Password Manager 2026.1.0 (21141)

Overview

• Fixed issue where password-protected exports couldn't be imported
• Fixed passkey authentication issue when using PIN with Never Lock timeout setting
• Several under the hood performance and security improvements

What's Changed

✨ Community Highlight

• [PM-30260] Add WebLibre to the FIDO2 privileged community list by @lucasmz-dev in #6299
• [PM-30258] Remove CalyxOS Chromium from the FIDO2 privileged list by @lucasmz-dev in #6297

🚀 New Features & Enhancements

• PM-30389: Allow for different auth tab schemes by @david-livefront in #6315
• PM-30522: Add support for processing app links for Duo, WebAuthn, and SSO by @david-livefront in #6332
• Add the Archive items feature flag by @david-livefront in #6337

🐛 Bug fixes

• Allow trailing commas in JSON by @david-livefront in #6326
• [PM-30899] Store account keys on new user creation by @david-livefront in #6403

⚙️ Maintenance

• PM-28522: Update the Login With Device Screen by @david-livefront in #6184
• [BWA-179] Added clarification of functionality on Authenticator's ExportScreen by @aj-rosado in #6190
• Update SDK to 1.0.0-3958-7f09fd2f by @bw-ghapp[bot] in #6213
• [deps]: Update ksp by @david-livefront in #6217
• [PM-28835] Added validations to prevent duplicate press on buttons by @aj-rosado in #6209
• PM-28522: Update the LoginWithDevice ui by @david-livefront in #6221
• [PM-27118] Restrict Credential Exchange import based on Personal Ownership policy by @SaintPatrck in #6220
• Update Androidx dependencies to the latest versions by @david-livefront in #6224
• [PM-29097] Fix privacy statement alignment in landscape mode by @SaintPatrck in #6225
• [PM-27290] Remove password unlock method by @andrebispo5 in #6176
• PM-28634: Update Autofill terms to support other languages better by @david-livefront in #6226
• PM-25632: Ensure that we use lowercase email addresses when creating a fingerprint by @david-livefront in #6227
• [PM-29096] Update Fastlane and Gemfile dependencies by @SaintPatrck in #6216
• [deps]: Lock file maintenance by @renovate[bot] in #6197
• [PM-28467] Add revisionDate to policy JSON model by @SaintPatrck in #6228
• [PM-28352] Add logging to Credential Manager and Origin Manager flows by @SaintPatrck in #6229
• Update SonarQube plugin version by @SaintPatrck in #6231
• Update ZXing library version by @SaintPatrck in #6230
• Crowdin Pull by @bw-ghapp[bot] in #6234
• [PM-28442] Added feature flag for migrate myvault to myitems by @aj-rosado in #6235
• Address several small lint warning throughout the app by @david-livefront in #6233
• Move MissingPropertyException to common location by @david-livefront in #6237
• [deps]: Update actions/checkout action to v6 by @renovate[bot] in #6247
• PM-28355: Clear pin data on hard-logout or security stamp by @david-livefront in #6232
• Move BiometricsEncryptionManager into the AuthRepository by @david-livefront in #6249
• [PM-28468] Added service methods to migration to MyItems validation by @aj-rosado in #6248
• [PM-28504] Add testharness build workflow with dynamic versioning by @SaintPatrck in #6181
• [PM-28836] Add AndroidManifest permission for HEADSET_CAMERA by @aj-rosado in #6251
• PM-29172: Update Authenticator biometric encryption by @david-livefront in #6240
• PM-1908: Push notifications for non-active accounts prompt for future sync by @david-livefront in #6252
• [BRE-1333] Added permissions to token generation step to limit token scope by @gitclonebrian in #6171
• Update STYLE_AND_BEST_PRACTICES.md to clarify KDoc requirements and fix whitespace by @SaintPatrck in #6256
• PM-29491: Implement LeaveOrganizationScreen by @SaintPatrck in #6253
• Update OkHttp to v5.3.2 by @david-livefront in #6257
• Crowdin Pull by @bw-ghapp[bot] in #6261
• Update to AGP v8.13.2 by @david-livefront in #6258
• Update Androidx Camera to v1.5.2 by @david-livefront in #6259
• Update Mockk and Kover by @david-livefront in #6260
• PM-29795: Move FileManager to data module by @david-livefront in #6268
• PM-29442: Change 2fa field to not be a password field by @david-livefront in #6269
• [PM-29297] Add MigrateToMyItemsScreen by @SaintPatrck in #6239
• PM-29806: Move FlightRecorderWriter to the data module by @david-livefront in #6270
• PM-29824: Add bulk share ciphers network layer implementation by @SaintPatrck in #6271
• [PM-29842] Add organization event types for item migration acceptance and rejection by @SaintPatrck in #6273
• PM-29827: Move FlightRecorderManager to common data module by @david-livefront in #6274
• Move extensions to common module by @david-livefront in #6276
• [PM-29911] Update cron jobs to run at midnight on Sundays by @KatherineInCode in #6280
• Remove flaky tests by @david-livefront in #6278
• [PM-29947] Remove ResetMasterPassword property from token response model by @SaintPatrck in #6285
• [PM-29913] ci: Fix release notes fetch failure while creating GitHub Releases by @vvolkgang in #6282
• PM-29843: Record item org migration events by @SaintPatrck in #6275
• [deps]: Update actions/cache action to v5 by @renovate[bot] in #6288
• [deps]: Update actions/checkout action to v6 by @renovate[bot] in #6289
• [deps]: Update actions/upload-artifact action to v6 by @renovate[bot] in #6290
• [deps]: Lock file maintenance by @renovate[bot] in #6292
• [PM-30106] Updated sdk to a version that fixes the password protected export issues (1.0.0-4328-km-fix-cherry-pick) by @aj-rosado in #6300
• [PM-14880] ci: Adds categories for automated release notes by @vvolkgang in #6302
• [PM-14880] ci: Update labels of automated PRs; set labels for PRs created by the crowdin-pull.yml workflow by @vvolkgang in #6303
• [PM-14880] Label updates to fido2 privileged apps lists by @vvolkgang in #6304
• [PM-14880] Add pull-request trigger to PR Labeling workflow and address test findings by @vvolkgang in #6305
• Review Code Triggered by labeled event by @theMickster in #6307
• Crowdin Pull by @bw-ghapp[bot] in #6286
• Update SDK to 2.0.0-4254-6c954013 by @bw-ghapp[bot] in #6218
• [deps]: Update Google ProtoBuf dependencies by @SaintPatrck in #6308
• Revert review Code Triggered by labeled event by @theMickster in #6310
• Crowdin Pull by @bw-ghapp[bot] in #6317
• Move TestHelpers to core test-fixtures module by @david-livefront in #6314
• [deps]: Lock file maintenance by @renovate[bot] in #6320
• Update Androidx dependencies by @david-livefront in #6322
• Update SDK to 2.0.0-4373-3c666766 by @bw-ghapp[bot] in #6311
• Update Firebase BOM to latest versions by @david-livefront in #6324
• [PM-28271] Rename validatePin to validatePinUserKey and update SDK usage by @SaintPatrck in htt...

