Reverted AnonAddy to AddyIo refactor, keeping text and url changes

Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>

.github/CODEOWNERS

@@ -0,0 +1,29 @@
+# Please sort lines alphabetically, this will ensure we don't accidentally add duplicates.
+#
+# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
+# The following owners will be the default owners for everything in the repo.
+# Unless a later match takes precedence
+# @bitwarden/tech-leads
+
+## Auth team files ##
+
+## Platform team files ##
+appIcons @bitwarden/team-platform-dev
+build.cake @bitwarden/team-platform-dev
+
+## Vault team files ##
+src/watchOS @bitwarden/team-vault-dev
+
+## Tools team files ##
+src/Core/Services/EmailForwarders @bitwarden/team-tools-dev
+
+
+## Crowdin Sync files ##
+src/App/Resources @bitwarden/tech-leads
+src/watchOS/bitwarden/bitwarden\ WatchKit\ Extension/Localization @bitwarden/tech-leads
+
+## Locales ## 
+src/App/Resources/AppResources.Designer.cs
+src/App/Resources/AppResources.resx
+src/watchOS/bitwarden/bitwarden\ WatchKit\ Extension/Localization/en.lproj

.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +1,8 @@
 blank_issues_enabled: false
 contact_links:
+  - name: Customer Support
+    url: https://bitwarden.com/contact/
+    about: Please contact our customer support for account issues and general customer support.
   - name: Report mobile autofill failure
     url: https://docs.google.com/forms/d/e/1FAIpQLScMopHyN7KGJs8hW562VTzbIGL4KcFnx0wJcsW0GYE1BnPiGA/viewform
     about: We are aware of some situations where the Bitwarden mobile app will not autofill information correctly. This is something the Bitwarden team is actively working on but need your help as a community and active Bitwarden users!
@@ -9,9 +12,6 @@ contact_links:
   - name: Bitwarden Community Forums
     url: https://community.bitwarden.com
     about: Please visit the community forums for general community discussion, support and the development roadmap.
-  - name: Customer Support
-    url: https://bitwarden.com/contact/
-    about: Please contact our customer support for account issues and general customer support.
   - name: Security Issues
     url: https://hackerone.com/bitwarden
     about: We use HackerOne to manage security disclosures.

.github/labeler.yml

@@ -0,0 +1,19 @@
+android:
+- src/App/*
+- src/Core/*
+- src/Android/*
+
+iOS:
+- src/App/*
+- src/Core/*
+- lib/ios/*
+- src/iOS/*
+- 'src/iOS.Autofill/*'
+- 'src/iOS.Core/*'
+- 'src/iOS.Extension/*'
+- 'src/iOS.ShareExtension/*'
+- 'src/iOS.Widget/*'
+- src/watchOS/*
+
+watchOS:
+- src/watchOS/*

.github/renovate.json

@@ -1,22 +1,37 @@
 {
-    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-    "extends": [
-      "config:base",
-      "schedule:monthly",
-      ":maintainLockFilesMonthly",
-      ":preserveSemverRanges",
-      ":rebaseStalePrs",
-      ":disableDependencyDashboard"
-    ],
-    "enabledManagers": [
-      "nuget"
-    ],
-    "packageRules": [
-      {
-        "matchManagers": ["nuget"],
-        "groupName": "Nuget updates",
-        "groupSlug": "nuget",
-        "separateMajorMinor": false
-      }
-    ]
-  }
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base",
+    ":combinePatchMinorReleases",
+    ":dependencyDashboard",
+    ":maintainLockFilesWeekly",
+    ":pinAllExceptPeerDependencies",
+    ":prConcurrentLimit10",
+    ":rebaseStalePrs",
+    "schedule:weekends",
+    ":separateMajorReleases"
+  ],
+  "enabledManagers": ["cargo", "github-actions", "npm", "nuget"],
+  "packageRules": [
+    {
+      "groupName": "cargo minor",
+      "matchManagers": ["cargo"],
+      "matchUpdateTypes": ["minor", "patch"]
+    },
+    {
+      "groupName": "gh minor",
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["minor", "patch"]
+    },
+    {
+      "groupName": "npm minor",
+      "matchManagers": ["npm"],
+      "matchUpdateTypes": ["minor", "patch"]
+    },
+    {
+      "groupName": "nuget minor",
+      "matchManagers": ["nuget"],
+      "matchUpdateTypes": ["minor", "patch"]
+    },
+  ]
+}

