PremiumContents
Compatibility
- Minimum SDK: 29
- Target SDK: 35
- Device Types Supported: Phone and Tablet
- Orientations Supported: Portrait and Landscape
Setup
-
Clone the repository:
$ git clone github.com/bitwarden/android
-
Create a
user.propertiesfile in the root directory of the project and add the following properties:gitHubToken: A “classic” Github Personal Access Token (PAT) with theread:packagesscope (ex:gitHubToken=gph_xx...xx). These can be generated by going to the Github tokens page. See the Github Packages user documentation concerning authentication for more details.localSdk: A boolean value to determine if the SDK should be loaded from the local maven artifactory (ex:localSdk=true). This is particularly useful when developing new SDK capabilities. Review Linking SDK to clients for more details.
-
Setup the code style formatter:
All code must follow the guidelines described in the Code Style Guidelines document. To aid in adhering to these rules, all contributors should apply
docs/bitwarden-style.xmlas their code style scheme. In IntelliJ / Android Studio:- Navigate to
Preferences > Editor > Code Style. - Hit the
Managebutton next toScheme. - Select
Import. - Find the
bitwarden-style.xmlfile in the project’sdocs/directory. - Import “from”
BitwardenStyle“to”BitwardenStyle. - Hit
ApplyandOKto save the changes and exit Preferences.
Note that in some cases you may need to restart Android Studio for the changes to take effect.
All code should be formatted before submitting a pull request. This can be done manually but it can also be helpful to create a macro with a custom keyboard binding to auto-format when saving. In Android Studio on OS X:
- Select
Edit > Macros > Start Macro Recording - Select
Code > Optimize Imports - Select
Code > Reformat Code - Select
File > Save All - Select
Edit > Macros > Stop Macro Recording
This can then be mapped to a set of keys by navigating to
Android Studio > Preferencesand editing the macro underKeymap(ex : shift + command + s).Please avoid mixing formatting and logical changes in the same commit/PR. When possible, fix any large formatting issues in a separate PR before opening one to make logical changes to the same code. This helps others focus on the meaningful code changes when reviewing the code.
- Navigate to
Dependencies
Application Dependencies
The following is a list of all third-party dependencies included as part of the application beyond the standard Android SDK.
-
AndroidX Appcompat
- https://developer.android.com/jetpack/androidx/releases/appcompat
- Purpose: Allows access to new APIs on older API versions.
- License: Apache 2.0
-
AndroidX Autofill
- https://developer.android.com/jetpack/androidx/releases/autofill
- Purpose: Allows access to tools for building inline autofill UI.
- License: Apache 2.0
-
AndroidX Biometrics
- https://developer.android.com/jetpack/androidx/releases/biometric
- Purpose: Authenticate with biometrics or device credentials.
- License: Apache 2.0
-
AndroidX Browser
- https://developer.android.com/jetpack/androidx/releases/browser
- Purpose: Displays webpages with the user’s default browser.
- License: Apache 2.0
-
AndroidX CameraX Camera2
- https://developer.android.com/jetpack/androidx/releases/camera
- Purpose: Display and capture images for barcode scanning.
- License: Apache 2.0
-
AndroidX Compose
- https://developer.android.com/jetpack/androidx/releases/compose
- Purpose: A Kotlin-based declarative UI framework.
- License: Apache 2.0
-
AndroidX Core SplashScreen
- https://developer.android.com/jetpack/androidx/releases/core
- Purpose: Backwards compatible SplashScreen API implementation.
- License: Apache 2.0
-
AndroidX Credentials
- https://developer.android.com/jetpack/androidx/releases/credentials
- Purpose: Unified access to user’s credentials.
- License: Apache 2.0
-
AndroidX Lifecycle
- https://developer.android.com/jetpack/androidx/releases/lifecycle
- Purpose: Lifecycle aware components and tooling.
- License: Apache 2.0
-
AndroidX Room
- https://developer.android.com/jetpack/androidx/releases/room
- Purpose: A convenient SQLite-based persistence layer for Android.
- License: Apache 2.0
-
AndroidX Security
- https://developer.android.com/jetpack/androidx/releases/security
- Purpose: Safely manage keys and encrypt files and sharedpreferences.
- License: Apache 2.0
-
AndroidX WorkManager
- https://developer.android.com/jetpack/androidx/releases/work
- Purpose: The WorkManager is used to schedule deferrable, asynchronous tasks that must be run reliably.
- License: Apache 2.0
-
Dagger Hilt
- https://github.com/google/dagger
- Purpose: Dependency injection framework.
