github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-03-19 13:36:39 -05:00
Code Issues 144 Packages Projects Releases 116 Wiki Activity

Android app and Firefox add-on issues #897

New Issue
Closed
opened 2025-11-26 22:33:34 -06:00 by GiteaMirror · 9 comments
GiteaMirror commented 2025-11-26 22:33:34 -06:00
Owner
Copy Link

Originally created by @jeffshead on GitHub (Dec 31, 2019).

Over the past week, I’ve spent most of my time researching, installing and testing self-hosted Bitwarden (BW). After installing BW server numerous times in both Windows and Linux VM’s that I spun up in VMWare Workstation, I finally decided to go for it. I created a new Linux VM on my vSphere server (just for BW) and imported my hundreds of logins from Roboform (RF).

Adjusting to the switch from RF to the BW client on Windows is not too painful but Android is a different story. With RF, I could create shortcuts on my phone’s home screen for commonly used logins. To use them, all I had to do was touch the shortcut icon, scan my fingerprint and the webpage would open with the fields populated, every time. Or I could open the RF app, scan my fingerprint and search for or select a login from the list (which displays instantly unlike BW) and have it open the webpage with the login fields auto-filled, every time.

With BW, I have to create/save a Firefox bookmark of a login page to the phone’s home screen. Once I touch the Firefox shortcut, the webpage opens but the fields remain empty. I have both Autofill and Accessibility enabled so that should be all that is required. Now I have a couple of choices on how to proceed. I can touch the password field in the webpage and see the autofill pop-up flash on the screen for a millisecond. It does not stay on the screen long enough to touch it. It does this disappearing act about 85% of the time.

Video depicting issue above: https://i.imgur.com/EAuoGR5

If it does stay on screen long enough for me to touch it, I am prompted to scan my fingerprint so BW can be unlocked. Once BW opens, I have to scroll through all of the logins that match the same base domain name. No matter what I have set for global URI match, it displays a list of all logins that have the same base domain name. When I finally find the correct login and touch it, I am taken back to the webpage but 50% of the time, no login fields are filled in. The next thing I can do is pull down the BW notification at the top of the screen and search for the login and touch it. I then get an option to view the item or autofill. Autofill works, this time. It would have been quicker to forgo BW and just enter the credentials manually.

Since the above method is a crapshoot and such a waste of time, I figured I’d remove the shortcuts to my commonly used logins from my home screen and use the BW add-on in Firefox, instead. My thought was to just open Firefox and use the BW add-on as a replacement for Firefox’s bookmarks menu. So I open Firefox, scroll down and touch the Bitwarden add-on link and then I am prompted to enter my PIN (no option for fingerprint scan). Now the Autofill pop-up is in my way! Now it wants to stay on the screen! After entering my PIN, I have to wait several seconds for BW to populate. Now I have to either search for my login or touch the ‘My Vault’ icon to list all of my logins and scroll through the list. If I go the search route, I get to enter two characters in the search box before the keypad disappears because the list is being populated. I have to touch the search box again to make the keypad display so I can enter more characters. This is very annoying. Once I find my login, I have to select ‘launch’ so the webpage is opened. About 20% of the time the fields do not autofill.

Video depicting the issue above: https://imgur.com/PmE4OMU

The phone that I have used for most of my testing is a mint condition Google Pixel XL with Android Pie. RF has worked perfectly on this phone as well as autofill for any other app. I did remove RF so these issues are not caused by RF/BW conflicts. Also, the BW app has crashed a couple of times and my phone mysteriously rebooted itself, once, when it wasn’t being used. This NEVER happened until I installed BW.

I haven’t given up on BW, yet, but another detractor is the fact that you cannot edit or create and save new logins, remotely, unless you allow Internet access to the BW server. The main reason for me wanting to switch to BW is to eliminate cloud storage and syncing over the Internet. You can (and I do) use a VPN but I cannot add my VPN to company owned equipment and I cannot use a VPN at some secured locations. So BW will often be read-only for me. Learning this AFTER all of the countless hours of testing was a huge disappointment. This is not an issue for RF. You can edit or create and save new logins while offline and sync the changes later. I was shocked to learn BW does not offer this functionality.