.github/resources/export-options-app-store.plist

@@ -7,13 +7,13 @@
     <key>provisioningProfiles</key>
     <dict>
         <key>com.8bit.bitwarden</key>
-        <string>Dist: Bitwarden 2021</string>
+        <string>Dist: Bitwarden</string>
         <key>com.8bit.bitwarden.autofill</key>
-        <string>Dist: Autofill 2021</string>
+        <string>Dist: Autofill</string>
         <key>com.8bit.bitwarden.find-login-action-extension</key>
-        <string>Dist: Extension 2021</string>
+        <string>Dist: Extension</string>
         <key>com.8bit.bitwarden.share-extension</key>
-        <string>Dist: Share Extension 2021</string>
+        <string>Dist: Share Extension</string>
         <key>com.8bit.bitwarden.watchkitapp</key>
         <string>Dist: Bitwarden Watch App</string>
         <key>com.8bit.bitwarden.watchkitapp.watchkitextension</key>

.github/workflows/automatic-issue-responses.yml

@@ -14,7 +14,7 @@ jobs:
       # Feature request
       - if: github.event.label.name == 'feature-request'
         name: Feature request
-        uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515  # v2.0.0
+        uses: peter-evans/close-issue@276d7966e389d888f011539a86c8920025ea0626  # v3.0.1
         with:
           comment: |
             We use GitHub issues as a place to track bugs and other development related issues. The [Bitwarden Community Forums](https://community.bitwarden.com/) has a [Feature Requests](https://community.bitwarden.com/c/feature-requests) section for submitting, voting for, and discussing requests like this one.
@@ -25,7 +25,7 @@ jobs:
       # Intended behavior
       - if: github.event.label.name == 'intended-behavior'
         name: Intended behaviour
-        uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515  # v2.0.0
+        uses: peter-evans/close-issue@276d7966e389d888f011539a86c8920025ea0626  # v3.0.1
         with:
           comment: |
             Your issue appears to be describing the intended behavior of the software. If you want this to be changed, it would be a feature request.
@@ -38,7 +38,7 @@ jobs:
       # Customer support request
       - if: github.event.label.name == 'customer-support'
         name: Customer Support request
-        uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515  # v2.0.0
+        uses: peter-evans/close-issue@276d7966e389d888f011539a86c8920025ea0626  # v3.0.1
         with:
           comment: |
             We use GitHub issues as a place to track bugs and other development related issues. Your issue appears to be a support request, or would otherwise be better handled by our dedicated Customer Success team.
@@ -49,14 +49,14 @@ jobs:
       # Resolved
       - if: github.event.label.name == 'resolved'
         name: Resolved
-        uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515  # v2.0.0
+        uses: peter-evans/close-issue@276d7966e389d888f011539a86c8920025ea0626  # v3.0.1
         with:
           comment: |
             We’ve closed this issue, as it appears the original problem has been resolved. If this happens again or continues to be an problem, please respond to this issue with any additional detail to assist with reproduction and root cause analysis.
       # Stale
       - if: github.event.label.name == 'stale'
         name: Stale
-        uses: peter-evans/close-issue@849549ba7c3a595a064c4b2c56f206ee78f93515  # v2.0.0
+        uses: peter-evans/close-issue@276d7966e389d888f011539a86c8920025ea0626  # v3.0.1
         with:
           comment: |
             As we haven’t heard from you about this problem in some time, this issue will now be closed.

