when someone intentionally clicks a "Passkey login" button on a given site.)
PS: Regarding the unlock itself: my BW app is set to "Lock / after two minutes" as "session timeout", so the App should indeed be unlocked after the first unlock. (it probably would be a different situation if my BW app was set to "immediately lock", but it isn't)
PPS: I also saw this report of two others users, getting "confused" with this new credential manager popping up in various situations: https://community.bitwarden.com/t/android-sign-in-popup-leads-nowhere-for-some-websites/91087
Build Version
2025.11.0
What server are you connecting to?
EU
Self-host Server Version
(not self-hosting)
Environment Details
© Bitwarden Inc. 2015-2025
Version: 2025.11.0 (20967)
📱 Fairphone FP5 🤖 15@35 📦 prod
🧱 commit: bitwarden/android/release/2025.10-rc38@6d71f0c5d66a466a20e4636be438609d2703063c
💻 build source: bitwarden/android/actions/runs/19309927902/attempts/1
🦀 SDK: 1.0.0-3436-2a00b727
🌩 Server: 2025.11.1 @ EU
Issue Tracking Info
@bitwarden-bot commented on GitHub (Dec 6, 2025):
Thank you for your report! We've added this to our internal board for review.
ID: PM-29302
@SergeantConfused commented on GitHub (Dec 8, 2025):
Hello @pamperer562580892423,
Thank you for this detailed report. I've tested this with Vivaldi and Chrome on a Pixel 8 Pro running Android 16, and I'm getting the autofill popup consistently; at no point was the Android Credential Manager shown. However, I tested that with Bitwarden 2025.11.1; could you please update your Bitwarden client, reboot the phone, and let me know if you're still able to reproduce that?
Thank you in advance,
@pamperer562580892423 commented on GitHub (Dec 8, 2025):
@SergeantConfused Thanks for your initial testing. - And of course, when 2025.11.1 arrives on my phone, I'll check the behaviour again and report back.
@pamperer562580892423 commented on GitHub (Dec 9, 2025):
[PS/Edit: It seems, as I made this update-post here, I somehow "forgot", that I originally reported it, and recorded it on video, with Vivaldi browser -- and now here in this post, everything I described I experienced with Brave browser... but now I checked it again with Vivaldi and BW app version 2025.11.1, and it's the same behaviour as I reported in my original post. -- And maybe, this post here now is not bad at all, as it shows, I also could reproduce the general behaviour also on Brave and BW app version 2025.11.1.)
@SergeantConfused ... and 2025.11.1 arrived. And I rebooted the phone. I can report, that the behaviour changed a bit (compare with my previous video), but it's not gone (and especially the "unlock loop" is still there):
https://github.com/user-attachments/assets/a8afbaea-9f20-4c78-9051-840d6f110711
What's changed (2025.11.0 --> 2025.11.1):
Before, the Credential Manager popped up directly. - As you can see, I can trigger the credential manager now by first tapping the email field, then tapping the password field and then tapping the email field again. --> Can you trigger the Credential Manager like that as well? -- (BTW, what's positive before the Credential Manager comes up now with 2025.11.1: when I tap in both fields, BW is shown in the inline keyboard menu)
(Then, I can enter the same "unlock loop" as before.)
Positive change: When I close the Credential Manager (and quit the "unlock loop"), and when I now tap into the fields again, BW also is now shown in the inline keyboard menu.
Here the complete link, if it helps (I guess not, but anyway): https://www.linkedin.com/login/de?lipi=urn%3Ali%3Apage%3Adeeplink_linkedinmobileapp%3BKCF2gEZgSSak9%2Foumw9Vfg%3D%3D&destType=web&fromSignIn=true&trk=guest_homepage-basic_nav-header-signin
New Environment Details:
© Bitwarden Inc. 2015-2025
Version: 2025.11.1 (20994)
📱 Fairphone FP5 🤖 15@35 📦 prod
🧱 commit: bitwarden/android/release/2025.11-rc39@63c4e1fe9314d2b2f2c0989b5bb8c265b3cbc57e
💻 build source: bitwarden/android/actions/runs/19583271293/attempts/2
🦀 SDK: 1.0.0-3436-2a00b727
🌩 Server: 2025.11.1 @ EU
PS: I can add: I rebooted the phone another time now... and guess what: I also saw the previous behaviour (as I reported it with mobile app 2025.11.0) at least once... so it's not completely consistent what triggers the Credential Manager...
PPS: Brave is always up-to-date via the PlayStore on my device. (auto-updates and active regular manual search for updates)
@pamperer562580892423 commented on GitHub (Dec 12, 2025):
Ahhhhhh... @SergeantConfused I only now saw that I originally reported it with Vivaldi (with app 2025.11.0) -- and in my update I used Brave (with app 2025.11.1). (and I don't call for an adoption, but maybe I'm PampererConfused...)
I can add, that it is still and indeed the exact same behaviour on Vivaldi, as I originally reported it (see that video) - also on app 2025.11.1.
But maybe not bad, that I could also reproduce this with Brave and app version 2025.11.1...
@pamperer562580892423 commented on GitHub (Dec 12, 2025):
Oh, 2025.12.0 arrived unexpectedly quick.
Same thing on Vivaldi (first video) and on Brave (second video).
© Bitwarden Inc. 2015-2025
Version: 2025.12.0 (21003)
📱 Fairphone FP5 🤖 15@35 📦 prod
🧱 commit: bitwarden/android/release/2025.12-rc40@f02b374e989600a8458d2884abd2526244241c8a
💻 build source: bitwarden/android/actions/runs/19830126705/attempts/1
🦀 SDK: 1.0.0-3928-2cca3d46
🌩 Server: 2025.12.0 @ EU