My intent is not to bash BW. I just want it to work as designed :-) Not being able to write while offline is not a deal breaker but the autofill issue is. Also, why do I have to unlock BW twice? Once in the app with a fingerprint scan and once in the Firefox add-on with a PIN. Can’t they be linked so one unlocks the other? Not only do you have to login to the BW Android app and the Android Firefox BW add-on separately, but they also do not stay in sync! How is this possible? So we have to manually sync both, individually, to ensure they both have the correct data because they don’t always auto-sync properly? Another issue is the fact that you have to use both because autofill does not work on some forms when the Firefox add-on does and vice versa.

Originally created by @jeffshead on GitHub (Dec 31, 2019). Over the past week, I’ve spent most of my time researching, installing and testing self-hosted Bitwarden (BW). After installing BW server numerous times in both Windows and Linux VM’s that I spun up in VMWare Workstation, I finally decided to **_go for it_**. I created a new Linux VM on my vSphere server (just for BW) and imported my hundreds of logins from Roboform (RF). Adjusting to the switch from RF to the BW client on Windows is not too painful but Android is a different story. With RF, I could create shortcuts on my phone’s home screen for commonly used logins. To use them, all I had to do was touch the shortcut icon, scan my fingerprint and the webpage would open with the fields populated, every time. Or I could open the RF app, scan my fingerprint and search for or select a login from the list (which displays instantly unlike BW) and have it open the webpage with the login fields auto-filled, every time. With BW, I have to create/save a Firefox bookmark of a login page to the phone’s home screen. Once I touch the Firefox shortcut, the webpage opens but the fields remain empty. I have both Autofill and Accessibility enabled so that should be all that is required. Now I have a couple of choices on how to proceed. I can touch the password field in the webpage and see the autofill pop-up flash on the screen for a millisecond. It does not stay on the screen long enough to touch it. It does this disappearing act about 85% of the time. **Video depicting issue above**: [https://i.imgur.com/EAuoGR5](https://i.imgur.com/EAuoGR5) If it does stay on screen long enough for me to touch it, I am prompted to scan my fingerprint so BW can be unlocked. Once BW opens, I have to scroll through all of the logins that match the same base domain name. No matter what I have set for global URI match, it displays a list of all logins that have the same base domain name. When I finally find the correct login and touch it, I am taken back to the webpage but 50% of the time, no login fields are filled in. The next thing I can do is pull down the BW notification at the top of the screen and search for the login and touch it. I then get an option to view the item or autofill. Autofill works, this time. It would have been quicker to forgo BW and just enter the credentials manually. Since the above method is a crapshoot and such a waste of time, I figured I’d remove the shortcuts to my commonly used logins from my home screen and use the BW add-on in Firefox, instead. My thought was to just open Firefox and use the BW add-on as a replacement for Firefox’s bookmarks menu. So I open Firefox, scroll down and touch the Bitwarden add-on link and then I am prompted to enter my PIN (no option for fingerprint scan). Now the Autofill pop-up is in my way! Now it wants to stay on the screen! After entering my PIN, I have to wait several seconds for BW to populate. Now I have to either search for my login or touch the ‘My Vault’ icon to list all of my logins and scroll through the list. If I go the search route, I get to enter two characters in the search box before the keypad disappears because the list is being populated. I have to touch the search box again to make the keypad display so I can enter more characters. This is very annoying. Once I find my login, I have to select ‘launch’ so the webpage is opened. About 20% of the time the fields do not autofill. **Video depicting the issue above:** [https://imgur.com/PmE4OMU](https://imgur.com/PmE4OMU) The phone that I have used for most of my testing is a mint condition Google Pixel XL with Android Pie. RF has worked perfectly on this phone as well as autofill for any other app. I did remove RF so these issues are not caused by RF/BW conflicts. Also, the BW app has crashed a couple of times and my phone mysteriously rebooted itself, once, when it wasn’t being used. This NEVER happened until I installed BW. I haven’t given up on BW, yet, but another detractor is the fact that you cannot edit or create and save new logins, remotely, unless you allow Internet access to the BW server. The main reason for me wanting to switch to BW is to eliminate cloud storage and syncing over the Internet. You can (and I do) use a VPN but I cannot add my VPN to company owned equipment and I cannot use a VPN at some secured locations. So BW will often be read-only for me. Learning this AFTER all of the countless hours of testing was a huge disappointment. This is not an issue for RF. You can edit or create and save new logins while offline and sync the changes later. I was shocked to learn BW does not offer this functionality. My intent is not to bash BW. I just want it to work as designed :-) Not being able to write while offline is not a deal breaker but the autofill issue is. Also, why do I have to unlock BW twice? Once in the app with a fingerprint scan and once in the Firefox add-on with a PIN. Can’t they be linked so one unlocks the other? Not only do you have to login to the BW Android app and the Android Firefox BW add-on separately, but they also do not stay in sync! How is this possible? So we have to manually sync both, individually, to ensure they both have the correct data because they don’t always auto-sync properly? Another issue is the fact that you have to use both because autofill does not work on some forms when the Firefox add-on does and vice versa.
GiteaMirror commented 2025-11-26 22:33:35 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Dec 31, 2019):

