Fix build pipeline MAUI version (#3354)

(cherry picked from commit 3262fdc9ec)

.github/CODEOWNERS

@@ -1,18 +1,26 @@
-# Please sort lines alphabetically, this will ensure we don't accidentally add duplicates.
+# Please sort into logical groups with comment headers. Sort groups in order of specificity.
+# For example, default owners should always be the first group.
+# Sort lines alphabetically within these groups to avoid accidentally adding duplicates.
 #
 # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
 
-# The following owners will be the default owners for everything in the repo.
-# Unless a later match takes precedence
-# @bitwarden/tech-leads
+# Default file owners
+* @bitwarden/dept-development-mobile
 
-@bitwarden/dept-development-mobile
+# DevOps for Actions and other workflow changes
+.github/workflows @bitwarden/dept-devops
+
+# DevOps for Version Bumping
+src/App/Platforms/Android/AndroidManifest.xml
+src/iOS.Autofill/Info.plist
+src/iOS.Extension/Info.plist
+src/iOS.ShareExtension/Info.plist
+src/App/Platforms/iOS/Info.plist
 
 ## Auth team files ##
 
 ## Platform team files ##
 appIcons @bitwarden/team-platform-dev
-build.cake @bitwarden/team-platform-dev
 
 ## Vault team files ##
 src/watchOS @bitwarden/team-vault-dev
@@ -21,14 +29,17 @@ src/watchOS @bitwarden/team-vault-dev
 src/Core/Services/EmailForwarders @bitwarden/team-tools-dev
 
 ## Crowdin Sync files ##
-src/App/Resources @bitwarden/team-tools-dev
+src/Core/Resources/Localization @bitwarden/team-tools-dev
 src/watchOS/bitwarden/bitwarden\ WatchKit\ Extension/Localization @bitwarden/team-tools-dev
 store/apple @bitwarden/team-tools-dev
 store/google @bitwarden/team-tools-dev
 
 ## Locales ## 
-src/App/Resources/AppResources.Designer.cs
-src/App/Resources/AppResources.resx
+src/Core/Resources/Localization/AppResources.Designer.cs
+src/Core/Resources/Localization/AppResources.resx
 src/watchOS/bitwarden/bitwarden\ WatchKit\ Extension/Localization/en.lproj
 store/apple/en
 store/google/en
+
+## Utils ##
+store/google/Publisher

.github/labeler.yml

@@ -1,19 +1,26 @@
 android:
-- src/App/*
-- src/Core/*
-- src/Android/*
+- changed-files:
+  - any-glob-to-any-file:
+    - src/App/*
+    - src/Core/*
+    - src/Android/*
+    - 'src/Xamarin.AndroidX.Credentials/*'
 
 iOS:
-- src/App/*
-- src/Core/*
-- lib/ios/*
-- src/iOS/*
-- 'src/iOS.Autofill/*'
-- 'src/iOS.Core/*'
-- 'src/iOS.Extension/*'
-- 'src/iOS.ShareExtension/*'
-- 'src/iOS.Widget/*'
-- src/watchOS/*
+- changed-files:
+  - any-glob-to-any-file:
+    - src/App/*
+    - src/Core/*
+    - lib/ios/*
+    - src/iOS/*
+    - 'src/iOS.Autofill/*'
+    - 'src/iOS.Core/*'
+    - 'src/iOS.Extension/*'
+    - 'src/iOS.ShareExtension/*'
+    - 'src/iOS.Widget/*'
+    - src/watchOS/*
 
 watchOS:
-- src/watchOS/*
+- changed-files:
+  - any-glob-to-any-file:
+    - src/watchOS/*

.github/renovate.json

@@ -2,22 +2,21 @@
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
     "config:base",
+    "github>bitwarden/renovate-config:pin-actions",
     ":combinePatchMinorReleases",
     ":dependencyDashboard",
     ":maintainLockFilesWeekly",
     ":pinAllExceptPeerDependencies",
     ":prConcurrentLimit10",
     ":rebaseStalePrs",
-    "schedule:weekends",
-    ":separateMajorReleases"
+    ":separateMajorReleases",
+    "group:monorepos",
+    "schedule:weekends"
   ],
-  "enabledManagers": ["cargo", "github-actions", "npm", "nuget"],
+  "enabledManagers": ["github-actions", "npm", "nuget"],
+  "commitMessagePrefix": "[deps]:",
+  "commitMessageTopic": "{{depName}}",
   "packageRules": [
-    {
-      "groupName": "cargo minor",
-      "matchManagers": ["cargo"],
-      "matchUpdateTypes": ["minor", "patch"]
-    },
     {
       "groupName": "gh minor",
       "matchManagers": ["github-actions"],
@@ -32,6 +31,6 @@
       "groupName": "nuget minor",
       "matchManagers": ["nuget"],
       "matchUpdateTypes": ["minor", "patch"]
-    },
+    }
   ]
 }

.github/secrets/google-services.json.gpg

@@ -1,3 +0,0 @@
-<EFBFBD>
-	K<>Y#<23>(<28><><EFBFBD><EFBFBD>
EI֐߄T?)l<><6C><EFBFBD><18><><10>"=<3D>|<7C>'e<><0E>m<EFBFBD>/~<7E><>'F<><46>><3E><><EFBFBD><EFBFBD>l<EFBFBD>b<EFBFBD>[<5B>+R<><52>iL<69><4C>"<22><><EFBFBD>~V:<3A><>p<EFBFBD>a<17>ڵel%8t<38><74>튖<EFBFBD>y<<3C>n<EFBFBD><6E><EFBFBD>aU<61>w<16>JD<4A><44><1F><>We<57>9<EFBFBD><39><EFBFBD><EFBFBD><x8d<38>O<EFBFBD>j\<14>ד<EFBFBD><D793><EFBFBD>Vq<56><71>֋
-Ǻ<EFBFBD>-<2D>#<23><><11><>]$<24>(<28>l,<2C>Br<42><02><>d<><64><EFBFBD>•a-<2D><><EFBFBD>:<3A><>:<3A><04>9b,!Em<02><19><>Qf<>D<EFBFBD>g<EFBFBD><06><0E>x(P<>ȡ~<7E>͹<EFBFBD><CDB9>	<09><>[<06><>!:<3A>;f<><66>

.github/workflows/automatic-issue-responses.yml

@@ -7,7 +7,7 @@ on:
 jobs:
   close-issue:
     name: 'Close issue with automatic response'
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     permissions:
       issues: write
     steps:

.github/workflows/build-beta.yml

@@ -0,0 +1,350 @@
+---
+name: Build Beta
+
+on:
+  workflow_dispatch:
+    inputs:
+      ref:
+        description: 'Branch or tag to build'
+        required: true
+        default: 'main'
+        type: string
+
+env:
+  main_app_folder_path: src/App
+  main_app_project_path: src/App/App.csproj
+  target-net-version: net8.0
+
+jobs:
+  setup:
+    name: Setup
+    runs-on: ubuntu-22.04
+    outputs:
+      rc_branch_exists: ${{ steps.branch-check.outputs.rc_branch_exists }}
+      hotfix_branch_exists: ${{ steps.branch-check.outputs.hotfix_branch_exists }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        with:
+          submodules: 'true'
+
+      - name: Check if special branches exist
+        id: branch-check
+        run: |
+          if [[ $(git ls-remote --heads origin rc) ]]; then
+            echo "rc_branch_exists=1" >> $GITHUB_OUTPUT
+          else
+            echo "rc_branch_exists=0" >> $GITHUB_OUTPUT
+          fi
+
+          if [[ $(git ls-remote --heads origin hotfix-rc) ]]; then
+            echo "hotfix_branch_exists=1" >> $GITHUB_OUTPUT
+          else
+            echo "hotfix_branch_exists=0" >> $GITHUB_OUTPUT
+          fi
+
+  ios:
+    name: Apple iOS
+    runs-on: macos-14
+    needs: setup
+    env:
+      ios_folder_path: src/App/Platforms/iOS
+      app_output_name: App
+      app_ci_output_filename: App_x64_Debug
+    steps:
+      - name: Set XCode version
+        uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
+        with:
+          xcode-version: 15.1
+
+      - name: Setup NuGet
+        uses: nuget/setup-nuget@a21f25cd3998bf370fde17e3f1b4c12c175172f9 # v2.0.0
+        with:
+          nuget-version: 6.4.0
+      
+      - name: Set up .NET
+        uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
+        with:
+          dotnet-version: '8.0.x'
+  
+      # This step might be obsolete at some point as .NET MAUI workloads 
+      # are starting to come pre-installed on the GH Actions build agents.
+      - name: Install MAUI Workload
+        run: dotnet workload install maui --ignore-failed-sources
+
+      - name: Print environment
+        run: |
+          nuget help | grep Version
+          dotnet --info
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+
+      - name: Checkout repo
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        with:
+          fetch-depth: 0
+          ref: ${{ inputs.ref }}
+          submodules: 'true'
+
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "appcenter-ios-token"
+
+      - name: Download Provisioning Profiles secrets
+        env:
+          ACCOUNT_NAME: bitwardenci
+          CONTAINER_NAME: profiles
+        run: |
+          mkdir -p $HOME/secrets
+          profiles=(
+              "dist_beta_autofill.mobileprovision"
+              "dist_beta_bitwarden.mobileprovision"
+              "dist_beta_extension.mobileprovision"
+              "dist_beta_share_extension.mobileprovision"
+              "dist_beta_bitwarden_watch_app.mobileprovision"
+              "dist_beta_bitwarden_watch_app_extension.mobileprovision"
+          )
+
+          for FILE in "${profiles[@]}"
+          do
+            az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
+              --file $HOME/secrets/$FILE --output none
+          done
+
+      - name: Download Google Services secret
+        env:
+          ACCOUNT_NAME: bitwardenci
+          CONTAINER_NAME: mobile
+          FILE: GoogleService-Info.plist
+        run: |
+          mkdir -p $HOME/secrets
+          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
+            --file $HOME/secrets/$FILE --output none
+
+      - name: Increment version
+        run: |
+          BUILD_NUMBER=$((100 + $GITHUB_RUN_NUMBER))
+          echo "##### Setting CFBundleVersion $BUILD_NUMBER"
+
+          echo "### CFBundleVersion $BUILD_NUMBER" >> $GITHUB_STEP_SUMMARY
+
+          perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./${{ env.ios_folder_path }}/Info.plist
+          perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.Extension/Info.plist
+          perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.Autofill/Info.plist
+          perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.ShareExtension/Info.plist
+          cd src/watchOS/bitwarden
+          agvtool new-version -all  $BUILD_NUMBER
+
+      - name: Update Entitlements
+        run: |
+          echo "##### Updating Entitlements"
+          perl -0777 -pi.bak -e 's/<key>aps-environment<\/key>\s*<string>development<\/string>/<key>aps-environment<\/key>\n\t<string>beta<\/string>/' ./${{ env.ios_folder_path }}/Entitlements.plist
+
+      - name: Get certificates
+        run: |
+          mkdir -p $HOME/certificates
+          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/ios-distribution |
+            jq -r .value | base64 -d > $HOME/certificates/ios-distribution.p12
+
+      - name: Set up Keychain
+        env:
+          KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }}
+          MOBILE_KEY_PASSWORD: ${{ secrets.IOS_KEY_PASSWORD }}
+          DIST_CERT_PASSWORD: ${{ secrets.IOS_DIST_CERT_PASSWORD }}
+        run: |
+          security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
+          security default-keychain -s build.keychain
+          security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
+          security set-keychain-settings -lut 1200 build.keychain
+
+          security import $HOME/certificates/ios-distribution.p12 -k build.keychain -P "" -T /usr/bin/codesign \
+            -T /usr/bin/security
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
+
+      - name: Set up provisioning profiles
+        run: |
+          AUTOFILL_PROFILE_PATH=$HOME/secrets/dist_beta_autofill.mobileprovision
+          BITWARDEN_PROFILE_PATH=$HOME/secrets/dist_beta_bitwarden.mobileprovision
+          EXTENSION_PROFILE_PATH=$HOME/secrets/dist_beta_extension.mobileprovision
+          SHARE_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_beta_share_extension.mobileprovision
+          WATCH_APP_PROFILE_PATH=$HOME/secrets/dist_beta_bitwarden_watch_app.mobileprovision
+          WATCH_APP_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_beta_bitwarden_watch_app_extension.mobileprovision
+          PROFILES_DIR_PATH=$HOME/Library/MobileDevice/Provisioning\ Profiles
+
+          mkdir -p "$PROFILES_DIR_PATH"
+
+          AUTOFILL_UUID=$(grep UUID -A1 -a $AUTOFILL_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
+          cp $AUTOFILL_PROFILE_PATH "$PROFILES_DIR_PATH/$AUTOFILL_UUID.mobileprovision"
+
+          BITWARDEN_UUID=$(grep UUID -A1 -a $BITWARDEN_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
+          cp $BITWARDEN_PROFILE_PATH "$PROFILES_DIR_PATH/$BITWARDEN_UUID.mobileprovision"
+
+          EXTENSION_UUID=$(grep UUID -A1 -a $EXTENSION_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
+          cp $EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$EXTENSION_UUID.mobileprovision"
+
+          SHARE_EXTENSION_UUID=$(grep UUID -A1 -a $SHARE_EXTENSION_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
+          cp $SHARE_EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$SHARE_EXTENSION_UUID.mobileprovision"
+
+          WATCH_APP_UUID=$(grep UUID -A1 -a $WATCH_APP_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
+          cp $WATCH_APP_PROFILE_PATH "$PROFILES_DIR_PATH/$WATCH_APP_UUID.mobileprovision"
+
+          WATCH_APP_EXTENSION_UUID=$(grep UUID -A1 -a $WATCH_APP_EXTENSION_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
+          cp $WATCH_APP_EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$WATCH_APP_EXTENSION_UUID.mobileprovision"
+
+      - name: Restore packages
+        run: |
+          dotnet restore
+          dotnet tool restore
+
+      - name: Setup iOS build CAKE (Testing)
+        run: dotnet cake build.cake --target iOS --variant beta
+
+      - name: Bulid WatchApp
+        run: |
+          echo "##### Build WatchApp with Release Configuration"
+          xcodebuild archive -workspace ./src/watchOS/bitwarden/bitwarden.xcodeproj/project.xcworkspace -configuration Release -scheme bitwarden\ WatchKit\ App -archivePath ./src/watchOS/bitwarden
+
+          echo "##### Done"
+
+      - name: Archive Build for App Store
+        shell: pwsh
+        run: |
+          Write-Output "##### Archive for Release ios-arm64"
+          dotnet publish ${{ env.main_app_project_path }} -c Release -f ${{ env.target-net-version }}-ios /p:RuntimeIdentifier=ios-arm64 /p:ArchiveOnBuild=true /p:MtouchUseLlvm=false
+
+          Write-Output "##### Done"
+
+      - name: Archive Build for Mobile Automation
+        shell: pwsh
+        run: |
+          Write-Output "##### Archive Debug for iossimulator-x64"
+          dotnet build ${{ env.main_app_project_path }} -c Debug -f ${{ env.target-net-version }}-ios /p:RuntimeIdentifier=iossimulator-x64 /p:ArchiveOnBuild=true /p:MtouchUseLlvm=false
+
+          Write-Output "##### Done"
+          ls ~/Library/Developer/Xcode/Archives
+          
+      - name: Export .ipa for App Store
+        env:
+          EXPORT_OPTIONS_PATH: ./.github/resources/export-options-app-store.plist
+          EXPORT_PATH: ./bitwarden-export
+        run: |
+          ARCHIVE_PATH="$HOME/Library/Developer/Xcode/Archives/*/*.xcarchive"
+
+          xcodebuild -exportArchive -archivePath $ARCHIVE_PATH -exportPath $EXPORT_PATH \
+            -exportOptionsPlist $EXPORT_OPTIONS_PATH
+
+      - name: Export .app for Automation CI
+        env:
+          ARCHIVE_PATH: ./${{ env.main_app_folder_path }}/bin/Debug/${{ env.target-net-version }}-ios/iossimulator-x64
+          EXPORT_PATH: ./bitwarden-export
+        run: |
+          zip -r -q ${{ env.app_ci_output_filename }}.app.zip $ARCHIVE_PATH
+          mv ${{ env.app_ci_output_filename }}.app.zip $EXPORT_PATH
+
+      - name: Show Bitwarden Export
+        shell: bash
+        run:  ls -a -R ./bitwarden-export
+
+      - name: Copy all dSYMs files to upload
+        env:
+          EXPORT_PATH: ./bitwarden-export
+          WATCH_ARCHIVE_DSYMS_PATH: ./src/watchOS/bitwarden.xcarchive/dSYMs/
+          WATCH_DSYMS_EXPORT_PATH: ./bitwarden-export/Watch_dSYMs
+        run: |
+          ARCHIVE_DSYMS_PATH="$HOME/Library/Developer/Xcode/Archives/*/*.xcarchive/dSYMs"
+
+          cp -r -v $ARCHIVE_DSYMS_PATH $EXPORT_PATH
+          mkdir $WATCH_DSYMS_EXPORT_PATH
+          cp -r -v $WATCH_ARCHIVE_DSYMS_PATH $WATCH_DSYMS_EXPORT_PATH
+
+      - name: Upload App Store .ipa & dSYMs artifacts
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        with:
+          name: Bitwarden iOS
+          path: |
+            ./bitwarden-export/Bitwarden*.ipa
+            ./bitwarden-export/dSYMs/*.*
+          if-no-files-found: error
+
+      - name: Upload .app file for Automation CI
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        with:
+          name: ${{ env.app_ci_output_filename }}.app.zip
+          path: ./bitwarden-export/${{ env.app_ci_output_filename }}.app.zip
+          if-no-files-found: error
+
+      - name: Install AppCenter CLI
+        run: npm install -g appcenter-cli
+
+      - name: Upload dSYMs to App Center
+        env:
+          APPCENTER_IOS_TOKEN: ${{ steps.retrieve-secrets.outputs.appcenter-ios-token }}
+        run: appcenter crashes upload-symbols -a bitwarden/bitwarden -s "./bitwarden-export/dSYMs" --token $APPCENTER_IOS_TOKEN
+
+      - name: Upload Watch dSYMs to Firebase Crashlytics
+        run: |
+          echo "##### Uploading Watch dSYMs to Firebase"
+          find "$HOME/Library/Developer/XCode/DerivedData" -name "upload-symbols" -exec chmod +x {} \; -exec {} -gsp "./src/watchOS/bitwarden/GoogleService-Info.plist" -p ios "./bitwarden-export/Watch_dSYMs" \;
+
+      - name: Validate app in App Store
+        env:
+          APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
+          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+        run: |
+          xcrun altool --validate-app --type ios --file "./bitwarden-export/Bitwarden Beta.ipa" \
+              --username "$APPLE_ID_USERNAME" --password "$APPLE_ID_PASSWORD"
+        shell: bash
+
+      - name: Deploy to App Store
+        env:
+          APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
+          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+        run: |
+          xcrun altool --upload-app --type ios --file "./bitwarden-export/Bitwarden Beta.ipa" \
+              --username "$APPLE_ID_USERNAME" --password "$APPLE_ID_PASSWORD"
+
+  check-failures:
+    name: Check for failures
+    if: always()
+    runs-on: ubuntu-22.04
+    needs:
+      - setup
+      - ios
+    steps:
+      - name: Check if any job failed
+        if: |
+          (github.ref == 'refs/heads/main'
+          || github.ref == 'refs/heads/rc'
+          || github.ref == 'refs/heads/hotfix-rc')
+          && contains(needs.*.result, 'failure')
+        run: exit 1
+
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        if: failure()
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        if: failure()
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "devops-alerts-slack-webhook-url"
+
+      - name: Notify Slack on failure
+        uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
+        if: failure()
+        env:
+          SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}
+        with:
+          status: ${{ job.status }}

.github/workflows/cleanup-rc-branch.yml

@@ -0,0 +1,53 @@
+---
+name: Cleanup RC Branch
+
+on:
+  push:
+    tags:
+      - v**
+
+jobs:
+  delete-rc:
+    name: Delete RC Branch
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Retrieve bot secrets
+        id: retrieve-bot-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: bitwarden-ci
+          secrets: "github-pat-bitwarden-devops-bot-repo-scope"
+
+      - name: Checkout main
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        with:
+          ref: main
+          token: ${{ steps.retrieve-bot-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
+
+      - name: Check if a RC branch exists
+        id: branch-check
+        run: |
+          hotfix_rc_branch_check=$(git ls-remote --heads origin hotfix-rc | wc -l)
+          rc_branch_check=$(git ls-remote --heads origin rc | wc -l)
+
+          if [[ "${hotfix_rc_branch_check}" -gt 0 ]]; then
+            echo "hotfix-rc branch exists." | tee -a $GITHUB_STEP_SUMMARY
+            echo "name=hotfix-rc" >> $GITHUB_OUTPUT
+          elif [[ "${rc_branch_check}" -gt 0 ]]; then
+            echo "rc branch exists." | tee -a $GITHUB_STEP_SUMMARY
+            echo "name=rc" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Delete RC branch
+        env:
+          BRANCH_NAME: ${{ steps.branch-check.outputs.name }}
+        run: |
+          if ! [[ -z "$BRANCH_NAME" ]]; then
+            git push --quiet origin --delete $BRANCH_NAME
+            echo "Deleted $BRANCH_NAME branch." | tee -a $GITHUB_STEP_SUMMARY
+          fi

.github/workflows/crowdin-pull.yml

@@ -10,15 +10,15 @@ on:
 jobs:
   crowdin-sync:
     name: Autosync
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     env:
       _CROWDIN_PROJECT_ID: "269690"
     steps:
       - name: Checkout repo
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Login to Azure - CI Subscription
-        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.6
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
         with:
           creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
@@ -30,13 +30,13 @@ jobs:
           secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"
 
       - name: Download translations
-        uses: crowdin/github-action@965d501f160af7b1f88aed4c29154b0caf1e94b9 # v1.9.0
+        uses: crowdin/github-action@61ac8b980551f674046220c3e104bddae2916ac5 # v2.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
         with:
           config: crowdin.yml
-          crowdin_branch_name: master
+          crowdin_branch_name: main
           upload_sources: false
           upload_translations: false
           download_translations: true

.github/workflows/enforce-labels.yml

@@ -7,7 +7,7 @@ on:
 jobs:
   enforce-label:
     name: EnforceLabel
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
       - name: Enforce Label
         uses: yogevbd/enforce-label-action@a3c219da6b8fa73f6ba62b68ff09c469b3a1c024 # 2.2.2

.github/workflows/pr-labeler.yml

@@ -10,8 +10,8 @@ jobs:
     permissions:
       contents: read
       pull-requests: write
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
-      - uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594  # v4.3.0
+      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
         with:
           sync-labels: true

.github/workflows/release.yml

@@ -23,12 +23,12 @@ on:
 jobs:
   release:
     name: Create Release
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     outputs:
       branch-name: ${{ steps.branch.outputs.branch-name }}
     steps:
       - name: Branch check
-        if: github.event.inputs.release_type != 'Dry Run'
+        if: inputs.release_type != 'Dry Run'
         run: |
           if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
             echo "==================================="
@@ -38,15 +38,15 @@ jobs:
           fi
 
       - name: Checkout repo
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Check Release Version
         id: version
         uses: bitwarden/gh-actions/release-version-check@main
         with:
-          release-type: ${{ github.event.inputs.release_type }}
+          release-type: ${{ inputs.release_type }}
           project-type: xamarin
-          file: src/Android/Properties/AndroidManifest.xml
+          file: src/App/Platforms/Android/AndroidManifest.xml
 
       - name: Get branch name
         id: branch
@@ -55,8 +55,8 @@ jobs:
           echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT
 
       - name: Create GitHub deployment
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: chrnorm/deployment-action@d42cde7132fcec920de534fffc3be83794335c00 # v2.0.5
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
         id: deployment
         with:
           token: '${{ secrets.GITHUB_TOKEN }}'
@@ -65,29 +65,35 @@ jobs:
           description: 'Deployment ${{ steps.version.outputs.version }} from branch ${{ steps.branch.outputs.branch-name }}'
           task: release
 
-
       - name: Download all artifacts
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615  # v2.27.0
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        uses: bitwarden/gh-actions/download-artifacts@main
         with:
           workflow: build.yml
           workflow_conclusion: success
           branch: ${{ steps.branch.outputs.branch-name }}
+          skip_unpack: true
 
       - name: Dry Run - Download all artifacts
-        if: ${{ github.event.inputs.release_type == 'Dry Run' }}
-        uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615  # v2.27.0
+        if: ${{ inputs.release_type == 'Dry Run' }}
+        uses: bitwarden/gh-actions/download-artifacts@main
         with:
           workflow: build.yml
           workflow_conclusion: success
-          branch: master
+          branch: main
+          skip_unpack: true
 
-      - name: Prep Bitwarden iOS release asset
-        run: zip -r Bitwarden\ iOS.zip Bitwarden\ iOS
+      - name: Unzip release assets
+        run: |
+          unzip bw-android-apk-sha256.txt.zip -d bw-android-apk-sha256.txt
+          unzip bw-fdroid-apk-sha256.txt.zip -d bw-fdroid-apk-sha256.txt
+          unzip com.x8bit.bitwarden-fdroid.apk.zip -d com.x8bit.bitwarden-fdroid.apk
+          unzip com.x8bit.bitwarden.aab.zip -d com.x8bit.bitwarden.aab
+          unzip com.x8bit.bitwarden.apk.zip -d com.x8bit.bitwarden.apk
 
       - name: Create release
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5  # v1.13.0
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
         with:
           artifacts: "./com.x8bit.bitwarden.aab/com.x8bit.bitwarden.aab,
                       ./com.x8bit.bitwarden.apk/com.x8bit.bitwarden.apk,
@@ -103,16 +109,16 @@ jobs:
           draft: true
 
       - name: Update deployment status to Success
-        if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }}
-        uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
+        if: ${{ inputs.release_type != 'Dry Run' && success() }}
+        uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
         with:
           token: '${{ secrets.GITHUB_TOKEN }}'
           state: 'success'
           deployment-id: ${{ steps.deployment.outputs.deployment_id }}
 
       - name: Update deployment status to Failure
-        if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }}
-        uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
+        if: ${{ inputs.release_type != 'Dry Run' && failure() }}
+        uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
         with:
           token: '${{ secrets.GITHUB_TOKEN }}'
           state: 'failure'
@@ -121,16 +127,16 @@ jobs:
 
   f-droid:
     name: F-Droid Release
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs: release
     if: inputs.fdroid_publish
     steps:
       - name: Checkout repo
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Download F-Droid .apk artifact
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615  # v2.27.0
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        uses: bitwarden/gh-actions/download-artifacts@main
         with:
           workflow: build.yml
           workflow_conclusion: success
@@ -138,23 +144,21 @@ jobs:
           name: com.x8bit.bitwarden-fdroid.apk
 
       - name: Dry Run - Download F-Droid .apk artifact
-        if: ${{ github.event.inputs.release_type == 'Dry Run' }}
-        uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615  # v2.27.0
+        if: ${{ inputs.release_type == 'Dry Run' }}
+        uses: bitwarden/gh-actions/download-artifacts@main
         with:
           workflow: build.yml
           workflow_conclusion: success
-          branch: master
+          branch: main
           name: com.x8bit.bitwarden-fdroid.apk
 
