mirror of
https://github.com/bitwarden/android.git
synced 2026-03-12 05:04:17 -05:00
Android Accessibility Service #372
Closed
opened 2025-11-26 22:15:18 -06:00 by GiteaMirror
·
36 comments
No Branch/Tag Specified
main
sdlc/sdk-update
fix/PM-33394-throwable-extensions
fix/PM-33394-sync-unlock-error
PM-24380/flight-recorder-redact-hostname
release/2026.3-rc48
claude/android-implementer-agent
PM-26577-app-links-support
PM-26896-autofill-fix
renovate/lock-file-maintenance
release/2026.2-rc47
PM-32714/fallback-to-web-vault-host
pr-6572
PM-28834/setting-app-layout-horizonos
vvolkgang/process-release-notes-v2
release/2026.2-rc46
release/2026.1-rc45
PM-30644/added-logs-for-debug
PM-30644/quicktile-nav-not-showing-migration
minor-gradle-updates
release/2026.1-rc42
release/2026.1-rc44
release/2026.1-rc43
PM-28834/set-landscape-on-horizonos-devices
context-rules
devclarity/update-code-review-command
PM-20026/force-ltr-passwords-and-codes
release/2025.12-rc41
cmcg/testCoverage
claude-skill/creating-feature-flags
PM-29014/talkback-support-for-passwords
release/2025.12-rc40
BRE-1305/publish_test
accept-user-certs
autofill-permissions
release/2025.11-rc39
PM-22479/check-all-certificates-validate-asset-links
release/2025.10-rc38
agalles/android-latest
optimize-test-workflows
tier2-test-sharding
retro-agent
PM-27001/skip-account-selection-only-one-exists-cxp
release/2025.10-rc37
agalles/test-1118
release/2025.10-rc36
PM-20593-token-refresh
QA-1126b/adding-native-sanity-test
release/2025.9-rc35
pm-25933/sdk-update-password
release/2025.9-rc34
release/2025.8-rc33
agalles/20250821-release
debug-release-issues
pm-24249-allow-automated-prs-for-sdk-updates
release/2025.8-rc32
release/WORKFLOW-TEST-2025.8-rc28
agalles/20250807release
release/2025.07-rc25
release/hotfix-v2025.7.0-bwa
pm-23311/export-vault-policy-bypass
release/2025.07-rc24
authenticator-pm-sync-flags-issue
ps/implement-sdk-repository-example
release/hotfix-v2025.6.0-bwpm
release/2025.06-rc21
agalles/automate-android-fastlane-patch
release/2025.05-rc20
release/2025.04-rc19
languages/basque
release/2025.03-rc19
update-readme
qrcode/feature
innovation/archive/pm-19153-archive-items
qrcode/2-ui-fields
qrcode/1-page
hold-on-biometric-prompt-alternative
release-notes-process
release/2025.02-rc16
bwa-monorepo
PM-8223/new-device-verification-ux-improvements
pm-18451/exempt-from-policies
test-bwa
cs-workaround-linked-0-copy
release/2025.01-rc15
release/2025.01-rc14
release/2024.12-rc13
pm-16670/sync-leave-notice
821
PM-16695/backport-lean-more-new-device-verification
km/15084-testing
release/hotfix-v2024.11.7
release/2024.11-rc1
pm-11304/collection-add-item-button
PM-14241/disabling-logs-app-crash
poc/offline-editing
new-version-calc
pm-11649/expired-link-services
pm-6702/add-feature-flag
pm-6702/email-verification-feature
pm-9933/marketing-copy-update
pm-6702/registration-flows
update-templates
pm-6701/email-verification-selfhost-registration
v2026.2.1-bwpm
v2026.2.1-bwa
v2026.2.0-bwpm
v2026.2.0-bwa
v2026.1.1-bwa
v2026.1.1-bwpm
temp-test
v2026.1.0-bwpm
v2026.1.0-bwa
v2025.12.1-bwa