.github/workflows/build.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout repo
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
 
       - name: Set up CLOC
         run: |
@@ -36,7 +36,9 @@ jobs:
       hotfix_branch_exists: ${{ steps.branch-check.outputs.hotfix_branch_exists }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        with:
+          submodules: 'true'
 
       - name: Check if special branches exist
         id: branch-check
@@ -65,12 +67,20 @@ jobs:
         variant: ["prod", "qa"]
     steps:
       - name: Setup NuGet
-        uses: nuget/setup-nuget@b2bc17b761a1d88cab755a776c7922eb26eefbfa # v1.0.6
+        uses: nuget/setup-nuget@296fd3ccf8528660c91106efefe2364482f86d6f # v1.2.0
         with:
           nuget-version: 5.9.0
 
+      - name: Set up .NET
+        uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
+        with:
+          dotnet-version: '3.1.x'
+
       - name: Set up MSBuild
-        uses: microsoft/setup-msbuild@ab534842b4bdf384b8aaf93765dc6f721d9f5fab
+        uses: microsoft/setup-msbuild@1ff57057b5cfdc39105cd07a01d78e9b0ea0c14c # v1.3.1
+
+      - name: Setup Windows builder
+        run: choco install checksum --no-progress
 
       - name: Work Around for broken Windows 2022 Runner Image
         run: |
@@ -100,7 +110,7 @@ jobs:
           echo "GitHub event: $GITHUB_EVENT"
 
       - name: Checkout repo
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
         with:
           fetch-depth: 0
       - name: Decrypt secrets
@@ -152,7 +162,7 @@ jobs:
         shell: pwsh
 
       - name: Report test results
-        uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226
+        uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0
         if: always()
         with:
           name: Test Results
@@ -186,7 +196,7 @@ jobs:
           $androidPath = $($env:GITHUB_WORKSPACE + "/src/Android/Android.csproj");
           $packageName = "com.x8bit.bitwarden";
 
-          if ("${{ matrix.variant }}" -ne "prod") 
+          if ("${{ matrix.variant }}" -ne "prod")
           {
             $packageName = "com.x8bit.bitwarden.${{ matrix.variant }}";
           }
@@ -227,7 +237,7 @@ jobs:
         shell: pwsh
       - name: Upload Prod .aab artifact
         if: ${{ matrix.variant == 'prod' }}
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0
         with:
           name: com.x8bit.bitwarden.aab
           path: ./com.x8bit.bitwarden.aab
@@ -235,7 +245,7 @@ jobs:
 
       - name: Upload Prod .apk artifact
         if: ${{ matrix.variant == 'prod' }}
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0
         with:
           name: com.x8bit.bitwarden.apk
           path: ./com.x8bit.bitwarden.apk
@@ -243,12 +253,40 @@ jobs:
 
       - name: Upload Other .apk artifact
         if: ${{ matrix.variant != 'prod' }}
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0
         with:
           name: com.x8bit.bitwarden.${{ matrix.variant }}.apk
           path: ./com.x8bit.bitwarden.${{ matrix.variant }}.apk
           if-no-files-found: error
 
+      - name: Create checksum for Prod .apk artifact
+        if: ${{ matrix.variant == 'prod' }}
+        run: |
+          checksum -f="./com.x8bit.bitwarden.apk" `
+            -t sha256 | Out-File -Encoding ASCII ./bw-android-apk-sha256.txt
+
+      - name: Create checksum for Other .apk artifact
+        if: ${{ matrix.variant != 'prod' }}
+        run: |
+          checksum -f="./com.x8bit.bitwarden.${{ matrix.variant }}.apk" `
+            -t sha256 | Out-File -Encoding ASCII ./bw-android-${{ matrix.variant }}-apk-sha256.txt
+
+      - name: Upload .apk sha file for prod
+        if: ${{ matrix.variant == 'prod' }}
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0
+        with:
+          name: bw-android-apk-sha256.txt
+          path: ./bw-android-apk-sha256.txt
+          if-no-files-found: error
+
+      - name: Upload .apk sha file for other
+        if: ${{ matrix.variant != 'prod' }}
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0
+        with:
+          name: bw-android-${{ matrix.variant }}-apk-sha256.txt
+          path: ./bw-android-${{ matrix.variant }}-apk-sha256.txt
+          if-no-files-found: error
+
       - name: Deploy to Play Store
         if: ${{ matrix.variant == 'prod' && (( github.ref == 'refs/heads/master'
           && needs.setup.outputs.rc_branch_exists == 0
@@ -270,12 +308,15 @@ jobs:
     runs-on: windows-2022
     steps:
       - name: Setup NuGet
-        uses: nuget/setup-nuget@b2bc17b761a1d88cab755a776c7922eb26eefbfa # v1.0.6
+        uses: nuget/setup-nuget@296fd3ccf8528660c91106efefe2364482f86d6f # v1.2.0
         with:
           nuget-version: 5.9.0
 