Authenticator 2026.1.0 (1167)

Overview

• Several under the hood performance and security improvements

What's Changed

✨ Community Highlight

• [PM-30260] Add WebLibre to the FIDO2 privileged community list by @lucasmz-dev in #6299
• [PM-30258] Remove CalyxOS Chromium from the FIDO2 privileged list by @lucasmz-dev in #6297

⚙️ Maintenance

• PM-29843: Record item org migration events by @SaintPatrck in #6275
• [deps]: Update actions/cache action to v5 by @renovate[bot] in #6288
• [deps]: Update actions/checkout action to v6 by @renovate[bot] in #6289
• [deps]: Update actions/upload-artifact action to v6 by @renovate[bot] in #6290
• [deps]: Lock file maintenance by @renovate[bot] in #6292
• [PM-30106] Updated sdk to a version that fixes the password protected export issues (1.0.0-4328-km-fix-cherry-pick) by @aj-rosado in #6300
• [PM-14880] ci: Adds categories for automated release notes by @vvolkgang in #6302
• [PM-14880] ci: Update labels of automated PRs; set labels for PRs created by the crowdin-pull.yml workflow by @vvolkgang in #6303
• [PM-14880] Label updates to fido2 privileged apps lists by @vvolkgang in #6304
• [PM-14880] Add pull-request trigger to PR Labeling workflow and address test findings by @vvolkgang in #6305
• Review Code Triggered by labeled event by @theMickster in #6307
• Crowdin Pull by @bw-ghapp[bot] in #6286
• Update SDK to 2.0.0-4254-6c954013 by @bw-ghapp[bot] in #6218
• [deps]: Update Google ProtoBuf dependencies by @SaintPatrck in #6308
• Revert review Code Triggered by labeled event by @theMickster in #6310
• Crowdin Pull by @bw-ghapp[bot] in #6317
• Move TestHelpers to core test-fixtures module by @david-livefront in #6314
• PM-30389: Allow for different auth tab schemes by @david-livefront in #6315
• [deps]: Lock file maintenance by @renovate[bot] in #6320
• Update Androidx dependencies by @david-livefront in #6322
• Update SDK to 2.0.0-4373-3c666766 by @bw-ghapp[bot] in #6311
• Update Firebase BOM to latest versions by @david-livefront in #6324
• [PM-28271] Rename validatePin to validatePinUserKey and update SDK usage by @SaintPatrck in #6323
• [VULN-362] Move Compose tooling dependency to debugImplementation by @SaintPatrck in #6327
• Allow trailing commas in JSON by @david-livefront in #6326
• Update generated SSO uri to be typed by @david-livefront in #6329
• Update SDK to 2.0.0-4408-ef987b96 by @bw-ghapp[bot] in #6331
• Add concrete FlightRecorderDiskSource by @david-livefront in #6281
• PM-30522: Add support for processing app links for Duo, WebAuthn, and SSO by @david-livefront in #6332
• Improve clock usage patterns by @david-livefront in #6336
• Add the Archive items feature flag by @david-livefront in #6337
• [PM-28468] Updated validation and navigation for MigrateToMyItems by @aj-rosado in #6279
• Update SDK to 2.0.0-4441-c5a3b833 by @bw-ghapp[bot] in #6333
• Document best practices for Clock/Time handling by @SaintPatrck in #6340
• Improve KDoc on StateFlowExtensions by @SaintPatrck in #6338

Full Changelog: v2025.12.1-bwa...v2026.1.0-bwa
Builds Source: https://github.com/bitwarden/android/actions/runs/20860214993

Password Manager 2025.12.1 (21060)

