mirror of
https://github.com/bitwarden/android.git
synced 2026-03-15 06:59:05 -05:00
Android - auto lock doesn't always lock #260
Closed
opened 2025-11-07 08:33:19 -06:00 by GiteaMirror
·
7 comments
No Branch/Tag Specified
main
crowdin-pull
sdlc/sdk-update
pm-33356/policy-changed-push-sync
premium-upgrade/PM-33508-billing-api-service
PM-30130-remove-archive-feature-flag
tooling/improve-review-workflow
PM-32663/update-vault-migration-screens
llm/add-resolving-sdk-updates-skill
QA-1523/sanity-test-saucelabs
release/2026.3-rc48
PM-24380/flight-recorder-redact-hostname
PM-26577-app-links-support
PM-26896-autofill-fix
release/2026.2-rc47
PM-32714/fallback-to-web-vault-host
pr-6572
PM-28834/setting-app-layout-horizonos
vvolkgang/process-release-notes-v2
release/2026.2-rc46
release/2026.1-rc45
PM-30644/added-logs-for-debug
PM-30644/quicktile-nav-not-showing-migration
minor-gradle-updates
release/2026.1-rc42
release/2026.1-rc44
release/2026.1-rc43
PM-28834/set-landscape-on-horizonos-devices
context-rules
devclarity/update-code-review-command
PM-20026/force-ltr-passwords-and-codes
release/2025.12-rc41
cmcg/testCoverage
claude-skill/creating-feature-flags
PM-29014/talkback-support-for-passwords
release/2025.12-rc40
BRE-1305/publish_test
accept-user-certs
autofill-permissions
release/2025.11-rc39
PM-22479/check-all-certificates-validate-asset-links
release/2025.10-rc38
agalles/android-latest
optimize-test-workflows
tier2-test-sharding
retro-agent
PM-27001/skip-account-selection-only-one-exists-cxp
release/2025.10-rc37
agalles/test-1118
release/2025.10-rc36
PM-20593-token-refresh
QA-1126b/adding-native-sanity-test
release/2025.9-rc35
pm-25933/sdk-update-password
release/2025.9-rc34
release/2025.8-rc33
agalles/20250821-release
debug-release-issues
pm-24249-allow-automated-prs-for-sdk-updates
release/2025.8-rc32
release/WORKFLOW-TEST-2025.8-rc28
agalles/20250807release
release/2025.07-rc25
release/hotfix-v2025.7.0-bwa
pm-23311/export-vault-policy-bypass
release/2025.07-rc24
authenticator-pm-sync-flags-issue
ps/implement-sdk-repository-example
release/hotfix-v2025.6.0-bwpm
release/2025.06-rc21
agalles/automate-android-fastlane-patch
release/2025.05-rc20
release/2025.04-rc19
languages/basque
release/2025.03-rc19
update-readme
qrcode/feature
innovation/archive/pm-19153-archive-items
qrcode/2-ui-fields
qrcode/1-page
hold-on-biometric-prompt-alternative
release-notes-process
release/2025.02-rc16
bwa-monorepo
PM-8223/new-device-verification-ux-improvements
pm-18451/exempt-from-policies
test-bwa
cs-workaround-linked-0-copy
release/2025.01-rc15
release/2025.01-rc14
release/2024.12-rc13
pm-16670/sync-leave-notice
821
PM-16695/backport-lean-more-new-device-verification
km/15084-testing
release/hotfix-v2024.11.7
release/2024.11-rc1
pm-11304/collection-add-item-button
PM-14241/disabling-logs-app-crash
poc/offline-editing
new-version-calc
pm-11649/expired-link-services
pm-6702/add-feature-flag
pm-6702/email-verification-feature
pm-9933/marketing-copy-update
pm-6702/registration-flows
update-templates
pm-6701/email-verification-selfhost-registration
v2026.2.1-bwpm
v2026.2.1-bwa
v2026.2.0-bwpm
v2026.2.0-bwa
v2026.1.1-bwa
v2026.1.1-bwpm
temp-test
v2026.1.0-bwpm
v2026.1.0-bwa
v2025.12.1-bwa
v2025.12.1-bwpm
v2025.12.0-bwa
v2025.12.0-bwpm
v2025.11.1-bwpm
v2025.11.1-bwa
v2025.11.0-bwpm
v2025.11.0-bwa
v2025.10.1-bwa
v2025.10.1-bwpm
v2025.10.0-bwa
v2025.10.0-bwpm
v2025.9.1-bwa
v2025.9.1-bwpm
v2025.9.0-bwa
v2025.9.0-bwpm
v2025.8.1-bwa
v2025.8.1-bwpm
v2025.8.0-bwa
v2025.8.0-bwpm
v2025.7.2-bwa
v2025.7.2-bwpm
v2025.7.1-bwa
v2025.7.1-bwpm
v2025.7.0-bwa
v2025.7.0-bwpm
v2025.6.1-bwpm
v2025.6.0-bwa
v2025.6.0-bwpm
v2025.1.0-bwa
v2025.5.0-bwa
v2025.5.0-bwpm
v2025.5.999
2025.4.0
v2025.4.0
untagged-4731eaadac73f3dfbbb8
v2025.3.0
v2025.2.0
untagged-815a165c5d70ffe75bc7
v2025.1.2
v2025.1.1
v2025.1.0
v2024.12.0
untagged-5a76b6392a4c8998c63a
v2024.11.7
v2024.11.6
v2024.11.5
v2024.11.4
v2024.11.3
v2024.11.2
v2024.11.1
v2024.11.0
v2024.10.2
v2024.10.1
v2024.10.0
v2024.9.0
v2024.8.1
v2024.8.0
v2024.7.3
v2024.7.2
v2024.7.1
v2024.7.0
v2024.6.1
v2024.6.0
v2024.5.1
v2024.4.1
v2024.4.2
v2024.4.0
v2024.3.3
v2024.3.1
v2024.3.0
v2024.2.1
v2024.2.0
v2024.1.1
v2024.1.0
v2023.12.0
v2023.10.0
v2023.9.2
maui-single-project-android
v2023.9.1
v2023.9.0
v2023.8.0
v2023.7.0
v2023.5.0
v2023.4.0
v2023.3.2
v2023.3.1
v2023.3.0
v2023.2.0
v2023.1.0
v2022.11.0
v2022.10.0
v2022.9.1
v2022.9.0
v2022.8.0
v2022.6.2
v2022.6.1
v2022.6.0
v2022.05.0
v2.18.0
v2.17.0
v2.16.4
v2.16.3
v2.16.2
v2.16.1
v2.15.0
v2.14.2
v2.14.1
v2.14.0
v2.13.0
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.0
v2.9.1
v2.9.0
v2.8.2
v2.8.1
v2.8.0
v2.7.2