These autofill issues are common and known issues on Android. They also affect other popular password management apps. I'd suggest using the autofill accessibility service rather than the regular autofill service, since it does not have great implementation yet from browsers. RF likely is using an accessibility service.

How large is your vault? It appears you have quite a long load time when unlocking the browser extension.

The extension and the native app are not connected in any way, so you would be expected to have to unlock them both separately.

@kspearrin commented on GitHub (Dec 31, 2019): These autofill issues are common and known issues on Android. They also affect other popular password management apps. I'd suggest using the autofill accessibility service rather than the regular autofill service, since it does not have great implementation yet from browsers. RF likely is using an accessibility service. How large is your vault? It appears you have quite a long load time when unlocking the browser extension. The extension and the native app are not connected in any way, so you would be expected to have to unlock them both separately.
GiteaMirror commented 2025-11-26 22:33:35 -06:00
Author
Owner
Copy Link

@jeffshead commented on GitHub (Jan 1, 2020):

Happy New Years! Thanks for the fast response.

My vault has around 350 logins. I also installed BW on different phones. I created a group and multiple accounts. For one of the accounts, I shared only three logins. The load time on that phone is almost as long.

The issue where the keypad disappears after entering two characters in the Firefox add-on search box is very annoying. Can that be looked into? It does this on every phone (different makes).

So is it by design that the BW autofill accessibility service ignores the global URI match setting? I have it set to Starts with but the autofill accessibility service seems to use Base domain. That gives me a long list to scroll through and I usually have to go up and down the list a couple of times to find the login that I want.

The extension and the native app are not connected in any way, so you would be expected to have to unlock them both separately.

So they cannot be securely linked so one unlocks the other and both sync when one syncs? As in future functionality?

@jeffshead commented on GitHub (Jan 1, 2020): Happy New Years! Thanks for the fast response. My vault has around 350 logins. I also installed BW on different phones. I created a group and multiple accounts. For one of the accounts, I shared only three logins. The load time on that phone is almost as long. The issue where the keypad disappears after entering two characters in the Firefox add-on search box is very annoying. Can that be looked into? It does this on every phone (different makes). So is it by design that the BW autofill accessibility service ignores the global URI match setting? I have it set to **_Starts with_** but the autofill accessibility service seems to use **_Base domain_**. That gives me a long list to scroll through and I usually have to go up and down the list a couple of times to find the login that I want. > The extension and the native app are not connected in any way, so you would be expected to have to unlock them both separately. So they cannot be securely linked so one unlocks the other and both sync when one syncs? As in future functionality?
GiteaMirror commented 2025-11-26 22:33:35 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Jan 2, 2020):

My vault has around 350 logins.

Where are you located in the world? Maybe it's just slow loading the data from our servers.

So is it by design that the BW autofill accessibility service ignores the global URI match setting? I have it set to Starts with but the autofill accessibility service seems to use Base domain. That gives me a long list to scroll through and I usually have to go up and down the list a couple of times to find the login that I want.

Yes, because Android does not give us the full URL of the webpage that you are viewing. Unlike your browser on desktop, all we have to work with is the base domain.

So they cannot be securely linked so one unlocks the other and both sync when one syncs? As in future functionality?

I know of no way to share sessions between these two different applications.

@kspearrin commented on GitHub (Jan 2, 2020): > My vault has around 350 logins. Where are you located in the world? Maybe it's just slow loading the data from our servers. > So is it by design that the BW autofill accessibility service ignores the global URI match setting? I have it set to Starts with but the autofill accessibility service seems to use Base domain. That gives me a long list to scroll through and I usually have to go up and down the list a couple of times to find the login that I want. Yes, because Android does not give us the full URL of the webpage that you are viewing. Unlike your browser on desktop, all we have to work with is the base domain. > So they cannot be securely linked so one unlocks the other and both sync when one syncs? As in future functionality? I know of no way to share sessions between these two different applications.
GiteaMirror commented 2025-11-26 22:33:36 -06:00
Author
Owner
Copy Link

@jeffshead commented on GitHub (Jan 2, 2020):

Where are you located in the world? Maybe it's just slow loading the data from our servers.