Overview

• Fixed login error that prevented users from accessing their accounts in certain scenarios
• Fixed case-sensitive email handling in device login fingerprint phrase
• Improved handling when importing passwords for organization users with disabled personal vaults
• Fixed account switching to properly sync changes made while profile was inactive
• Various under the hood improvements and bug fixes

What's Changed

• PM-28522: Update the Login With Device Screen by @david-livefront in #6184
• [BWA-179] Added clarification of functionality on Authenticator's ExportScreen by @aj-rosado in #6190
• Update SDK to 1.0.0-3958-7f09fd2f by @bw-ghapp[bot] in #6213
• [deps]: Update ksp by @david-livefront in #6217
• [PM-28835] Added validations to prevent duplicate press on buttons by @aj-rosado in #6209
• PM-28522: Update the LoginWithDevice ui by @david-livefront in #6221
• [PM-27118] Restrict Credential Exchange import based on Personal Ownership policy by @SaintPatrck in #6220
• Update Androidx dependencies to the latest versions by @david-livefront in #6224
• [PM-29097] Fix privacy statement alignment in landscape mode by @SaintPatrck in #6225
• [PM-27290] Remove password unlock method by @andrebispo5 in #6176
• PM-28634: Update Autofill terms to support other languages better by @david-livefront in #6226
• PM-25632: Ensure that we use lowercase email addresses when creating a fingerprint by @david-livefront in #6227
• [PM-29096] Update Fastlane and Gemfile dependencies by @SaintPatrck in #6216
• [deps]: Lock file maintenance by @renovate[bot] in #6197
• [PM-28467] Add revisionDate to policy JSON model by @SaintPatrck in #6228
• [PM-28352] Add logging to Credential Manager and Origin Manager flows by @SaintPatrck in #6229
• Update SonarQube plugin version by @SaintPatrck in #6231
• Update ZXing library version by @SaintPatrck in #6230
• Crowdin Pull by @bw-ghapp[bot] in #6234
• [PM-28442] Added feature flag for migrate myvault to myitems by @aj-rosado in #6235
• Address several small lint warning throughout the app by @david-livefront in #6233
• Move MissingPropertyException to common location by @david-livefront in #6237
• [deps]: Update actions/checkout action to v6 by @renovate[bot] in #6247
• PM-28355: Clear pin data on hard-logout or security stamp by @david-livefront in #6232
• Move BiometricsEncryptionManager into the AuthRepository by @david-livefront in #6249
• [PM-28468] Added service methods to migration to MyItems validation by @aj-rosado in #6248
• [PM-28504] Add testharness build workflow with dynamic versioning by @SaintPatrck in #6181
• [PM-28836] Add AndroidManifest permission for HEADSET_CAMERA by @aj-rosado in #6251
• PM-29172: Update Authenticator biometric encryption by @david-livefront in #6240
• PM-1908: Push notifications for non-active accounts prompt for future sync by @david-livefront in #6252
• [BRE-1333] Added permissions to token generation step to limit token scope by @gitclonebrian in #6171
• Update STYLE_AND_BEST_PRACTICES.md to clarify KDoc requirements and fix whitespace by @SaintPatrck in #6256
• PM-29491: Implement LeaveOrganizationScreen by @SaintPatrck in #6253
• Update OkHttp to v5.3.2 by @david-livefront in #6257
• Crowdin Pull by @bw-ghapp[bot] in #6261
• Update to AGP v8.13.2 by @david-livefront in #6258
• Update Androidx Camera to v1.5.2 by @david-livefront in #6259
• Update Mockk and Kover by @david-livefront in #6260
• PM-29795: Move FileManager to data module by @david-livefront in #6268
• PM-29442: Change 2fa field to not be a password field by @david-livefront in #6269
• [PM-29297] Add MigrateToMyItemsScreen by @SaintPatrck in #6239
• PM-29806: Move FlightRecorderWriter to the data module by @david-livefront in #6270
• PM-29824: Add bulk share ciphers network layer implementation by @SaintPatrck in #6271
• [PM-29842] Add organization event types for item migration acceptance and rejection by @SaintPatrck in #6273
• PM-29827: Move FlightRecorderManager to common data module by @david-livefront in #6274
• Move extensions to common module by @david-livefront in #6276
• [PM-29911] Update cron jobs to run at midnight on Sundays by @KatherineInCode in #6280
• Remove flaky tests by @david-livefront in #6278
• [PM-29947] Remove ResetMasterPassword property from token response model by @SaintPatrck in #6285
• [PM-29913] ci: Fix release notes fetch failure while creating GitHub Releases by @vvolkgang in #6282
• 🍒 [PM-30106] Updated sdk to a version that fixes the password protected export issues (1.0.0-4328-km-fix-cherry-pick) by @aj-rosado in #6301

New Contributors

• @gitclonebrian made their first contribution in #6171
• @KatherineInCode made their first contribution in #6280

Full Changelog: v2025.12.0-bwpm...v2025.12.1-bwpm
Builds Source: https://github.com/bitwarden/android/actions/runs/20584595942

Authenticator 2025.12.1 (1138)