       - name: Set up Node
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d  # v3.8.1
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           node-version: '16.x'
 
       - name: Set up F-Droid server
-        run: |
-          sudo apt-get -qq update
-          sudo apt-get -qqy install --no-install-recommends fdroidserver wget
+        run: pip install git+https://gitlab.com/fdroid/fdroidserver.git
 
       - name: Set up Git credentials
         env:
@@ -167,49 +171,59 @@ jobs:
 
       - name: Print environment
         run: |
-          node --version
-          npm --version
-          git --version
+          echo "Node Version: $(node --version)"
+          echo "NPM Version: $(npm --version)"
+          echo "Git Version: $(git --version)"
+          echo "F-Droid Server Version: $(fdroid --version)"
           echo "GitHub ref: $GITHUB_REF"
           echo "GitHub event: $GITHUB_EVENT"
 
       - name: Install Node dependencies
         run: npm install
 
-      - name: Decrypt secrets
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Download secrets
         env:
-          DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
+          ACCOUNT_NAME: bitwardenci
+          CONTAINER_NAME: mobile
         run: |
-          mkdir -p ~/secrets
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output ./store/fdroid/keystore.jks ./.github/secrets/store_fdroid-keystore.jks.gpg
+          mkdir -p $HOME/secrets
+          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          --name store_fdroid-keystore.jks --file ./store/fdroid/keystore.jks --output none
 
       - name: Compile for F-Droid Store
         env:
           FDROID_STORE_KEYSTORE_PASSWORD: ${{ secrets.FDROID_STORE_KEYSTORE_PASSWORD }}
         run: |
-          cd $GITHUB_WORKSPACE
+          # Create required directories.
           mkdir dist
-          cp CNAME ./dist
-          cd store
-          chmod 600 fdroid/config.py fdroid/keystore.jks
-          mkdir -p temp/fdroid
+          mkdir -p store/temp/fdroid
+          mkdir -p store/fdroid/repo
+
+          # Configure F-Droid server.
+          cp CNAME dist/
+          chmod 600 store/fdroid/config.yml store/fdroid/keystore.jks
           TEMP_DIR="$GITHUB_WORKSPACE/store/temp/fdroid"
-          cd fdroid
-          echo "keypass=\"$FDROID_STORE_KEYSTORE_PASSWORD\"" >>config.py
-          echo "keystorepass=\"$FDROID_STORE_KEYSTORE_PASSWORD\"" >>config.py
-          echo "local_copy_dir=\"$TEMP_DIR\"" >>config.py
-          mkdir -p repo
-          mv $GITHUB_WORKSPACE/com.x8bit.bitwarden-fdroid.apk ./repo/
+          echo "keypass: $FDROID_STORE_KEYSTORE_PASSWORD" >> store/fdroid/config.yml
+          echo "keystorepass: $FDROID_STORE_KEYSTORE_PASSWORD" >> store/fdroid/config.yml
+          echo "local_copy_dir: $TEMP_DIR" >> store/fdroid/config.yml
+          mv $GITHUB_WORKSPACE/com.x8bit.bitwarden-fdroid.apk store/fdroid/repo/
+
+          # Run update and deploy.
+          cd store/fdroid
           fdroid update
-          fdroid server update
-          cd ..
-          rm -rf temp/fdroid/archive
-          mv -v temp/fdroid ../dist
-          cd fdroid
-          cp index.html btn.png qr.png ../../dist/fdroid
-          cd $GITHUB_WORKSPACE
+          fdroid deploy
+          cd ../..
+
+          # Move files for distribution.
+          rm -rf store/temp/fdroid/archive
+          mv -v store/temp/fdroid dist
+          cp store/fdroid/index.html store/fdroid/btn.png store/fdroid/qr.png dist/fdroid
 
       - name: Deploy to gh-pages
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        if: ${{ inputs.release_type != 'Dry Run' }}
         run: npm run deploy

.github/workflows/stale-bot.yml

@@ -8,10 +8,10 @@ on:
 jobs:
   stale:
     name: 'Check for stale issues and PRs'
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
       - name: 'Run stale action'
-        uses: actions/stale@f7176fd3007623b69d27091f9b9d4ab7995f0a06  # v5.2.1
+        uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
         with:
           stale-issue-label: 'needs-reply'
           stale-pr-label: 'needs-changes'
@@ -27,4 +27,4 @@ jobs:
 
             If you’re still working on this, please respond here after you’ve made the changes we’ve requested and our team will re-open it for further review.
 
-            Please make sure to resolve any conflicts with the master branch before requesting another review.
+            Please make sure to resolve any conflicts with the main branch before requesting another review.

.github/workflows/version-auto-bump.yml

@@ -1,5 +1,5 @@
 ---
-name: Version Auto Bump
+name: Auto Bump Mobile Version
 
 on:
   push:
@@ -7,33 +7,25 @@ on:
       - v**
 
 jobs:
-  setup:
-    name: "Setup"
+  bump-version:
+    name: Bump Mobile Version
     runs-on: ubuntu-22.04
-    outputs:
-      version_number: ${{ steps.version.outputs.new-version }}
     steps:
-      - name: Checkout Branch
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
-      - name: Calculate bumped version
-        id: version
+      - name: Retrieve bot secrets
+        id: retrieve-bot-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: bitwarden-ci
+          secrets: "github-pat-bitwarden-devops-bot-repo-scope"
+
+      - name: Trigger Version Bump workflow
         env:
-          RELEASE_TAG: ${{ github.ref }}
+          GH_TOKEN: ${{ steps.retrieve-bot-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
         run: |
-          CURR_MAJOR=$(echo $RELEASE_TAG | sed -r 's/refs\/tags\/v([0-9]{4}\.[0-9]{1,2})\.([0-9]{1,2})/\1/')
-          CURR_PATCH=$(echo $RELEASE_TAG | sed -r 's/refs\/tags\/v([0-9]{4}\.[0-9]{1,2})\.([0-9]{1,2})/\2/')
-          echo "Current Major: $CURR_MAJOR"
-          echo "Current Patch: $CURR_PATCH"
-
-          NEW_PATCH=$((CURR_PATCH+1))
-          NEW_VER=$CURR_MAJOR.$NEW_PATCH
-          echo "New Version: $NEW_VER"
-          echo "new-version=$NEW_VER" >> $GITHUB_OUTPUT
-
-  trigger_version_bump:
-    name: Bump version to ${{ needs.setup.outputs.version_number }}
-    needs: setup
-    uses: ./.github/workflows/version-bump.yml
-    with:
-      version_number: ${{ needs.setup.outputs.version_number }}
+          echo '{"cut_rc_branch": "false"}' | \
+          gh workflow run version-bump.yml --json --repo bitwarden/mobile

.github/workflows/version-bump.yml

@@ -4,81 +4,212 @@ name: Version Bump
 on:
   workflow_dispatch:
     inputs:
-      version_number:
-        description: "New Version"
-        required: true
-  workflow_call:
-    inputs:
-      version_number:
-        required: true
+      version_number_override:
+        description: "New version override (leave blank for automatic calculation, example: '2024.1.0')"
+        required: false
         type: string
+      cut_rc_branch:
+        description: "Cut RC branch?"
+        default: true
+        type: boolean
+      enable_slack_notification:
+        description: "Enable Slack notifications for upcoming release?"
+        default: false
+        type: boolean
 
 jobs:
   bump_version:
-    name: "Create version_bump_${{ github.event.inputs.version_number }} branch"
-    runs-on: ubuntu-20.04
+    name: Bump Version
+    runs-on: ubuntu-22.04
+    outputs:
+      version: ${{ steps.set-final-version-output.outputs.version }}
     steps:
+      - name: Validate version input
+        if: ${{ inputs.version_number_override != '' }}
+        uses: bitwarden/gh-actions/version-check@main
+        with:
+          version: ${{ inputs.version_number_override }}
+
+      - name: Slack Notification Check
+        run: |
+          if [[ "${{ inputs.enable_slack_notification }}" == true ]]; then
+            echo "Slack notifications enabled."
+          else
+            echo "Slack notifications disabled."
+          fi
+
       - name: Checkout Branch
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        with:
+          ref: main
+
+      - name: Check if RC branch exists
+        if: ${{ inputs.cut_rc_branch == true }}
+        run: |
+          remote_rc_branch_check=$(git ls-remote --heads origin rc | wc -l)
+          if [[ "${remote_rc_branch_check}" -gt 0 ]]; then
+            echo "Remote RC branch exists."
+            echo "Please delete current RC branch before running again."
+            exit 1
+          fi
 
       - name: Login to Azure - CI Subscription
-        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
         with:
-         creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
         uses: bitwarden/gh-actions/get-keyvault-secrets@main
         with:
           keyvault: "bitwarden-ci"
-          secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"
+          secrets: "github-gpg-private-key,
+            github-gpg-private-key-passphrase,
+            github-pat-bitwarden-devops-bot-repo-scope"
 
       - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@d6f3f49f3345e29369fe57596a3ca8f94c4d2ca7 # v5.4.0
+        uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
         with:
           gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
           passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
           git_user_signingkey: true
           git_commit_gpgsign: true
 
-      - name: Create Version Branch
-        run: git switch -c version_bump_${{ github.event.inputs.version_number }}
-
-      - name: Bump Version - Android XML
-        uses: bitwarden/gh-actions/version-bump@main
-        with:
-          version: ${{ github.event.inputs.version_number }}
-          file_path: "./src/Android/Properties/AndroidManifest.xml"
-
-      - name: Bump Version - iOS.Autofill
-        uses: bitwarden/gh-actions/version-bump@main
-        with:
-          version: ${{ github.event.inputs.version_number }}
-          file_path: "./src/iOS.Autofill/Info.plist"
-
-      - name: Bump Version - iOS.Extension
-        uses: bitwarden/gh-actions/version-bump@main
-        with:
-          version: ${{ github.event.inputs.version_number }}
-          file_path: "./src/iOS.Extension/Info.plist"
-
-      - name: Bump Version - iOS.ShareExtension
-        uses: bitwarden/gh-actions/version-bump@main
-        with:
-          version: ${{ github.event.inputs.version_number }}
-          file_path: "./src/iOS.ShareExtension/Info.plist"
-
-      - name: Bump Version - iOS
-        uses: bitwarden/gh-actions/version-bump@main
-        with:
-          version: ${{ github.event.inputs.version_number }}
-          file_path: "./src/iOS/Info.plist"
-
       - name: Setup git
         run: |
           git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
           git config --local user.name "bitwarden-devops-bot"
 
+      - name: Create Version Branch
+        id: create-branch
+        run: |
+          NAME=version_bump_${{ github.ref_name }}_$(date +"%Y-%m-%d")
+          git switch -c $NAME
+          echo "name=$NAME" >> $GITHUB_OUTPUT
+
+      - name: Install xmllint
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libxml2-utils
+
+      - name: Get current version
+        id: current-version
+        run: |
+          CURRENT_VERSION=$(xmllint --xpath '
+            string(/manifest/@*[local-name()="versionName"
+              and namespace-uri()="http://schemas.android.com/apk/res/android"])
+            ' src/App/Platforms/Android/AndroidManifest.xml)
+          echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Verify input version
+        if: ${{ inputs.version_number_override != '' }}
+        env:
+          CURRENT_VERSION: ${{ steps.current-version.outputs.version }}
+          NEW_VERSION: ${{ inputs.version_number_override }}
+        run: |
+          # Error if version has not changed.
+          if [[ "$NEW_VERSION" == "$CURRENT_VERSION" ]]; then
+            echo "Version has not changed."
+            exit 1
+          fi
+
+          # Check if version is newer.
+          printf '%s\n' "${CURRENT_VERSION}" "${NEW_VERSION}" | sort -C -V
+          if [ $? -eq 0 ]; then
+            echo "Version check successful."
+          else
+            echo "Version check failed."
+            exit 1
+          fi
+
+      - name: Calculate next release version
+        if: ${{ inputs.version_number_override == '' }}
+        id: calculate-next-version
+        uses: bitwarden/gh-actions/version-next@main
+        with:
+          version: ${{ steps.current-version.outputs.version }}
+
+      - name: Bump Version - Android XML - Version Override
+        if: ${{ inputs.version_number_override != '' }}
+        id: bump-version-override
+        uses: bitwarden/gh-actions/version-bump@main
+        with:
+          file_path: "src/App/Platforms/Android/AndroidManifest.xml"
+          version: ${{ inputs.version_number_override }}
+
+      - name: Bump Version - Android XML - Automatic Calculation
+        if: ${{ inputs.version_number_override == '' }}
+        id: bump-version-automatic
+        uses: bitwarden/gh-actions/version-bump@main
+        with:
+          file_path: "src/App/Platforms/Android/AndroidManifest.xml"
+          version: ${{ steps.calculate-next-version.outputs.version }}
+
+      - name: Bump Version - iOS.Autofill - Version Override
+        if: ${{ inputs.version_number_override != '' }}
+        uses: bitwarden/gh-actions/version-bump@main
+        with:
+          file_path: "src/iOS.Autofill/Info.plist"
+          version: ${{ inputs.version_number_override }}
+
+      - name: Bump Version - iOS.Autofill - Automatic Calculation
+        if: ${{ inputs.version_number_override == '' }}
+        uses: bitwarden/gh-actions/version-bump@main
+        with:
+          file_path: "src/iOS.Autofill/Info.plist"
+          version: ${{ steps.calculate-next-version.outputs.version }}
+
+      - name: Bump Version - iOS.Extension - Version Override
+        if: ${{ inputs.version_number_override != '' }}
+        uses: bitwarden/gh-actions/version-bump@main
+        with:
+          file_path: "src/iOS.Extension/Info.plist"
+          version: ${{ inputs.version_number_override }}
+
+      - name: Bump Version - iOS.Extension - Automatic Calculation
+        if: ${{ inputs.version_number_override == '' }}
+        uses: bitwarden/gh-actions/version-bump@main
+        with:
+          file_path: "src/iOS.Extension/Info.plist"
+          version: ${{ steps.calculate-next-version.outputs.version }}
+
+      - name: Bump Version - iOS.ShareExtension - Version Override
+        if: ${{ inputs.version_number_override != '' }}
+        uses: bitwarden/gh-actions/version-bump@main
+        with:
+          file_path: "src/iOS.ShareExtension/Info.plist"
+          version: ${{ inputs.version_number_override }}
+
+      - name: Bump Version - iOS.ShareExtension - Automatic Calculation
+        if: ${{ inputs.version_number_override == '' }}
+        uses: bitwarden/gh-actions/version-bump@main
+        with:
+          file_path: "src/iOS.ShareExtension/Info.plist"
+          version: ${{ steps.calculate-next-version.outputs.version }}
+
+      - name: Bump Version - iOS - Version Override
+        if: ${{ inputs.version_number_override != '' }}
+        uses: bitwarden/gh-actions/version-bump@main
+        with:
+          file_path: "src/App/Platforms/iOS/Info.plist"
+          version: ${{ inputs.version_number_override }}
+
+      - name: Bump Version - iOS - Automatic Calculation
+        if: ${{ inputs.version_number_override == '' }}
+        uses: bitwarden/gh-actions/version-bump@main
+        with:
+          file_path: "src/App/Platforms/iOS/Info.plist"
+          version: ${{ steps.calculate-next-version.outputs.version }}
+
+      - name: Set Job output
+        id: set-final-version-output
+        run: |
+          if [[ "${{ steps.bump-version-override.outcome }}" == "success" ]]; then
+            echo "version=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT
+          elif [[ "${{ steps.bump-version-automatic.outcome }}" == "success" ]]; then
+            echo "version=${{ steps.calculate-next-version.outputs.version }}" >> $GITHUB_OUTPUT
+          fi
+
       - name: Check if version changed
         id: version-changed
         run: |
@@ -91,22 +222,24 @@ jobs:
 
       - name: Commit files
         if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        run: git commit -m "Bumped version to ${{ github.event.inputs.version_number }}" -a
+        run: git commit -m "Bumped version to ${{ steps.set-final-version-output.outputs.version }}" -a
 
       - name: Push changes
         if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        run: git push -u origin version_bump_${{ github.event.inputs.version_number }}
+        env:
+          PR_BRANCH: ${{ steps.create-branch.outputs.name }}
+        run: git push -u origin $PR_BRANCH
 
       - name: Create Version PR
         if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
+        id: create-pr
         env:
-          PR_BRANCH: "version_bump_${{ github.event.inputs.version_number }}"
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-          BASE_BRANCH: master
-          TITLE: "Bump version to ${{ github.event.inputs.version_number }}"
+          GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
+          PR_BRANCH: ${{ steps.create-branch.outputs.name }}
+          TITLE: "Bump version to ${{ steps.set-final-version-output.outputs.version }}"
         run: |
-          gh pr create --title "$TITLE" \
-            --base "$BASE" \
+          PR_URL=$(gh pr create --title "$TITLE" \
+            --base "main" \
             --head "$PR_BRANCH" \
             --label "version update" \
             --label "automated pr" \
@@ -119,4 +252,66 @@ jobs:
               - [X] Other
 
               ## Objective
-              Automated version bump to ${{ github.event.inputs.version_number }}"
+              Automated version bump to ${{ steps.set-final-version-output.outputs.version }}")
+          echo "pr_number=${PR_URL##*/}" >> $GITHUB_OUTPUT
+
+      - name: Approve PR
+        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }}
+        run: gh pr review $PR_NUMBER --approve
+
+      - name: Merge PR
+        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
+        env:
+          GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
+          PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }}
+        run: gh pr merge $PR_NUMBER --squash --auto --delete-branch
+
+      - name: Report upcoming release version to Slack
+        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' && inputs.enable_slack_notification == true }}
+        uses: bitwarden/gh-actions/report-upcoming-release-version@main
+        with:
+          version: ${{ steps.set-final-version-output.outputs.version }}
+          project: ${{ github.repository }}
+          AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+  cut_rc:
+    name: Cut RC branch
+    if: ${{ inputs.cut_rc_branch == true }}
+    needs: bump_version
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout Branch
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        with:
+          ref: main
+
+      - name: Install xmllint
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libxml2-utils
+
+      - name: Verify version has been updated
+        env:
+          NEW_VERSION: ${{ needs.bump_version.outputs.version }}
+        run: |
+          # Wait for version to change.
+          while : ; do
+            echo "Waiting for version to be updated..."
+            git pull --force
+            CURRENT_VERSION=$(xmllint --xpath '
+            string(/manifest/@*[local-name()="versionName"
+              and namespace-uri()="http://schemas.android.com/apk/res/android"])
+            ' src/App/Platforms/Android/AndroidManifest.xml)
+
+            # If the versions don't match we continue the loop, otherwise we break out of the loop.
+            [[ "$NEW_VERSION" != "$CURRENT_VERSION" ]] || break
+            sleep 10
+          done
+
+      - name: Cut RC branch
+        run: |
+          git switch --quiet --create rc
+          git push --quiet --set-upstream origin rc

.github/workflows/workflow-linter.yml

@@ -1,11 +0,0 @@
----
-name: Workflow Linter
-
-on:
-  pull_request:
-    paths:
-      - .github/workflows/**
-
-jobs:
-  call-workflow:
-    uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@main

.gitignore

@@ -148,6 +148,7 @@ publish/
 
 # NuGet Packages
 *.nupkg
+!**/Xamarin.AndroidX.Credentials.1.0.0.nupkg
 # The packages folder can be ignored because of Package Restore
 **/packages/*
 # except build/, which is used as an MSBuild target.

Directory.Build.props

@@ -0,0 +1,16 @@
+<Project>
+ <PropertyGroup>
+   <MauiVersion>8.0.7</MauiVersion>
+   <ReleaseCodesignProvision>Automatic:AppStore</ReleaseCodesignProvision>
+   <ReleaseCodesignKey>iPhone Distribution</ReleaseCodesignKey>
+   <IncludeBitwardeniOSExtensions>True</IncludeBitwardeniOSExtensions>
+   <IncludeBitwardenWatchOSApp>True</IncludeBitwardenWatchOSApp>
+   <Argon2IdLoadMtouchExtraArgs>-gcc_flags "-L$(ProjectDir)../../lib/ios -largon2 -force_load $(ProjectDir)../../lib/ios/libargon2.a"</Argon2IdLoadMtouchExtraArgs>
+   
+   <!-- Uncomment this when Unit Testing-->
+   <!-- <CustomConstants>UT</CustomConstants> -->
+
+   <!-- Uncomment this when building FDROID-->
+   <!-- <CustomConstants>FDROID</CustomConstants> -->
+ </PropertyGroup>
+</Project>

README.md

@@ -1,4 +1,4 @@
-[![Github Workflow build on master](https://github.com/bitwarden/mobile/actions/workflows/build.yml/badge.svg?branch=master)](https://github.com/bitwarden/mobile/actions/workflows/build.yml?query=branch:master)
+[![Github Workflow build on main](https://github.com/bitwarden/mobile/actions/workflows/build.yml/badge.svg?branch=main)](https://github.com/bitwarden/mobile/actions/workflows/build.yml?query=branch:main)
 [![Crowdin](https://d322cqt584bo4o.cloudfront.net/bitwarden-mobile/localized.svg)](https://crowdin.com/project/bitwarden-mobile)
 [![Join the chat at https://gitter.im/bitwarden/Lobby](https://badges.gitter.im/bitwarden/Lobby.svg)](https://gitter.im/bitwarden/Lobby)
 
@@ -6,13 +6,13 @@
 
 <a href="https://play.google.com/store/apps/details?id=com.x8bit.bitwarden" target="_blank"><img alt="Get it on Google Play" src="https://imgur.com/YQzmZi9.png" width="153" height="46"></a> <a href="https://mobileapp.bitwarden.com/fdroid/" target="_blank"><img alt="Get it on F-Droid" src="https://i.imgur.com/HDicnzz.png" width="154" height="46"></a> <a href="https://itunes.apple.com/us/app/bitwarden-free-password-manager/id1137397744?mt=8" target="_blank"><img src="https://imgur.com/GdGqPMY.png" width="135" height="40"></a>
 
-The Bitwarden mobile application is written in C# with Xamarin Android, Xamarin iOS, and Xamarin Forms.
+The Bitwarden mobile application is written in C# using .NET MAUI.
 
 <img src="https://raw.githubusercontent.com/bitwarden/brand/master/screenshots/mobile-android-myvault.png" alt="" width="325" height="650" /> <img src="https://raw.githubusercontent.com/bitwarden/brand/master/screenshots/mobile-ios-myvault.png" alt="" width="300" height="650" />
 
 # Build/Run
 
-Please refer to the [Mobile section](https://contributing.bitwarden.com/getting-started/clients/mobile/) of the [Contributing Documentation](https://contributing.bitwarden.com/) for build instructions, recommended tooling, code style tips, and lots of other great information to get you started.
+Please refer to the [Mobile section](https://contributing.bitwarden.com/getting-started/mobile/) of the [Contributing Documentation](https://contributing.bitwarden.com/) for build instructions, recommended tooling, code style tips, and lots of other great information to get you started.
 
 # We're Hiring!
 
@@ -20,6 +20,6 @@ Interested in contributing in a big way? Consider joining our team! We're hiring
 
 # Contribute
 
-Code contributions are welcome! Please commit any pull requests against the `master` branch. Learn more about how to contribute by reading the [Contributing Guidelines](https://contributing.bitwarden.com/contributing/). Check out the [Contributing Documentation](https://contributing.bitwarden.com/) for how to get started with your first contribution.
+Code contributions are welcome! Please commit any pull requests against the `main` branch. Learn more about how to contribute by reading the [Contributing Guidelines](https://contributing.bitwarden.com/contributing/). Check out the [Contributing Documentation](https://contributing.bitwarden.com/) for how to get started with your first contribution.
 
 Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the [`SECURITY.md`](SECURITY.md) file.

bitwarden-mobile.sln

@@ -5,7 +5,7 @@ VisualStudioVersion = 17.8.34112.27
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "App", "src\App\App.csproj", "{971FDF07-E288-4239-B47A-E9E7E912193B}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Core", "src\Core\Core.csproj", "{11DBC05E-F8B4-49ED-AAC9-96D92336D21C}"
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Core", "src\Core\Core.csproj", "{11DBC05E-F8B4-49ED-AAC9-96D92336D21C}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "iOS.Core", "src\iOS.Core\iOS.Core.csproj", "{E71F3053-056C-4381-9638-048ED73BDFF6}"
 EndProject
@@ -15,6 +15,14 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "iOS.ShareExtension", "src\i
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "iOS.Autofill", "src\iOS.Autofill\iOS.Autofill.csproj", "{83449CC4-1F76-4CFE-92B1-D2E13A62506F}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{BB702EBD-3B79-4ECA-A2A6-1237B07F0AF0}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{B972BBFA-917F-4A10-B07E-B89CFEC6BBDC}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Core.Test", "test\Core.Test\Core.Test.csproj", "{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Common", "test\Common\Common.csproj", "{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -27,6 +35,7 @@ Global
 		AppStore|iPhone = AppStore|iPhone
 		Ad-Hoc|iPhoneSimulator = Ad-Hoc|iPhoneSimulator
 		Ad-Hoc|iPhone = Ad-Hoc|iPhone
+		FDroid|Any CPU = FDroid|Any CPU
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{971FDF07-E288-4239-B47A-E9E7E912193B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
@@ -51,6 +60,8 @@ Global
 		{971FDF07-E288-4239-B47A-E9E7E912193B}.Ad-Hoc|iPhoneSimulator.Build.0 = Debug|Any CPU
 		{971FDF07-E288-4239-B47A-E9E7E912193B}.Ad-Hoc|iPhone.ActiveCfg = Debug|Any CPU
 		{971FDF07-E288-4239-B47A-E9E7E912193B}.Ad-Hoc|iPhone.Build.0 = Debug|Any CPU
+		{971FDF07-E288-4239-B47A-E9E7E912193B}.FDroid|Any CPU.ActiveCfg = Debug|Any CPU
+		{971FDF07-E288-4239-B47A-E9E7E912193B}.FDroid|Any CPU.Build.0 = Debug|Any CPU
 		{11DBC05E-F8B4-49ED-AAC9-96D92336D21C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{11DBC05E-F8B4-49ED-AAC9-96D92336D21C}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{11DBC05E-F8B4-49ED-AAC9-96D92336D21C}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -71,6 +82,8 @@ Global
 		{11DBC05E-F8B4-49ED-AAC9-96D92336D21C}.Ad-Hoc|iPhoneSimulator.Build.0 = Debug|Any CPU
 		{11DBC05E-F8B4-49ED-AAC9-96D92336D21C}.Ad-Hoc|iPhone.ActiveCfg = Debug|Any CPU
 		{11DBC05E-F8B4-49ED-AAC9-96D92336D21C}.Ad-Hoc|iPhone.Build.0 = Debug|Any CPU
+		{11DBC05E-F8B4-49ED-AAC9-96D92336D21C}.FDroid|Any CPU.ActiveCfg = Debug|Any CPU
+		{11DBC05E-F8B4-49ED-AAC9-96D92336D21C}.FDroid|Any CPU.Build.0 = Debug|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -91,6 +104,8 @@ Global
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Ad-Hoc|iPhoneSimulator.Build.0 = Debug|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Ad-Hoc|iPhone.ActiveCfg = Debug|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Ad-Hoc|iPhone.Build.0 = Debug|Any CPU
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.FDroid|Any CPU.ActiveCfg = Debug|Any CPU
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.FDroid|Any CPU.Build.0 = Debug|Any CPU
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -111,6 +126,8 @@ Global
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Ad-Hoc|iPhoneSimulator.Build.0 = Debug|Any CPU
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Ad-Hoc|iPhone.ActiveCfg = Release|Any CPU
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Ad-Hoc|iPhone.Build.0 = Release|Any CPU
+		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.FDroid|Any CPU.ActiveCfg = Debug|Any CPU
+		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.FDroid|Any CPU.Build.0 = Debug|Any CPU
 		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -131,6 +148,8 @@ Global
 		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Ad-Hoc|iPhoneSimulator.Build.0 = Debug|Any CPU
 		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Ad-Hoc|iPhone.ActiveCfg = Release|Any CPU
 		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Ad-Hoc|iPhone.Build.0 = Release|Any CPU
+		{F8C3F648-EA5A-4719-8005-85D1690B1655}.FDroid|Any CPU.ActiveCfg = Debug|Any CPU
+		{F8C3F648-EA5A-4719-8005-85D1690B1655}.FDroid|Any CPU.Build.0 = Debug|Any CPU
 		{83449CC4-1F76-4CFE-92B1-D2E13A62506F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{83449CC4-1F76-4CFE-92B1-D2E13A62506F}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{83449CC4-1F76-4CFE-92B1-D2E13A62506F}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -143,6 +162,52 @@ Global
 		{83449CC4-1F76-4CFE-92B1-D2E13A62506F}.AppStore|iPhone.Build.0 = Release|Any CPU
 		{83449CC4-1F76-4CFE-92B1-D2E13A62506F}.Ad-Hoc|iPhoneSimulator.ActiveCfg = Debug|Any CPU
 		{83449CC4-1F76-4CFE-92B1-D2E13A62506F}.Ad-Hoc|iPhoneSimulator.Build.0 = Debug|Any CPU
+		{83449CC4-1F76-4CFE-92B1-D2E13A62506F}.FDroid|Any CPU.ActiveCfg = Debug|Any CPU
+		{83449CC4-1F76-4CFE-92B1-D2E13A62506F}.FDroid|Any CPU.Build.0 = Debug|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.Release|Any CPU.Build.0 = Release|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.Debug|iPhoneSimulator.ActiveCfg = Debug|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.Debug|iPhoneSimulator.Build.0 = Debug|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.Release|iPhoneSimulator.ActiveCfg = Release|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.Release|iPhoneSimulator.Build.0 = Release|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.Debug|iPhone.ActiveCfg = Debug|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.Debug|iPhone.Build.0 = Debug|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.Release|iPhone.ActiveCfg = Release|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.Release|iPhone.Build.0 = Release|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.AppStore|iPhoneSimulator.ActiveCfg = Debug|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.AppStore|iPhoneSimulator.Build.0 = Debug|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.AppStore|iPhone.ActiveCfg = Release|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.AppStore|iPhone.Build.0 = Release|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.Ad-Hoc|iPhoneSimulator.ActiveCfg = Debug|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.Ad-Hoc|iPhoneSimulator.Build.0 = Debug|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.Ad-Hoc|iPhone.ActiveCfg = Debug|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.Ad-Hoc|iPhone.Build.0 = Debug|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.FDroid|Any CPU.ActiveCfg = Debug|Any CPU
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6}.FDroid|Any CPU.Build.0 = Debug|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.Release|Any CPU.Build.0 = Release|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.Debug|iPhoneSimulator.ActiveCfg = Debug|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.Debug|iPhoneSimulator.Build.0 = Debug|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.Release|iPhoneSimulator.ActiveCfg = Release|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.Release|iPhoneSimulator.Build.0 = Release|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.Debug|iPhone.ActiveCfg = Debug|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.Debug|iPhone.Build.0 = Debug|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.Release|iPhone.ActiveCfg = Release|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.Release|iPhone.Build.0 = Release|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.AppStore|iPhoneSimulator.ActiveCfg = Debug|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.AppStore|iPhoneSimulator.Build.0 = Debug|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.AppStore|iPhone.ActiveCfg = Release|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.AppStore|iPhone.Build.0 = Release|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.Ad-Hoc|iPhoneSimulator.ActiveCfg = Debug|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.Ad-Hoc|iPhoneSimulator.Build.0 = Debug|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.Ad-Hoc|iPhone.ActiveCfg = Debug|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.Ad-Hoc|iPhone.Build.0 = Debug|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.FDroid|Any CPU.ActiveCfg = Debug|Any CPU
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44}.FDroid|Any CPU.Build.0 = Debug|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -155,4 +220,14 @@ Global
 		$0.DotNetNamingPolicy = $1
 		$1.DirectoryNamespaceAssociation = PrefixedHierarchical
 	EndGlobalSection
+	GlobalSection(NestedProjects) = preSolution
+		{971FDF07-E288-4239-B47A-E9E7E912193B} = {B972BBFA-917F-4A10-B07E-B89CFEC6BBDC}
+		{11DBC05E-F8B4-49ED-AAC9-96D92336D21C} = {B972BBFA-917F-4A10-B07E-B89CFEC6BBDC}
+		{83449CC4-1F76-4CFE-92B1-D2E13A62506F} = {B972BBFA-917F-4A10-B07E-B89CFEC6BBDC}
+		{E71F3053-056C-4381-9638-048ED73BDFF6} = {B972BBFA-917F-4A10-B07E-B89CFEC6BBDC}
+		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545} = {B972BBFA-917F-4A10-B07E-B89CFEC6BBDC}
+		{F8C3F648-EA5A-4719-8005-85D1690B1655} = {B972BBFA-917F-4A10-B07E-B89CFEC6BBDC}
+		{137959BD-073B-4EC7-8ED5-31D73FA7DBC6} = {BB702EBD-3B79-4ECA-A2A6-1237B07F0AF0}
+		{1AC5ED7F-301E-4B3C-ACDE-C0EADFA5AE44} = {BB702EBD-3B79-4ECA-A2A6-1237B07F0AF0}
+	EndGlobalSection
 EndGlobal

build.cake

@@ -15,16 +15,18 @@ abstract record VariantConfig(
     string AppName, 
     string AndroidPackageName,
     string iOSBundleId,
-    string ApsEnvironment
+    string ApsEnvironment,
+    string DistProvisioningProfilePrefix
     );
 
 const string BASE_BUNDLE_ID_DROID = "com.x8bit.bitwarden";
 const string BASE_BUNDLE_ID_IOS = "com.8bit.bitwarden";
 
-record Dev(): VariantConfig("Bitwarden Dev", $"{BASE_BUNDLE_ID_DROID}.dev", $"{BASE_BUNDLE_ID_IOS}.dev", "development");
-record QA(): VariantConfig("Bitwarden QA", $"{BASE_BUNDLE_ID_DROID}.qa", $"{BASE_BUNDLE_ID_IOS}.qa", "development");
-record Beta(): VariantConfig("Bitwarden Beta", $"{BASE_BUNDLE_ID_DROID}.beta", $"{BASE_BUNDLE_ID_IOS}.beta", "production");
-record Prod(): VariantConfig("Bitwarden", $"{BASE_BUNDLE_ID_DROID}", $"{BASE_BUNDLE_ID_IOS}", "production");
+//NOTE: Beta iOS variants have a different ITSEncryptionExportComplianceCode 
+record Dev(): VariantConfig("Bitwarden Dev", $"{BASE_BUNDLE_ID_DROID}.dev", $"{BASE_BUNDLE_ID_IOS}.dev", "development", "Dist:");
+record QA(): VariantConfig("Bitwarden QA", $"{BASE_BUNDLE_ID_DROID}.qa", $"{BASE_BUNDLE_ID_IOS}.qa", "development", "Dist:");
+record Beta(): VariantConfig("Bitwarden Beta", $"{BASE_BUNDLE_ID_DROID}.beta", $"{BASE_BUNDLE_ID_IOS}.beta", "production", "Dist: Beta");
+record Prod(): VariantConfig("Bitwarden", $"{BASE_BUNDLE_ID_DROID}", $"{BASE_BUNDLE_ID_IOS}", "production", "Dist:");
 
 VariantConfig GetVariant() => variant.ToLower() switch{
     "qa" => new QA(),
@@ -197,7 +199,8 @@ private void UpdateiOSInfoPlist(string plistPath, VariantConfig buildVariant, Gi
     var prevBundleId = plist["CFBundleIdentifier"];
     var prevBundleName = plist["CFBundleName"];
     //var newVersion = CreateBuildNumber(prevVersion).ToString();
-    var newVersionName = GetVersionName(prevVersionName, buildVariant, git);
+    // we need to maintain version formatting here composed of one to three period-separated integers, so we cannot use the GetVersionName method as in Android for non-Prod.
+    var newVersionName = prevVersionName;
     var newBundleId = GetiOSBundleId(buildVariant, projectType);
     var newBundleName = GetiOSBundleName(buildVariant, projectType);
 
@@ -219,6 +222,11 @@ private void UpdateiOSInfoPlist(string plistPath, VariantConfig buildVariant, Gi
         plist["NSExtension"]["NSExtensionAttributes"]["NSExtensionActivationRule"] = keyText.Replace("com.8bit.bitwarden", buildVariant.iOSBundleId);
     }
 
+    if(buildVariant is Beta)
+    {
+        plist["ITSEncryptionExportComplianceCode"] = "3dd3e32f-efa6-4d99-b410-28aa28b1cb77";
+    }
+
     SerializePlist(plistFile, plist);
 
     Information($"Changed app name from {prevBundleName} to {newBundleName}");
@@ -228,12 +236,15 @@ private void UpdateiOSInfoPlist(string plistPath, VariantConfig buildVariant, Gi
     Information($"{plistPath} updated with success!");
 }
 
-private void UpdateiOSEntitlementsPlist(string entitlementsPath, VariantConfig buildVariant)
+private void UpdateiOSEntitlementsPlist(string entitlementsPath, VariantConfig buildVariant, bool updateApsEnv)
 {
     var EntitlementlistFile = File(entitlementsPath);
     dynamic Entitlements = DeserializePlist(EntitlementlistFile);
 
-    Entitlements["aps-environment"] = buildVariant.ApsEnvironment;
+    if (updateApsEnv)
+    {
+        Entitlements["aps-environment"] = buildVariant.ApsEnvironment;
+    }
     Entitlements["keychain-access-groups"] = new List<string>() { "$(AppIdentifierPrefix)" + buildVariant.iOSBundleId };
     Entitlements["com.apple.security.application-groups"] = new List<string>() { $"group.{buildVariant.iOSBundleId}" };;
 
@@ -272,9 +283,10 @@ private void UpdateWatchPbxproj(string pbxprojPath, string newVersion)
     const string pattern = @"MARKETING_VERSION = [^;]*;";
 
     fileText = Regex.Replace(fileText, pattern, $"MARKETING_VERSION = {newVersion};");
-
+    
     FileWriteText(pbxprojPath, fileText);
-    Information($"{pbxprojPath} modified successfully.");
+
+    Information($"{pbxprojPath} modified Marketing Version successfully.");
 }
 
 /// <summary>
@@ -327,7 +339,7 @@ Task("UpdateiOSPlist")
         var infoPath = Path.Combine(_slnPath, "src", "App", "Platforms", "iOS", "Info.plist");
         var entitlementsPath = Path.Combine(_slnPath, "src", "App", "Platforms", "iOS", "Entitlements.plist");
         UpdateiOSInfoPlist(infoPath, buildVariant, _gitVersion, iOSProjectType.MainApp);
-        UpdateiOSEntitlementsPlist(entitlementsPath, buildVariant);
+        UpdateiOSEntitlementsPlist(entitlementsPath, buildVariant, true);
     });
 
 Task("UpdateiOSAutofillPlist")
@@ -338,7 +350,7 @@ Task("UpdateiOSAutofillPlist")
         var infoPath = Path.Combine(_slnPath, "src", "iOS.Autofill", "Info.plist");
         var entitlementsPath = Path.Combine(_slnPath, "src", "iOS.Autofill", "Entitlements.plist");
         UpdateiOSInfoPlist(infoPath, buildVariant, _gitVersion, iOSProjectType.Autofill);
-        UpdateiOSEntitlementsPlist(entitlementsPath, buildVariant);
+        UpdateiOSEntitlementsPlist(entitlementsPath, buildVariant, false);
     });
 
 Task("UpdateiOSExtensionPlist")
@@ -349,7 +361,7 @@ Task("UpdateiOSExtensionPlist")
         var infoPath = Path.Combine(_slnPath, "src", "iOS.Extension", "Info.plist");
         var entitlementsPath = Path.Combine(_slnPath, "src", "iOS.Extension", "Entitlements.plist");
         UpdateiOSInfoPlist(infoPath, buildVariant, _gitVersion, iOSProjectType.Extension);
-        UpdateiOSEntitlementsPlist(entitlementsPath, buildVariant);
+        UpdateiOSEntitlementsPlist(entitlementsPath, buildVariant, false);
     });
 
 Task("UpdateiOSShareExtensionPlist")
@@ -360,7 +372,7 @@ Task("UpdateiOSShareExtensionPlist")
         var infoPath = Path.Combine(_slnPath, "src", "iOS.ShareExtension", "Info.plist");
         var entitlementsPath = Path.Combine(_slnPath, "src", "iOS.ShareExtension", "Entitlements.plist");
         UpdateiOSInfoPlist(infoPath, buildVariant, _gitVersion, iOSProjectType.ShareExtension);
-        UpdateiOSEntitlementsPlist(entitlementsPath, buildVariant);
+        UpdateiOSEntitlementsPlist(entitlementsPath, buildVariant, false);
     });
 
 Task("UpdateiOSCodeFiles")
@@ -397,6 +409,22 @@ Task("UpdateWatchKitAppInfoPlist")
         UpdateWatchKitAppInfoPlist(infoPath, buildVariant);
     });
 
+Task("UpdateDistProfiles")
+    .IsDependentOn("UpdateiOSCodeFiles")
+    .Does(()=> {
+        var buildVariant = GetVariant();
+    
+        var filesToReplace = new string[] {
+            Path.Combine(".github", "resources", "export-options-app-store.plist"),
+            Path.Combine(_slnPath, "src", "watchOS", "bitwarden", "bitwarden.xcodeproj", "project.pbxproj")
+        };
+
+        foreach(string path in filesToReplace)
+        {
+            ReplaceInFile(path, "Dist:", buildVariant.DistProvisioningProfilePrefix);
+        }
+    });
+
 #endregion iOS
 
 #region Main Tasks
@@ -418,6 +446,7 @@ Task("iOS")
     .IsDependentOn("UpdateiOSCodeFiles")
     .IsDependentOn("UpdateWatchProject")
     .IsDependentOn("UpdateWatchKitAppInfoPlist")
+    .IsDependentOn("UpdateDistProfiles")
     .Does(()=>
     {
         Information("iOS app updated");
@@ -437,4 +466,4 @@ Options:
     });
 #endregion Main Tasks
 
-RunTarget(target);
+RunTarget(target);

crowdin.yml

@@ -2,9 +2,9 @@ project_id_env: _CROWDIN_PROJECT_ID
 api_token_env: CROWDIN_API_TOKEN
 preserve_hierarchy: true
 files:
-  - source: /src/App/Resources/AppResources.resx
-    dest: /src/App/Resources/%original_file_name%
-    translation: /src/App/Resources/AppResources.%two_letters_code%.resx
+  - source: /src/Core/Resources/Localization/AppResources.resx
+    dest: /src/Core/Resources/Localization/%original_file_name%
+    translation: /src/Core/Resources/Localization/AppResources.%two_letters_code%.resx
     update_option: update_as_unapproved
     languages_mapping:
       two_letters_code:

lib/android/Xamarin.AndroidX.Credentials/net8.0-android/Xamarin.AndroidX.Credentials.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<doc>
+    <assembly>
+        <name>Xamarin.AndroidX.Credentials</name>
+    </assembly>
+    <members>
+    </members>
+</doc>

nuget.config

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+    <packageSources>
+        <add key="MAUI Nightly builds" value="https://pkgs.dev.azure.com/xamarin/public/_packaging/maui-nightly/nuget/v3/index.json" />
+        <add key="Local AndroidX Credentials" value="lib/android/Xamarin.AndroidX.Credentials" />
+    </packageSources>
+</configuration>

package-lock.json

@@ -8,7 +8,7 @@
       "name": "bitwarden-mobile",
       "version": "0.0.0",
       "devDependencies": {
-        "gh-pages": "^3.2.3"
+        "gh-pages": "3.2.3"
       }
     },
     "node_modules/array-union": {

package.json

@@ -6,6 +6,6 @@
     "clean:l10n": "git push origin --delete l10n_master"
   },
   "devDependencies": {
-    "gh-pages": "^3.2.3"
+    "gh-pages": "3.2.3"
   }
 }

src/App/App.csproj

@@ -53,24 +53,28 @@
 	<PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net8.0-ios|AnyCPU'">
 	  <CreatePackage>false</CreatePackage>
 	  <CodesignProvision>Automatic</CodesignProvision>
-    <CodesignKey>iPhone Developer</CodesignKey>
+	  <CodesignKey>iPhone Developer</CodesignKey>
 	  <CodesignEntitlements>Platforms\iOS\Entitlements.plist</CodesignEntitlements>
-	  <MtouchInterpreter>all</MtouchInterpreter>
-	  <MtouchLink>None</MtouchLink>
-		<!--TODO: add argon2id load when library is built with the corresponding architecture for iOS Simulator-->
+	  <UseInterpreter>true</UseInterpreter>
+	</PropertyGroup>
+	<PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(RuntimeIdentifier)'=='Debug|net8.0-ios|iossimulator-x64'">
+		<MtouchExtraArgs>$(Argon2IdLoadMtouchExtraArgs)</MtouchExtraArgs>
 	</PropertyGroup>
 	<PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(RuntimeIdentifier)'=='Debug|net8.0-ios|ios-arm64'">
-		<MtouchExtraArgs>-gcc_flags "-L$(ProjectDir)../../lib/ios -largon2 -force_load $(ProjectDir)../../lib/ios/libargon2.a"</MtouchExtraArgs>
+		<MtouchExtraArgs>$(Argon2IdLoadMtouchExtraArgs)</MtouchExtraArgs>
 	</PropertyGroup>
 	<PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net8.0-ios|AnyCPU'">
 	  <CreatePackage>false</CreatePackage>
-    <CodesignProvision>Automatic:AppStore</CodesignProvision>
-    <CodesignKey>iPhone Distribution</CodesignKey>
+      <CodesignProvision>$(ReleaseCodesignProvision)</CodesignProvision>
+      <CodesignKey>$(ReleaseCodesignKey)</CodesignKey>
 	  <CodesignEntitlements>Platforms\iOS\Entitlements.plist</CodesignEntitlements>
-	  <MtouchInterpreter>all</MtouchInterpreter>
-	  <MtouchLink>None</MtouchLink>
-		<MtouchExtraArgs>--weak-framework=NewsstandKit.framework/NewsstandKit --linkskip=LiteDB --linkskip=CsvHelper --linkskip=Core --linkskip=iOS.Core --linkskip=iOS.Autofill --linkskip=iOS.Extension --linkskip=iOS.ShareExtension --linkskip=App -gcc_flags "-L$(ProjectDir)../../lib/ios -largon2 -force_load $(ProjectDir)../../lib/ios/libargon2.a"</MtouchExtraArgs>
+	  <UseInterpreter>true</UseInterpreter>
+	  <MtouchExtraArgs>$(Argon2IdLoadMtouchExtraArgs)</MtouchExtraArgs>
 	</PropertyGroup>
+	<ItemGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'ios'">
+		<!--This is needed for PCLCrypto to work correctly-->
+		<TrimmerRootAssembly Include="System.Security.Cryptography" />
+	</ItemGroup>
 	<ItemGroup>
 	  <AndroidNativeLibrary Include="Platforms\Android\lib\arm64-v8a\libargon2.so" />
 	  <AndroidNativeLibrary Include="Platforms\Android\lib\armeabi-v7a\libargon2.so" />
@@ -92,7 +96,7 @@
 		<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
 		<PackageReference Include="zxcvbn-core" Version="7.0.92" />
 		<PackageReference Include="CommunityToolkit.Maui" Version="5.2.0" />
-		<PackageReference Include="Plugin.Fingerprint" Version="2.1.5" />
+		<PackageReference Include="Plugin.Fingerprint" Version="3.0.0-beta.1" />
 		<PackageReference Include="SkiaSharp.Views.Maui.Controls" Version="2.88.4-preview.84" />
 		<PackageReference Include="SkiaSharp.Views.Maui.Controls.Compatibility" Version="2.88.4-preview.84" />
 		<PackageReference Include="FFImageLoadingCompat.Maui" Version="0.1.1" />
@@ -113,11 +117,13 @@
 	  <Folder Include="Platforms\Android\Services\" />
 	  <Folder Include="Platforms\Android\Tiles\" />
 	  <Folder Include="Platforms\Android\Utilities\" />
+	  <Folder Include="Platforms\Android\Resources\drawable-xxxhdpi\" />
+	  <Folder Include="Resources\Raw\" />
 	</ItemGroup>
 	<ItemGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'android'">
-	  <PackageReference Include="Plugin.CurrentActivity" Version="2.1.0.4" />
 	  <PackageReference Include="Xamarin.AndroidX.AutoFill" Version="1.1.0.18" />
 	  <PackageReference Include="Xamarin.AndroidX.Activity.Ktx" Version="1.7.2.1" />
+      <PackageReference Include="Xamarin.AndroidX.Credentials" Version="1.0.0" />
 	</ItemGroup>
 	<ItemGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'android' AND !$(DefineConstants.Contains(FDROID))">
 	  <PackageReference Include="Xamarin.GooglePlayServices.SafetyNet" Version="118.0.1.5" />
@@ -154,6 +160,15 @@
 	  <BundleResource Include="Platforms\Android\Resources\drawable-hdpi\logo_white_legacy.png" />
 	  <BundleResource Include="Platforms\Android\Resources\mipmap-xhdpi\ic_launcher.png" />
 	  <BundleResource Include="Platforms\Android\Resources\mipmap-xhdpi\ic_launcher_round.png" />
+	  <BundleResource Include="Platforms\iOS\Resources\logo.png" />
+	  <BundleResource Include="Platforms\iOS\Resources\logo_white%402x.png" />
+	  <BundleResource Include="Platforms\iOS\Resources\more_vert%402x.png" />
+	  <BundleResource Include="Platforms\iOS\Resources\logo_white%403x.png" />
+	  <BundleResource Include="Platforms\iOS\Resources\logo%403x.png" />
+	  <BundleResource Include="Platforms\iOS\Resources\more_vert%403x.png" />
+	  <BundleResource Include="Platforms\iOS\Resources\more_vert.png" />
+	  <BundleResource Include="Platforms\iOS\Resources\logo_white.png" />
+	  <BundleResource Include="Platforms\iOS\Resources\logo%402x.png" />
 	</ItemGroup>
 	<ItemGroup>
 	  <ProjectReference Include="..\iOS.Core\iOS.Core.csproj" Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'ios'" />
@@ -193,15 +208,12 @@
 	  <MauiImage Include="Resources\plus.svg" TintColor="#FFFFFFFF">
 	    <BaseSize>24,24</BaseSize>
 	  </MauiImage>
-	  <MauiImage Include="Resources\search.svg" TintColor="#FFFFFFFF">
-	    <BaseSize>24,24</BaseSize>
-	  </MauiImage>
 	  <MauiImage Include="Resources\send.svg">
 	    <BaseSize>24,24</BaseSize>
 	  </MauiImage>
 	  <MauiImage Include="Resources\yubikey.png" />
 	</ItemGroup>
-	<ItemGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'ios'">
+	<ItemGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'ios' AND '$(IncludeBitwardeniOSExtensions)' == 'True'">
 		<ProjectReference Include="..\iOS.Autofill\iOS.Autofill.csproj">
 			<IsAppExtension>true</IsAppExtension>
 			<IsWatchApp>false</IsWatchApp>
@@ -215,15 +227,15 @@
 			<IsWatchApp>false</IsWatchApp>
 		</ProjectReference>
 	</ItemGroup>
-	<PropertyGroup Condition="'$(TargetFramework)'=='net8.0-ios'">
-    <WatchAppBuildPath Condition=" '$(Configuration)' == 'Debug' ">$(Home)/Library/Developer/Xcode/DerivedData/bitwarden-acgkbpwvmebfiofokotvoerzkqcl/Build/Products</WatchAppBuildPath>
-    <WatchAppBuildPath Condition=" '$(Configuration)' != 'Debug' ">$([System.IO.Path]::GetFullPath('$(MSBuildProjectDirectory)\..'))/watchOS/bitwarden.xcarchive/Products/Applications/bitwarden.app/Watch</WatchAppBuildPath>
-    <WatchAppBundle>Bitwarden.app</WatchAppBundle>
-		<WatchAppConfiguration Condition="'$(RuntimeIdentifier)'!='ios-arm64'"> >watchsimulator</WatchAppConfiguration>
-		<WatchAppConfiguration Condition="'$(RuntimeIdentifier)'=='ios-arm64'"> >watchos</WatchAppConfiguration>
-    <WatchAppBundleFullPath Condition=" '$(Configuration)' == 'Debug' ">$(WatchAppBuildPath)/$(Configuration)-$(WatchAppConfiguration)/$(WatchAppBundle)</WatchAppBundleFullPath>
-    <WatchAppBundleFullPath Condition=" '$(Configuration)' != 'Debug' ">$(WatchAppBuildPath)/$(WatchAppBundle)</WatchAppBundleFullPath>
-  </PropertyGroup>
+	<PropertyGroup Condition="'$(TargetFramework)'=='net8.0-ios' AND '$(IncludeBitwardenWatchOSApp)' == 'True'">
+		<WatchAppBuildPath Condition=" '$(Configuration)' == 'Debug' ">$(Home)/Library/Developer/Xcode/DerivedData/bitwarden-acgkbpwvmebfiofokotvoerzkqcl/Build/Products</WatchAppBuildPath>
+		<WatchAppBuildPath Condition=" '$(Configuration)' != 'Debug' ">$([System.IO.Path]::GetFullPath('$(MSBuildProjectDirectory)\..'))/watchOS/bitwarden.xcarchive/Products/Applications/bitwarden.app/Watch</WatchAppBuildPath>
+		<WatchAppBundle>Bitwarden.app</WatchAppBundle>
+			<WatchAppConfiguration Condition="'$(RuntimeIdentifier)'!='ios-arm64'">watchsimulator</WatchAppConfiguration>
+			<WatchAppConfiguration Condition="'$(RuntimeIdentifier)'=='ios-arm64'">watchos</WatchAppConfiguration>
+		<WatchAppBundleFullPath Condition=" '$(Configuration)' == 'Debug' ">$(WatchAppBuildPath)/$(Configuration)-$(WatchAppConfiguration)/$(WatchAppBundle)</WatchAppBundleFullPath>
+		<WatchAppBundleFullPath Condition=" '$(Configuration)' != 'Debug' ">$(WatchAppBuildPath)/$(WatchAppBundle)</WatchAppBundleFullPath>
+	</PropertyGroup>
 	<ItemGroup Condition="'$(TargetFramework)'=='net8.0-ios' AND Exists('$(WatchAppBundleFullPath)') ">
 		<_ResolvedWatchAppReferences Include="$(WatchAppBundleFullPath)" />
 	</ItemGroup>
@@ -237,4 +249,23 @@
 	  <GoogleServicesJson Include="Platforms\Android\google-services.json" />
 	  <GoogleServicesJson Include="Platforms\Android\google-services.json.enc" />
 	</ItemGroup>
+	<ItemGroup>
+	  <None Remove="Platforms\iOS\Resources\logo.png" />
+	  <None Remove="Platforms\iOS\Resources\logo_white%402x.png" />
+	  <None Remove="Platforms\iOS\Resources\more_vert%402x.png" />
+	  <None Remove="Platforms\iOS\Resources\logo_white%403x.png" />
+	  <None Remove="Platforms\iOS\Resources\logo%403x.png" />
+	  <None Remove="Platforms\iOS\Resources\more_vert%403x.png" />
+	  <None Remove="Platforms\iOS\Resources\more_vert.png" />
+	  <None Remove="Platforms\iOS\Resources\logo_white.png" />
+	  <None Remove="Platforms\iOS\Resources\logo%402x.png" />
+	  <None Remove="Platforms\Android\Resources\drawable-xxxhdpi\" />
+	  <None Remove="Resources\Raw\" />
+	</ItemGroup>
+	<ItemGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'ios'">
+		<BundleResource Include="Platforms\iOS\PrivacyInfo.xcprivacy" LogicalName="PrivacyInfo.xcprivacy" />
+	</ItemGroup>
+	<ItemGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'android'">
+	  <MauiAsset Include="Resources\Raw\fido2_privileged_allow_list.json" LogicalName="fido2_privileged_allow_list.json" />
+	</ItemGroup>
 </Project>

src/App/Handlers/HybridWebViewHandler.cs

@@ -1,25 +0,0 @@
-#if IOS || MACCATALYST
-using PlatformView = WebKit.WKWebView;
-#elif ANDROID
-using PlatformView = Android.Webkit.WebView;
-#elif (NETSTANDARD || !PLATFORM) || (NET6_0_OR_GREATER && !IOS && !ANDROID)
-using PlatformView = System.Object;
-#endif
-
-using Bit.App.Controls;
-using Microsoft.Maui.Handlers;
-
-namespace Bit.App.Handlers
-{
-    public partial class HybridWebViewHandler
-    {
-        public static PropertyMapper<HybridWebView, HybridWebViewHandler> PropertyMapper = new PropertyMapper<HybridWebView, HybridWebViewHandler>(ViewHandler.ViewMapper)
-        {
-            [nameof(HybridWebView.Uri)] = MapUri
-        };
-
-        public HybridWebViewHandler() : base(PropertyMapper)
-        {
-        }
-    }
-}

src/App/MauiProgram.cs

@@ -13,7 +13,6 @@
                 },
                 handlers =>
                 {
-                    handlers.AddHandler(typeof(Bit.App.Controls.HybridWebView), typeof(Bit.App.Handlers.HybridWebViewHandler));
 #if ANDROID
                     Bit.App.Handlers.EntryHandlerMappings.Setup();
                     Bit.App.Handlers.EditorHandlerMappings.Setup();
@@ -28,6 +27,7 @@
                     Bit.App.Handlers.ButtonHandlerMappings.Setup();
                     Bit.App.Handlers.ToolbarHandlerMappings.Setup();
 
