github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-05-06 07:48:22 -05:00
Code Issues 1.1k Packages Projects Releases 122 Wiki Activity

[GH-ISSUE #4585] Please allow disable of "breach check" button #28024

New Issue
Closed
opened 2026-04-18 11:46:59 -05:00 by GiteaMirror · 6 comments
GiteaMirror commented 2026-04-18 11:46:59 -05:00
Owner
Copy Link

Originally created by @mcclure on GitHub (Jan 17, 2025).
Original GitHub issue: https://github.com/bitwarden/android/issues/4585

Steps To Reproduce

I got the new design on my Android phone today. I understand that the old design couldn't be kept, but I think the new one could be improved.

The new design has a little "check" button between the "copy" and "show password" option. This checks to see if the password is in a known breach dump. This is a fundamentally useful feature. However, the button is in a position which is very easy to hit by accident. It is between the eye and the copy button, both of which are buttons which potentially see heavy use. Additionally because the new interface seems somewhat small compared to other Android apps, I am struggling to see exactly what I'm doing during casual app use. While using BitWarden I found myself hitting it by accident multiple times. I do not know how your breach checking works, but similar breach check features I have seen in other software involve sending a partial hash of the password to an internet server. It is very very problematic to me that an unlabeled button which can be activated by accident would send any information about my passwords over the network, even a partial hash, and there is nothing in the interface currently to assure me this is not happening.

Expected Result

Please offer us a settings checkbox to disable the check button. It is fine to have it out by default for discoverability, but those of us who do not intend to use this feature should be able to move it out of the way (given the nonzero risk of activating it). When disabled, it would make sense to move it to the ⋮ menu (for example, ⋮ could have a menu option to temporarily re-enable the check button for the pane currently being viewed, disabling again when the pane is left) but I'd be okay with just permahiding it.

Actual Result

Check button is not in a convenient place.

Screenshots or Videos

I am nervous including screenshots of my password manager, sorry.

Additional Context

I would additionally consider it problematic that:

  • "The 'this password was not found in any known data breaches' box does not offer any breadcrumbs to finding out how you validated this information (e.g., was information sent over the network)"
  • There is no "tooltip" on the check button, ie some apps offer tooltips when you longpress a button. This is problematic because it means a user has no way of finding out what the button does without tapping it.

Build Version

2025.1.0 (19622)

What server are you connecting to?

US

Self-host Server Version

No response

Environment Details

Sony XPeria 5 III, Android 13, up-to-date

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
Originally created by @mcclure on GitHub (Jan 17, 2025). Original GitHub issue: https://github.com/bitwarden/android/issues/4585 ### Steps To Reproduce I got the new design on my Android phone today. I understand that the old design couldn't be kept, but I think the new one could be improved. The new design has a little "check" button between the "copy" and "show password" option. This checks to see if the password is in a known breach dump. This is a fundamentally useful feature. **However**, the button is in a position which is very easy to hit by accident. It is between the eye and the copy button, both of which are buttons which potentially see heavy use. Additionally [because the new interface seems somewhat small compared to other Android apps, I am struggling to see exactly what I'm doing during casual app use](https://github.com/bitwarden/android/issues/4584). While using BitWarden I found myself hitting it by accident multiple times. I do not know how your breach checking works, but similar breach check features I have seen in other software involve sending a partial hash of the password to an internet server. It is **very very problematic to me that an unlabeled button which can be activated by accident would send any information about my passwords over the network, even a partial hash**, and there is nothing in the interface currently to assure me this is *not* happening. ### Expected Result Please offer us a settings checkbox to disable the check button. It is fine to have it out by default for discoverability, but those of us who do not intend to use this feature should be able to move it out of the way (given the nonzero risk of activating it). When disabled, it would make sense to move it to the ⋮ menu (for example, ⋮ could have a menu option to temporarily re-enable the check button for the pane currently being viewed, disabling again when the pane is left) but I'd be okay with just permahiding it. ### Actual Result Check button is not in a convenient place. ### Screenshots or Videos I am nervous including screenshots of my password manager, sorry. ### Additional Context I would additionally consider it problematic that: - "The 'this password was not found in any known data breaches' box does not offer any breadcrumbs to finding out **how you validated this information** (e.g., was information sent over the network)" - There is no "tooltip" on the check button, ie some apps offer tooltips when you longpress a button. This is problematic because it means a user has no way of finding out what the button does without tapping it. ### Build Version 2025.1.0 (19622) ### What server are you connecting to? US ### Self-host Server Version _No response_ ### Environment Details Sony XPeria 5 III, Android 13, up-to-date ### Issue Tracking Info - [x] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
GiteaMirror added the bug label 2026-04-18 11:46:59 -05:00
GiteaMirror commented 2026-04-18 11:47:01 -05:00
Author
Owner
Copy Link

@bitwarden-bot commented on GitHub (Jan 17, 2025):

Thank you for your report! We've added this to our internal board for review.
ID: PM-17221

<!-- gh-comment-id:2598929815 --> @bitwarden-bot commented on GitHub (Jan 17, 2025): Thank you for your report! We've added this to our internal board for review. ID: PM-17221
GiteaMirror commented 2026-04-18 11:47:04 -05:00
Author
Owner
Copy Link

@SergeantConfused commented on GitHub (Feb 26, 2025):

Hello @mcclure,

Thank you for your report. I have highlighted this matter to the Engineering and Design departments; if you wish, please feel free to post additional information, such as screenshots or a screen video recordings.