Overview

What's Changed

• PM-28522: Update the Login With Device Screen by @david-livefront in #6184
• [BWA-179] Added clarification of functionality on Authenticator's ExportScreen by @aj-rosado in #6190
• Update SDK to 1.0.0-3958-7f09fd2f by @bw-ghapp[bot] in #6213
• [deps]: Update ksp by @david-livefront in #6217
• [PM-28835] Added validations to prevent duplicate press on buttons by @aj-rosado in #6209
• PM-28522: Update the LoginWithDevice ui by @david-livefront in #6221
• [PM-27118] Restrict Credential Exchange import based on Personal Ownership policy by @SaintPatrck in #6220
• Update Androidx dependencies to the latest versions by @david-livefront in #6224
• [PM-29097] Fix privacy statement alignment in landscape mode by @SaintPatrck in #6225
• [PM-27290] Remove password unlock method by @andrebispo5 in #6176
• PM-28634: Update Autofill terms to support other languages better by @david-livefront in #6226
• PM-25632: Ensure that we use lowercase email addresses when creating a fingerprint by @david-livefront in #6227
• [PM-29096] Update Fastlane and Gemfile dependencies by @SaintPatrck in #6216
• [deps]: Lock file maintenance by @renovate[bot] in #6197
• [PM-28467] Add revisionDate to policy JSON model by @SaintPatrck in #6228
• [PM-28352] Add logging to Credential Manager and Origin Manager flows by @SaintPatrck in #6229
• Update SonarQube plugin version by @SaintPatrck in #6231
• Update ZXing library version by @SaintPatrck in #6230
• Crowdin Pull by @bw-ghapp[bot] in #6234
• [PM-28442] Added feature flag for migrate myvault to myitems by @aj-rosado in #6235
• Address several small lint warning throughout the app by @david-livefront in #6233
• Move MissingPropertyException to common location by @david-livefront in #6237
• [deps]: Update actions/checkout action to v6 by @renovate[bot] in #6247
• PM-28355: Clear pin data on hard-logout or security stamp by @david-livefront in #6232
• Move BiometricsEncryptionManager into the AuthRepository by @david-livefront in #6249
• [PM-28468] Added service methods to migration to MyItems validation by @aj-rosado in #6248
• [PM-28504] Add testharness build workflow with dynamic versioning by @SaintPatrck in #6181
• [PM-28836] Add AndroidManifest permission for HEADSET_CAMERA by @aj-rosado in #6251
• PM-29172: Update Authenticator biometric encryption by @david-livefront in #6240
• PM-1908: Push notifications for non-active accounts prompt for future sync by @david-livefront in #6252
• [BRE-1333] Added permissions to token generation step to limit token scope by @gitclonebrian in #6171
• Update STYLE_AND_BEST_PRACTICES.md to clarify KDoc requirements and fix whitespace by @SaintPatrck in #6256
• PM-29491: Implement LeaveOrganizationScreen by @SaintPatrck in #6253
• Update OkHttp to v5.3.2 by @david-livefront in #6257
• Crowdin Pull by @bw-ghapp[bot] in #6261
• Update to AGP v8.13.2 by @david-livefront in #6258
• Update Androidx Camera to v1.5.2 by @david-livefront in #6259
• Update Mockk and Kover by @david-livefront in #6260
• PM-29795: Move FileManager to data module by @david-livefront in #6268
• PM-29442: Change 2fa field to not be a password field by @david-livefront in #6269
• [PM-29297] Add MigrateToMyItemsScreen by @SaintPatrck in #6239
• PM-29806: Move FlightRecorderWriter to the data module by @david-livefront in #6270
• PM-29824: Add bulk share ciphers network layer implementation by @SaintPatrck in #6271
• [PM-29842] Add organization event types for item migration acceptance and rejection by @SaintPatrck in #6273
• PM-29827: Move FlightRecorderManager to common data module by @david-livefront in #6274
• Move extensions to common module by @david-livefront in #6276
• [PM-29911] Update cron jobs to run at midnight on Sundays by @KatherineInCode in #6280
• Remove flaky tests by @david-livefront in #6278
• [PM-29947] Remove ResetMasterPassword property from token response model by @SaintPatrck in #6285
• [PM-29913] ci: Fix release notes fetch failure while creating GitHub Releases by @vvolkgang in #6282
• 🍒 [PM-30106] Updated sdk to a version that fixes the password protected export issues (1.0.0-4328-km-fix-cherry-pick) by @aj-rosado in #6301

New Contributors

• @gitclonebrian made their first contribution in #6171
• @KatherineInCode made their first contribution in #6280

Full Changelog: v2025.12.0-bwa...v2025.12.1-bwa
Builds Source: https://github.com/bitwarden/android/actions/runs/20585133978

Password Manager 2025.12.0 (21003)

Overview

• Improved autofill compatibility with Samsung Internet, Opera, and Edge browsers
• Fixed app crashes when unlocking during sync errors
• Fixed passkey creation for AliExpress
• General under-the-hood improvements for usability and performance

