search

bitwarden / mobile

Retired Bitwarden mobile app for iOS and Android (MAUI/Xamarin).
https://bitwarden.com
GNU General Public License v3.0
21 stars 2 forks source link

Autofill prompt blocks OK button for BankID, Android #1816

Open 0SOKIqL69KNDs5RM78nh4VaqXU2rIO2SVnFqwvW opened 2 years ago

0SOKIqL69KNDs5RM78nh4VaqXU2rIO2SVnFqwvW commented 2 years ago

Steps To Reproduce

Using Android 11, and BankID, (electronic identification system in Norway with over 4m users)

  1. Unlock the phone
  2. Initiate a BankID authentication session either on the phone or from a different device
  3. The BankID prompt appears on the phone, providing a unique phrase
  4. The next BankID screen requests a pin number
  5. User enters their BankID PIN
  6. The Bitwarden autofill prompt blocks access to the OK button, making it untappable.

Workaround 1

  1. enable rotation in Android. In landscape the OK button can be tapped after scrolling down

Workaround 2

  1. keep the phone locked
  2. Initiate a BankID authentication session
  3. The Bitwarden autofill prompt does not appear, so the BankID OK button can be tapped in portrait mode

Expected Result

The autofill "popover" should not block the OK button from BankID

Actual Result

The autofill "popover" blocks the OK button from BankID

Screenshots or Videos

Initial BankID prompt: 2022-02-28 13_02_11-Screenshot_20220228-125553_SIM toolkit jpg ‎- Photos

During step 2 the PIN should be entered. The Bitwarden overlay is blocking the OK button in portait mode. The overlay persists even after the user types values into this input field: 2022-02-28 13_02_24-Screenshot_20220228-125609_SIM toolkit jpg ‎- Photos

Using workaround 1, device is in landscape mode so the OK button is available: 2022-02-28 13_02_02-Screenshot_20220228-125623_SIM toolkit jpg ‎- Photos

Additional Context

NB: There is another identification system called BankID in Sweden, but this is an entirely separate system from the Norwegian one which I am reporting here.

Operating System

Android

Operating System Version

11

Device

Samsung s21

Build Version

2.16.2 (4334)

Beta

D80BsUL3WtKkHuyJOcaFIn9XfAQKeX0sNjc52RH commented 2 years ago

This autofill button should be floatable, so the user can move it somewhere else where it doesn't cover an important part of the screen.

YicbFxMOajBnP1ngqNkFZNuEm9HxyAtOGQeM6pN commented 1 year ago

Or this could be shown on the bottom part like enpass

w4f6yF6cjyl8JImbCDsxj0t7nYh7dyvsZ5SU80z commented 1 year ago

This was really annoying. I doubt there is going to be a fix for this, seeing as the problem has been reported almost 3 years ago (se Estonian Mobile-ID issue linked above). The workaround posted there seems to work for the Norwegian BankId as well. Just remember to add a comma after the URI blacklist: Adding "androidapp://com.android.stk," URI to the blacklist did the trick.