+                    handlers.AddHandler(typeof(Bit.App.Controls.HybridWebView), typeof(Bit.App.Handlers.HybridWebViewHandler));
                     handlers.AddHandler(typeof(Bit.App.Pages.TabsPage), typeof(Bit.App.Handlers.CustomTabbedPageHandler));
                     handlers.AddHandler(typeof(Bit.App.Controls.ExtendedDatePicker), typeof(Bit.App.Handlers.ExtendedDatePickerHandler));
 #else

src/App/Platforms/Android/Accessibility/AccessibilityHelpers.cs

@@ -112,6 +112,7 @@ namespace Bit.Droid.Accessibility
             new Browser("org.bromite.chromium", "url_bar"),
             new Browser("org.chromium.chrome", "url_bar"),
             new Browser("org.codeaurora.swe.browser", "url_bar"),
+            new Browser("org.cromite.cromite", "url_bar"),
             new Browser("org.gnu.icecat", "url_bar_title,mozac_browser_toolbar_url_view"), // 2nd = Anticipation
             new Browser("org.mozilla.fenix", "mozac_browser_toolbar_url_view"),
             new Browser("org.mozilla.fenix.nightly", "mozac_browser_toolbar_url_view"), // [DEPRECATED ENTRY]

src/App/Platforms/Android/AndroidManifest.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
-<manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:versionCode="1" android:versionName="2023.10.1" android:installLocation="internalOnly" package="com.x8bit.bitwarden">
-	<uses-sdk android:minSdkVersion="21" android:targetSdkVersion="33" />
+<manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:versionCode="1" android:versionName="2024.7.0" android:installLocation="internalOnly" package="com.x8bit.bitwarden">
+	<uses-sdk android:minSdkVersion="21" android:targetSdkVersion="34" />
 	<uses-permission android:name="android.permission.INTERNET" />
 	<uses-permission android:name="android.permission.NFC" />
 	<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
@@ -43,6 +43,9 @@
 	<!-- Support for Xamarin.Essentials.Browser.OpenAsync  (for Android > 11) -->
 	<!-- Related docs: https://learn.microsoft.com/en-us/xamarin/essentials/open-browser?tabs=android -->
 	<queries>
+		<intent>
+			<action android:name="android.support.customtabs.action.CustomTabsService" />
+		</intent>
 		<intent>
 			<action android:name="android.intent.action.VIEW" />
 			<data android:scheme="http" />

src/App/Platforms/Android/Autofill/AutofillHelpers.cs

@@ -130,6 +130,7 @@ namespace Bit.Droid.Autofill
             "org.bromite.chromium",
             "org.chromium.chrome",
             "org.codeaurora.swe.browser",
+            "org.cromite.cromite",
             "org.gnu.icecat",
             "org.mozilla.fenix",
             "org.mozilla.fenix.nightly",
@@ -346,7 +347,7 @@ namespace Bit.Droid.Autofill
                 // InlinePresentation requires nonNull pending intent (even though we only utilize one for the
                 // "my vault" presentation) so we're including an empty one here
                 pendingIntent = PendingIntent.GetService(context, 0, new Intent(),
-                    AndroidHelpers.AddPendingIntentMutabilityFlag(PendingIntentFlags.OneShot | PendingIntentFlags.UpdateCurrent, true));
+                    AndroidHelpers.AddPendingIntentMutabilityFlag(PendingIntentFlags.OneShot | PendingIntentFlags.UpdateCurrent, false));
             }
             var slice = CreateInlinePresentationSlice(
                 inlinePresentationSpec,

src/App/Platforms/Android/Autofill/CredentialHelpers.cs

@@ -0,0 +1,321 @@
+using System.ComponentModel.DataAnnotations;
+using System.Text.Json.Nodes;
+using Android.App;
+using Android.Content;
+using Android.OS;
+using AndroidX.Credentials;
+using AndroidX.Credentials.Exceptions;
+using AndroidX.Credentials.Provider;
+using AndroidX.Credentials.WebAuthn;
+using Bit.App.Abstractions;
+using Bit.App.Droid.Utilities;
+using Bit.Core.Abstractions;
+using Bit.Core.Resources.Localization;
+using Bit.Core.Services;
+using Bit.Core.Utilities;
+using Bit.Core.Utilities.Fido2;
+using Bit.Core.Utilities.Fido2.Extensions;
+using Bit.Droid;
+using Org.Json;
+using Activity = Android.App.Activity;
+using Drawables = Android.Graphics.Drawables;
+
+namespace Bit.App.Platforms.Android.Autofill
+{
+    public static class CredentialHelpers
+    {
+        public static async Task<List<CredentialEntry>> PopulatePasskeyDataAsync(CallingAppInfo callingAppInfo,
+            BeginGetPublicKeyCredentialOption option, Context context, bool hasVaultBeenUnlockedInThisTransaction)
+        {
+            var passkeyEntries = new List<CredentialEntry>();
+            var requestOptions = new PublicKeyCredentialRequestOptions(option.RequestJson);
+
+            var authenticator = Bit.Core.Utilities.ServiceContainer.Resolve<IFido2AuthenticatorService>();
+            var credentials = await authenticator.SilentCredentialDiscoveryAsync(requestOptions.RpId);
+
+            // We need to change the request code for every pending intent on mapping the credential so the extras are not overriten by the last
+            // credential entry created.
+            int requestCodeAddition = 0;
+            passkeyEntries = credentials.Select(credential => MapCredential(credential, option, context, hasVaultBeenUnlockedInThisTransaction, Bit.Droid.Autofill.CredentialProviderService.UniqueGetRequestCode + requestCodeAddition++) as CredentialEntry).ToList();
+
+            return passkeyEntries;
+        }
+
+        private static PublicKeyCredentialEntry MapCredential(Fido2AuthenticatorDiscoverableCredentialMetadata credential, BeginGetPublicKeyCredentialOption option, Context context, bool hasVaultBeenUnlockedInThisTransaction, int requestCode)
+        {
+            var credDataBundle = new Bundle();
+            credDataBundle.PutByteArray(Bit.Core.Utilities.Fido2.CredentialProviderConstants.CredentialIdIntentExtra, credential.Id);
+
+            var intent = new Intent(context, typeof(Bit.Droid.Autofill.CredentialProviderSelectionActivity))
+                .SetAction(Bit.Droid.Autofill.CredentialProviderService.GetFido2IntentAction).SetPackage(Constants.PACKAGE_NAME);
+            intent.PutExtra(Bit.Core.Utilities.Fido2.CredentialProviderConstants.CredentialDataIntentExtra, credDataBundle);
+            intent.PutExtra(Bit.Core.Utilities.Fido2.CredentialProviderConstants.CredentialProviderCipherId, credential.CipherId);
+            intent.PutExtra(Bit.Core.Utilities.Fido2.CredentialProviderConstants.CredentialHasVaultBeenUnlockedInThisTransactionExtra, hasVaultBeenUnlockedInThisTransaction);
+            var pendingIntent = PendingIntent.GetActivity(context, requestCode, intent,
+                PendingIntentFlags.Mutable | PendingIntentFlags.UpdateCurrent);
+
+            return new PublicKeyCredentialEntry.Builder(
+                        context,
+                        credential.UserName ?? "No username",
+                        pendingIntent,
+                        option)
+                    .SetDisplayName(credential.UserName ?? "No username")
+                    .SetIcon(Drawables.Icon.CreateWithResource(context, Microsoft.Maui.Resource.Drawable.icon))
+                    .Build();
+        }
+
+        private static PublicKeyCredentialCreationOptions GetPublicKeyCredentialCreationOptionsFromJson(string json)
+        {
+            var request = new PublicKeyCredentialCreationOptions(json);
+            var jsonObj = new JSONObject(json);
+            var authenticatorSelection = jsonObj.GetJSONObject("authenticatorSelection");
+            request.AuthenticatorSelection = new AndroidX.Credentials.WebAuthn.AuthenticatorSelectionCriteria(
+                authenticatorSelection.OptString("authenticatorAttachment", "platform"),
+                authenticatorSelection.OptString("residentKey", null),
+                authenticatorSelection.OptBoolean("requireResidentKey", false),
+                authenticatorSelection.OptString("userVerification", "preferred"));
+
+            return request;
+        }
+
+        public static async Task CreateCipherPasskeyAsync(ProviderCreateCredentialRequest getRequest, Activity activity)
+        {
+            var callingRequest = getRequest?.CallingRequest as CreatePublicKeyCredentialRequest;
+
+            if (callingRequest is null)
+            {
+                await DisplayAlertAsync(AppResources.AnErrorHasOccurred, string.Empty);
+                FailAndFinish();
+                return;
+            }
+
+            var credentialCreationOptions = GetPublicKeyCredentialCreationOptionsFromJson(callingRequest.RequestJson);
+            string origin;
+            try
+            {
+                origin = await ValidateCallingAppInfoAndGetOriginAsync(getRequest.CallingAppInfo, credentialCreationOptions.Rp.Id);
+            }
+            catch (Core.Exceptions.ValidationException valEx)
+            {
+                await DisplayAlertAsync(AppResources.AnErrorHasOccurred, valEx.Message);
+                FailAndFinish();
+                return;
+            }
+
+            if (origin is null)
+            {
+                await DisplayAlertAsync(AppResources.ErrorCreatingPasskey, AppResources.PasskeysNotSupportedForThisApp);
+                FailAndFinish();
+                return;
+            }
+
+            var rp = new Core.Utilities.Fido2.PublicKeyCredentialRpEntity()
+            {
+                Id = credentialCreationOptions.Rp.Id,
+                Name = credentialCreationOptions.Rp.Name
+            };
+
+            var user = new Core.Utilities.Fido2.PublicKeyCredentialUserEntity()
+            {
+                Id = credentialCreationOptions.User.GetId(),
+                Name = credentialCreationOptions.User.Name,
+                DisplayName = credentialCreationOptions.User.DisplayName
+            };
+
+            var pubKeyCredParams = new List<Core.Utilities.Fido2.PublicKeyCredentialParameters>();
+            foreach (var pubKeyCredParam in credentialCreationOptions.PubKeyCredParams)
+            {
+                pubKeyCredParams.Add(new Core.Utilities.Fido2.PublicKeyCredentialParameters() { Alg = Convert.ToInt32(pubKeyCredParam.Alg), Type = pubKeyCredParam.Type });
+            }
+
+            var excludeCredentials = new List<Core.Utilities.Fido2.PublicKeyCredentialDescriptor>();
+            foreach (var excludeCred in credentialCreationOptions.ExcludeCredentials)
+            {
+                excludeCredentials.Add(new Core.Utilities.Fido2.PublicKeyCredentialDescriptor() { Id = excludeCred.GetId(), Type = excludeCred.Type, Transports = excludeCred.Transports.ToArray() });
+            }
+
+            var authenticatorSelection = new Core.Utilities.Fido2.AuthenticatorSelectionCriteria()
+            {
+                UserVerification = credentialCreationOptions.AuthenticatorSelection.UserVerification,
+                ResidentKey = credentialCreationOptions.AuthenticatorSelection.ResidentKey,
+                RequireResidentKey = credentialCreationOptions.AuthenticatorSelection.RequireResidentKey
+            };
+
+            var timeout = Convert.ToInt32(credentialCreationOptions.Timeout);
+
+            var credentialCreateParams = new Fido2ClientCreateCredentialParams()
+            {
+                Challenge = credentialCreationOptions.GetChallenge(),
+                Origin = origin,
+                PubKeyCredParams = pubKeyCredParams.ToArray(),
+                Rp = rp,
+                User = user,
+                Timeout = timeout,
+                Attestation = credentialCreationOptions.Attestation,
+                AuthenticatorSelection = authenticatorSelection,
+                ExcludeCredentials = excludeCredentials.ToArray(),
+                Extensions = MapExtensionsFromJson(credentialCreationOptions),
+                SameOriginWithAncestors = true
+            };
+
+            var credentialExtraCreateParams = new Fido2ExtraCreateCredentialParams
+            (
+                callingRequest.GetClientDataHash(),
+                getRequest.CallingAppInfo?.PackageName
+            );
+
+            var fido2MediatorService = ServiceContainer.Resolve<IFido2MediatorService>();
+            var clientCreateCredentialResult = await fido2MediatorService.CreateCredentialAsync(credentialCreateParams, credentialExtraCreateParams);
+            if (clientCreateCredentialResult == null)
+            {
+                FailAndFinish();
+                return;
+            }
+
+            var transportsArray = new JSONArray();
+            if (clientCreateCredentialResult.Transports != null)
+            {
+                foreach (var transport in clientCreateCredentialResult.Transports)
+                {
+                    transportsArray.Put(transport);
+                }
+            }
+
+            var responseInnerAndroidJson = new JSONObject();
+            if (clientCreateCredentialResult.ClientDataJSON != null)
+            {
+                responseInnerAndroidJson.Put("clientDataJSON", CoreHelpers.Base64UrlEncode(clientCreateCredentialResult.ClientDataJSON));
+            }
+            responseInnerAndroidJson.Put("authenticatorData", CoreHelpers.Base64UrlEncode(clientCreateCredentialResult.AuthData));
+            responseInnerAndroidJson.Put("attestationObject", CoreHelpers.Base64UrlEncode(clientCreateCredentialResult.AttestationObject));
+            responseInnerAndroidJson.Put("transports", transportsArray);
+            responseInnerAndroidJson.Put("publicKeyAlgorithm", clientCreateCredentialResult.PublicKeyAlgorithm);
+            responseInnerAndroidJson.Put("publicKey", CoreHelpers.Base64UrlEncode(clientCreateCredentialResult.PublicKey));
+
+            var rootAndroidJson = new JSONObject();
+            rootAndroidJson.Put("id", CoreHelpers.Base64UrlEncode(clientCreateCredentialResult.CredentialId));
+            rootAndroidJson.Put("rawId", CoreHelpers.Base64UrlEncode(clientCreateCredentialResult.CredentialId));
+            rootAndroidJson.Put("authenticatorAttachment", "platform");
+            rootAndroidJson.Put("type", "public-key");
+            rootAndroidJson.Put("clientExtensionResults", MapExtensionsToJson(clientCreateCredentialResult.Extensions));
+            rootAndroidJson.Put("response", responseInnerAndroidJson);
+
+            var result = new Intent();
+            var publicKeyResponse = new CreatePublicKeyCredentialResponse(rootAndroidJson.ToString());
+            PendingIntentHandler.SetCreateCredentialResponse(result, publicKeyResponse);
+
+            activity.SetResult(Result.Ok, result);
+            activity.Finish();
+
+            async Task DisplayAlertAsync(string title, string message)
+            {
+                if (ServiceContainer.TryResolve<IDeviceActionService>(out var deviceActionService))
+                {
+                    await deviceActionService.DisplayAlertAsync(title, message, AppResources.Ok);
+                }
+            }
+
+            void FailAndFinish()
+            {
+                var result = new Intent();
+                PendingIntentHandler.SetCreateCredentialException(result, new CreateCredentialUnknownException());
+
+                activity.SetResult(Result.Ok, result);
+                activity.Finish();
+            }
+        }
+
+        private static Fido2CreateCredentialExtensionsParams MapExtensionsFromJson(PublicKeyCredentialCreationOptions options)
+        {
+            if (options == null || !options.Json.Has("extensions"))
+            {
+                return null;
+            }
+
+            var extensions = options.Json.GetJSONObject("extensions");
+            return new Fido2CreateCredentialExtensionsParams
+            {
+                CredProps = extensions.Has("credProps") && extensions.GetBoolean("credProps")
+            };
+        }
+
+        private static JSONObject MapExtensionsToJson(Fido2CreateCredentialExtensionsResult extensions)
+        {
+            if (extensions == null)
+            {
+                return null;
+            }
+
+            var extensionsJson = new JSONObject();
+            if (extensions.CredProps != null)
+            {
+                var credPropsJson = new JSONObject();
+                credPropsJson.Put("rk", extensions.CredProps.Rk);
+                extensionsJson.Put("credProps", credPropsJson);
+            }
+
+            return extensionsJson;
+        }
+
+        public static async Task<string> LoadFido2PrivilegedAllowedListAsync()
+        {
+            try
+            {
+                using var stream = await FileSystem.OpenAppPackageFileAsync("fido2_privileged_allow_list.json");
+                using var reader = new StreamReader(stream);
+
+                return reader.ReadToEnd();
+            }
+            catch
+            {
+                return null;
+            }
+        }
+
+        public static async Task<string> ValidateCallingAppInfoAndGetOriginAsync(CallingAppInfo callingAppInfo, string rpId)
+        {
+            if (callingAppInfo.Origin is null)
+            {
+                return await ValidateAssetLinksAndGetOriginAsync(callingAppInfo, rpId);
+            }
+
+            var privilegedAllowedList = await LoadFido2PrivilegedAllowedListAsync();
+            if (privilegedAllowedList is null)
+            {
+                throw new InvalidOperationException("Could not load Fido2 privileged allowed list");
+            }
+
+            if (!privilegedAllowedList.Contains($"\"package_name\": \"{callingAppInfo.PackageName}\""))
+            {
+                throw new Core.Exceptions.ValidationException(AppResources.PasskeyOperationFailedBecauseBrowserIsNotPrivileged);
+            }
+
+            try
+            {
+                return callingAppInfo.GetOrigin(privilegedAllowedList);
+            }
+            catch (Java.Lang.IllegalStateException)
+            {
+                throw new Core.Exceptions.ValidationException(AppResources.PasskeyOperationFailedBecauseBrowserSignatureDoesNotMatch);
+            }
+            catch (Java.Lang.IllegalArgumentException)
+            {
+                return null; // wrong list format
+            }
+        }
+
+        private static async Task<string> ValidateAssetLinksAndGetOriginAsync(CallingAppInfo callingAppInfo, string rpId)
+        {
+            if (!ServiceContainer.TryResolve<IAssetLinksService>(out var assetLinksService))
+            {
+                throw new InvalidOperationException("Can't resolve IAssetLinksService");
+            }
+
+            var normalizedFingerprint = callingAppInfo.GetLatestCertificationFingerprint();
+
+            var isValid = await assetLinksService.ValidateAssetLinksAsync(rpId, callingAppInfo.PackageName, normalizedFingerprint);
+
+            return isValid ? callingAppInfo.GetAndroidOrigin() : null;
+        }
+    }
+}

src/App/Platforms/Android/Autofill/CredentialProviderSelectionActivity.cs

@@ -0,0 +1,183 @@
+using Android.App;
+using Android.Content;
+using Android.Content.PM;
+using Android.OS;
+using AndroidX.Credentials;
+using AndroidX.Credentials.Provider;
+using AndroidX.Credentials.WebAuthn;
+using Bit.App.Droid.Utilities;
+using Bit.App.Abstractions;
+using Bit.Core.Abstractions;
+using Bit.Core.Utilities;
+using Bit.Core.Resources.Localization;
+using Bit.Core.Utilities.Fido2;
+using Bit.Core.Services;
+using Bit.App.Platforms.Android.Autofill;
+using AndroidX.Credentials.Exceptions;
+using Org.Json;
+
+namespace Bit.Droid.Autofill
+{
+    [Activity(
+        NoHistory = true,
+        LaunchMode = LaunchMode.SingleTop)]
+    public class CredentialProviderSelectionActivity : MauiAppCompatActivity
+    {
+        private LazyResolve<IFido2MediatorService> _fido2MediatorService = new LazyResolve<IFido2MediatorService>();
+        private LazyResolve<IFido2AndroidGetAssertionUserInterface> _fido2GetAssertionUserInterface = new LazyResolve<IFido2AndroidGetAssertionUserInterface>();
+        private LazyResolve<IVaultTimeoutService> _vaultTimeoutService = new LazyResolve<IVaultTimeoutService>();
+        private LazyResolve<IStateService> _stateService = new LazyResolve<IStateService>();
+        private LazyResolve<ICipherService> _cipherService = new LazyResolve<ICipherService>();
+        private LazyResolve<IUserVerificationMediatorService> _userVerificationMediatorService = new LazyResolve<IUserVerificationMediatorService>();
+        private LazyResolve<IDeviceActionService> _deviceActionService = new LazyResolve<IDeviceActionService>();
+
+        protected override void OnCreate(Bundle bundle)
+        {
+            Intent?.Validate();
+            base.OnCreate(bundle);
+
+            var cipherId = Intent?.GetStringExtra(CredentialProviderConstants.CredentialProviderCipherId);
+            if (string.IsNullOrEmpty(cipherId))
+            {
+                Finish();
+                return;
+            }
+
+            GetCipherAndPerformFido2AuthAsync(cipherId).FireAndForget();
+        }
+
+        //Used to avoid crash on MAUI when doing back
+        public override void OnBackPressed()
+        {
+            Finish();
+        }
+
+        private async Task GetCipherAndPerformFido2AuthAsync(string cipherId)
+        {
+            string RpId = string.Empty;
+            try
+            {
+                var getRequest = PendingIntentHandler.RetrieveProviderGetCredentialRequest(Intent);
+
+                if (getRequest is null)
+                {
+                    FailAndFinish();
+                    return;
+                }
+
+                var credentialOption = getRequest.CredentialOptions.FirstOrDefault();
+                var credentialPublic = credentialOption as GetPublicKeyCredentialOption;
+
+                var requestOptions = new PublicKeyCredentialRequestOptions(credentialPublic.RequestJson);
+                RpId = requestOptions.RpId;
+
+                var requestInfo = Intent.GetBundleExtra(CredentialProviderConstants.CredentialDataIntentExtra);
+                var credentialId = requestInfo?.GetByteArray(CredentialProviderConstants.CredentialIdIntentExtra);
+                var hasVaultBeenUnlockedInThisTransaction = Intent.GetBooleanExtra(CredentialProviderConstants.CredentialHasVaultBeenUnlockedInThisTransactionExtra, false);
+
+                var packageName = getRequest.CallingAppInfo.PackageName;
+
+                string origin;
+                try
+                {
+                    origin = await CredentialHelpers.ValidateCallingAppInfoAndGetOriginAsync(getRequest.CallingAppInfo, RpId);
+                }
+                catch (Core.Exceptions.ValidationException valEx)
+                {
+                    await _deviceActionService.Value.DisplayAlertAsync(AppResources.AnErrorHasOccurred, valEx.Message, AppResources.Ok);
+                    FailAndFinish();
+                    return;
+                }
+
+                if (origin is null)
+                {
+                    await _deviceActionService.Value.DisplayAlertAsync(AppResources.ErrorReadingPasskey, AppResources.PasskeysNotSupportedForThisApp, AppResources.Ok);
+                    FailAndFinish();
+                    return;
+                }
+
+                _fido2GetAssertionUserInterface.Value.Init(
+                    cipherId,
+                    false,
+                    () => hasVaultBeenUnlockedInThisTransaction,
+                    RpId
+                );
+
+                var clientAssertParams = new Fido2ClientAssertCredentialParams
+                {
+                    Challenge = requestOptions.GetChallenge(),
+                    RpId = RpId,
+                    AllowCredentials = new Core.Utilities.Fido2.PublicKeyCredentialDescriptor[] { new Core.Utilities.Fido2.PublicKeyCredentialDescriptor { Id = credentialId } },
+                    Origin = origin,
+                    SameOriginWithAncestors = true,
+                    UserVerification = requestOptions.UserVerification
+                };
+
+                var extraAssertParams = new Fido2ExtraAssertCredentialParams
+                (
+                    getRequest.CallingAppInfo.Origin != null ? credentialPublic.GetClientDataHash() : null,
+                    packageName
+                );
+
+                var assertResult = await _fido2MediatorService.Value.AssertCredentialAsync(clientAssertParams, extraAssertParams);
+
+                var result = new Intent();
+
+                var responseInnerAndroidJson = new JSONObject();
+                if (assertResult.ClientDataJSON != null)
+                {
+                    responseInnerAndroidJson.Put("clientDataJSON", CoreHelpers.Base64UrlEncode(assertResult.ClientDataJSON));
+                }
+                responseInnerAndroidJson.Put("authenticatorData", CoreHelpers.Base64UrlEncode(assertResult.AuthenticatorData));
+                responseInnerAndroidJson.Put("signature", CoreHelpers.Base64UrlEncode(assertResult.Signature));
+                responseInnerAndroidJson.Put("userHandle", CoreHelpers.Base64UrlEncode(assertResult.SelectedCredential.UserHandle));
+
+                var rootAndroidJson = new JSONObject();
+                rootAndroidJson.Put("id", CoreHelpers.Base64UrlEncode(assertResult.SelectedCredential.Id));
+                rootAndroidJson.Put("rawId", CoreHelpers.Base64UrlEncode(assertResult.SelectedCredential.Id));
+                rootAndroidJson.Put("authenticatorAttachment", "platform");
+                rootAndroidJson.Put("type", "public-key");
+                rootAndroidJson.Put("clientExtensionResults", new JSONObject());
+                rootAndroidJson.Put("response", responseInnerAndroidJson);
+
+                var json = rootAndroidJson.ToString();
+
+                var cred = new PublicKeyCredential(json);
+                var credResponse = new GetCredentialResponse(cred);
+                PendingIntentHandler.SetGetCredentialResponse(result, credResponse);
+
+                await MainThread.InvokeOnMainThreadAsync(() =>
+                {
+                    SetResult(Result.Ok, result);
+                    Finish();
+                });
+            }
+            catch (NotAllowedError)
+            {
+                await MainThread.InvokeOnMainThreadAsync(async () =>
+                {
+                    await _deviceActionService.Value.DisplayAlertAsync(AppResources.ErrorReadingPasskey, string.Format(AppResources.ThereWasAProblemReadingAPasskeyForXTryAgainLater, RpId), AppResources.Ok);
+                    FailAndFinish();
+                });
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+                await MainThread.InvokeOnMainThreadAsync(async () =>
+                {
+                    await _deviceActionService.Value.DisplayAlertAsync(AppResources.ErrorReadingPasskey, string.Format(AppResources.ThereWasAProblemReadingAPasskeyForXTryAgainLater, RpId), AppResources.Ok);
+                    FailAndFinish();
+                });
+            }
+        }
+
+        private void FailAndFinish()
+        {
+            var result = new Intent();
+            PendingIntentHandler.SetGetCredentialException(result, new GetCredentialUnknownException());
+
+            SetResult(Result.Ok, result);
+            Finish();
+        }
+    }
+}