What's Changed

• [PM-14880] ci: Add automated PR labelling based on file paths and title patterns by @vvolkgang in #6157
• PM-28053: Ensure any exception thrown during re-auth is an IO exception by @david-livefront in #6175
• Update logic for handling the pin protected user key by @david-livefront in #6169
• [PM-27150] React to device changes on device screen unlock method by @andrebispo5 in #6103
• [PM-27869] fix/[PM-26241] : draw out keyboard on talkback click by @dev-sharma3624 in #6129
• PM-28408: Update CameraPreview composable to address flakey test by @david-livefront in #6178
• [deps]: Update actions/checkout action to v5 by @renovate[bot] in #6144
• [PM-24148] add credential manager provider for create passwords by @Nailik in #5579
• PM-28492: Replace Authenticator Toasts with Snackbars by @david-livefront in #6180
• [PM-28157] Add string extension to prefix URIs with www by @SaintPatrck in #6183
• [PM-21391] Remove debug credential provider configuration by @SaintPatrck in #6182
• [PM-27816] Not clearing the fingerprint on requests that don't return fingerprint on LoginWithDevice by @aj-rosado in #6185
• PM-28525: Update the LoginApprovalScreen ui by @david-livefront in #6187
• PM-28545: Remove the compatibility mode toggle from the Autofill screen by @david-livefront in #6188
• Crowdin Pull by @bw-ghapp[bot] in #6189
• [PM-28086] Add testharness for Credential Manager and Autofill testing by @SaintPatrck in #6159
• Update SDK to 1.0.0-3674-c60a5d79 by @bw-ghapp[bot] in #6064
• Update SDK to 1.0.0-3896-f75a58cd by @bw-ghapp[bot] in #6198
• Update SDK to 1.0.0-3908-4b0d1280 by @bw-ghapp[bot] in #6201
• Enhance code review skill documentation with TOCs and missing severity categories by @SaintPatrck in #6186
• [PM-28157] Revert "Add string extension to prefix URIs with www" by @SaintPatrck in #6192
• Crowdin Pull by @bw-ghapp[bot] in #6206
• Update SDK to 1.0.0-3928-2cca3d46 by @bw-ghapp[bot] in #6205

Full Changelog: v2025.11.1-bwpm...v2025.12.0-bwpm
Builds Source: https://github.com/bitwarden/android/actions/runs/19830126705

Authenticator 2025.12.0 (1114)

Overview

What's Changed

• [PM-14880] ci: Add automated PR labelling based on file paths and title patterns by @vvolkgang in #6157
• PM-28053: Ensure any exception thrown during re-auth is an IO exception by @david-livefront in #6175
• Update logic for handling the pin protected user key by @david-livefront in #6169
• [PM-27150] React to device changes on device screen unlock method by @andrebispo5 in #6103
• [PM-27869] fix/[PM-26241] : draw out keyboard on talkback click by @dev-sharma3624 in #6129
• PM-28408: Update CameraPreview composable to address flakey test by @david-livefront in #6178
• [deps]: Update actions/checkout action to v5 by @renovate[bot] in #6144
• [PM-24148] add credential manager provider for create passwords by @Nailik in #5579
• PM-28492: Replace Authenticator Toasts with Snackbars by @david-livefront in #6180
• [PM-28157] Add string extension to prefix URIs with www by @SaintPatrck in #6183
• [PM-21391] Remove debug credential provider configuration by @SaintPatrck in #6182
• [PM-27816] Not clearing the fingerprint on requests that don't return fingerprint on LoginWithDevice by @aj-rosado in #6185
• PM-28525: Update the LoginApprovalScreen ui by @david-livefront in #6187
• PM-28545: Remove the compatibility mode toggle from the Autofill screen by @david-livefront in #6188
• Crowdin Pull by @bw-ghapp[bot] in #6189
• [PM-28086] Add testharness for Credential Manager and Autofill testing by @SaintPatrck in #6159
• Update SDK to 1.0.0-3674-c60a5d79 by @bw-ghapp[bot] in #6064
• Update SDK to 1.0.0-3896-f75a58cd by @bw-ghapp[bot] in #6198
• Update SDK to 1.0.0-3908-4b0d1280 by @bw-ghapp[bot] in #6201
• Enhance code review skill documentation with TOCs and missing severity categories by @SaintPatrck in #6186
• [PM-28157] Revert "Add string extension to prefix URIs with www" by @SaintPatrck in #6192
• Crowdin Pull by @bw-ghapp[bot] in #6206
• Update SDK to 1.0.0-3928-2cca3d46 by @bw-ghapp[bot] in #6205

Full Changelog: v2025.11.1-bwa...v2025.12.0-bwa
Builds Source: https://github.com/bitwarden/android/actions/runs/20170529113

Password Manager 2025.11.1 (20994)

Overview

• Improved Autofill functionality in Samsung Internet, Opera, and Edge browsers.
• General under-the-hood improvements and bug fixes.

