search

Kunzisoft / KeePassDX

Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
https://www.keepassdx.com/
GNU General Public License v3.0
4.49k stars 266 forks source link

Cannot block Autofill, if popup window does not have package name but "PopupWindow:[7letters/digits]" #1046

Closed bege10 closed 3 years ago

bege10 commented 3 years ago

Describe the bug In the search window of the app "3C All-in-one Toolbox" (ccc71.at.free, Play Store or Aurora Store) the title of the autofill popup often shows instead of the package name "PopupWindow:[7letters/digits]". This cannot be entered into the block list and thus the popup often appears inappropriately.

To Reproduce Steps to reproduce the behavior:

  1. Open 3C Toolbox > App Manager
  2. Click on search button
  3. Either the autofill popup does not appear because the package is in black list, or - more often - the popup shows up with the described title.

Expected behavior No autofill popup in this app.

KeePass Database

KeePassDX (please complete the following information):

Android (please complete the following information):

Additional context If I choose Keepass2Android as autofill service the autofill popup does not appear.

J-Jamet commented 3 years ago

~I can't reproduce the problem, I try with version 2.5.1f of 3C All-in-One Toolbox and I don't have any popup displayed (The only search I found is in the logs). In the worst case, I advise you to put the item in the blocklist.~

bege10 commented 3 years ago

Thank you for your answer. As posted above it is in the App Manager of the 3C Toolbox (in the apps tab) and the popup window cannot be added to the blacklist (the Toolbox app is added already, of course.)

Screenshot_20210827-140413_3C_All-in-One_Toolbox

J-Jamet commented 3 years ago

I read too quickly. I did a further analysis and the problem is with the search form.

The metadata of the field indicates that it is a password so it is a 3C All-in-One Toolbox developer error. Field type 0x00080091 -> Text | No suggestion | Visible password. (https://developer.android.com/reference/android/text/InputType)

And I still can't reproduce the problem of the blocklist, the package name is well recognized as a field of application on my side (Android 11 AOSP) so I can block it. Maybe it's a problem with your system's autofill service or a specific version of Android.

So the best solution for me is to ask the developer to change the field type or to put android:importantForAutofill="no".

bege10 commented 3 years ago

And I still can't reproduce the problem of the blocklist, the package name is well recognized as a field of application on my side (Android 11 AOSP) so I can block it. Maybe it's a problem with your system's autofill service or a specific version of Android.

I put the package name on the blacklist. But that doesn't help with the window title "PopupWindow:[changing letters/digits]".

As said before, Keepass2Android as autofill service does not show up in this search field.

I can contact the developer in early September when I am back home.

J-Jamet commented 3 years ago

KeePass2Android does not use the same recognition algorithm. What I can do is add a rule that prevents autofill if there is the title "PopupWindow:" but this is not the main problem. It would be better to fix the issue at its origin.

J-Jamet commented 3 years ago

If you test the new ~beta~ 3.0.0 of the playstore, the problem should not occur anymore. Can you confirm?

bege10 commented 3 years ago

I have the app installed from F-Droid. After updating to 3.0.0_beta02 the problem remains. Is the Play Store version different?

J-Jamet commented 3 years ago

The stable version 3.0.0 is released on the store and in the repo.

bege10 commented 2 years ago

Yes, 3.0.0 fixes the issue. Thank you very much!