src/App/Platforms/Android/Autofill/CredentialProviderService.cs

@@ -0,0 +1,168 @@
+using Android;
+using Android.App;
+using Android.Content;
+using Android.OS;
+using Android.Runtime;
+using AndroidX.Credentials.Provider;
+using Bit.Core.Abstractions;
+using Bit.Core.Utilities;
+using AndroidX.Credentials.Exceptions;
+using Bit.App.Droid.Utilities;
+using Bit.Core.Resources.Localization;
+using Bit.Core.Utilities.Fido2;
+
+namespace Bit.Droid.Autofill
+{
+    [Service(Permission = Manifest.Permission.BindCredentialProviderService, Label = "Bitwarden", Exported = true)]
+    [IntentFilter(new string[] { "android.service.credentials.CredentialProviderService" })]
+    [MetaData("android.credentials.provider", Resource = "@xml/provider")]
+    [Register("com.x8bit.bitwarden.Autofill.CredentialProviderService")]
+    public class CredentialProviderService : AndroidX.Credentials.Provider.CredentialProviderService
+    {
+        public const string GetFido2IntentAction = "PACKAGE_NAME.GET_PASSKEY";
+        public const string CreateFido2IntentAction = "PACKAGE_NAME.CREATE_PASSKEY";
+        public const int UniqueGetRequestCode = 94556023;
+        public const int UniqueCreateRequestCode = 94556024;
+
+        private readonly LazyResolve<IVaultTimeoutService> _vaultTimeoutService = new LazyResolve<IVaultTimeoutService>();
+        private readonly LazyResolve<IStateService> _stateService = new LazyResolve<IStateService>();
+        private readonly LazyResolve<ILogger> _logger = new LazyResolve<ILogger>();
+
+        public override async void OnBeginCreateCredentialRequest(BeginCreateCredentialRequest request,
+            CancellationSignal cancellationSignal, IOutcomeReceiver callback)
+        {
+            try
+            {
+                var response = await ProcessCreateCredentialsRequestAsync(request);
+                if (response != null)
+                {
+                    await MainThread.InvokeOnMainThreadAsync(() => callback.OnResult(response));
+                    return;
+                }
+            }
+            catch (Exception ex)
+            {
+                _logger.Value.Exception(ex);
+            }
+            MainThread.BeginInvokeOnMainThread(() => callback.OnError(AppResources.ErrorCreatingPasskey));
+        }
+
+        public override async void OnBeginGetCredentialRequest(BeginGetCredentialRequest request,
+            CancellationSignal cancellationSignal, IOutcomeReceiver callback)
+        {
+            try
+            {
+                await _vaultTimeoutService.Value.CheckVaultTimeoutAsync();
+                var locked = await _vaultTimeoutService.Value.IsLockedAsync();
+                if (!locked)
+                {
+                    var response = await ProcessGetCredentialsRequestAsync(request);
+                    callback.OnResult(response);
+                    return;
+                }
+
+                var intent = new Intent(ApplicationContext, typeof(MainActivity));
+                intent.PutExtra(CredentialProviderConstants.Fido2CredentialAction, CredentialProviderConstants.Fido2CredentialGet);
+                var pendingIntent = PendingIntent.GetActivity(ApplicationContext, UniqueGetRequestCode, intent,
+                    AndroidHelpers.AddPendingIntentMutabilityFlag(PendingIntentFlags.UpdateCurrent, true));
+
+                var unlockAction = new AuthenticationAction(AppResources.Unlock, pendingIntent);
+
+                var unlockResponse = new BeginGetCredentialResponse.Builder()
+                    .SetAuthenticationActions(new List<AuthenticationAction>() { unlockAction } )
+                    .Build();
+                callback.OnResult(unlockResponse);
+            }
+            catch (GetCredentialException e)
+            {
+                _logger.Value.Exception(e);
+                callback.OnError(e.ErrorMessage ?? AppResources.ErrorReadingPasskey);
+            }
+            catch (Exception e)
+            {
+                _logger.Value.Exception(e);
+                callback.OnError(AppResources.ErrorReadingPasskey);
+            }
+        }
+
+        private async Task<BeginCreateCredentialResponse> ProcessCreateCredentialsRequestAsync(
+            BeginCreateCredentialRequest request)
+        {
+            if (request == null) { return null; }
+
+            if (request is BeginCreatePasswordCredentialRequest beginCreatePasswordCredentialRequest)
+            {
+                //This flow can be used if Password flow needs to be implemented
+                throw new NotImplementedException();
+                //return HandleCreatePasswordQuery(beginCreatePasswordCredentialRequest);
+            }
+            else if (request is BeginCreatePublicKeyCredentialRequest beginCreatePublicKeyCredentialRequest)
+            {
+                return await HandleCreatePasskeyQueryAsync(beginCreatePublicKeyCredentialRequest);
+            }
+
+            return null;
+        }
+
+        private async Task<BeginCreateCredentialResponse> HandleCreatePasskeyQueryAsync(BeginCreatePublicKeyCredentialRequest optionRequest)
+        {
+            var intent = new Intent(ApplicationContext, typeof(MainActivity));
+            intent.PutExtra(CredentialProviderConstants.Fido2CredentialAction, CredentialProviderConstants.Fido2CredentialCreate);
+            var pendingIntent = PendingIntent.GetActivity(ApplicationContext, UniqueCreateRequestCode, intent,
+                AndroidHelpers.AddPendingIntentMutabilityFlag(PendingIntentFlags.UpdateCurrent, true));
+
+            var userEmail = await GetSafeActiveAccountEmailAsync();
+
+            var createEntryBuilder = new CreateEntry.Builder(userEmail ?? AppResources.Bitwarden, pendingIntent)
+                .SetDescription(userEmail != null
+                                    ? string.Format(AppResources.YourPasskeyWillBeSavedToYourBitwardenVaultForX, userEmail)
+                                    : AppResources.YourPasskeyWillBeSavedToYourBitwardenVault)
+                .Build();
+
+            var createCredentialResponse = new BeginCreateCredentialResponse.Builder()
+                .AddCreateEntry(createEntryBuilder);
+
+            return createCredentialResponse.Build();
+        }
+
+        private async Task<BeginGetCredentialResponse> ProcessGetCredentialsRequestAsync(
+            BeginGetCredentialRequest request)
+        {
+            var credentialEntries = new List<CredentialEntry>();
+
+            foreach (var option in request.BeginGetCredentialOptions.OfType<BeginGetPublicKeyCredentialOption>())
+            {
+                credentialEntries.AddRange(await Bit.App.Platforms.Android.Autofill.CredentialHelpers.PopulatePasskeyDataAsync(request.CallingAppInfo, option, ApplicationContext, false));
+            }
+
+            if (!credentialEntries.Any())
+            {
+                return new BeginGetCredentialResponse();
+            }
+
+            return new BeginGetCredentialResponse.Builder()
+                .SetCredentialEntries(credentialEntries)
+                .Build();
+        }
+
+        public override void OnClearCredentialStateRequest(ProviderClearCredentialStateRequest request,
+            CancellationSignal cancellationSignal, IOutcomeReceiver callback)
+        {
+            callback.OnResult(null);
+        }
+
+        private async Task<string> GetSafeActiveAccountEmailAsync()
+        {
+            try
+            {
+                return await _stateService.Value.GetEmailAsync();
+            }
+            catch (Exception ex)
+            {
+                // if it throws to get the user's email then we log and continue showing a more generic message
+                _logger.Value.Exception(ex);
+                return null;
+            }
+        }
+    }
+}

src/App/Platforms/Android/Autofill/Fido2GetAssertionUserInterface.cs

@@ -0,0 +1,77 @@
+using Bit.Core.Abstractions;
+using Bit.Core.Services;
+using Bit.Core.Utilities.Fido2;
+
+namespace Bit.App.Platforms.Android.Autofill
+{
+    public interface IFido2AndroidGetAssertionUserInterface : IFido2GetAssertionUserInterface
+    {
+        void Init(string cipherId,
+            bool userVerified,
+            Func<bool> hasVaultBeenUnlockedInThisTransaction,
+            string rpId);
+    }
+
+    public class Fido2GetAssertionUserInterface : Core.Utilities.Fido2.Fido2GetAssertionUserInterface, IFido2AndroidGetAssertionUserInterface
+    {
+        private readonly IStateService _stateService;
+        private readonly IVaultTimeoutService _vaultTimeoutService;
+        private readonly ICipherService _cipherService;
+        private readonly IUserVerificationMediatorService _userVerificationMediatorService;
+
+        public Fido2GetAssertionUserInterface(IStateService stateService, 
+            IVaultTimeoutService vaultTimeoutService,
+            ICipherService cipherService,
+            IUserVerificationMediatorService userVerificationMediatorService)
+        {
+            _stateService = stateService;
+            _vaultTimeoutService = vaultTimeoutService;
+            _cipherService = cipherService;
+            _userVerificationMediatorService = userVerificationMediatorService;
+        }
+
+        public void Init(string cipherId,
+            bool userVerified,
+            Func<bool> hasVaultBeenUnlockedInThisTransaction,
+            string rpId)
+        {
+            Init(cipherId, 
+                userVerified, 
+                EnsureAuthenAndVaultUnlockedAsync, 
+                hasVaultBeenUnlockedInThisTransaction, 
+                (cipherId, userVerificationPreference) => VerifyUserAsync(cipherId, userVerificationPreference, rpId, hasVaultBeenUnlockedInThisTransaction()));
+        }
+
+        public async Task EnsureAuthenAndVaultUnlockedAsync()
+        {
+            if (!await _stateService.IsAuthenticatedAsync() || await _vaultTimeoutService.IsLockedAsync())
+            {
+                // this should never happen but just in case.
+                throw new InvalidOperationException("Not authed or vault locked");
+            }
+        }
+
+        private async Task<bool> VerifyUserAsync(string selectedCipherId, Fido2UserVerificationPreference userVerificationPreference, string rpId, bool vaultUnlockedDuringThisTransaction)
+        {
+            try
+            {
+                var encrypted = await _cipherService.GetAsync(selectedCipherId);
+                var cipher = await encrypted.DecryptAsync();
+
+                var userVerification = await _userVerificationMediatorService.VerifyUserForFido2Async(
+                    new Fido2UserVerificationOptions(
+                        cipher?.Reprompt == Core.Enums.CipherRepromptType.Password,
+                        userVerificationPreference,
+                        vaultUnlockedDuringThisTransaction,
+                        rpId)
+                    );
+                return !userVerification.IsCancelled && userVerification.Result;
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+                return false;
+            }
+        }
+    }
+}

src/App/Platforms/Android/Autofill/Fido2MakeCredentialUserInterface.cs

@@ -0,0 +1,202 @@
+using Bit.App.Abstractions;
+using Bit.Core.Abstractions;
+using Bit.Core.Resources.Localization;
+using Bit.Core.Services;
+using Bit.Core.Utilities;
+using Bit.Core.Utilities.Fido2;
+
+namespace Bit.App.Platforms.Android.Autofill
+{
+    public class Fido2MakeCredentialUserInterface : IFido2MakeCredentialConfirmationUserInterface
+    {
+        private readonly IStateService _stateService;
+        private readonly IVaultTimeoutService _vaultTimeoutService;
+        private readonly ICipherService _cipherService;
+        private readonly IUserVerificationMediatorService _userVerificationMediatorService;
+        private readonly IDeviceActionService _deviceActionService;
+        private readonly IPlatformUtilsService _platformUtilsService;
+        private LazyResolve<IMessagingService> _messagingService = new LazyResolve<IMessagingService>();
+
+        private TaskCompletionSource<(string cipherId, bool? userVerified)> _confirmCredentialTcs;
+        private TaskCompletionSource<bool> _unlockVaultTcs;
+        private Fido2UserVerificationOptions? _currentDefaultUserVerificationOptions;
+        private Func<bool> _checkHasVaultBeenUnlockedInThisTransaction;
+
+        public Fido2MakeCredentialUserInterface(IStateService stateService,
+            IVaultTimeoutService vaultTimeoutService,
+            ICipherService cipherService,
+            IUserVerificationMediatorService userVerificationMediatorService,
+            IDeviceActionService deviceActionService,
+            IPlatformUtilsService platformUtilsService)
+        {
+            _stateService = stateService;
+            _vaultTimeoutService = vaultTimeoutService;
+            _cipherService = cipherService;
+            _userVerificationMediatorService = userVerificationMediatorService;
+            _deviceActionService = deviceActionService;
+            _platformUtilsService = platformUtilsService;
+        }
+
+        public bool HasVaultBeenUnlockedInThisTransaction => _checkHasVaultBeenUnlockedInThisTransaction?.Invoke() == true;
+
+        public bool IsConfirmingNewCredential => _confirmCredentialTcs?.Task != null && !_confirmCredentialTcs.Task.IsCompleted;
+        public bool IsWaitingUnlockVault => _unlockVaultTcs?.Task != null && !_unlockVaultTcs.Task.IsCompleted;
+
+        public async Task<(string CipherId, bool UserVerified)> ConfirmNewCredentialAsync(Fido2ConfirmNewCredentialParams confirmNewCredentialParams)
+        {
+            _confirmCredentialTcs?.TrySetCanceled();
+            _confirmCredentialTcs = null;
+            _confirmCredentialTcs = new TaskCompletionSource<(string cipherId, bool? userVerified)>();
+
+            _currentDefaultUserVerificationOptions = new Fido2UserVerificationOptions(false, confirmNewCredentialParams.UserVerificationPreference, HasVaultBeenUnlockedInThisTransaction, confirmNewCredentialParams.RpId);
+            
+            _messagingService.Value.Send(Bit.Core.Constants.CredentialNavigateToAutofillCipherMessageCommand, confirmNewCredentialParams);
+
+            var (cipherId, isUserVerified) = await _confirmCredentialTcs.Task;
+
+            var verified = isUserVerified;
+            if (verified is null)
+            {
+                var userVerification = await VerifyUserAsync(cipherId, confirmNewCredentialParams.UserVerificationPreference, confirmNewCredentialParams.RpId);
+                // TODO: If cancelled then let the user choose another cipher.
+                // I think this can be done by showing a message to the uesr and recursive calling of this method ConfirmNewCredentialAsync
+                verified = !userVerification.IsCancelled && userVerification.Result;
+            }
+
+            if (cipherId is null)
+            {
+                return await CreateNewLoginForFido2CredentialAsync(confirmNewCredentialParams, verified.Value);
+            }
+
+            return (cipherId, verified.Value);
+        }
+
+        private async Task<(string CipherId, bool UserVerified)> CreateNewLoginForFido2CredentialAsync(Fido2ConfirmNewCredentialParams confirmNewCredentialParams, bool userVerified)
+        {
+            if (!userVerified && await _userVerificationMediatorService.ShouldEnforceFido2RequiredUserVerificationAsync(new Fido2UserVerificationOptions
+                (
+                    false,
+                    confirmNewCredentialParams.UserVerificationPreference,
+                    true,
+                    confirmNewCredentialParams.RpId
+                )))
+            {
+                return (null, false);
+            }
+
+            try
+            {
+                await _deviceActionService.ShowLoadingAsync(AppResources.Loading);
+
+                var cipherId = await _cipherService.CreateNewLoginForPasskeyAsync(confirmNewCredentialParams);
+
+                await _deviceActionService.HideLoadingAsync();
+
+                return (cipherId, userVerified);
+            }
+            catch
+            {
+                await _deviceActionService.HideLoadingAsync();
+                throw;
+            }
+        }
+
+        public async Task EnsureUnlockedVaultAsync()
+        {
+            if (!await _stateService.IsAuthenticatedAsync()
+                ||
+                await _vaultTimeoutService.IsLoggedOutByTimeoutAsync()
+                ||
+                await _vaultTimeoutService.ShouldLogOutByTimeoutAsync())
+            {
+                await NavigateAndWaitForUnlockAsync(Bit.Core.Enums.NavigationTarget.HomeLogin);
+                return;
+            }
+
+            if (!await _vaultTimeoutService.IsLockedAsync())
+            {
+                return;
+            }
+
+            await NavigateAndWaitForUnlockAsync(Bit.Core.Enums.NavigationTarget.Lock);
+        }
+
+        private async Task NavigateAndWaitForUnlockAsync(Bit.Core.Enums.NavigationTarget navTarget)
+        {
+            _unlockVaultTcs?.TrySetCanceled();
+            _unlockVaultTcs = new TaskCompletionSource<bool>();
+
+            _messagingService.Value.Send(Bit.Core.Constants.NavigateToMessageCommand, navTarget);
+
+            await _unlockVaultTcs.Task;
+        }
+
+        public Task InformExcludedCredentialAsync(string[] existingCipherIds)
+        {
+            // TODO: Show excluded credential to the user in some screen.
+            return Task.FromResult(true);
+        }
+
+        public void SetCheckHasVaultBeenUnlockedInThisTransaction(Func<bool> checkHasVaultBeenUnlockedInThisTransaction)
+        {
+            _checkHasVaultBeenUnlockedInThisTransaction = checkHasVaultBeenUnlockedInThisTransaction;
+        }
+
+        public void Confirm(string cipherId, bool? userVerified) => _confirmCredentialTcs?.TrySetResult((cipherId, userVerified));
+        public void ConfirmVaultUnlocked() => _unlockVaultTcs?.TrySetResult(true);
+
+        public async Task ConfirmAsync(string cipherId, bool alreadyHasFido2Credential, bool? userVerified)
+        {
+            if (alreadyHasFido2Credential
+                &&
+                !await _platformUtilsService.ShowDialogAsync(
+                    AppResources.ThisItemAlreadyContainsAPasskeyAreYouSureYouWantToOverwriteTheCurrentPasskey,
+                    AppResources.OverwritePasskey,
+                    AppResources.Yes,
+                    AppResources.No))
+            {
+                return;
+            }
+
+            Confirm(cipherId, userVerified);
+        }
+
+        public void Cancel() => _confirmCredentialTcs?.TrySetCanceled();
+
+        public void OnConfirmationException(Exception ex) => _confirmCredentialTcs?.TrySetException(ex);
+
+        private async Task<CancellableResult<bool>> VerifyUserAsync(string selectedCipherId, Fido2UserVerificationPreference userVerificationPreference, string rpId)
+        {
+            try
+            {
+                if (selectedCipherId is null && userVerificationPreference == Fido2UserVerificationPreference.Discouraged)
+                {
+                    return new CancellableResult<bool>(false);
+                }
+
+                var shouldCheckMasterPasswordReprompt = false;
+                if (selectedCipherId != null)
+                {
+                    var encrypted = await _cipherService.GetAsync(selectedCipherId);
+                    var cipher = await encrypted.DecryptAsync();
+                    shouldCheckMasterPasswordReprompt = cipher?.Reprompt == Core.Enums.CipherRepromptType.Password;
+                }
+
+                return await _userVerificationMediatorService.VerifyUserForFido2Async(
+                    new Fido2UserVerificationOptions(
+                        shouldCheckMasterPasswordReprompt,
+                        userVerificationPreference,
+                        HasVaultBeenUnlockedInThisTransaction,
+                        rpId)
+                    );
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+                return new CancellableResult<bool>(false);
+            }
+        }
+
+        public Fido2UserVerificationOptions? GetCurrentUserVerificationOptions() => _currentDefaultUserVerificationOptions;
+    }
+}

src/App/Platforms/Android/Handlers/CustomTabbedPageHandler.cs

@@ -1,5 +1,6 @@
 using AndroidX.AppCompat.View.Menu;
 using Bit.Core.Abstractions;
+using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Google.Android.Material.BottomNavigation;
 using Microsoft.Maui.Handlers;
@@ -90,7 +91,17 @@ namespace Bit.App.Handlers
 			if(e.Item is MenuItemImpl item)
 			{
 				System.Diagnostics.Debug.WriteLine($"Tab '{item.Title}' was reselected so we'll PopToRoot.");
-                MainThread.BeginInvokeOnMainThread(async () => await _tabbedPage.CurrentPage.Navigation.PopToRootAsync());
+                MainThread.BeginInvokeOnMainThread(async () =>
+                {
+                    try
+                    {
+                        await _tabbedPage.CurrentPage.Navigation.PopToRootAsync();
+                    }
+                    catch (Exception ex)
+                    {
+                        LoggerHelper.LogEvenIfCantBeResolved(ex);
+                    }
+                });
 			}
         }
 

src/App/Platforms/Android/Handlers/HybridWebViewHandler.cs

@@ -6,10 +6,19 @@ using AWebkit = Android.Webkit;
 
 namespace Bit.App.Handlers
 {
-    public partial class HybridWebViewHandler : ViewHandler<HybridWebView, AWebkit.WebView>
+    public class HybridWebViewHandler : ViewHandler<HybridWebView, AWebkit.WebView>
     {
         private const string JSFunction = "function invokeCSharpAction(data){jsBridge.invokeAction(data);}";
 
+        public static PropertyMapper<HybridWebView, HybridWebViewHandler> PropertyMapper = new PropertyMapper<HybridWebView, HybridWebViewHandler>(ViewHandler.ViewMapper)
+        {
+            [nameof(HybridWebView.Uri)] = MapUri
+        };
+
+        public HybridWebViewHandler() : base(PropertyMapper)
+        {
+        }
+
         public HybridWebViewHandler([NotNull] IPropertyMapper mapper, CommandMapper commandMapper = null) : base(mapper, commandMapper)
         {
         }

src/App/Platforms/Android/Handlers/SwitchHandlerMappings.cs

@@ -2,7 +2,10 @@
 using Android.Graphics.Drawables;
 using Android.OS;
 using AndroidX.Core.Content.Resources;
+using AndroidX.Core.Graphics;
 using Bit.App.Droid.Utilities;
+using Bit.App.Utilities;
+using Microsoft.Maui.Platform;
 
 namespace Bit.App.Handlers
 {
@@ -37,6 +40,31 @@ namespace Bit.App.Handlers
                 };
                 handler.PlatformView.ThumbTintList = new ColorStateList(thumbStates, thumbColors);
             });
+
+            Microsoft.Maui.Handlers.SwitchHandler.Mapper.AppendToMapping(nameof(ISwitch.TrackColor), (handler, mauiSwitch) =>
+            {
+                var trackStates = new[]
+                {
+                    new[] { Android.Resource.Attribute.StateChecked }, // checked
+                    new[] { -Android.Resource.Attribute.StateChecked }, // unchecked
+                };
+
+                var selectedColor = ColorUtils.BlendARGB(ThemeHelpers.SwitchOnColor.ToArgb(), Colors.Black.ToPlatform().ToArgb(), 0.5f);
+                var unselectedColor = ColorUtils.BlendARGB(ThemeHelpers.SwitchThumbColor.ToArgb(), Colors.Black.ToPlatform().ToArgb(), 0.7f);
+                if (ThemeManager.UsingLightTheme)
+                {
+                    selectedColor = ColorUtils.BlendARGB(ThemeHelpers.SwitchOnColor.ToArgb(), Colors.White.ToPlatform().ToArgb(), 0.7f);
+                    unselectedColor = ColorUtils.BlendARGB(ThemeHelpers.SwitchThumbColor.ToArgb(), Colors.Black.ToPlatform().ToArgb(), 0.3f);
+                }
+
+                var trackColors = new int[]
+                {
+                    selectedColor,
+                    unselectedColor
+                };
+
+                handler.PlatformView.TrackTintList = new ColorStateList(trackStates, trackColors);
+            });
         }
     }
 }

src/App/Platforms/Android/MainActivity.cs

@@ -24,6 +24,7 @@ using Bit.App.Droid.Utilities;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
 using FileProvider = AndroidX.Core.Content.FileProvider;
+using Bit.Core.Utilities.Fido2;
 
 namespace Bit.Droid
 {
@@ -74,6 +75,11 @@ namespace Bit.Droid
             // this needs to be called here before base.OnCreate(...)
             Intent?.Validate();
 
+            //We need to get and set the Options before calling OnCreate as that will "trigger" CreateWindow on App.xaml.cs
+            _appOptions = GetOptions();
+            //This does not replace existing Options in App.xaml.cs if it exists already. It only updates properties in Options related with Autofill/CreateSend/etc..
+            ((Bit.App.App)Microsoft.Maui.Controls.Application.Current).SetAndroidOptions(_appOptions);
+
             base.OnCreate(savedInstanceState);
 
             _deviceActionService.SetScreenCaptureAllowedAsync().FireAndForget(_ =>
@@ -89,7 +95,6 @@ namespace Bit.Droid
                 toplayout.FilterTouchesWhenObscured = true;
             }
 
-            _appOptions = GetOptions();
             CreateNotificationChannel();
             DisableAndroidFontScale();
 