What's Changed

• PM-27705: Enable filterTouchesWhenObscured in Authenticator for security by @david-livefront in #6105
• Remove unused xml colors from Authenticator by @david-livefront in #6108
• Optimize reviewing-changes skill by @SaintPatrck in #6099
• [deps]: Update org.sonarqube to v7 by @renovate[bot] in #6082
• PM-27703: Update Authenticator navigation by @david-livefront in #6109
• [PM-24971] Sanitize passkey attestation options from AliExpress by @SaintPatrck in #6106
• [PM-27657] KDF silent update with MasterPasswordUnlock data by @andrebispo5 in #6113
• PM-27755: Create a common LocalQrCodeAnalyzer for both apps by @david-livefront in #6115
• [PM-26736] Fix push notification logout reason serialization by @andrebispo5 in #6116
• PM-27756: Create common ExitManager by @david-livefront in #6117
• PM-27770: Update error parsing when creating or updating a cipher by @david-livefront in #6118
• PM-24277: Add language selector to Authenticator by @david-livefront in #6120
• PM-27771: Improve TOTP parsing by @david-livefront in #6119
• PM-27817: Consolidate totp parsing with TotpUriUtils by @david-livefront in #6122
• PM-27597: Update Yubikey illustration to match the rest of the app by @david-livefront in #6087
• Reduce verbosity in reviewing-changes skill for clean PRs by @SaintPatrck in #6121
• [PM-27834] Use Authenticator Bridge as a project reference by @vvolkgang in #5793
• PM-27846: Move DispatcherManager to core module by @david-livefront in #6124
• Refine reviewing-changes skill to eliminate verbosity and praise by @SaintPatrck in #6128
• [PM-27752] Add certificate signature verification to AuthenticatorBridge by @SaintPatrck in #6126
• [PM-27806] Reverted changes to order of StorePolicies after sync by @aj-rosado in #6130
• PM-27845: Move SnackbarRelayManager to ui module by @david-livefront in #6127
• Enforce strict brevity in reviewing-changes skill output by @SaintPatrck in #6131
• PM-27902: Logout user after successful master password reset by @SaintPatrck in #6133
• Crowdin Pull by @bw-ghapp[bot] in #6135
• Clarify package id parsing and AutofillView creation by @david-livefront in #6138
• Fix a test that was not running by @david-livefront in #6140
• [deps]: Lock file maintenance by @renovate[bot] in #6146
• Exclude Bitwarden Android SDK from Renovate auto-updates by @SaintPatrck in #6147
• Update Firebase BoM to 34.5.0 by @SaintPatrck in #6150
• Update OkHttp to version 5.3.0 by @SaintPatrck in #6148
• Bump JUnit from 6.0.0 to 6.0.1 by @SaintPatrck in #6149
• [PM-27901] Add f-droid fastlane metadata by @vvolkgang in #6134
• [PM-28041] Remove SDK Update PR changelog list size limit by @vvolkgang in #6152
• All tests should assert if a value is displayed by @david-livefront in #6153
• [PM-28029] Address Sonar Cloud and Linter errors by @vvolkgang in #6151
• [deps]: Update gradle minor by @renovate[bot] in #6143
• [PM-27119] Prevent import card data when ITEM_RESTRICT_TYPES policy is active by @aj-rosado in #6123
• PM-28056: Consolidate IntentManager extensions by @david-livefront in #6156
• Replace blank account name with null by @david-livefront in #6158
• [deps]: Update actions/upload-artifact action to v5 by @renovate[bot] in #6145
• Update App version name to '2025.11.1' by @david-livefront in #6162
• Update Autofill to detect url bar webDomain for certain browsers by @david-livefront in #6141
• [PM-28029] ci: add missing permission to fdroid job to fix f-droid build failures by @vvolkgang in #6163
• [PM-27181] - Grant additional permissions for review code by @theMickster in #6165
• Update RTL transitions to go the correct direction by @david-livefront in #6166
• Crowdin Pull by @bw-ghapp[bot] in #6167
• 🍒 PM-28545: Remove the compatibility mode toggle from the Autofill screen by @SaintPatrck in #6191

Full Changelog: v2025.11.0-bwpm...v2025.11.1-bwpm
Builds Source: https://github.com/bitwarden/android/actions/runs/19583271293

Authenticator 2025.11.1 (1083)

Overview

• General under-the-hood improvements and bug fixes.

What's Changed

• PM-27705: Enable filterTouchesWhenObscured in Authenticator for security by @david-livefront in #6105
• Remove unused xml colors from Authenticator by @david-livefront in #6108
• Optimize reviewing-changes skill by @SaintPatrck in #6099
• [deps]: Update org.sonarqube to v7 by @renovate[bot] in #6082
• PM-27703: Update Authenticator navigation by @david-livefront in #6109
• [PM-24971] Sanitize passkey attestation options from AliExpress by @SaintPatrck in #6106
• [PM-27657] KDF silent update with MasterPasswordUnlock data by @andrebispo5 in #6113
• PM-27755: Create a common LocalQrCodeAnalyzer for both apps by @david-livefront in #6115
• [PM-26736] Fix push notification logout reason serialization by @andrebispo5 in #6116
• PM-27756: Create common ExitManager by @david-livefront in #6117
• PM-27770: Update error parsing when creating or updating a cipher by @david-livefront in #6118
• PM-24277: Add language selector to Authenticator by @david-livefront in #6120
• PM-27771: Improve TOTP parsing by @david-livefront in #6119
• PM-27817: Consolidate totp parsing with TotpUriUtils by @david-livefront in #6122
• PM-27597: Update Yubikey illustration to match the rest of the app by @david-livefront in #6087
• Reduce verbosity in reviewing-changes skill for clean PRs by @SaintPatrck in #6121
• [PM-27834] Use Authenticator Bridge as a project reference by @vvolkgang in #5793
• PM-27846: Move DispatcherManager to core module by @david-livefront in #6124
• Refine reviewing-changes skill to eliminate verbosity and praise by @SaintPatrck in #6128
• [PM-27752] Add certificate signature verification to AuthenticatorBridge by @SaintPatrck in #6126
• [PM-27806] Reverted changes to order of StorePolicies after sync by @aj-rosado in #6130
• PM-27845: Move SnackbarRelayManager to ui module by @david-livefront in #6127
• Enforce strict brevity in reviewing-changes skill output by @SaintPatrck in #6131
• PM-27902: Logout user after successful master password reset by @SaintPatrck in #6133
• Crowdin Pull by @bw-ghapp[bot] in #6135
• Clarify package id parsing and AutofillView creation by @david-livefront in #6138
• Fix a test that was not running by @david-livefront in #6140
• [deps]: Lock file maintenance by @renovate[bot] in #6146
• Exclude Bitwarden Android SDK from Renovate auto-updates by @SaintPatrck in #6147
• Update Firebase BoM to 34.5.0 by @SaintPatrck in #6150
• Update OkHttp to version 5.3.0 by @SaintPatrck in #6148
• Bump JUnit from 6.0.0 to 6.0.1 by @SaintPatrck in #6149
• [PM-27901] Add f-droid fastlane metadata by @vvolkgang in #6134
• [PM-28041] Remove SDK Update PR changelog list size limit by @vvolkgang in #6152
• All tests should assert if a value is displayed by @david-livefront in #6153
• [PM-28029] Address Sonar Cloud and Linter errors by @vvolkgang in #6151
• [deps]: Update gradle minor by @renovate[bot] in #6143
• [PM-27119] Prevent import card data when ITEM_RESTRICT_TYPES policy is active by @aj-rosado in #6123
• PM-28056: Consolidate IntentManager extensions by @david-livefront in #6156
• Replace blank account name with null by @david-livefront in #6158
• [deps]: Update actions/upload-artifact action to v5 by @renovate[bot] in #6145
• Update App version name to '2025.11.1' by @david-livefront in #6162
• Update Autofill to detect url bar webDomain for certain browsers by @david-livefront in #6141
• [PM-28029] ci: add missing permission to fdroid job to fix f-droid build failures by @vvolkgang in #6163
• [PM-27181] - Grant additional permissions for review code by @theMickster in #6165
• Update RTL transitions to go the correct direction by @david-livefront in #6166
• Crowdin Pull by @bw-ghapp[bot] in #6167
• 🍒 PM-28545: Remove the compatibility mode toggle from the Autofill screen by @SaintPatrck in #6191