- License: Apache 2.0
-
Firebase Cloud Messaging
- https://github.com/firebase/firebase-android-sdk
- Purpose: Allows for push notification support. (NOTE: This dependency is not included in builds distributed via F-Droid.)
- License: Apache 2.0
-
Firebase Crashlytics
- https://github.com/firebase/firebase-android-sdk
- Purpose: SDK for crash and non-fatal error reporting. (NOTE: This dependency is not included in builds distributed via F-Droid.)
- License: Apache 2.0
-
Google Play Reviews
- https://developer.android.com/reference/com/google/android/play/core/release-notes
- Purpose: On standard builds provide an interface to add a review for the password manager application in Google Play.
- License: Apache 2.0
-
Glide
- https://github.com/bumptech/glide
- Purpose: Image loading and caching.
- License: BSD, part MIT and Apache 2.0
-
kotlinx.collections.immutable
- https://github.com/Kotlin/kotlinx.collections.immutable
- Purpose: Immutable collection interfaces and implementation prototypes for Kotlin.
- License: Apache 2.0
-
kotlinx.coroutines
- https://github.com/Kotlin/kotlinx.coroutines
- Purpose: Kotlin coroutines library for asynchronous and reactive code.
- License: Apache 2.0
-
kotlinx.serialization
- https://github.com/Kotlin/kotlinx.serialization/
- Purpose: JSON serialization library for Kotlin.
- License: Apache 2.0
-
kotlinx.serialization converter
- https://github.com/square/retrofit/tree/trunk/retrofit-converters/kotlinx-serialization
- Purpose: Converter for Retrofit 2 and kotlinx.serialization.
- License: Apache 2.0
-
OkHttp 3
- https://github.com/square/okhttp
- Purpose: An HTTP client used by the library to intercept and log traffic.
- License: Apache 2.0
-
Retrofit 2
- https://github.com/square/retrofit
- Purpose: A networking layer interface.
- License: Apache 2.0
-
Timber
- https://github.com/JakeWharton/timber
- Purpose: Extensible logging library for Android.
- License: Apache 2.0
-
zxcvbn4j
- https://github.com/nulab/zxcvbn4j
- Purpose: Password strength estimation.
- License: MIT
-
ZXing
- https://github.com/zxing/zxing
- Purpose: Barcode scanning and generation.
- License: Apache 2.0
Development Environment Dependencies
The following is a list of additional third-party dependencies used as part of the local development environment. This includes test-related artifacts as well as tools related to code quality and linting. These are not present in the final packaged application.
-
detekt
- https://github.com/detekt/detekt
- Purpose: A static code analysis tool for the Kotlin programming language.
- License: Apache 2.0
-
JUnit 5
- https://github.com/junit-team/junit5
- Purpose: Unit Testing framework for testing application code.
- License: Eclipse Public License 2.0
-
MockK
- https://github.com/mockk/mockk
- Purpose: Kotlin-friendly mocking library.
- License: Apache 2.0
-
Robolectric
- https://github.com/robolectric/robolectric
- Purpose: A unit testing framework for code directly depending on the Android framework.
- License: MIT
-
Turbine
- https://github.com/cashapp/turbine
- Purpose: A small testing library for kotlinx.coroutine’s Flow.
- License: Apache 2.0
CI/CD Dependencies
The following is a list of additional third-party dependencies used as part of the CI/CD workflows. These are not present in the final packaged application.
-
Fastlane
- https://fastlane.tools/
- Purpose: Automates building, signing, and distributing applications.
- License: MIT
-
Kover
- https://github.com/Kotlin/kotlinx-kover
- Purpose: Kotlin code coverage toolset.