As a side note, with regard to how the Breach Check function operates, this Help Centre article covers this topic.

If you have any further questions or concerns, please feel free to get in touch with us and please include a link to this GitHub report if you do create a support ticket.

Thank you again,

<!-- gh-comment-id:2685129353 --> @SergeantConfused commented on GitHub (Feb 26, 2025): Hello @mcclure, Thank you for your report. I have highlighted this matter to the Engineering and Design departments; if you wish, please feel free to post additional information, such as screenshots or a screen video recordings. As a side note, with regard to how the Breach Check function operates, this [Help Centre article](https://bitwarden.com/help/reports/) covers this topic. If you have any further questions or concerns, please feel free to [get in touch with us](https://bitwarden.com/help/) and please include a link to this GitHub report if you do create a support ticket. Thank you again,
GiteaMirror commented 2026-04-18 11:47:05 -05:00
Author
Owner
Copy Link

@mcclure commented on GitHub (Feb 26, 2025):

Hello, thanks for the information about Breach Check. I want to note that although that's helpful to me personally, the existence of a help article does not address the interface issue that there is no way for a person simply using the interface to find out what this button does. That is, a random user would have no way of knowing to look up the "breach check" help article because they would not know the name of the feature is "breach check". Until you tap it it is just a mystery icon.

<!-- gh-comment-id:2685307555 --> @mcclure commented on GitHub (Feb 26, 2025): Hello, thanks for the information about Breach Check. I want to note that although that's helpful to me personally, the existence of a help article does not address the *interface issue* that there is no way for a person simply using the interface to find out what this button does. That is, a random user would have no way of knowing to look up the "breach check" help article because they would not know the name of the feature is "breach check". Until you tap it it is just a mystery icon.
GiteaMirror commented 2026-04-18 11:47:06 -05:00
Author
Owner
Copy Link

@danielleflinn commented on GitHub (Feb 26, 2025):

Hi @mcclure this UI will be changing in an upcoming release to what I have below.

Image

If you have further feedback on the size of elements within the interface we are tracking user reports around legibility in this issue: https://github.com/bitwarden/android/issues/4584

<!-- gh-comment-id:2685863323 --> @danielleflinn commented on GitHub (Feb 26, 2025): Hi @mcclure this UI will be changing in an upcoming release to what I have below. ![Image](https://github.com/user-attachments/assets/6af0973c-7791-4a94-a5e2-46525307722f) If you have further feedback on the size of elements within the interface we are tracking user reports around legibility in this issue: https://github.com/bitwarden/android/issues/4584
GiteaMirror commented 2026-04-18 11:47:06 -05:00
Author
Owner
Copy Link

@mcclure commented on GitHub (Feb 26, 2025):

@danielleflinn , thank you for your reply! I think this new design is superior both in terms of UI convenience and in terms of how well it "explains itself" to the user.

As a piece of feedback, I would still like the option to turn this button off and/or move it to a submenu, because this is a large touchable area which would be easy to activate by accident and for a feature which I would not want to activate by accident.

<!-- gh-comment-id:2686031900 --> @mcclure commented on GitHub (Feb 26, 2025): @danielleflinn , thank you for your reply! I think this new design is superior both in terms of UI convenience and in terms of how well it "explains itself" to the user. As a piece of feedback, I would still like the option to turn this button off and/or move it to a submenu, because this is a large touchable area which would be easy to activate by accident and for a feature which I would not want to activate by accident.
GiteaMirror commented 2026-04-18 11:47:07 -05:00
Author
Owner
Copy Link

@danielleflinn commented on GitHub (Feb 26, 2025):

Closing this issue then as resolved by https://github.com/bitwarden/android/pull/4699

@mcclure please add your feature request to turn off or move this button to the Bitwarden Community Forum as a "feature request" for mobile. Thanks!

<!-- gh-comment-id:2686152633 --> @danielleflinn commented on GitHub (Feb 26, 2025): Closing this issue then as resolved by https://github.com/bitwarden/android/pull/4699 @mcclure please add your feature request to turn off or move this button to the [Bitwarden Community Forum](https://community.bitwarden.com/tags/c/feature-requests/pm-feature-requests/55/app:mobile) as a "feature request" for mobile. Thanks!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#28024
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?