Full Changelog: v2025.11.0-bwa...v2025.11.1-bwa
Builds Source: https://github.com/bitwarden/android/actions/runs/19868965773

Password Manager 2025.11.0 (20967)

Overview

• Fixed an issue that could cause unexpected app crashes.
• General stability improvements and bug fixes.

What's Changed

• Update OkHttp to latest version by @david-livefront in #6054
• Update SDK to 1.0.0-3436-2a00b727 by @bw-ghapp[bot] in #6042
• [PM-26986] Hide select other account button if user has no other account by @aj-rosado in #6041
• [PM-23290] Migrate PIN unlock keys to PinProtectedUserKeyEnvelope by @andrebispo5 in #6024
• [PM-27130] Update alert (Snackbar) color to inverseSurface in dynamic color scheme by @SaintPatrck in #6057
• PM-27136: Replace FirstTimeSyncSnackbarHost with BitwardenSnackbarHost by @david-livefront in #6058
• PM-27149: Update empty vault illustration by @david-livefront in #6059
• [PM-26420] Add flight recorder logs for vault unlock method and PIN migration by @andrebispo5 in #6052
• Update drawable names with consistent prefixes by @david-livefront in #6060
• PM-27153: Update copy in Authenticator app by @david-livefront in #6061
• [PM-27001] Skip account selection only one exists on cxp flow by @aj-rosado in #6055
• PM-27210: Add dynamic color support to Authenticator by @david-livefront in #6063
• PM-27202: Update ItemListingScreen layout for improved spacing by @david-livefront in #6065
• PM-27263: Add enum for Vault Timeout Policy actions by @david-livefront in #6067
• Remove night-mode icon variants where possible by @david-livefront in #6066
• [PM-27088] fix unit test execution by @Nailik in #6048
• [PM-26810] Remove loading dialog flicker on vault data updates by @SaintPatrck in #6068
• Fix TopAppBar height for multiline titles by @david-livefront in #6069
• [PM-26810] Clear password input after successful OTP verification by @SaintPatrck in #6070
• PM-27271: Update selection button disabled state by @david-livefront in #6071
• Create reusable supporting content composable by @david-livefront in #6075
• [PM-27092] Changing screen capture flow from event based to state based on Authenticator by @aj-rosado in #6062
• Crowdin Pull by @bw-ghapp[bot] in #6077
• [PM-27176] Switch to using SDK's init crypto with MasterPasswordUnlock by @andrebispo5 in #6073
• Minor clean up for the Account Security Screen by @david-livefront in #6076
• Implement reusable Claude code review workflow by @theMickster in #6072
• PM-19302: Add support for a typed vault timeout policy by @david-livefront in #6078
• [PM-22157] independent version names in build workflows by @mpbw2 in #6074
• [PM-26420] FlightRecorder vault unlock method by @andrebispo5 in #6084
• PM-27497: Update Snackbar font when there is no header by @david-livefront in #6086
• PM-27494: Update custom vault timeout UI by @david-livefront in #6085
• [deps]: Lock file maintenance by @renovate[bot] in #6083
• [PM-27516] [PM 27157] Custom text field edit multiline fix by @dev-sharma3624 in #6088
• [PM-27589] [PM-27158] fix : Sub folders always show 0 items by @dev-sharma3624 in #6092
• Update Androidx dependencies by @david-livefront in #6093
• Update Kotlin, ksp, and kover to the latest versions by @david-livefront in #6094
• Update the Google Protobuf library by @david-livefront in #6095
• Fix deprecation within the app by @david-livefront in #6096
• [deps]: Update com.google.devtools.ksp to v2.3.0 by @renovate[bot] in #6080
• Update androidx.credentials to 1.6.0-beta03 by @SaintPatrck in #6097
• Fix topAppBar flicker when text is long by @david-livefront in #6098
• Update Readme compatibility docs by @david-livefront in #6100
• [PM-27120] cxp hide user account when remove individual export is enabled by @aj-rosado in #6089
• Crowdin Pull by @bw-ghapp[bot] in #6101
• Add Push chevron to Block autofill button by @david-livefront in #6102
• 🍒 [PM-27806] Reverted changes to order of StorePolicies after sync by @aj-rosado in #6132
• 🍒 [PM-27902] Logout user after successful master password reset by @aj-rosado in #6137
• 🍒 Update Autofill to detect url bar webDomain for certain browsers by @david-livefront in #6155

