mobile icon indicating copy to clipboard operation
mobile copied to clipboard
verified publisher icon bitwarden

Autofill prompt blocks OK button for BankID, Android

Open plumber-craic opened this issue 4 years ago • 2 comments

Steps To Reproduce

Using Android 11, and BankID, (electronic identification system in Norway with over 4m users)

  1. Unlock the phone
  2. Initiate a BankID authentication session either on the phone or from a different device
  3. The BankID prompt appears on the phone, providing a unique phrase
  4. The next BankID screen requests a pin number
  5. User enters their BankID PIN
  6. The Bitwarden autofill prompt blocks access to the OK button, making it untappable.

Workaround 1

  1. enable rotation in Android. In landscape the OK button can be tapped after scrolling down

Workaround 2

  1. keep the phone locked
  2. Initiate a BankID authentication session
  3. The Bitwarden autofill prompt does not appear, so the BankID OK button can be tapped in portrait mode

Expected Result

The autofill "popover" should not block the OK button from BankID

Actual Result

The autofill "popover" blocks the OK button from BankID

Screenshots or Videos

Initial BankID prompt: 2022-02-28 13_02_11-Screenshot_20220228-125553_SIM toolkit jpg ‎- Photos

During step 2 the PIN should be entered. The Bitwarden overlay is blocking the OK button in portait mode. The overlay persists even after the user types values into this input field: 2022-02-28 13_02_24-Screenshot_20220228-125609_SIM toolkit jpg ‎- Photos

Using workaround 1, device is in landscape mode so the OK button is available: 2022-02-28 13_02_02-Screenshot_20220228-125623_SIM toolkit jpg ‎- Photos

Additional Context

NB: There is another identification system called BankID in Sweden, but this is an entirely separate system from the Norwegian one which I am reporting here.

Operating System

Android

Operating System Version

11

Device

Samsung s21

Build Version

2.16.2 (4334)

Beta

  • [ ] Using a pre-release version of the application.

plumber-craic avatar Feb 28 '22 12:02 plumber-craic

This autofill button should be floatable, so the user can move it somewhere else where it doesn't cover an important part of the screen.

ThrashAbaddon avatar Jul 03 '22 08:07 ThrashAbaddon

Or this could be shown on the bottom part like enpass

revolutionaryking7 avatar Jul 22 '22 11:07 revolutionaryking7

This was really annoying. I doubt there is going to be a fix for this, seeing as the problem has been reported almost 3 years ago (se Estonian Mobile-ID issue linked above). The workaround posted there seems to work for the Norwegian BankId as well. Just remember to add a comma after the URI blacklist: Adding "androidapp://com.android.stk," URI to the blacklist did the trick.

kentskoglund avatar Dec 20 '22 13:12 kentskoglund