AChep / keyguard-app

Keyguard is an alternative client for the Bitwarden® platform, created to provide the best user experience possible.
https://play.google.com/store/apps/details?id=com.artemchep.keyguard
Other
1.34k stars 42 forks source link

Discussion: Provide users a way to verify the URI they're using autofill on #5

Open danielphan2003 opened 1 year ago

danielphan2003 commented 1 year ago

On first adding a new URI field, Keyguard should prompt the user to verify that URI's legitimacy.

There are many platforms that needs verification:

Android URIs (aka Android apps):

Verifying Android App Links

Verifying app signature (derived from the process that Play app signing uses).

Web

Other platforms

TBD.

IMHO is there already an infrastructure that can do all of this for us? I tried searching for uri attestation and uri verification and none came out.

Edit1: Cross posting this to Reddit.

AChep commented 1 year ago

This is a very good feature to have and I myself was surprised that Bitwarden doesn't support it.

While I also was thinking that I can abuse custom fields to implement any feature (such as tags for example), I would discuss it with the Bitwarden team first (to be able to mark a field as a service field or something like that).

Let's leave this one for the time when I have feature parity with Bitwarden and want to move ahead. 😀