v2025.12.1-bwpm
v2025.12.0-bwa
v2025.12.0-bwpm
v2025.11.1-bwpm
v2025.11.1-bwa
v2025.11.0-bwpm
v2025.11.0-bwa
v2025.10.1-bwa
v2025.10.1-bwpm
v2025.10.0-bwa
v2025.10.0-bwpm
v2025.9.1-bwa
v2025.9.1-bwpm
v2025.9.0-bwa
v2025.9.0-bwpm
v2025.8.1-bwa
v2025.8.1-bwpm
v2025.8.0-bwa
v2025.8.0-bwpm
v2025.7.2-bwa
v2025.7.2-bwpm
v2025.7.1-bwa
v2025.7.1-bwpm
v2025.7.0-bwa
v2025.7.0-bwpm
v2025.6.1-bwpm
v2025.6.0-bwa
v2025.6.0-bwpm
v2025.1.0-bwa
v2025.5.0-bwa
v2025.5.0-bwpm
v2025.5.999
2025.4.0
v2025.4.0
untagged-4731eaadac73f3dfbbb8
v2025.3.0
v2025.2.0
untagged-815a165c5d70ffe75bc7
v2025.1.2
v2025.1.1
v2025.1.0
v2024.12.0
untagged-5a76b6392a4c8998c63a
v2024.11.7
v2024.11.6
v2024.11.5
v2024.11.4
v2024.11.3
v2024.11.2
v2024.11.1
v2024.11.0
v2024.10.2
v2024.10.1
v2024.10.0
v2024.9.0
v2024.8.1
v2024.8.0
v2024.7.3
v2024.7.2
v2024.7.1
v2024.7.0
v2024.6.1
v2024.6.0
v2024.5.1
v2024.4.1
v2024.4.2
v2024.4.0
v2024.3.3
v2024.3.1
v2024.3.0
v2024.2.1
v2024.2.0
v2024.1.1
v2024.1.0
v2023.12.0
v2023.10.0
v2023.9.2
maui-single-project-android
v2023.9.1
v2023.9.0
v2023.8.0
v2023.7.0
v2023.5.0
v2023.4.0
v2023.3.2
v2023.3.1
v2023.3.0
v2023.2.0
v2023.1.0
v2022.11.0
v2022.10.0
v2022.9.1
v2022.9.0
v2022.8.0
v2022.6.2
v2022.6.1
v2022.6.0
v2022.05.0
v2.18.0
v2.17.0
v2.16.4
v2.16.3
v2.16.2
v2.16.1
v2.15.0
v2.14.2
v2.14.1
v2.14.0
v2.13.0
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.0
v2.9.1
v2.9.0
v2.8.2
v2.8.1
v2.8.0
v2.7.2
v2.7.0
v2.6.1
v2.6.0
v2.5.6
v.2.5.5
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.1
v2.3.0
v2.2.8
v2.2.7
v2.2.6
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.0
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.22.1
v1.22.0
v1.21.0
v1.20.0
v1.19.0
v1.18.1
v1.18.0
v1.17.0
v1.16.0
v1.15.2
v1.15.1
v1.15.0
v1.14.4
v1.14.1
v1.14.0
v1.13.0
v1.12.2
v1.12.1
v1.12.0
v1.11.1
v1.11.0
v1.10.0
v1.9.0
v1.8.1
v1.8.0
v1.7.0
v1.6.5
v1.6.1
v1.6.0
v1.5.1
v1.5.0
v1.4.4
v1.4.3
v1.4.0
v1.3.0
v1.2.1
v1.2.0
v1.1.0
v1.0.0
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/android#372
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @kspearrin on GitHub (Aug 10, 2016).
Create accessibility service to detect login fields and auto-fill username/passwords.
@callaars commented on GitHub (Oct 12, 2016):
Can we have this optional please, I personally don't like it auto-auto-filled.
@kspearrin commented on GitHub (Oct 12, 2016):
@bcallaars It would be optional since you have to manually enable the accessibility service in settings.
@grubernaut commented on GitHub (Nov 3, 2016):
This would be amazingly helpful if it didn't require a secondary keyboard to switch to, like 1Password requires.
@kspearrin commented on GitHub (Dec 17, 2016):
I am doing some research on this issue and am looking at the Keepass2Android implementation. I see that it uses system notifications to give me the ability to copy the username/password to clipboard whenever it detects a password field on screen, but I do not see where it pops up an overlay that lists my logins to pick from and actually autofill. Am I missing something? Anyone familiar with the Keepass2Android app?