Full Changelog: v2025.10.1-bwa...v2025.11.0-bwpm
Builds Source: https://github.com/bitwarden/android/actions/runs/19309927902

Authenticator 2025.11.0 (1030)

Overview

• Various under-the-hood and performance improvements.

What's Changed

• Update OkHttp to latest version by @david-livefront in #6054
• Update SDK to 1.0.0-3436-2a00b727 by @bw-ghapp[bot] in #6042
• [PM-26986] Hide select other account button if user has no other account by @aj-rosado in #6041
• [PM-23290] Migrate PIN unlock keys to PinProtectedUserKeyEnvelope by @andrebispo5 in #6024
• [PM-27130] Update alert (Snackbar) color to inverseSurface in dynamic color scheme by @SaintPatrck in #6057
• PM-27136: Replace FirstTimeSyncSnackbarHost with BitwardenSnackbarHost by @david-livefront in #6058
• PM-27149: Update empty vault illustration by @david-livefront in #6059
• [PM-26420] Add flight recorder logs for vault unlock method and PIN migration by @andrebispo5 in #6052
• Update drawable names with consistent prefixes by @david-livefront in #6060
• PM-27153: Update copy in Authenticator app by @david-livefront in #6061
• [PM-27001] Skip account selection only one exists on cxp flow by @aj-rosado in #6055
• PM-27210: Add dynamic color support to Authenticator by @david-livefront in #6063
• PM-27202: Update ItemListingScreen layout for improved spacing by @david-livefront in #6065
• PM-27263: Add enum for Vault Timeout Policy actions by @david-livefront in #6067
• Remove night-mode icon variants where possible by @david-livefront in #6066
• [PM-27088] fix unit test execution by @Nailik in #6048
• [PM-26810] Remove loading dialog flicker on vault data updates by @SaintPatrck in #6068
• Fix TopAppBar height for multiline titles by @david-livefront in #6069
• [PM-26810] Clear password input after successful OTP verification by @SaintPatrck in #6070
• PM-27271: Update selection button disabled state by @david-livefront in #6071
• Create reusable supporting content composable by @david-livefront in #6075
• [PM-27092] Changing screen capture flow from event based to state based on Authenticator by @aj-rosado in #6062
• Crowdin Pull by @bw-ghapp[bot] in #6077
• [PM-27176] Switch to using SDK's init crypto with MasterPasswordUnlock by @andrebispo5 in #6073
• Minor clean up for the Account Security Screen by @david-livefront in #6076
• Implement reusable Claude code review workflow by @theMickster in #6072
• PM-19302: Add support for a typed vault timeout policy by @david-livefront in #6078
• [PM-22157] independent version names in build workflows by @mpbw2 in #6074
• [PM-26420] FlightRecorder vault unlock method by @andrebispo5 in #6084
• PM-27497: Update Snackbar font when there is no header by @david-livefront in #6086
• PM-27494: Update custom vault timeout UI by @david-livefront in #6085
• [deps]: Lock file maintenance by @renovate[bot] in #6083
• [PM-27516] [PM 27157] Custom text field edit multiline fix by @dev-sharma3624 in #6088
• [PM-27589] [PM-27158] fix : Sub folders always show 0 items by @dev-sharma3624 in #6092
• Update Androidx dependencies by @david-livefront in #6093
• Update Kotlin, ksp, and kover to the latest versions by @david-livefront in #6094
• Update the Google Protobuf library by @david-livefront in #6095
• Fix deprecation within the app by @david-livefront in #6096
• [deps]: Update com.google.devtools.ksp to v2.3.0 by @renovate[bot] in #6080
• Update androidx.credentials to 1.6.0-beta03 by @SaintPatrck in #6097
• Fix topAppBar flicker when text is long by @david-livefront in #6098
• Update Readme compatibility docs by @david-livefront in #6100
• [PM-27120] cxp hide user account when remove individual export is enabled by @aj-rosado in #6089
• Crowdin Pull by @bw-ghapp[bot] in #6101
• Add Push chevron to Block autofill button by @david-livefront in #6102
• 🍒 [PM-27806] Reverted changes to order of StorePolicies after sync by @aj-rosado in #6132
• 🍒 [PM-27902] Logout user after successful master password reset by @aj-rosado in #6137

New Contributors

• @theMickster made their first contribution in #6072
• @dev-sharma3624 made their first contribution in #6088

Full Changelog: v2025.10.1-bwa...v2025.11.0-bwa
Builds Source: https://github.com/bitwarden/android/actions/runs/19175768927