- License: Apache 2.0
What’s Changed
- [PM-15969] Users with Can Edit access cannot assign collections by @andrebispo5 in #4522
- [PM-8217] Add local feature flag to ignore environment validation by @andrebispo5 in #4521
- Autosync Crowdin Translations by @bw-ghapp in #4503
- [PM-13349] Hide edit button unless item is in at least one non-readOnly collection by @mpbw2 in #4430
- [deps]: Update kotlin by @renovate in #4501
- PM-16474 Adding custom field issues when another text field holds focus by @dseverns-livefront in #4511
- PM-14333 fix case of crowdin translation not adding annotations on string with format args by @dseverns-livefront in #4505
- PM-16821: remove padding on right side of the vault screen dividers by @david-livefront in #4528
- [deps]: Update gh minor by @renovate in #4496
- [deps]: Lock file maintenance by @renovate in #4502
- [PM-16120] Defer passkey authentication until vault data is loaded by @SaintPatrck in #4524
- PM-14179: Update generator screen copy button by @david-livefront in #4530
- [PM-16809] Fix remind me later date (#4526) by @andrebispo5 in #4535
- [PM-16670] Force app to sync after 2FA notice (#4525) by @andrebispo5 in #4536
- [PM-16695] Learn more new device verification by @aj-rosado in #4527
- [PM-16827] Fix test.yml sdk package access and refactor test jobs by @vvolkgang in #4538
- [PM-13349] Hide Edit option in cipher list item overflow when editing not permitted by @mpbw2 in #4539
- PM-15356: Resolve biometrics bypass by @david-livefront in #4448
- [PM-9439] Use passkey icon for items with FIDO2 credentials in search results by @SaintPatrck in #4541
- [PM-16670] Add check for 2fa status #4542 by @andrebispo5 in #4543
- [PM-16808] Add question mark to copy (#4544) by @andrebispo5 in #4545
- [PM-16870] Add support for IronFox by @celenityy in #4534
- Autosync Crowdin Translations by @bw-ghapp in #4546
- [PM-15918] Update bitwarden SDK by @SaintPatrck in #4529
- [PM-14240] Add Quetta Browser to Privileged Apps by @SymphonicDeviation in #4189
- [deps]: Update gh minor by @renovate in #4551
- [PM-16827] Only report coverage when tests pass by @vvolkgang in #4550
- Update AGP to v8.8.0 by @david-livefront in #4557
- [PM-17011] Move network managers to
networkpackage by @SaintPatrck in #4559 - PM-16830 – Update global loading screen component to new reskinned version by @phil-livefront in #4558
- [PM-17119] Add domains to network config by @vvolkgang in #4568
- [QA-968] Adding missing testTag for MP hint email field by @ifernandezdiaz in #4565
- [QA-969] Adding missing testTag for Folder Name textfield by @ifernandezdiaz in #4564
- PM-14179: Create and apply card style to UI by @david-livefront in #4567
- [PM-16905] Add back button to new device notice by @andrebispo5 in #4570
- Add correct card padding to BitwardenHiddenPasswordField by @david-livefront in #4576
- Autosync Crowdin Translations by @bw-ghapp in #4580
- Add spacer between type and name when creating a login cipher by @david-livefront in #4579
- Remove outer box on EnvironmentSelector by @david-livefront in #4577
- [deps]: Update org.jetbrains.kotlinx.kover to v0.9.1 by @renovate in #4592
- [deps]: Lock file maintenance by @renovate in #4594
- [deps]: Update androidx.compose:compose-bom to v2025 by @renovate in #4593
- PM-16850-PM-16851-PM-16852 – Updating full screen loading indicator by @phil-livefront in #4581
- Update Firebase to the latest version v33.8.0 by @david-livefront in #4598
- Update the AndroidX Activity library to 1.10.0 by @david-livefront in #4599
- PM-16631 Applying CoachMarkContainer to the AddLoginItem content. by @dseverns-livefront in #4571
- [deps]: Update gh minor by @renovate in #4591
- [QA-980] Adding missing testTags for Custom fields by @ifernandezdiaz in #4569
- [PM-17099] Re-Sort Quetta Browser Alphabetically by @SymphonicDeviation in #4562
- [PM-17405] Add mutual TLS feature flag by @SaintPatrck in #4606
- PM-17404: Set app delegate on theme change by @david-livefront in #4605
- [PM-15906] Implement single tap passkey flows by @SaintPatrck in #4547
- PM-17074-PM-17802 – Send Screen Design Updates by @phil-livefront in #4604
- PM-17410: Update password hint font by @david-livefront in #4614
- PM-15804, PM-17130: Add logic to monitor when the screen on state to ensure the vault locks properly by @david-livefront in #4610
- PM-14179: Update internal placement of test tags for the BitwardenTextField by @david-livefront in #4612
- PM-17409: Allow nullable labels text fields by @david-livefront in #4617
- Autosync Crowdin Translations by @bw-ghapp in #4619
- Update BitwardenPasswordField TestTags by @david-livefront in #4632
- Reverts PM-14995 by @dseverns-livefront in #4633
New Contributors
- @celenityy made their first contribution in #4534
- @SymphonicDeviation made their first contribution in #4189
Full Changelog: v2025.1.0...v2025.1.2
Builds Source: https://github.com/bitwarden/android/actions/runs/13074875915
