Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Register as default handler to consume FIDO2 URIs to avoid user confusion. #4421

Open
1 task done
RokeJulianLockhart opened this issue Dec 5, 2024 · 1 comment
Open
1 task done

Register as default handler to consume FIDO2 URIs to avoid user confusion. #4421

RokeJulianLockhart opened this issue Dec 5, 2024 · 1 comment
Labels
bug

Comments

@RokeJulianLockhart
Copy link

RokeJulianLockhart commented Dec 5, 2024
edited
Loading

Steps To Reproduce

  1. Install com.google.android.gms.
  2. Install v2024.11.7/com.x8bit.bitwarden-standard-beta.aab
  3. Invoke a FIDO:/ schema-prefixed URI (like FIDO:/13086400838107303667332719012595115747821895775708323189557153075146383351399743589971313508078026948312026786722471666005727649643501784024544726574771401798171307406596245). 1

Expected Result

com.x8bit.bitwarden should have intercepted the activity, because it does when using addons.mozilla.org/firefox/downloads/file/4392295/bitwarden_password_manager-2024.11.2.xpi on:

  1. firefox-nightly-for-developers-135-0a1-5-android-apk
  2. 41/fedora-updates-x86_64/firefox-133.0-2.fc41.x86_64.rpm

Actual Result

The default handler appears to be com.google.android.gms/.fido.fido2.ui.hybrid.HybridAuthenticateActivity. 2

Screenshots or Videos

I possess them, but don't want to upload them yet because I don't know whether displaying a real FIDO URI is insecure.

Additional Context

  1. How can I open my app from a URI scheme (deep link) airsdk/Adobe-Runtime-Support#2451 (comment) appears to explain somewhat how to implement the association.

  2. stackoverflow.com/revisions/75651445/6 explains how to decode such a URI.

Build Version

v2024.11.7/com.x8bit.bitwarden-standard-beta.aab

What server are you connecting to?

US

Environment Details

  1. #!/usr/bin/env -S bash
adb shell getprop
  2. [ro.build.version.release]: [14]
[ro.build.product]: [FP5]
[ro.build.display.id]: [FP5.UT2E.B.078.20241105]

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

Footnotes

  1. stackoverflow.com/revisions/75651445/6

  2. android.stackexchange.com/revisions/258784/3

@bitwarden-bot
Copy link

Thank you for your report! We've added this to our internal board for review.
ID: PM-15580

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RokeJulianLockhart @bitwarden-bot