Open danielphan2003 opened 1 year ago
This is a very good feature to have and I myself was surprised that Bitwarden doesn't support it.
While I also was thinking that I can abuse custom fields to implement any feature (such as tags for example), I would discuss it with the Bitwarden team first (to be able to mark a field as a service field or something like that).
Let's leave this one for the time when I have feature parity with Bitwarden and want to move ahead. 😀
On first adding a new URI field, Keyguard should prompt the user to verify that URI's legitimacy.
There are many platforms that needs verification:
Android URIs (aka Android apps):
Verifying Android App Links
Verifying app signature (derived from the process that Play app signing uses).
We could save the signature to custom fields, and use that to verify other instances of autofilling later on.
If the signature is different from what Keyguard has: warn the user before they proceed, and optionally allow them to add this to a list of verified signatures.
Web
/.well-known
directoriesOther platforms
TBD.
IMHO is there already an infrastructure that can do all of this for us? I tried searching for
uri attestation
anduri verification
and none came out.Edit1: Cross posting this to Reddit.