@@ -163,6 +168,13 @@ namespace Bit.Droid
             base.OnNewIntent(intent);
             try
             {
+                if (intent?.GetStringExtra(CredentialProviderConstants.Fido2CredentialAction) == CredentialProviderConstants.Fido2CredentialCreate
+                    &&
+                    _appOptions != null)
+                {
+                    _appOptions.HasUnlockedInThisTransaction = false;
+                }
+
                 if (intent?.GetStringExtra("uri") is string uri)
                 {
                     _messagingService.Send(App.App.POP_ALL_AND_GO_TO_AUTOFILL_CIPHERS_MESSAGE);
@@ -321,12 +333,15 @@ namespace Bit.Droid
 
         private AppOptions GetOptions()
         {
+            var fido2CredentialAction = Intent.GetStringExtra(CredentialProviderConstants.Fido2CredentialAction);
             var options = new AppOptions
             {
                 Uri = Intent.GetStringExtra("uri") ?? Intent.GetStringExtra(AutofillConstants.AutofillFrameworkUri),
                 MyVaultTile = Intent.GetBooleanExtra("myVaultTile", false),
                 GeneratorTile = Intent.GetBooleanExtra("generatorTile", false),
                 FromAutofillFramework = Intent.GetBooleanExtra(AutofillConstants.AutofillFramework, false),
+                Fido2CredentialAction = fido2CredentialAction,
+                FromFido2Framework = !string.IsNullOrWhiteSpace(fido2CredentialAction),
                 CreateSend = GetCreateSendRequest(Intent)
             };
             var fillType = Intent.GetIntExtra(AutofillConstants.AutofillFrameworkFillType, 0);

src/App/Platforms/Android/MainApplication.cs

@@ -12,7 +12,6 @@ using Bit.Core.Abstractions;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Bit.Droid.Services;
-using Plugin.CurrentActivity;
 using Plugin.Fingerprint;
 using Xamarin.Android.Net;
 using System.Net.Http;
@@ -21,7 +20,10 @@ using Bit.App.Utilities;
 using Bit.App.Pages;
 using Bit.App.Utilities.AccountManagement;
 using Bit.App.Controls;
+using Bit.App.Platforms.Android.Autofill;
 using Bit.Core.Enums;
+using Bit.Core.Services.UserVerification;
+
 #if !FDROID
 using Android.Gms.Security;
 #endif
@@ -86,6 +88,57 @@ namespace Bit.Droid
                     ServiceContainer.Resolve<IWatchDeviceService>(),
                     ServiceContainer.Resolve<IConditionedAwaiterManager>());
                 ServiceContainer.Register<IAccountsManager>("accountsManager", accountsManager);
+
+                var userPinService = new UserPinService(
+                    ServiceContainer.Resolve<IStateService>(),
+                    ServiceContainer.Resolve<ICryptoService>(),
+                    ServiceContainer.Resolve<IVaultTimeoutService>());
+                ServiceContainer.Register<IUserPinService>(userPinService);
+
+                var userVerificationMediatorService = new UserVerificationMediatorService(
+                    ServiceContainer.Resolve<IPlatformUtilsService>("platformUtilsService"),
+                    ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"),
+                    userPinService,
+                    deviceActionService,
+                    ServiceContainer.Resolve<IUserVerificationService>());
+                ServiceContainer.Register<IUserVerificationMediatorService>(userVerificationMediatorService);
+
+                var fido2AuthenticatorService = new Fido2AuthenticatorService(
+                    ServiceContainer.Resolve<ICipherService>(),
+                    ServiceContainer.Resolve<ISyncService>(),
+                    ServiceContainer.Resolve<ICryptoFunctionService>(),
+                    userVerificationMediatorService);
+                ServiceContainer.Register<IFido2AuthenticatorService>(fido2AuthenticatorService);
+
+                var fido2GetAssertionUserInterface = new Fido2GetAssertionUserInterface(
+                    ServiceContainer.Resolve<IStateService>(),
+                    ServiceContainer.Resolve<IVaultTimeoutService>(),
+                    ServiceContainer.Resolve<ICipherService>(),
+                    ServiceContainer.Resolve<IUserVerificationMediatorService>());
+                ServiceContainer.Register<IFido2AndroidGetAssertionUserInterface>(fido2GetAssertionUserInterface);                
+
+                var fido2MakeCredentialUserInterface = new Fido2MakeCredentialUserInterface(
+                    ServiceContainer.Resolve<IStateService>(),
+                    ServiceContainer.Resolve<IVaultTimeoutService>(),
+                    ServiceContainer.Resolve<ICipherService>(),
+                    ServiceContainer.Resolve<IUserVerificationMediatorService>(),
+                    ServiceContainer.Resolve<IDeviceActionService>(),
+                    ServiceContainer.Resolve<IPlatformUtilsService>());
+                ServiceContainer.Register<IFido2MakeCredentialConfirmationUserInterface>(fido2MakeCredentialUserInterface);
+
+                var fido2ClientService = new Fido2ClientService(
+                    ServiceContainer.Resolve<IStateService>(),
+                    ServiceContainer.Resolve<IEnvironmentService>(),
+                    ServiceContainer.Resolve<ICryptoFunctionService>(),
+                    ServiceContainer.Resolve<IFido2AuthenticatorService>(),
+                    fido2GetAssertionUserInterface,
+                    fido2MakeCredentialUserInterface);
+                ServiceContainer.Register<IFido2ClientService>(fido2ClientService);
+
+                ServiceContainer.Register<IFido2MediatorService>(new Fido2MediatorService(
+                    fido2AuthenticatorService,
+                    fido2ClientService,
+                    ServiceContainer.Resolve<ICipherService>()));
             }
 #if !FDROID
             if (Build.VERSION.SdkInt <= BuildVersionCodes.Kitkat)
@@ -101,7 +154,6 @@ namespace Bit.Droid
         {
             base.OnCreate();
             Bootstrap();
-            CrossCurrentActivity.Current.Init(this);
         }
 
         public void OnProviderInstallFailed(int errorCode, Intent recoveryIntent)
@@ -136,7 +188,7 @@ namespace Bit.Droid
             //    });
             //    ZXing.Net.Mobile.Forms.Android.Platform.Init();
             //});
-            CrossFingerprint.SetCurrentActivityResolver(() => CrossCurrentActivity.Current.Activity);
+            CrossFingerprint.SetCurrentActivityResolver(() => Microsoft.Maui.ApplicationModel.Platform.CurrentActivity);
 
             var preferencesStorage = new PreferencesStorageService(null);
             var localAppDataFolderPath = System.Environment.GetFolderPath(System.Environment.SpecialFolder.LocalApplicationData);
@@ -160,9 +212,8 @@ namespace Bit.Droid
             var autofillHandler = new AutofillHandler(stateService, messagingService, clipboardService,
                 platformUtilsService, new LazyResolve<IEventService>());
             var cryptoFunctionService = new PclCryptoFunctionService(cryptoPrimitiveService);
-            var cryptoService = new CryptoService(stateService, cryptoFunctionService);
+            var cryptoService = new CryptoService(stateService, cryptoFunctionService, logger);
             var biometricService = new BiometricService(stateService, cryptoService);
-            var userPinService = new UserPinService(stateService, cryptoService);
             var passwordRepromptService = new MobilePasswordRepromptService(platformUtilsService, cryptoService, stateService);
 
             ServiceContainer.Register<ISynchronousStorageService>(preferencesStorage);
@@ -186,7 +237,6 @@ namespace Bit.Droid
             ServiceContainer.Register<ICryptoService>("cryptoService", cryptoService);
             ServiceContainer.Register<IPasswordRepromptService>("passwordRepromptService", passwordRepromptService);
             ServiceContainer.Register<IAvatarImageSourcePool>("avatarImageSourcePool", new AvatarImageSourcePool());
-            ServiceContainer.Register<IUserPinService>(userPinService);
 
             // Push
 #if FDROID

src/App/Platforms/Android/Push/FirebaseMessagingService.cs

@@ -1,8 +1,9 @@
-#if !FDROID
+#if !FDROID
 using System;
 using Android.App;
 using Bit.App.Abstractions;
 using Bit.Core.Abstractions;
+using Bit.Core.Enums;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Firebase.Messaging;
@@ -20,7 +21,7 @@ namespace Bit.Droid.Push
             try { 
                 var stateService = ServiceContainer.Resolve<IStateService>("stateService");
                 var pushNotificationService = ServiceContainer.Resolve<IPushNotificationService>("pushNotificationService");
-            
+
                 await stateService.SetPushRegisteredTokenAsync(token);
                 await pushNotificationService.RegisterAsync();
             }
@@ -38,13 +39,33 @@ namespace Bit.Droid.Push
                 {
                     return;
                 }
-                var data = message.Data.ContainsKey("data") ? message.Data["data"] : null;
-                if (data == null)
+
+                JObject obj = null;
+                if (message.Data.TryGetValue("data", out var data))
+                {
+                    // Legacy GCM format
+                    obj = JObject.Parse(data);
+                }
+                else if (message.Data.TryGetValue("type", out var typeData) &&
+                    Enum.TryParse(typeData, out NotificationType type))
+                {
+                    // New FCMv1 format
+                    obj = new JObject
+                    {
+                        { "type", (int)type }
+                    };
+
+                    if (message.Data.TryGetValue("payload", out var payloadData))
+                    {
+                        obj.Add("payload", payloadData);
+                    }
+                }
+
+                if (obj == null)
                 {
                     return;
                 }
 
-                var obj = JObject.Parse(data);
                 var listener = ServiceContainer.Resolve<IPushNotificationListenerService>(
                     "pushNotificationListenerService");
                 await listener.OnMessageAsync(obj, Device.Android);

src/App/Platforms/Android/Resources/values-night/styles.xml

@@ -7,7 +7,7 @@
     <item name="android:windowSplashScreenAnimatedIcon">@drawable/splash_screen_round</item>
   </style>
 
-  <style name="BaseTheme" parent="Theme.AppCompat">
+  <style name="BaseTheme" parent="Theme.MaterialComponents.Light.DarkActionBar">
     <item name="windowNoTitle">true</item>
     <item name="windowActionBar">false</item>
     <item name="colorPrimaryDark">@color/dark_notificationBar</item>
@@ -18,10 +18,6 @@
     <item name="android:colorActivatedHighlight">@android:color/transparent</item>
     <item name="android:textCursorDrawable">@null</item>
     <item name="popupTheme">@style/ThemeOverlay.AppCompat</item>
-    <item name="buttonStyle">@style/ButtonStyle</item>
-  </style>
-
-  <style name="ButtonStyle" parent="Widget.AppCompat.Button">
     <item name="android:textAllCaps">false</item>
   </style>
 </resources>

src/App/Platforms/Android/Resources/values/styles.xml

@@ -20,11 +20,6 @@
     <item name="android:colorActivatedHighlight">@android:color/transparent</item>
     <item name="android:textCursorDrawable">@null</item>
     <item name="popupTheme">@style/ThemeOverlay.AppCompat.Light</item>
-    <item name="buttonStyle">@style/ButtonStyle</item>
     <item name="android:textAllCaps">false</item>
-  </style>
-
-  <style name="ButtonStyle" parent="Widget.AppCompat.Button">
-    <item name="android:textAllCaps">false</item>
-  </style>      
+  </style> 
 </resources>

src/App/Platforms/Android/Resources/xml/autofillservice.xml

@@ -236,6 +236,9 @@
   <compatibility-package
     android:name="org.codeaurora.swe.browser"
     android:maxLongVersionCode="10000000000"/>
+  <compatibility-package
+    android:name="org.cromite.cromite"
+    android:maxLongVersionCode="10000000000"/>
   <compatibility-package
     android:name="org.gnu.icecat"
     android:maxLongVersionCode="10000000000"/>

src/App/Platforms/Android/Resources/xml/provider.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<credential-provider xmlns:android="http://schemas.android.com/apk/res/android">
+    <capabilities>
+        <capability name="androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" />
+    </capabilities>
+</credential-provider>

src/App/Platforms/Android/Services/AndroidPushNotificationService.cs

@@ -79,24 +79,29 @@ namespace Bit.Droid.Services
             }
             
             var context = Android.App.Application.Context;
-            var intent = new Intent(context, typeof(MainActivity));
-            intent.PutExtra(Bit.Core.Constants.NotificationData, JsonConvert.SerializeObject(data));
-            var pendingIntentFlags = AndroidHelpers.AddPendingIntentMutabilityFlag(PendingIntentFlags.UpdateCurrent, true);
-            var pendingIntent = PendingIntent.GetActivity(context, 20220801, intent, pendingIntentFlags);
+            var intent = context.PackageManager?.GetLaunchIntentForPackage(context.PackageName ?? string.Empty);
 
-            var deleteIntent = new Intent(context, typeof(NotificationDismissReceiver));
-            deleteIntent.PutExtra(Bit.Core.Constants.NotificationData, JsonConvert.SerializeObject(data));
-            var deletePendingIntent = PendingIntent.GetBroadcast(context, 20220802, deleteIntent, pendingIntentFlags);
+            var builder = new NotificationCompat.Builder(context, Bit.Core.Constants.AndroidNotificationChannelId);
+            if(intent != null && context.PackageManager != null && !string.IsNullOrEmpty(context.PackageName))
+            {
+                intent.PutExtra(Bit.Core.Constants.NotificationData, JsonConvert.SerializeObject(data));
+                var pendingIntentFlags = AndroidHelpers.AddPendingIntentMutabilityFlag(PendingIntentFlags.UpdateCurrent, true);
+                var pendingIntent = PendingIntent.GetActivity(context, 20220801, intent, pendingIntentFlags);
 
-            var builder = new NotificationCompat.Builder(context, Bit.Core.Constants.AndroidNotificationChannelId)
-               .SetContentIntent(pendingIntent)
-               .SetContentTitle(title)
+                var deleteIntent = new Intent(context, typeof(NotificationDismissReceiver));
+                deleteIntent.PutExtra(Bit.Core.Constants.NotificationData, JsonConvert.SerializeObject(data));
+                var deletePendingIntent = PendingIntent.GetBroadcast(context, 20220802, deleteIntent, pendingIntentFlags);
+
+                builder.SetContentIntent(pendingIntent)
+                    .SetDeleteIntent(deletePendingIntent);
+            }
+            
+            builder.SetContentTitle(title)
                .SetContentText(message)
                .SetSmallIcon(Bit.Core.Resource.Drawable.ic_notification)
                .SetColor((int)Android.Graphics.Color.White)
-               .SetDeleteIntent(deletePendingIntent)
                .SetAutoCancel(true);
-
+            
             if (data is PasswordlessNotificationData passwordlessNotificationData && passwordlessNotificationData.TimeoutInMinutes > 0)
             {
                 builder.SetTimeoutAfter(passwordlessNotificationData.TimeoutInMinutes * 60000);

src/App/Platforms/Android/Services/AutofillHandler.cs

@@ -1,18 +1,17 @@
-using System.Linq;
-using System.Threading.Tasks;
-using Android.App;
+using Android.App;
 using Android.App.Assist;
 using Android.Content;
+using Android.Credentials;
 using Android.OS;
 using Android.Provider;
 using Android.Views.Autofill;
+using Bit.App.Abstractions;
 using Bit.Core.Resources.Localization;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Models.View;
 using Bit.Core.Utilities;
 using Bit.Droid.Autofill;
-using Plugin.CurrentActivity;
 using Application = Android.App.Application;
 
 namespace Bit.Droid.Services
@@ -38,6 +37,42 @@ namespace Bit.Droid.Services
             _eventService = eventService;
         }
 
+        public bool CredentialProviderServiceEnabled()
+        {
+            if (Build.VERSION.SdkInt < BuildVersionCodes.UpsideDownCake)
+            {
+                return false;
+            }
+
+            try
+            {
+                var activity = (MainActivity)Platform.CurrentActivity;
+                if (activity == null)
+                {
+                    return false;
+                }
+
+                var credManager = activity.GetSystemService(Java.Lang.Class.FromType(typeof(CredentialManager))) as CredentialManager;
+                if (credManager == null)
+                {
+                    return false;
+                }
+
+                var credentialProviderServiceComponentName = new ComponentName(activity, Java.Lang.Class.FromType(typeof(CredentialProviderService)));
+                return credManager.IsEnabledCredentialProviderService(credentialProviderServiceComponentName);
+            }
+            catch (Java.Lang.NullPointerException) 
+            {
+                // CredentialManager API is not working fully and may return a NullPointerException even if the CredentialProviderService is working and enabled
+                // Info Here: https://developer.android.com/reference/android/credentials/CredentialManager#isEnabledCredentialProviderService(android.content.ComponentName)
+                return false;
+            }
+            catch
+            {
+                return false;
+            }
+        }
+
         public bool AutofillServiceEnabled()
         {
             if (Build.VERSION.SdkInt < BuildVersionCodes.O)
@@ -46,7 +81,7 @@ namespace Bit.Droid.Services
             }
             try
             {
-                var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+                var activity = (MainActivity)Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
                 var afm = (AutofillManager)activity.GetSystemService(
                     Java.Lang.Class.FromType(typeof(AutofillManager)));
                 return afm.IsEnabled && afm.HasEnabledAutofillServices;
@@ -65,7 +100,7 @@ namespace Bit.Droid.Services
             }
             try
             {
-                var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+                var activity = (MainActivity)Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
                 var type = Java.Lang.Class.FromType(typeof(AutofillManager));
                 var manager = activity.GetSystemService(type) as AutofillManager;
                 return manager.IsAutofillSupported;
@@ -78,7 +113,7 @@ namespace Bit.Droid.Services
 
         public void Autofill(CipherView cipher)
         {
-            var activity = CrossCurrentActivity.Current.Activity as MauiAppCompatActivity;
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity as MauiAppCompatActivity;
             if (activity == null)
             {
                 return;
@@ -164,13 +199,23 @@ namespace Bit.Droid.Services
             return Accessibility.AccessibilityHelpers.OverlayPermitted();
         }
 
-        
+        public void DisableCredentialProviderService()
+        {
+            try
+            {
+                // We should try to find a way to programmatically disable the provider service when the API allows for it.
+                // For now we'll take the user to Credential Settings so they can manually disable it
+                var deviceActionService = ServiceContainer.Resolve<IDeviceActionService>();
+                deviceActionService.OpenCredentialProviderSettings();
+            }
+            catch { }
+        }
 
         public void DisableAutofillService()
         {
             try
             {
-                var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+                var activity = (MainActivity)Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
                 var type = Java.Lang.Class.FromType(typeof(AutofillManager));
                 var manager = activity.GetSystemService(type) as AutofillManager;
                 manager.DisableAutofillServices();

src/App/Platforms/Android/Services/CryptoPrimitiveService.cs

@@ -41,13 +41,13 @@ namespace Bit.Droid.Services
             JavaSystem.LoadLibrary("argon2");
             int keySize = 32;
             var key = new byte[keySize];
-            //argon2id_hash_raw(iterations, memory, parallelism,
-            //    password, password.Length, salt, salt.Length, key, key.Length);
+            argon2id_hash_raw(iterations, memory, parallelism,
+                password, password.Length, salt, salt.Length, key, key.Length);
             return key;
         }
 
-        //[DllImport("argon2", EntryPoint = "argon2id_hash_raw")]
-        //private static extern int argon2id_hash_raw(int timeCost, int memoryCost, int parallelism,
-        //    byte[] pwd, int pwdlen, byte[] salt, int saltlen, byte[] hash, int hashlen);
+        [DllImport("argon2", EntryPoint = "argon2id_hash_raw")]
+        private static extern int argon2id_hash_raw(int timeCost, int memoryCost, int parallelism,
+            byte[] pwd, int pwdlen, byte[] salt, int saltlen, byte[] hash, int hashlen);
     }
 }

src/App/Platforms/Android/Services/DeviceActionService.cs

@@ -1,6 +1,4 @@
-using System;
-using System.Threading.Tasks;
-using Android.App;
+using Android.App;
 using Android.Content;
 using Android.Content.PM;
 using Android.Nfc;
@@ -11,17 +9,20 @@ using Android.Text.Method;
 using Android.Views;
 using Android.Views.InputMethods;
 using Android.Widget;
+using AndroidX.Credentials;
 using Bit.App.Abstractions;
 using Bit.Core.Resources.Localization;
 using Bit.App.Utilities;
 using Bit.App.Utilities.Prompts;
 using Bit.Core.Abstractions;
-using Bit.Core.Enums;
 using Bit.App.Droid.Utilities;
-using Plugin.CurrentActivity;
+using Bit.App.Models;
+using Bit.Droid.Autofill;
 using Microsoft.Maui.Controls.Compatibility.Platform.Android;
 using Resource = Bit.Core.Resource;
 using Application = Android.App.Application;
+using Bit.Core.Services;
+using Bit.Core.Utilities.Fido2;
 
 namespace Bit.Droid.Services
 {
@@ -66,24 +67,35 @@ namespace Bit.Droid.Services
                 _toast.Dispose();
                 _toast = null;
             }
-            _toast = Android.Widget.Toast.MakeText(CrossCurrentActivity.Current.Activity, text,
+            _toast = Android.Widget.Toast.MakeText(Microsoft.Maui.ApplicationModel.Platform.CurrentActivity, text,
                 longDuration ? ToastLength.Long : ToastLength.Short);
             _toast.Show();
         }
 
         public bool LaunchApp(string appName)
         {
-            if ((int)Build.VERSION.SdkInt < 33)
+            try
+            {
+                if ((int)Build.VERSION.SdkInt < 33)
+                {
+                    // API 33 required to avoid using wildcard app visibility or dangerous permissions
+                    // https://developer.android.com/reference/android/content/pm/PackageManager#getLaunchIntentSenderForPackage(java.lang.String)
+                    return false;
+                }
+                var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
+                appName = appName.Replace("androidapp://", string.Empty);
+                var launchIntentSender = activity?.PackageManager?.GetLaunchIntentSenderForPackage(appName);
+                launchIntentSender?.SendIntent(activity, Result.Ok, null, null, null);
+                return launchIntentSender != null;
+            }
+            catch (IntentSender.SendIntentException)
+            {
+                return false;
+            }
+            catch (Android.Util.AndroidException)
             {
-                // API 33 required to avoid using wildcard app visibility or dangerous permissions
-                // https://developer.android.com/reference/android/content/pm/PackageManager#getLaunchIntentSenderForPackage(java.lang.String)
                 return false;
             }
-            var activity = CrossCurrentActivity.Current.Activity;
-            appName = appName.Replace("androidapp://", string.Empty);
-            var launchIntentSender = activity?.PackageManager?.GetLaunchIntentSenderForPackage(appName);
-            launchIntentSender?.SendIntent(activity, Result.Ok, null, null, null);
-            return launchIntentSender != null;
         }
 
         public async Task ShowLoadingAsync(string text)
@@ -93,7 +105,7 @@ namespace Bit.Droid.Services
                 await HideLoadingAsync();
             }
 
-            var activity = CrossCurrentActivity.Current.Activity;
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
             var inflater = (LayoutInflater)activity.GetSystemService(Context.LayoutInflaterService);
             var dialogView = inflater.Inflate(Resource.Layout.progress_dialog_layout, null);
             
@@ -159,7 +171,7 @@ namespace Bit.Droid.Services
                 }
 
                 // Finally if all else fails, let's see if current activity is MainActivity
-                if (CrossCurrentActivity.Current.Activity is MainActivity activity && IsAlive(activity))
+                if (Microsoft.Maui.ApplicationModel.Platform.CurrentActivity is MainActivity activity && IsAlive(activity))
                 {
                     activity.RunOnUiThread(actionDismiss);
                     return Task.CompletedTask;
@@ -193,7 +205,7 @@ namespace Bit.Droid.Services
             string text = null, string okButtonText = null, string cancelButtonText = null,
             bool numericKeyboard = false, bool autofocus = true, bool password = false)
         {
-            var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
             if (activity == null)
             {
                 return Task.FromResult<string>(null);
@@ -250,7 +262,7 @@ namespace Bit.Droid.Services
 
         public Task<ValidatablePromptResponse?> DisplayValidatablePromptAsync(ValidatablePromptConfig config)
         {
-            var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
             if (activity == null)
             {
                 return Task.FromResult<ValidatablePromptResponse?>(null);
@@ -327,7 +339,7 @@ namespace Bit.Droid.Services
 
         public void RateApp()
         {
-            var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
             try
             {
                 var rateIntent = RateIntentForUrl("market://details", activity);
@@ -360,14 +372,14 @@ namespace Bit.Droid.Services
 
         public bool SupportsNfc()
         {
-            var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
             var manager = activity.GetSystemService(Context.NfcService) as NfcManager;
             return manager.DefaultAdapter?.IsEnabled ?? false;
         }
 
         public bool SupportsCamera()
         {
-            var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
             return activity.PackageManager.HasSystemFeature(PackageManager.FeatureCamera);
         }
 
@@ -383,7 +395,7 @@ namespace Bit.Droid.Services
 
         public Task<string> DisplayAlertAsync(string title, string message, string cancel, params string[] buttons)
         {
-            var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
             if (activity == null)
             {
                 return Task.FromResult<string>(null);
@@ -464,7 +476,7 @@ namespace Bit.Droid.Services
 
         public void OpenAccessibilityOverlayPermissionSettings()
         {
-            var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
             try
             {
                 var intent = new Intent(Settings.ActionManageOverlayPermission);
@@ -491,11 +503,32 @@ namespace Bit.Droid.Services
             }
         }
 