@mrchecky commented on GitHub (Jan 21, 2017):
Any updates on time frame for this feature? Deal breaker for me until it's implemented. Hope to see it soon. Thanks
@kspearrin commented on GitHub (Jan 21, 2017):
See my last comment. I am still looking for examples of a good implementation (other than LastPass). Some of the work has already been started.
@CGrandez commented on GitHub (Jan 28, 2017):
Try the (sticky password) application. It has a floating option that allows you to choose between your accounts.
@CGrandez commented on GitHub (Jan 28, 2017):
Another good application is (Dashlane Password Manager)
@kspearrin commented on GitHub (Feb 1, 2017):
I have autofill working well in the following browsers:
If anyone is interested in helping beta testing the next release of the mobile app with the autofill service, let me know. You can email me on the website using the contact form or join our gitter chatroom here: https://gitter.im/bitwarden/Lobby
@kspearrin commented on GitHub (Feb 1, 2017):
For those who wish to beta test autofill, attached is a beta build APK you can download and install. Please uninstall existing versions of bitwarden before installing this one. Also note that you shouldn't continue to use this version and should uninstall it and re-download from the play store once done testing.
Download here: [REMOVED - See google play link below for testing now]
@kspearrin commented on GitHub (Feb 5, 2017):
I've set up alpha testing on the Google play store now for this. You can get the nightly build for this here: https://play.google.com/apps/testing/com.x8bit.bitwarden
The plan is to have autofill released at some point next week.
@lucacome commented on GitHub (Feb 5, 2017):
Can't seem to login with the alpha...
@kspearrin commented on GitHub (Feb 5, 2017):
@lucacome The alpha is still in being developed with some changes to the authentication process, so if you have 2FA turned on, you wont be able to log in currently. If you want to test you'll need to disable 2FA for now. Do you have 2FA turned on for your account?
@kspearrin commented on GitHub (Feb 6, 2017):
@lucacome 2FA is now available again with the latest alpha build.
@kspearrin commented on GitHub (Feb 6, 2017):
Also, those who may want to test this outside of the play store, you can always download the latest APK attached to our CI builds here: https://ci.appveyor.com/project/bitwarden/mobile/build/artifacts
@walrus543 commented on GitHub (Feb 8, 2017):
Video of Bitwarden 1.2.1
As you can see, the notification is automatically removed as soon as I open the notification panel or I open the keyboard.
Android 7.1.1 - OnePlus 3T
@kspearrin commented on GitHub (Feb 8, 2017):
Another user reported the same thing when he had the lastpass auto fill service turned on still. When he turned off lastpass it started working correctly. I wasn't able to reproduce it though. Do you happen to have that on? Investigating....
@kwiky commented on GitHub (Feb 8, 2017):
I have the same issue. I turned off lastpass service and turned on bitwarden service in accessibility settings, but i have never seen the bitwarden auto-fill notification.
Bitwarden 1.2.1 (436)
Samsung Galaxy S7 Edge
@kspearrin commented on GitHub (Feb 8, 2017):
@kwiky what android version?
@kwiky commented on GitHub (Feb 8, 2017):
@kspearrin 6.0.1
@kwiky commented on GitHub (Feb 8, 2017):
@kspearrin sorry, it works on android apps and chrome, but not with firefox.
Sorry because lastpass always display his notification, and bitwarden notification is only displayed when login fields is detected. This is why i thought it doesn't works
@kwiky commented on GitHub (Feb 8, 2017):
This is maybe why lastpass always display this notification, because of apps like firefox ?
@kspearrin commented on GitHub (Feb 8, 2017):
Firefox browser is not supported at this time.
@sreich commented on GitHub (Feb 8, 2017):
LastPass always displaying the notification is a feature. It's an option in its settings and it proves most useful because the auto detection is definitely not foolproof, even for LastPass.
Disabling LastPass service seemed to have worked around bitwarden hiding it's notification before you can hit it, but obviously isn't a fix.
@walrus543 commented on GitHub (Feb 8, 2017):
@kspearrin no changes after switching off Lastpass accessibility service.