I self-host so it's not an Internet issue. On Androids, load time is the same over the Internet and while on the local network.

It's not as slow to load on local Windows's PC's but it still seems a little slow to me when compared to all other apps and webpages that pull much more data from SQL databases.

@jeffshead commented on GitHub (Jan 2, 2020): > Where are you located in the world? Maybe it's just slow loading the data from our servers. I self-host so it's not an Internet issue. On Androids, load time is the same over the Internet and while on the local network. It's not as slow to load on local Windows's PC's but it still seems a little slow to me when compared to all other apps and webpages that pull much more data from SQL databases.
GiteaMirror commented 2025-11-26 22:33:36 -06:00
Author
Owner
Copy Link

@jeffshead commented on GitHub (Jan 6, 2020):

I just learned something new... If I disable the regular Android autofill service for BW and leave only the BW autofill accessibility service enabled, it does not autofill or even recognize password fields in some Android apps. This one for example: Connectwise Control.

Also, if I manually fill out the login form in that app, BW does not offer to remember the login unless the regular Android autofill service is enabled.

@jeffshead commented on GitHub (Jan 6, 2020): I just learned something new... If I disable the regular Android autofill service for BW and leave only the BW autofill **accessibility** service enabled, it does not autofill or even recognize password fields in some Android apps. This one for example: [Connectwise Control](https://play.google.com/store/apps/details?id=com.screenconnect.androidclient&hl=en_US). Also, if I manually fill out the login form in that app, BW does not offer to remember the login unless the regular Android autofill service is enabled.
GiteaMirror commented 2025-11-26 22:33:36 -06:00
Author
Owner
Copy Link

@kopach commented on GitHub (Feb 12, 2020):

Hi @jeffshead, as for this issue

I can touch the password field in the webpage and see the autofill pop-up flash on the screen for a millisecond. It does not stay on the screen long enough to touch it. It does this disappearing act about 85% of the time.

Could you try installing this extension in your Firefox Mobile browser? It disables "by default" browser's autocomplete functionality which may interact with bitwarden's pop-up.

@kopach commented on GitHub (Feb 12, 2020): Hi @jeffshead, as for this issue > I can touch the password field in the webpage and see the autofill pop-up flash on the screen for a millisecond. It does not stay on the screen long enough to touch it. It does this disappearing act about 85% of the time. Could you try installing [this extension](https://addons.mozilla.org/uk/firefox/addon/autocomplete-control/) in your Firefox Mobile browser? It disables "by default" browser's autocomplete functionality which may interact with bitwarden's pop-up.
GiteaMirror commented 2025-11-26 22:33:36 -06:00
Author
Owner
Copy Link

@jeffshead commented on GitHub (Feb 13, 2020):

Could you try installing this extension...

Thanks! I installed your add-on but it mad no difference for me.

@jeffshead commented on GitHub (Feb 13, 2020): > Could you try installing [this extension](https://addons.mozilla.org/uk/firefox/addon/autocomplete-control/)... Thanks! I installed your add-on but it mad no difference for me.
GiteaMirror commented 2025-11-26 22:33:37 -06:00
Author
Owner
Copy Link

@kopach commented on GitHub (Feb 13, 2020):

Oh, sad to hear that. I've actually built that extension with Bitwarden in mind. As in my case, browser's standard autocomplete feature was interacting with bitwarden's autofill popup and causing problems.

@kopach commented on GitHub (Feb 13, 2020): Oh, sad to hear that. I've actually built that extension with Bitwarden in mind. As in my case, browser's standard autocomplete feature was interacting with bitwarden's autofill popup and causing problems.
GiteaMirror commented 2025-11-26 22:33:37 -06:00
Author
Owner
Copy Link

@vvolkgang commented on GitHub (Jun 20, 2024):

Issue migrated to https://github.com/bitwarden/mobile/issues/683

@vvolkgang commented on GitHub (Jun 20, 2024): Issue migrated to https://github.com/bitwarden/mobile/issues/683
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#897
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?