+        public void OpenCredentialProviderSettings()
+        {
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
+            try
+            {
+                var pendingIntent = ICredentialManager.Create(activity).CreateSettingsPendingIntent();
+                pendingIntent.Send();
+            }
+            catch (ActivityNotFoundException)
+            {
+                var alertBuilder = new AlertDialog.Builder(activity);
+                alertBuilder.SetMessage(AppResources.BitwardenCredentialProviderGoToSettings);
+                alertBuilder.SetCancelable(true);
+                alertBuilder.SetPositiveButton(AppResources.Ok, (sender, args) =>
+                {
+                    (sender as AlertDialog)?.Cancel();
+                });
+                alertBuilder.Create().Show();
+            }
+        }
+
         public void OpenAccessibilitySettings()
         {
             try
             {
-                var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+                var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
                 var intent = new Intent(Settings.ActionAccessibilitySettings);
                 activity.StartActivity(intent);
             }
@@ -504,7 +537,7 @@ namespace Bit.Droid.Services
 
         public void OpenAutofillSettings()
         {
-            var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
             try
             {
                 var intent = new Intent(Settings.ActionRequestSetAutofillService);
@@ -532,10 +565,92 @@ namespace Bit.Droid.Services
             // ref: https://developer.android.com/reference/android/os/SystemClock#elapsedRealtime()
             return SystemClock.ElapsedRealtime();
         }
+
+        public async Task ExecuteFido2CredentialActionAsync(AppOptions appOptions)
+        {
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
+            if (activity == null || string.IsNullOrWhiteSpace(appOptions.Fido2CredentialAction))
+            {
+                return;
+            }
+
+            if (appOptions.Fido2CredentialAction == CredentialProviderConstants.Fido2CredentialGet)
+            {
+                await ExecuteFido2GetCredentialAsync(appOptions);
+            }
+            else if (appOptions.Fido2CredentialAction == CredentialProviderConstants.Fido2CredentialCreate)
+            {
+                await ExecuteFido2CreateCredentialAsync();
+            }
+
+            // Clear CredentialAction and FromFido2Framework values to avoid erratic behaviors in subsequent navigation/flows
+            // For Fido2CredentialGet these are no longer needed as a new Activity will be initiated.
+            // For Fido2CredentialCreate the app will rely on IFido2MakeCredentialConfirmationUserInterface.IsConfirmingNewCredential
+            appOptions.Fido2CredentialAction = null;
+            appOptions.FromFido2Framework = false;
+        }
+
+        private async Task ExecuteFido2GetCredentialAsync(AppOptions appOptions)
+        {
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
+            if (activity == null) 
+            {
+                return; 
+            }
+
+            try
+            {
+                var request = AndroidX.Credentials.Provider.PendingIntentHandler.RetrieveBeginGetCredentialRequest(activity.Intent);
+                var response = new AndroidX.Credentials.Provider.BeginGetCredentialResponse();;
+                var credentialEntries = new List<AndroidX.Credentials.Provider.CredentialEntry>();
+                foreach (var option in request.BeginGetCredentialOptions.OfType<AndroidX.Credentials.Provider.BeginGetPublicKeyCredentialOption>())
+                {
+                    credentialEntries.AddRange(await Bit.App.Platforms.Android.Autofill.CredentialHelpers.PopulatePasskeyDataAsync(request.CallingAppInfo, option, activity, appOptions.HasUnlockedInThisTransaction));
+                }
+
+                if (credentialEntries.Any())
+                {
+                    response = new AndroidX.Credentials.Provider.BeginGetCredentialResponse.Builder()
+                        .SetCredentialEntries(credentialEntries)
+                        .Build();
+                }
+
+                var result = new Android.Content.Intent();
+                AndroidX.Credentials.Provider.PendingIntentHandler.SetBeginGetCredentialResponse(result, response);
+                activity.SetResult(Result.Ok, result);
+                activity.Finish();
+            }
+            catch (Exception ex)
+            {
+                Bit.Core.Services.LoggerHelper.LogEvenIfCantBeResolved(ex);
+
+                activity.SetResult(Result.Canceled);
+                activity.Finish();
+            }
+        }
+
+        private async Task ExecuteFido2CreateCredentialAsync()
+        {
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
+            if (activity == null) { return; }
+
+            try
+            {
+                var getRequest = AndroidX.Credentials.Provider.PendingIntentHandler.RetrieveProviderCreateCredentialRequest(activity.Intent);
+                await Bit.App.Platforms.Android.Autofill.CredentialHelpers.CreateCipherPasskeyAsync(getRequest, activity);
+            }
+            catch (Exception ex)
+            {
+                Bit.Core.Services.LoggerHelper.LogEvenIfCantBeResolved(ex);
+
+                activity.SetResult(Result.Canceled);
+                activity.Finish();
+            }
+        }
         
         public void CloseMainApp()
         {
-            var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
             if (activity == null)
             {
                 return;
@@ -549,6 +664,8 @@ namespace Bit.Droid.Services
             return true;
         }
 
+        public bool SupportsCredentialProviderService() => Build.VERSION.SdkInt >= BuildVersionCodes.UpsideDownCake;
+
         public bool SupportsAutofillServices() => Build.VERSION.SdkInt >= BuildVersionCodes.O;
 
         public bool SupportsInlineAutofill() => Build.VERSION.SdkInt >= BuildVersionCodes.R;
@@ -574,7 +691,7 @@ namespace Bit.Droid.Services
 
         public float GetSystemFontSizeScale()
         {
-            var activity = CrossCurrentActivity.Current?.Activity as MainActivity;
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
             return activity?.Resources?.Configuration?.FontScale ?? 1;
         }
         
@@ -585,7 +702,7 @@ namespace Bit.Droid.Services
 
         public async Task SetScreenCaptureAllowedAsync()
         {
-            var activity = CrossCurrentActivity.Current?.Activity;
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
             if (await _stateService.GetScreenCaptureAllowedAsync())
             {
                 activity.RunOnUiThread(() => activity.Window.ClearFlags(WindowManagerFlags.Secure));

src/App/Platforms/Android/Services/FileService.cs

@@ -13,7 +13,6 @@ using AndroidX.Core.Content;
 using Bit.Core.Resources.Localization;
 using Bit.Core;
 using Bit.Core.Abstractions;
-using Plugin.CurrentActivity;
 using FileProvider = AndroidX.Core.Content.FileProvider;
 
 namespace Bit.Droid.Services
@@ -43,7 +42,7 @@ namespace Bit.Droid.Services
         {
             try
             {
-                var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+                var activity = (MainActivity)Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
                 var intent = BuildOpenFileIntent(fileData, fileName);
                 if (intent == null)
                 {
@@ -60,7 +59,7 @@ namespace Bit.Droid.Services
         {
             try
             {
-                var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+                var activity = (MainActivity)Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
                 var intent = BuildOpenFileIntent(new byte[0], string.Concat("opentest_", fileName));
                 if (intent == null)
                 {
@@ -87,7 +86,7 @@ namespace Bit.Droid.Services
                 return null;
             }
 
-            var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+            var activity = (MainActivity)Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
             var cachePath = activity.CacheDir;
             var filePath = Path.Combine(cachePath.Path, fileName);
             File.WriteAllBytes(filePath, fileData);
@@ -114,7 +113,7 @@ namespace Bit.Droid.Services
         {
             try
             {
-                var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+                var activity = (MainActivity)Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
 
                 if (contentUri != null)
                 {
@@ -162,7 +161,7 @@ namespace Bit.Droid.Services
         {
             try
             {
-                DeleteDir(CrossCurrentActivity.Current.Activity.CacheDir);
+                DeleteDir(Microsoft.Maui.ApplicationModel.Platform.CurrentActivity?.CacheDir);
                 await _stateService.SetLastFileCacheClearAsync(DateTime.UtcNow);
             }
             catch (Exception) { }
@@ -170,7 +169,7 @@ namespace Bit.Droid.Services
 
         public Task SelectFileAsync()
         {
-            var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+            var activity = (MainActivity)Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
             var hasStorageWritePermission = !_cameraPermissionsDenied &&
                 HasPermission(Manifest.Permission.WriteExternalStorage);
             var additionalIntents = new List<IParcelable>();
@@ -249,20 +248,30 @@ namespace Bit.Droid.Services
 
         private bool HasPermission(string permission)
         {
-            return ContextCompat.CheckSelfPermission(
-                CrossCurrentActivity.Current.Activity, permission) == Permission.Granted;
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
+            if (activity != null)
+            {
+                return ContextCompat.CheckSelfPermission(activity, permission) == Permission.Granted;
+            }
+            else
+            {
+                return false;
+            }
         }
 
         private void AskPermission(string permission)
         {
-            ActivityCompat.RequestPermissions(CrossCurrentActivity.Current.Activity, new string[] { permission },
-                Core.Constants.SelectFilePermissionRequestCode);
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
+            if (activity != null)
+            {
+                ActivityCompat.RequestPermissions(activity, new string[] { permission }, Core.Constants.SelectFilePermissionRequestCode);
+            }
         }
 
         private List<IParcelable> GetCameraIntents(Android.Net.Uri outputUri)
         {
             var intents = new List<IParcelable>();
-            var pm = CrossCurrentActivity.Current.Activity.PackageManager;
+            var pm = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity?.PackageManager;
             var captureIntent = new Intent(MediaStore.ActionImageCapture);
             var listCam = pm.QueryIntentActivities(captureIntent, 0);
             foreach (var res in listCam)

src/App/Platforms/Android/Tiles/AutofillTileService.cs

@@ -8,6 +8,7 @@ using Bit.Core.Abstractions;
 using Bit.Core.Utilities;
 using Bit.Droid.Accessibility;
 using Java.Lang;
+using Bit.App.Droid.Utilities;
 
 namespace Bit.Droid.Tile
 {
@@ -76,7 +77,7 @@ namespace Bit.Droid.Tile
             var intent = new Intent(this, typeof(AccessibilityActivity));
             intent.SetFlags(ActivityFlags.NewTask | ActivityFlags.SingleTop | ActivityFlags.ClearTop);
             intent.PutExtra("autofillTileClicked", true);
-            StartActivityAndCollapse(intent);
+            this.StartActivityAndCollapseWithIntent(intent, isMutable: true);
         }
 
         private void ShowConfigErrorDialog()

src/App/Platforms/Android/Tiles/GeneratorTileService.cs

@@ -1,15 +1,8 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-
-using Android.App;
+using Android.App;
 using Android.Content;
-using Android.OS;
 using Android.Runtime;
 using Android.Service.QuickSettings;
-using Android.Views;
-using Android.Widget;
+using Bit.App.Droid.Utilities;
 using Java.Lang;
 
 namespace Bit.Droid.Tile
@@ -62,7 +55,7 @@ namespace Bit.Droid.Tile
             var intent = new Intent(this, typeof(MainActivity));
             intent.SetFlags(ActivityFlags.NewTask | ActivityFlags.SingleTop | ActivityFlags.ClearTop);
             intent.PutExtra("generatorTile", true);
-            StartActivityAndCollapse(intent);
+            this.StartActivityAndCollapseWithIntent(intent, isMutable: false);
         }
     }
 }

src/App/Platforms/Android/Tiles/MyVaultTileService.cs

@@ -1,15 +1,8 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-
-using Android.App;
+using Android.App;
 using Android.Content;
-using Android.OS;
 using Android.Runtime;
 using Android.Service.QuickSettings;
-using Android.Views;
-using Android.Widget;
+using Bit.App.Droid.Utilities;
 using Java.Lang;
 
 namespace Bit.Droid.Tile
@@ -63,7 +56,7 @@ namespace Bit.Droid.Tile
             var intent = new Intent(this, typeof(MainActivity));
             intent.SetFlags(ActivityFlags.NewTask | ActivityFlags.SingleTop | ActivityFlags.ClearTop);
             intent.PutExtra("myVaultTile", true);
-            StartActivityAndCollapse(intent);
+            this.StartActivityAndCollapseWithIntent(intent, isMutable: false);
         }
     }
 }

src/App/Platforms/Android/Utilities/AndroidHelpers.cs

@@ -2,6 +2,7 @@
 using Android.Content;
 using Android.OS;
 using Android.Provider;
+using Android.Service.QuickSettings;
 using Bit.App.Utilities;
 
 namespace Bit.App.Droid.Utilities
@@ -64,5 +65,26 @@ namespace Bit.App.Droid.Utilities
 
             return pendingIntentFlags;
         }
+
+        public static void StartActivityAndCollapseWithIntent(this TileService service, Intent intent, bool isMutable)
+        {
+            //For Android 14+ We need to use PendingIntent instead of Intent directly. Older versions still need to use Intent.
+            if (Build.VERSION.SdkInt < BuildVersionCodes.UpsideDownCake)
+            {
+                service.StartActivityAndCollapse(intent);
+                return;
+            }
+            var pendingIntent = PendingIntent.GetActivity(
+                service.ApplicationContext,
+                0,
+                intent,
+                AddPendingIntentMutabilityFlag(PendingIntentFlags.UpdateCurrent, isMutable)
+            );
+            if (pendingIntent == null) 
+            { 
+                return; 
+            }
+            service.StartActivityAndCollapse(pendingIntent);
+        }
     }
 }

src/App/Platforms/Android/Utilities/CallingAppInfoExtensions.cs

@@ -0,0 +1,37 @@
+using Android.OS;
+using AndroidX.Credentials.Provider;
+using Bit.Core.Utilities;
+using Java.Security;
+
+namespace Bit.App.Droid.Utilities
+{
+    public static class CallingAppInfoExtensions
+    {
+        public static string GetAndroidOrigin(this CallingAppInfo callingAppInfo)
+        {
+            if (Build.VERSION.SdkInt < BuildVersionCodes.P || callingAppInfo?.SigningInfo?.GetApkContentsSigners().Any() != true)
+            {
+                return null;
+            }
+
+            var cert = callingAppInfo.SigningInfo.GetApkContentsSigners()[0].ToByteArray();
+            var md = MessageDigest.GetInstance("SHA-256");
+            var certHash = md.Digest(cert);
+            return $"android:apk-key-hash:{CoreHelpers.Base64UrlEncode(certHash)}";
+        }
+
+        public static string GetLatestCertificationFingerprint(this CallingAppInfo callingAppInfo)
+        {
+            if (callingAppInfo.SigningInfo.HasMultipleSigners)
+            {
+                return null;
+            }
+
+            var signature = callingAppInfo.SigningInfo.GetSigningCertificateHistory()[0].ToByteArray();
+            var md = MessageDigest.GetInstance("SHA-256");
+            var digestedSignature = md.Digest(signature);
+            var normalizedFingerprint = string.Join(":", digestedSignature.Select(b => b.ToString("X2")));
+            return normalizedFingerprint;
+        }
+    }
+}

src/App/Platforms/iOS/AppDelegate.cs

@@ -15,6 +15,7 @@ using CoreNFC;
 using Foundation;
 using Microsoft.Maui.Platform;
 using UIKit;
+using UserNotifications;
 using WatchConnectivity;
 
 namespace Bit.iOS
@@ -41,204 +42,253 @@ namespace Bit.iOS
         private IStateService _stateService;
         private IEventService _eventService;
 
-        private LazyResolve<IDeepLinkContext> _deepLinkContext = new LazyResolve<IDeepLinkContext>();
+        private readonly LazyResolve<IDeepLinkContext> _deepLinkContext = new LazyResolve<IDeepLinkContext>();
 
         public override bool FinishedLaunching(UIApplication app, NSDictionary options)
         {
-            InitApp();
-
-            _deviceActionService = ServiceContainer.Resolve<IDeviceActionService>("deviceActionService");
-            _messagingService = ServiceContainer.Resolve<IMessagingService>("messagingService");
-            _broadcasterService = ServiceContainer.Resolve<IBroadcasterService>("broadcasterService");
-            _storageService = ServiceContainer.Resolve<IStorageService>("storageService");
-            _stateService = ServiceContainer.Resolve<IStateService>("stateService");
-            _eventService = ServiceContainer.Resolve<IEventService>("eventService");
-
-            //LoadApplication(new App.App(null));
-            //iOSCoreHelpers.AppearanceAdjustments();
-            //ZXing.Net.Mobile.Forms.iOS.Platform.Init();
-
-            ConnectToWatchIfNeededAsync().FireAndForget();
-
-            _broadcasterService.Subscribe(nameof(AppDelegate), async (message) =>
+            try
             {
-                try
+                InitApp();
+
+                _deviceActionService = ServiceContainer.Resolve<IDeviceActionService>("deviceActionService");
+                _messagingService = ServiceContainer.Resolve<IMessagingService>("messagingService");
+                _broadcasterService = ServiceContainer.Resolve<IBroadcasterService>("broadcasterService");
+                _storageService = ServiceContainer.Resolve<IStorageService>("storageService");
+                _stateService = ServiceContainer.Resolve<IStateService>("stateService");
+                _eventService = ServiceContainer.Resolve<IEventService>("eventService");
+
+                ConnectToWatchIfNeededAsync().FireAndForget();
+
+                _broadcasterService.Subscribe(nameof(AppDelegate), async (message) =>
                 {
-                    if (message.Command == "startEventTimer")
+                    try
                     {
-                        StartEventTimer();
-                    }
-                    else if (message.Command == "stopEventTimer")
-                    {
-                        var task = StopEventTimerAsync();
-                    }
-                    else if (message.Command is ThemeManager.UPDATED_THEME_MESSAGE_KEY)
-                    {
-                        MainThread.BeginInvokeOnMainThread(() =>
+                        if (message.Command == "startEventTimer")
                         {
-                            iOSCoreHelpers.AppearanceAdjustments();
-                        });
-                    }
-                    else if (message.Command == "listenYubiKeyOTP")
-                    {
-                        iOSCoreHelpers.ListenYubiKey((bool)message.Data, _deviceActionService, _nfcSession, _nfcDelegate);
-                    }
-                    else if (message.Command == "unlocked")
-                    {
-                        var needsAutofillReplacement = await _storageService.GetAsync<bool?>(
-                            Core.Constants.AutofillNeedsIdentityReplacementKey);
-                        if (needsAutofillReplacement.GetValueOrDefault())
-                        {
-                            await ASHelpers.ReplaceAllIdentities();
+                            StartEventTimer();
                         }
-                    }
-                    else if (message.Command == "showAppExtension")
-                    {
-                        MainThread.BeginInvokeOnMainThread(() => ShowAppExtension((ExtensionPageViewModel)message.Data));
-                    }
-                    else if (message.Command == "syncCompleted")
-                    {
-                        if (message.Data is Dictionary<string, object> data && data.ContainsKey("successfully"))
+                        else if (message.Command == "stopEventTimer")
                         {
-                            var success = data["successfully"] as bool?;
-                            if (success.GetValueOrDefault() && _deviceActionService.SystemMajorVersion() >= 12)
+                            var task = StopEventTimerAsync();
+                        }
+                        else if (message.Command is ThemeManager.UPDATED_THEME_MESSAGE_KEY)
+                        {
+                            await MainThread.InvokeOnMainThreadAsync(() =>
                             {
-                                await ASHelpers.ReplaceAllIdentities();
+                                iOSCoreHelpers.AppearanceAdjustments();
+                            });
+                        }
+                        else if (message.Command == "listenYubiKeyOTP" && message.Data is bool listen)
+                        {
+                            iOSCoreHelpers.ListenYubiKey(listen, _deviceActionService, _nfcSession, _nfcDelegate);
+                        }
+                        else if (message.Command == "unlocked")
+                        {
+                            var needsAutofillReplacement = await _storageService.GetAsync<bool?>(
+                                Core.Constants.AutofillNeedsIdentityReplacementKey);
+                            if (needsAutofillReplacement.GetValueOrDefault())
+                            {
+                                await ASHelpers.ReplaceAllIdentitiesAsync();
                             }
                         }
-                    }
-                    else if (message.Command == "addedCipher" || message.Command == "editedCipher" ||
-                        message.Command == "restoredCipher")
-                    {
-                        if (_deviceActionService.SystemMajorVersion() >= 12)
+                        else if (message.Command == "showAppExtension")
                         {
-                            if (await ASHelpers.IdentitiesCanIncremental())
+                            await MainThread.InvokeOnMainThreadAsync(() => ShowAppExtension((ExtensionPageViewModel)message.Data));
+                        }
+                        else if (message.Command == "syncCompleted")
+                        {
+                            if (message.Data is Dictionary<string, object> data && data.TryGetValue("successfully", out var value))
+                            {
+                                var success = value as bool?;
+                                if (success.GetValueOrDefault() && _deviceActionService.SystemMajorVersion() >= 12)
+                                {
+                                    await ASHelpers.ReplaceAllIdentitiesAsync();
+                                }
+                            }
+                        }
+                        else if (message.Command == "addedCipher" || message.Command == "editedCipher" ||
+                            message.Command == "restoredCipher")
+                        {
+                            if (!UIDevice.CurrentDevice.CheckSystemVersion(12, 0))
+                            {
+                                return;
+                            }
+
+                            if (await ASHelpers.IdentitiesSupportIncrementalAsync())
                             {
                                 var cipherId = message.Data as string;
                                 if (message.Command == "addedCipher" && !string.IsNullOrWhiteSpace(cipherId))
                                 {
-                                    var identity = await ASHelpers.GetCipherIdentityAsync(cipherId);
+                                    var identity = await ASHelpers.GetCipherPasswordIdentityAsync(cipherId);
                                     if (identity == null)
                                     {
                                         return;
                                     }
-                                    await ASCredentialIdentityStore.SharedStore?.SaveCredentialIdentitiesAsync(
-                                        new ASPasswordCredentialIdentity[] { identity });
+                                    await ASCredentialIdentityStoreExtensions.SaveCredentialIdentitiesAsync(identity);
                                     return;
                                 }
                             }
-                            await ASHelpers.ReplaceAllIdentities();
+                            await ASHelpers.ReplaceAllIdentitiesAsync();
                         }
-                    }
-                    else if (message.Command == "deletedCipher" || message.Command == "softDeletedCipher")
-                    {
-                        if (_deviceActionService.SystemMajorVersion() >= 12)
+                        else if (message.Command == "deletedCipher" || message.Command == "softDeletedCipher")
                         {
-                            if (await ASHelpers.IdentitiesCanIncremental())
+                            if (!UIDevice.CurrentDevice.CheckSystemVersion(12, 0))
                             {
-                                var identity = ASHelpers.ToCredentialIdentity(
+                                return;
+                            }
+
+                            if (await ASHelpers.IdentitiesSupportIncrementalAsync())
+                            {
+                                var identity = ASHelpers.ToPasswordCredentialIdentity(
                                     message.Data as Bit.Core.Models.View.CipherView);
                                 if (identity == null)
                                 {
                                     return;
                                 }
-                                await ASCredentialIdentityStore.SharedStore?.RemoveCredentialIdentitiesAsync(
-                                    new ASPasswordCredentialIdentity[] { identity });
+                                await ASCredentialIdentityStoreExtensions.RemoveCredentialIdentitiesAsync(identity);
                                 return;
                             }
-                            await ASHelpers.ReplaceAllIdentities();
+                            await ASHelpers.ReplaceAllIdentitiesAsync();
                         }
-                    }
-                    else if (message.Command == "logout")
-                    {
-                        if (_deviceActionService.SystemMajorVersion() >= 12)
+                        else if (message.Command == "logout" && UIDevice.CurrentDevice.CheckSystemVersion(12, 0))
                         {
-                            await ASCredentialIdentityStore.SharedStore?.RemoveAllCredentialIdentitiesAsync();
+                            await ASCredentialIdentityStore.SharedStore.RemoveAllCredentialIdentitiesAsync();
                         }
-                    }
-                    else if ((message.Command == "softDeletedCipher" || message.Command == "restoredCipher")
-                        && _deviceActionService.SystemMajorVersion() >= 12)
-                    {
-                        await ASHelpers.ReplaceAllIdentities();
-                    }
-                    else if (message.Command == AppHelpers.VAULT_TIMEOUT_ACTION_CHANGED_MESSAGE_COMMAND)
-                    {
-                        var timeoutAction = await _stateService.GetVaultTimeoutActionAsync();
-                        if (timeoutAction == VaultTimeoutAction.Logout)
+                        else if ((message.Command == "softDeletedCipher" || message.Command == "restoredCipher")
+                            && UIDevice.CurrentDevice.CheckSystemVersion(12, 0))
                         {
-                            await ASCredentialIdentityStore.SharedStore?.RemoveAllCredentialIdentitiesAsync();
+                            await ASHelpers.ReplaceAllIdentitiesAsync();
                         }
-                        else
+                        else if (message.Command == AppHelpers.VAULT_TIMEOUT_ACTION_CHANGED_MESSAGE_COMMAND)
                         {
-                            await ASHelpers.ReplaceAllIdentities();
+                            var timeoutAction = await _stateService.GetVaultTimeoutActionAsync();
+                            if (timeoutAction == VaultTimeoutAction.Logout)
+                            {
+                                if (UIDevice.CurrentDevice.CheckSystemVersion(12, 0))
+                                {
+                                    await ASCredentialIdentityStore.SharedStore.RemoveAllCredentialIdentitiesAsync();
+                                }
+                            }
+                            else
+                            {
+                                await ASHelpers.ReplaceAllIdentitiesAsync();
+                            }
                         }
                     }
-                }
-                catch (Exception ex)
-                {
-                    LoggerHelper.LogEvenIfCantBeResolved(ex);
-                }
-            });
+                    catch (Exception ex)
+                    {
+                        LoggerHelper.LogEvenIfCantBeResolved(ex);
+                    }
+                });
 
-            var finishedLaunching = base.FinishedLaunching(app, options);
+                var finishedLaunching = base.FinishedLaunching(app, options);
 
-            ThemeManager.SetTheme(Microsoft.Maui.Controls.Application.Current.Resources);
-            iOSCoreHelpers.AppearanceAdjustments();
+                ThemeManager.SetTheme(Microsoft.Maui.Controls.Application.Current.Resources);
+                iOSCoreHelpers.AppearanceAdjustments();
 
-            return finishedLaunching;
+                return finishedLaunching;
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+                throw;
+            }
         }
 
         public override void OnResignActivation(UIApplication uiApplication)
         {
-            if (UIApplication.SharedApplication.KeyWindow != null)
+            try
             {
-                var view = new UIView(UIApplication.SharedApplication.KeyWindow.Frame)
+                if (UIApplication.SharedApplication.KeyWindow != null)
                 {
-                    Tag = SPLASH_VIEW_TAG
-                };
-                var backgroundView = new UIView(UIApplication.SharedApplication.KeyWindow.Frame)
-                {
-                    BackgroundColor = ThemeManager.GetResourceColor("SplashBackgroundColor").ToPlatform()
-                };
-                var logo = new UIImage(!ThemeManager.UsingLightTheme ? "logo_white.png" : "logo.png");
-                var frame = new CGRect(0, 0, 280, 100); //Setting image width to avoid it being larger and getting cropped on smaller devices. This harcoded size should be good even for very small devices.
-                var imageView = new UIImageView(frame)
-                {
-                    Image = logo,
-                    Center = new CGPoint(view.Center.X, view.Center.Y - 30),
-                    ContentMode = UIViewContentMode.ScaleAspectFit
-                };
-                view.AddSubview(backgroundView);
-                view.AddSubview(imageView);
-                UIApplication.SharedApplication.KeyWindow.AddSubview(view);
-                UIApplication.SharedApplication.KeyWindow.BringSubviewToFront(view);
-                UIApplication.SharedApplication.KeyWindow.EndEditing(true);
+                    var view = new UIView(UIApplication.SharedApplication.KeyWindow.Frame)
+                    {
+                        Tag = SPLASH_VIEW_TAG
+                    };
+                    var backgroundView = new UIView(UIApplication.SharedApplication.KeyWindow.Frame)
+                    {
+                        BackgroundColor = ThemeManager.GetResourceColor("SplashBackgroundColor").ToPlatform()
+                    };
+                    var logo = new UIImage(!ThemeManager.UsingLightTheme ? "logo_white.png" : "logo.png");
+                    var frame = new CGRect(0, 0, 280, 100); //Setting image width to avoid it being larger and getting cropped on smaller devices. This harcoded size should be good even for very small devices.
+                    var imageView = new UIImageView(frame)
+                    {
+                        Image = logo,
+                        Center = new CGPoint(view.Center.X, view.Center.Y - 30),
+                        ContentMode = UIViewContentMode.ScaleAspectFit
+                    };
+                    view.AddSubview(backgroundView);
+                    view.AddSubview(imageView);
+                    UIApplication.SharedApplication.KeyWindow.AddSubview(view);
+                    UIApplication.SharedApplication.KeyWindow.BringSubviewToFront(view);
+                    UIApplication.SharedApplication.KeyWindow.EndEditing(true);
+                }
+                base.OnResignActivation(uiApplication);
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+                throw;
             }
-            base.OnResignActivation(uiApplication);
         }
 
         public override void DidEnterBackground(UIApplication uiApplication)
         {
-            _stateService?.SetLastActiveTimeAsync(_deviceActionService.GetActiveTime());
-            _messagingService?.Send("slept");
-            base.DidEnterBackground(uiApplication);
+            try
+            {
+                if (_stateService != null && _deviceActionService != null)
+                {
+                    _stateService.SetLastActiveTimeAsync(_deviceActionService.GetActiveTime());
+                }
+
+                _messagingService?.Send("slept");
+                base.DidEnterBackground(uiApplication);
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+                throw;
+            }
         }
 