v2.7.0
v2.6.1
v2.6.0
v2.5.6
v.2.5.5
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.1
v2.3.0
v2.2.8
v2.2.7
v2.2.6
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.0
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.22.1
v1.22.0
v1.21.0
v1.20.0
v1.19.0
v1.18.1
v1.18.0
v1.17.0
v1.16.0
v1.15.2
v1.15.1
v1.15.0
v1.14.4
v1.14.1
v1.14.0
v1.13.0
v1.12.2
v1.12.1
v1.12.0
v1.11.1
v1.11.0
v1.10.0
v1.9.0
v1.8.1
v1.8.0
v1.7.0
v1.6.5
v1.6.1
v1.6.0
v1.5.1
v1.5.0
v1.4.4
v1.4.3
v1.4.0
v1.3.0
v1.2.1
v1.2.0
v1.1.0
v1.0.0
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/android#260
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @balazer on GitHub (Aug 13, 2018).
Android Bitwarden app version 1.18.0 (1493):
I have Lock Options set to 1 minute, and Unlock with PIN Code enabled. I launch Bitwarden, unlock with my PIN, and I'm presented with the Bitwarden main screen showing My Vault. I lock my phone's screen by pressing the power button. I wait more than one minute, and then unlock my phone's screen with the power button. Bitwarden is then right there on my screen, showing My Vault. All of my passwords are accessible. It doesn't ask for my PIN again. I can reproduce this consistently, even waiting much longer than 1 minute.
Also, sometimes Bitwarden fails to ask for my PIN after I switch away from the Bitwarden app by pressing the home button, and then switch back to Bitwarden more than a minute later using Android's Recents screen. Reproducing this way is inconsistent.
I had assumed the lock timeout would be based on the time since the last user interaction or time since the app was last in the foreground. Neither seems to be the case. I think the lock timeout should be as strict as possible, which probably means time since last user interaction. Certainly I expect that if I lock my phone screen and walk away, no one should be able to pick up my phone minutes later and access my vault without entering my PIN.
This problem is not reproducible when Lock Options is set to Immediately. Set that way, the app asks for my PIN every time after switching back to Bitwarden after switching away from the app or locking my phone's screen.
The issue is reproducible in stock Android 7.1.1 on the Nexus 9, and in an AOSP 6.0.1 variant called AOKP.
@kspearrin commented on GitHub (Aug 13, 2018):
I've been testing this today on a Nexus 5X on Android 8 and have not been able to reproduce it.
@balazer commented on GitHub (Aug 13, 2018):
I'll see if I can get my hands on an Android 8 device to do more testing.
Let me know if I can get you anything useful like logcats or a copy of the app's data. I don't have any sensitive data in my vault yet.
@balazer commented on GitHub (Aug 14, 2018):
I just tested on stock Android 8.1.0 on the Nexus 6P with the same results.
Steps to reproduce:
I made additional tests starting from step 6. I tested periods of 70 seconds about 6 times, and every time it failed to ask for my PIN. I did two tests of two minutes each, and it asked for my PIN in one of those tests. Same for 3 minutes. I did one test of 4 minutes 40 seconds, and it didn't ask for my PIN. That was my longest test on this phone.
On my Android 6.0.1 phone, I first noticed the problem when I had Lock Options set to 15 minutes and it didn't ask for my PIN after I hadn't used my phone for approximately 45 minutes.
@kspearrin commented on GitHub (Aug 14, 2018):
These are basically the same steps I am taking and I haven't been able to reproduce it. Weird.
In the meantime, I would suggest that you keep your device properly secured with locking from the OS. Locking from the Bitwarden app has not been proven to be a secure means of preventing access to the vault (as we can see here).
@RePacked commented on GitHub (Aug 27, 2018):
I am able to reproduce this on my Nexus 5X running on LineageOS 15.1, Android 8.1.0
@gcvl commented on GitHub (Jun 2, 2019):
Hi,
I'm getting this on my Nokia 8, Android Pie, Bitwarden 1.22 (1652).
The background block triggers only if I keep the screen active, while doing other things before the set time runs out.
Example: I set 1 minute, then quit and open some other stuff, come back after two minutes ---> The PIN is requested.
I set 1 minute, then quit and lock the screen, unlock the screen, open Bitwarden ---> It gives access to all my passwords without PIN.
Oddly, this is NOT happening if I choose the fingerprint unlock.
EDIT: I was wrong, it happens randomly with fingerprint lock too. It's just not apparently a reliable function, unless you set the timeout to "Immediately".
@gcvl commented on GitHub (Jun 14, 2019):
Seems fixed here in 2.0.3 (1914)!