@kspearrin commented on GitHub (Feb 8, 2017):
@Primokorn
The way the accessibility service works is that it receives events every time something changes on your screen. That can be opening a new screen, focusing a textbox, opening the notification center, scrolling a web page, etc. When these events occur I get certain information such as which app is causing the event to occur, what text fields are on the screen, etc.
The logic every time these events are received is:
com.android.systemuievent?Opening the notification center and keyboard are suppose to be
com.android.systemuievents, so they should be stopped (returned) from dismissing the notification. Obviously that doesn't seem to be happening with your device. Therefore it is going to step 2 in which it doesn't find any password field on the event's "context". In this case the context is likely your keyboard or notification center, not the information on the screen "behind" it.Any idea why those wouldn't be classified as
com.android.systemuievents? Are you using some custom keyboard or something that might be classified differently?Are you available at some time to help me debug the issue in live chat or anything? It's very difficult to try to resolve issues like this that I can't reproduce but are obviously affecting people. All reports I have heard about this so far have been on Android 7.1 which may also be a common denominator. Do you have any other devices you could test it out on to see if the issue persists?
@sreich commented on GitHub (Feb 8, 2017):
On my lunch break, but I'm using GBoard (Google keyboard). I won't be able to help for a while so perhaps someone else can sooner.
@kspearrin commented on GitHub (Feb 8, 2017):
@sreich @Primokorn I just pushed build 437 to the beta slot. Please give that a try for a possible fix.
@walrus543 commented on GitHub (Feb 9, 2017):
@kspearrin this new update fixes the notification issue. Thanks. I'm on 445, though.
I tested with the mobile app of my mobile carrier (Bouygues Telecom).
In my vault my logins are stored this way:
While opening the app (package name: fr.bouyguestelecom.ecm.android) bitwarden is looking for ecm.android.
The screen 'logins for ecm.android' is loading again and again and bitwarden doesn't find anything.
@kspearrin commented on GitHub (Feb 9, 2017):
Awesome. Thanks to @sreich I was able to somewhat reproduce the issue using gboard.
This is because apps are searched for differently that websites.
It's looking for a login with the explicit uri "androidapp://packagename" which is different than the web address.
I could start searching it for the reverse domain, but that could potentially be exploited since a person can give their app whatever reverse domain package name that they want. For example, I can call my package "com.google.bitwarden" and get it to list your google logins for you to auto fill into my app. Not really sure the best way to handle that.
@kspearrin commented on GitHub (Feb 9, 2017):
There is a new feature in the web vault that lets you configure equivalent domains. So you could also associate androidapp://packagename with a Website domain and it will then suggest it to you when searching.
@kspearrin commented on GitHub (Feb 10, 2017):
I'm pretty happy with the latest build. Unless anyone has any objections, I'll plan on pushing to production tomorrow some time.
@kspearrin commented on GitHub (Feb 10, 2017):
Anyone have an Android 5.x device? I haven't been able to test that version and I am curious if the populating of text fields during the autofill process works or not. It doesn't on 4.4 so I show an alternate flow that offers copy/paste instead. Wondering if I need to do that for 5.x as well or not. 6.x and 7.x are tested and good to go.
@kspearrin commented on GitHub (Feb 11, 2017):
This has now been completed and available on the play store. See blog post for full details: https://blog.bitwarden.com/android-v1-3-0-now-with-auto-fill-a0b582ada0e9#.gv2t8a8dt
@cwmke commented on GitHub (Mar 9, 2017):
I've been using Keepass2Android for awhile and in order to search for sites, you switch to their keyboard and then click the little button with an android picture on it which brings up a menu asking to either select an entry or use the option presented.
Personally I greatly prefer the keyboard over the accessibility option due to accessibility triggering,
@sreich commented on GitHub (Mar 9, 2017):
That's Android being misleading, see here:
https://lastpass.com/support.php?cmd=showfaq&id=8936
Just enable it then set (even if it was set before) your passphrase. It will warn you that accessibility services won't be able to startup.
I don't think this happens at all in Android 7 because it uses per file encryption and apps that want to can be activated pre boot in a separate storage area. Like an alarm clock (so it can wake you up even before you put in your password, for instance.
But anyway the idea was that eg blind users would want accessibility services to be available at startup.
So yeah, it's perfectly fine and secure to use that assuming you do that extra step, as far as I know.