-        public override void OnActivated(UIApplication uiApplication)
+        public override async void OnActivated(UIApplication uiApplication)
         {
-            base.OnActivated(uiApplication);
-            UIApplication.SharedApplication.ApplicationIconBadgeNumber = 0;
-            UIApplication.SharedApplication.KeyWindow?
-                .ViewWithTag(SPLASH_VIEW_TAG)?
-                .RemoveFromSuperview();
+            try
+            {
+                base.OnActivated(uiApplication);
 
-            ThemeManager.UpdateThemeOnPagesAsync();
+                if (UIDevice.CurrentDevice.CheckSystemVersion(17, 0))
+                {
+                    await UNUserNotificationCenter.Current.SetBadgeCountAsync(0);
+                }
+                else
+                {
+                    UIApplication.SharedApplication.ApplicationIconBadgeNumber = 0;
+                }
+
+                UIApplication.SharedApplication.KeyWindow?
+                    .ViewWithTag(SPLASH_VIEW_TAG)?
+                    .RemoveFromSuperview();
+
+                ThemeManager.UpdateThemeOnPagesAsync();
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+            }
         }
 
         public override void WillEnterForeground(UIApplication uiApplication)
         {
-            _messagingService?.Send(AppHelpers.RESUMED_MESSAGE_COMMAND);
-            base.WillEnterForeground(uiApplication);
+            try
+            {
+                _messagingService?.Send(AppHelpers.RESUMED_MESSAGE_COMMAND);
+                base.WillEnterForeground(uiApplication);
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+            }
         }
 
         [Export("application:openURL:sourceApplication:annotation:")]
@@ -249,15 +299,30 @@ namespace Bit.iOS
 
         public override bool OpenUrl(UIApplication app, NSUrl url, NSDictionary options)
         {
-            return _deepLinkContext.Value.OnNewUri(url) || base.OpenUrl(app, url, options);
+            try
+            {
+                return _deepLinkContext.Value.OnNewUri(url) || base.OpenUrl(app, url, options);
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+                return false;
+            }
         }
 
         public override bool ContinueUserActivity(UIApplication application, NSUserActivity userActivity,
             UIApplicationRestorationHandler completionHandler)
         {
-            if (Microsoft.Maui.ApplicationModel.Platform.ContinueUserActivity(application, userActivity, completionHandler))
+            try
             {
-                return true;
+                if (Microsoft.Maui.ApplicationModel.Platform.ContinueUserActivity(application, userActivity, completionHandler))
+                {
+                    return true;
+                }
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
             }
             return base.ContinueUserActivity(application, userActivity, completionHandler);
         }
@@ -265,33 +330,68 @@ namespace Bit.iOS
         [Export("application:didFailToRegisterForRemoteNotificationsWithError:")]
         public void FailedToRegisterForRemoteNotifications(UIApplication application, NSError error)
         {
-            _pushHandler?.OnErrorReceived(error);
+            try
+            {
+                _pushHandler?.OnErrorReceived(error);
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+            }
         }
 
         [Export("application:didRegisterForRemoteNotificationsWithDeviceToken:")]
         public void RegisteredForRemoteNotifications(UIApplication application, NSData deviceToken)
         {
-            _pushHandler?.OnRegisteredSuccess(deviceToken);
+            try
+            {
+                _pushHandler?.OnRegisteredSuccess(deviceToken);
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+            }
         }
 
         [Export("application:didRegisterUserNotificationSettings:")]
         public void DidRegisterUserNotificationSettings(UIApplication application,
             UIUserNotificationSettings notificationSettings)
         {
-            application.RegisterForRemoteNotifications();
+            try
+            {
+                application.RegisterForRemoteNotifications();
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+            }
         }
 
         [Export("application:didReceiveRemoteNotification:fetchCompletionHandler:")]
         public void DidReceiveRemoteNotification(UIApplication application, NSDictionary userInfo,
             Action<UIBackgroundFetchResult> completionHandler)
         {
-            _pushHandler?.OnMessageReceived(userInfo);
+            try
+            {
+                _pushHandler?.OnMessageReceived(userInfo);
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+            }
         }
 
         [Export("application:didReceiveRemoteNotification:")]
         public void ReceivedRemoteNotification(UIApplication application, NSDictionary userInfo)
         {
-            _pushHandler?.OnMessageReceived(userInfo);
+            try
+            {
+                _pushHandler?.OnMessageReceived(userInfo);
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+            }
         }
 
         public void InitApp()
@@ -304,17 +404,6 @@ namespace Bit.iOS
             // Migration services
             ServiceContainer.Register<INativeLogService>("nativeLogService", new ConsoleLogService());
 
-            // Note: This might cause a race condition. Investigate more.
-            //Task.Run(() =>
-            //{
-            //    FFImageLoading.Forms.Platform.CachedImageRenderer.Init();
-            //    FFImageLoading.ImageService.Instance.Initialize(new FFImageLoading.Config.Configuration
-            //    {
-            //        FadeAnimationEnabled = false,
-            //        FadeAnimationForCachedImages = false
-            //    });
-            //});
-
             iOSCoreHelpers.RegisterLocalServices();
             RegisterPush();
             var deviceActionService = ServiceContainer.Resolve<IDeviceActionService>("deviceActionService");
@@ -328,7 +417,7 @@ namespace Bit.iOS
             _nfcDelegate = new Core.NFCReaderDelegate((success, message) =>
                 _messagingService.Send("gotYubiKeyOTP", message));
 
-            iOSCoreHelpers.Bootstrap(async () => await ApplyManagedSettingsAsync());
+            iOSCoreHelpers.Bootstrap(ApplyManagedSettingsAsync);
         }
 
         private void RegisterPush()
@@ -373,31 +462,45 @@ namespace Bit.iOS
             _eventTimer = null;
             MainThread.BeginInvokeOnMainThread(() =>
             {
-                _eventTimer = NSTimer.CreateScheduledTimer(60, true, timer =>
+                try
                 {
-                    var task = Task.Run(() => _eventService.UploadEventsAsync());
-                });
+                    _eventTimer = NSTimer.CreateScheduledTimer(60, true, timer =>
+                    {
+                        _eventService?.UploadEventsAsync().FireAndForget();
+                    });
+                }
+                catch (Exception ex)
+                {
+                    LoggerHelper.LogEvenIfCantBeResolved(ex);
+                }
             });
         }
 
         private async Task StopEventTimerAsync()
         {
-            _eventTimer?.Invalidate();
-            _eventTimer?.Dispose();
-            _eventTimer = null;
-            if (_eventBackgroundTaskId > 0)
+            try
             {
+                _eventTimer?.Invalidate();
+                _eventTimer?.Dispose();
+                _eventTimer = null;
+                if (_eventBackgroundTaskId > 0)
+                {
+                    UIApplication.SharedApplication.EndBackgroundTask(_eventBackgroundTaskId);
+                    _eventBackgroundTaskId = 0;
+                }
+                _eventBackgroundTaskId = UIApplication.SharedApplication.BeginBackgroundTask(() =>
+                {
+                    UIApplication.SharedApplication.EndBackgroundTask(_eventBackgroundTaskId);
+                    _eventBackgroundTaskId = 0;
+                });
+                await _eventService.UploadEventsAsync();
                 UIApplication.SharedApplication.EndBackgroundTask(_eventBackgroundTaskId);
                 _eventBackgroundTaskId = 0;
             }
-            _eventBackgroundTaskId = UIApplication.SharedApplication.BeginBackgroundTask(() =>
+            catch (Exception ex)
             {
-                UIApplication.SharedApplication.EndBackgroundTask(_eventBackgroundTaskId);
-                _eventBackgroundTaskId = 0;
-            });
-            await _eventService.UploadEventsAsync();
-            UIApplication.SharedApplication.EndBackgroundTask(_eventBackgroundTaskId);
-            _eventBackgroundTaskId = 0;
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+            }
         }
 
         private async Task ApplyManagedSettingsAsync()

src/App/Platforms/iOS/Info.plist

@@ -11,7 +11,7 @@
 	<key>CFBundleIdentifier</key>
 	<string>com.8bit.bitwarden</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2023.9.2</string>
+	<string>2024.7.0</string>
 	<key>CFBundleVersion</key>
 	<string>1</string>
 	<key>CFBundleIconName</key>

src/App/Platforms/iOS/PrivacyInfo.xcprivacy

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>NSPrivacyAccessedAPITypes</key>
+    <array>
+        <dict>
+            <key>NSPrivacyAccessedAPIType</key>
+            <string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
+            <key>NSPrivacyAccessedAPITypeReasons</key>
+            <array>
+                <string>C617.1</string>
+            </array>
+        </dict>
+        <dict>
+            <key>NSPrivacyAccessedAPIType</key>
+            <string>NSPrivacyAccessedAPICategorySystemBootTime</string>
+            <key>NSPrivacyAccessedAPITypeReasons</key>
+            <array>
+                <string>35F9.1</string>
+            </array>
+        </dict>
+        <dict>
+            <key>NSPrivacyAccessedAPIType</key>
+            <string>NSPrivacyAccessedAPICategoryDiskSpace</string>
+            <key>NSPrivacyAccessedAPITypeReasons</key>
+            <array>
+                <string>E174.1</string>
+            </array>
+        </dict>
+        <dict>
+            <key>NSPrivacyAccessedAPIType</key>
+            <string>NSPrivacyAccessedAPICategoryUserDefaults</string>
+            <key>NSPrivacyAccessedAPITypeReasons</key>
+            <array>
+                <string>1C8F.1</string>
+            </array>
+        </dict>
+    </array>
+</dict>
+</plist>

src/App/Platforms/iOS/Resources/Assets.xcassets/search.imageset/Contents.json

@@ -0,0 +1,27 @@
+{
+  "images": [
+    {
+      "appearances": [],
+      "scale": "1x",
+      "idiom": "universal",
+      "filename": "search.png"
+    },
+    {
+      "appearances": [],
+      "scale": "2x",
+      "idiom": "universal",
+      "filename": "search@2x.png"
+    },
+    {
+      "appearances": [],
+      "scale": "3x",
+      "idiom": "universal",
+      "filename": "search@3x.png"
+    }
+  ],
+  "properties": {},
+  "info": {
+    "version": 1,
+    "author": ""
+  }
+}

src/App/Resources/Raw/fido2_privileged_allow_list.json

@@ -0,0 +1,481 @@
+{
+    "apps": [
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.android.chrome",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83"
+            },
+            {
+              "build": "userdebug",
+              "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.chrome.beta",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "DA:63:3D:34:B6:9E:63:AE:21:03:B4:9D:53:CE:05:2F:C5:F7:F3:C5:3A:AB:94:FD:C2:A2:08:BD:FD:14:24:9C"
+            },
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "3D:7A:12:23:01:9A:A3:9D:9E:A0:E3:43:6A:B7:C0:89:6B:FB:4F:B6:79:F4:DE:5F:E7:C2:3F:32:6C:8F:99:4A"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.chrome.dev",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "90:44:EE:5F:EE:4B:BC:5E:21:DD:44:66:54:31:C4:EB:1F:1F:71:A3:27:16:A0:BC:92:7B:CB:B3:92:33:CA:BF"
+            },
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "3D:7A:12:23:01:9A:A3:9D:9E:A0:E3:43:6A:B7:C0:89:6B:FB:4F:B6:79:F4:DE:5F:E7:C2:3F:32:6C:8F:99:4A"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.chrome.canary",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "20:19:DF:A1:FB:23:EF:BF:70:C5:BC:D1:44:3C:5B:EA:B0:4F:3F:2F:F4:36:6E:9A:C1:E3:45:76:39:A2:4C:FC"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "org.chromium.chrome",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "C6:AD:B8:B8:3C:6D:4C:17:D2:92:AF:DE:56:FD:48:8A:51:D3:16:FF:8F:2C:11:C5:41:02:23:BF:F8:A7:DB:B3"
+            },
+            {
+              "build": "userdebug",
+              "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.google.android.apps.chrome",
+          "signatures": [
+            {
+              "build": "userdebug",
+              "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "org.mozilla.fennec_webauthndebug",
+          "signatures": [
+            {
+              "build": "userdebug",
+              "cert_fingerprint_sha256": "BD:AE:82:02:80:D2:AF:B7:74:94:EF:22:58:AA:78:A9:AE:A1:36:41:7E:8B:C2:3D:C9:87:75:2E:6F:48:E8:48"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "org.mozilla.firefox",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "A7:8B:62:A5:16:5B:44:94:B2:FE:AD:9E:76:A2:80:D2:2D:93:7F:EE:62:51:AE:CE:59:94:46:B2:EA:31:9B:04"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "org.mozilla.firefox_beta",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "A7:8B:62:A5:16:5B:44:94:B2:FE:AD:9E:76:A2:80:D2:2D:93:7F:EE:62:51:AE:CE:59:94:46:B2:EA:31:9B:04"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "org.mozilla.focus",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "org.mozilla.fennec_aurora",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "BC:04:88:83:8D:06:F4:CA:6B:F3:23:86:DA:AB:0D:D8:EB:CF:3E:77:30:78:74:59:F6:2F:B3:CD:14:A1:BA:AA"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "org.mozilla.rocket",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "86:3A:46:F0:97:39:32:B7:D0:19:9B:54:91:12:74:1C:2D:27:31:AC:72:EA:11:B7:52:3A:A9:0A:11:BF:56:91"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.microsoft.emmx.canary",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "01:E1:99:97:10:A8:2C:27:49:B4:D5:0C:44:5D:C8:5D:67:0B:61:36:08:9D:0A:76:6A:73:82:7C:82:A1:EA:C9"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.microsoft.emmx.dev",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "01:E1:99:97:10:A8:2C:27:49:B4:D5:0C:44:5D:C8:5D:67:0B:61:36:08:9D:0A:76:6A:73:82:7C:82:A1:EA:C9"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.microsoft.emmx.beta",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "01:E1:99:97:10:A8:2C:27:49:B4:D5:0C:44:5D:C8:5D:67:0B:61:36:08:9D:0A:76:6A:73:82:7C:82:A1:EA:C9"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.microsoft.emmx",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "01:E1:99:97:10:A8:2C:27:49:B4:D5:0C:44:5D:C8:5D:67:0B:61:36:08:9D:0A:76:6A:73:82:7C:82:A1:EA:C9"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.microsoft.emmx.rolling",
+          "signatures": [
+            {
+              "build": "userdebug",
+              "cert_fingerprint_sha256": "32:A2:FC:74:D7:31:10:58:59:E5:A8:5D:F1:6D:95:F1:02:D8:5B:22:09:9B:80:64:C5:D8:91:5C:61:DA:D1:E0"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.microsoft.emmx.local",
+          "signatures": [
+            {
+              "build": "userdebug",
+              "cert_fingerprint_sha256": "32:A2:FC:74:D7:31:10:58:59:E5:A8:5D:F1:6D:95:F1:02:D8:5B:22:09:9B:80:64:C5:D8:91:5C:61:DA:D1:E0"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.brave.browser",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "9C:2D:B7:05:13:51:5F:DB:FB:BC:58:5B:3E:DF:3D:71:23:D4:DC:67:C9:4F:FD:30:63:61:C1:D7:9B:BF:18:AC"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.brave.browser_beta",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "9C:2D:B7:05:13:51:5F:DB:FB:BC:58:5B:3E:DF:3D:71:23:D4:DC:67:C9:4F:FD:30:63:61:C1:D7:9B:BF:18:AC"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.brave.browser_nightly",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "9C:2D:B7:05:13:51:5F:DB:FB:BC:58:5B:3E:DF:3D:71:23:D4:DC:67:C9:4F:FD:30:63:61:C1:D7:9B:BF:18:AC"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "app.vanadium.browser",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "C6:AD:B8:B8:3C:6D:4C:17:D2:92:AF:DE:56:FD:48:8A:51:D3:16:FF:8F:2C:11:C5:41:02:23:BF:F8:A7:DB:B3"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.vivaldi.browser",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "E8:A7:85:44:65:5B:A8:C0:98:17:F7:32:76:8F:56:89:B1:66:2E:C4:B2:BC:5A:0B:C0:EC:13:8D:33:CA:3D:1E"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.vivaldi.browser.snapshot",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "E8:A7:85:44:65:5B:A8:C0:98:17:F7:32:76:8F:56:89:B1:66:2E:C4:B2:BC:5A:0B:C0:EC:13:8D:33:CA:3D:1E"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.vivaldi.browser.sopranos",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "E8:A7:85:44:65:5B:A8:C0:98:17:F7:32:76:8F:56:89:B1:66:2E:C4:B2:BC:5A:0B:C0:EC:13:8D:33:CA:3D:1E"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.citrix.Receiver",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "3D:D1:12:67:10:69:AB:36:4E:F9:BE:73:9A:B7:B5:EE:15:E1:CD:E9:D8:75:7B:1B:F0:64:F5:0C:55:68:9A:49"
+            },
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "CE:B2:23:D7:77:09:F2:B6:BC:0B:3A:78:36:F5:A5:AF:4C:E1:D3:55:F4:A7:28:86:F7:9D:F8:0D:C9:D6:12:2E"
+            },
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "AA:D0:D4:57:E6:33:C3:78:25:77:30:5B:C1:B2:D9:E3:81:41:C7:21:DF:0D:AA:6E:29:07:2F:C4:1D:34:F0:AB"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.android.browser",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "C9:00:9D:01:EB:F9:F5:D0:30:2B:C7:1B:2F:E9:AA:9A:47:A4:32:BB:A1:73:08:A3:11:1B:75:D7:B2:14:90:25"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.sec.android.app.sbrowser",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "C8:A2:E9:BC:CF:59:7C:2F:B6:DC:66:BE:E2:93:FC:13:F2:FC:47:EC:77:BC:6B:2B:0D:52:C1:1F:51:19:2A:B8"
+            },
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "34:DF:0E:7A:9F:1C:F1:89:2E:45:C0:56:B4:97:3C:D8:1C:CF:14:8A:40:50:D1:1A:EA:4A:C5:A6:5F:90:0A:42"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.sec.android.app.sbrowser.beta",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "C8:A2:E9:BC:CF:59:7C:2F:B6:DC:66:BE:E2:93:FC:13:F2:FC:47:EC:77:BC:6B:2B:0D:52:C1:1F:51:19:2A:B8"
+            },
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "34:DF:0E:7A:9F:1C:F1:89:2E:45:C0:56:B4:97:3C:D8:1C:CF:14:8A:40:50:D1:1A:EA:4A:C5:A6:5F:90:0A:42"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.google.android.gms",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "7C:E8:3C:1B:71:F3:D5:72:FE:D0:4C:8D:40:C5:CB:10:FF:75:E6:D8:7D:9D:F6:FB:D5:3F:04:68:C2:90:50:53"
+            },
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "D2:2C:C5:00:29:9F:B2:28:73:A0:1A:01:0D:E1:C8:2F:BE:4D:06:11:19:B9:48:14:DD:30:1D:AB:50:CB:76:78"
+            },
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83"
+            },
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.yandex.browser",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "AC:A4:05:DE:D8:B2:5C:B2:E8:C6:DA:69:42:5D:2B:43:07:D0:87:C1:27:6F:C0:6A:D5:94:27:31:CC:C5:1D:BA"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.yandex.browser.beta",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "AC:A4:05:DE:D8:B2:5C:B2:E8:C6:DA:69:42:5D:2B:43:07:D0:87:C1:27:6F:C0:6A:D5:94:27:31:CC:C5:1D:BA"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.yandex.browser.alpha",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "AC:A4:05:DE:D8:B2:5C:B2:E8:C6:DA:69:42:5D:2B:43:07:D0:87:C1:27:6F:C0:6A:D5:94:27:31:CC:C5:1D:BA"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.yandex.browser.corp",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "AC:A4:05:DE:D8:B2:5C:B2:E8:C6:DA:69:42:5D:2B:43:07:D0:87:C1:27:6F:C0:6A:D5:94:27:31:CC:C5:1D:BA"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.yandex.browser.canary",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "1D:A9:CB:AE:2D:CC:C6:A5:8D:6C:94:7B:E9:4C:DB:B7:33:D6:5D:A4:D1:77:0F:A1:4A:53:64:CB:4A:28:EB:49"
+            }
+          ]
+        }
+      },
+      {
+        "type": "android",
+        "info": {
+          "package_name": "com.yandex.browser.broteam",
+          "signatures": [
+            {
+              "build": "release",
+              "cert_fingerprint_sha256": "1D:A9:CB:AE:2D:CC:C6:A5:8D:6C:94:7B:E9:4C:DB:B7:33:D6:5D:A4:D1:77:0F:A1:4A:53:64:CB:4A:28:EB:49"
+            }
+          ]
+        }
+      }
+    ]
+  }
+  

src/Core/Abstractions/IApiService.cs

@@ -1,9 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Net.Http;
-using System.Threading;
-using System.Threading.Tasks;
-using Bit.Core.Enums;
+using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Request;
 using Bit.Core.Models.Response;
@@ -99,5 +94,6 @@ namespace Bit.Core.Abstractions
         Task<bool> GetDevicesExistenceByTypes(DeviceType[] deviceTypes);
         Task<ConfigResponse> GetConfigsAsync();
         Task<string> GetFastmailAccountIdAsync(string apiKey);
+        Task<List<Utilities.DigitalAssetLinks.Statement>> GetDigitalAssetLinksForRpAsync(string rpId);
     }
 }

src/Core/Abstractions/IAssetLinksService.cs

@@ -0,0 +1,7 @@
+namespace Bit.Core.Services
+{
+    public interface IAssetLinksService
+    {
+        Task<bool> ValidateAssetLinksAsync(string rpId, string packageName, string normalizedFingerprint);
+    }
+}

src/Core/Abstractions/IAutofillHandler.cs

@@ -4,6 +4,7 @@ namespace Bit.Core.Abstractions
 {
     public interface IAutofillHandler
     {
+        bool CredentialProviderServiceEnabled();
         bool AutofillServicesEnabled();
         bool SupportsAutofillService();
         void Autofill(CipherView cipher);
@@ -11,6 +12,7 @@ namespace Bit.Core.Abstractions
         bool AutofillAccessibilityServiceRunning();
         bool AutofillAccessibilityOverlayPermitted();
         bool AutofillServiceEnabled();
+        void DisableCredentialProviderService();
         void DisableAutofillService();
     }
 }

src/Core/Abstractions/ICipherService.cs

@@ -1,7 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Bit.Core.Enums;
+using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Domain;
 using Bit.Core.Models.View;
@@ -37,5 +34,7 @@ namespace Bit.Core.Abstractions
         Task<byte[]> DownloadAndDecryptAttachmentAsync(string cipherId, AttachmentView attachment, string organizationId);
         Task SoftDeleteWithServerAsync(string id);
         Task RestoreWithServerAsync(string id);
+        Task<string> CreateNewLoginForPasskeyAsync(Fido2ConfirmNewCredentialParams newPasskeyParams);
+        Task CopyTotpCodeIfNeededAsync(CipherView cipher);
     }
 }

src/Core/Abstractions/IConditionedAwaiterManager.cs

@@ -1,11 +1,10 @@
-using System;
-using System.Threading.Tasks;
-
-namespace Bit.Core.Abstractions
+namespace Bit.Core.Abstractions
 {
     public enum AwaiterPrecondition
     {
-        EnvironmentUrlsInited
+        EnvironmentUrlsInited,
+        AndroidWindowCreated,
+        AutofillIOSExtensionViewDidAppear
     }
 
     public interface IConditionedAwaiterManager
@@ -13,5 +12,6 @@ namespace Bit.Core.Abstractions
         Task GetAwaiterForPrecondition(AwaiterPrecondition awaiterPrecondition);
         void SetAsCompleted(AwaiterPrecondition awaiterPrecondition);
         void SetException(AwaiterPrecondition awaiterPrecondition, Exception ex);
+        void Recreate(AwaiterPrecondition awaiterPrecondition);
     }
 }

src/Core/Abstractions/ICryptoFunctionService.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Threading.Tasks;
 using Bit.Core.Enums;
+using Bit.Core.Models.Domain;
 
 namespace Bit.Core.Abstractions
 {

src/Core/Abstractions/ICryptoService.cs

@@ -63,5 +63,7 @@ namespace Bit.Core.Abstractions
         Task<UserKey> DecryptAndMigrateOldPinKeyAsync(bool masterPasswordOnRestart, string pin, string email, KdfConfig kdfConfig, EncString oldPinKey);
         Task<MasterKey> GetOrDeriveMasterKeyAsync(string password, string userId = null);
         Task UpdateMasterKeyAndUserKeyAsync(MasterKey masterKey);
+        Task<string> HashAsync(string value, CryptoHashAlgorithm hashAlgorithm);
+        Task<bool> ValidateUriChecksumAsync(EncString remoteUriChecksum, string rawUri, string orgId, SymmetricCryptoKey key);
     }
 }

src/Core/Abstractions/IDeviceActionService.cs

@@ -1,4 +1,5 @@
 using System.Threading.Tasks;
+using Bit.App.Models;
 using Bit.App.Utilities.Prompts;
 using Bit.Core.Enums;
 using Bit.Core.Models;
@@ -28,6 +29,7 @@ namespace Bit.App.Abstractions
         bool SupportsNfc();
         bool SupportsCamera();
         bool SupportsFido2();
+        bool SupportsCredentialProviderService();
         bool SupportsAutofillServices();
         bool SupportsInlineAutofill();
         bool SupportsDrawOver();
@@ -36,8 +38,10 @@ namespace Bit.App.Abstractions
         void RateApp();
         void OpenAccessibilitySettings();
         void OpenAccessibilityOverlayPermissionSettings();
+        void OpenCredentialProviderSettings();
         void OpenAutofillSettings();
         long GetActiveTime();
+        Task ExecuteFido2CredentialActionAsync(AppOptions appOptions);
         void CloseMainApp();
         float GetSystemFontSizeScale();
         Task OnAccountSwitchCompleteAsync();

src/Core/Abstractions/IFido2AuthenticatorService.cs

@@ -0,0 +1,12 @@
+using Bit.Core.Utilities.Fido2;
+
+namespace Bit.Core.Abstractions
+{
+    public interface IFido2AuthenticatorService
+    {
+        Task<Fido2AuthenticatorMakeCredentialResult> MakeCredentialAsync(Fido2AuthenticatorMakeCredentialParams makeCredentialParams, IFido2MakeCredentialUserInterface userInterface);
+        Task<Fido2AuthenticatorGetAssertionResult> GetAssertionAsync(Fido2AuthenticatorGetAssertionParams assertionParams, IFido2GetAssertionUserInterface userInterface);
+        // TODO: Should this return a List? Or maybe IEnumerable?
+        Task<Fido2AuthenticatorDiscoverableCredentialMetadata[]> SilentCredentialDiscoveryAsync(string rpId);
+    }
+}