       - name: Set up MSBuild
-        uses: microsoft/setup-msbuild@ab534842b4bdf384b8aaf93765dc6f721d9f5fab
+        uses: microsoft/setup-msbuild@1ff57057b5cfdc39105cd07a01d78e9b0ea0c14c # v1.3.1
+
+      - name: Setup Windows builder
+        run: choco install checksum --no-progress
 
       - name: Work Around for broken Windows 2022 Runner Image
         run: |
@@ -306,7 +347,7 @@ jobs:
           echo "GitHub event: $GITHUB_EVENT"
 
       - name: Checkout repo
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
 
       - name: Decrypt secrets
         env:
@@ -441,12 +482,24 @@ jobs:
         shell: pwsh
 
       - name: Upload F-Droid .apk artifact
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0
         with:
           name: com.x8bit.bitwarden-fdroid.apk
           path: ./com.x8bit.bitwarden-fdroid.apk
           if-no-files-found: error
 
+      - name: Create checksum for F-Droid artifact
+        run: |
+          checksum -f="./com.x8bit.bitwarden-fdroid.apk" `
+            -t sha256 | Out-File -Encoding ASCII ./bw-fdroid-apk-sha256.txt
+
+      - name: Upload F-Droid sha file
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0
+        with:
+          name: bw-fdroid-apk-sha256.txt
+          path: ./bw-fdroid-apk-sha256.txt
+          if-no-files-found: error
+
 
   ios:
     name: Apple iOS
@@ -454,7 +507,7 @@ jobs:
     needs: setup
     steps:
       - name: Setup NuGet
-        uses: nuget/setup-nuget@b2bc17b761a1d88cab755a776c7922eb26eefbfa # v1.0.6
+        uses: nuget/setup-nuget@296fd3ccf8528660c91106efefe2364482f86d6f # v1.2.0
         with:
           nuget-version: 5.9.0
 
@@ -467,17 +520,19 @@ jobs:
           echo "GitHub event: $GITHUB_EVENT"
 
       - name: Checkout repo
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
-
-      - name: Login to Azure - Prod Subscription
-        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
         with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          submodules: 'true'
+
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
         env:
-          KEYVAULT: bitwarden-prod-kv
+          KEYVAULT: bitwarden-ci
           SECRETS: |
             appcenter-ios-token
         run: |
@@ -648,7 +703,7 @@ jobs:
         shell: bash
 
       - name: Upload App Store .ipa & dSYMs artifacts
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0
         with:
           name: Bitwarden iOS
           path: |
@@ -721,17 +776,17 @@ jobs:
       _CROWDIN_PROJECT_ID: "269690"
     steps:
       - name: Checkout repo
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
 
-      - name: Login to Azure
-        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3
         with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
         env:
-          KEYVAULT: bitwarden-prod-kv
+          KEYVAULT: bitwarden-ci
           SECRETS: |
             crowdin-api-token
         run: |
@@ -743,7 +798,7 @@ jobs:
           done
 
       - name: Upload Sources
-        uses: crowdin/github-action@9237b4cb361788dfce63feb2e2f15c09e2fe7415
+        uses: crowdin/github-action@965d501f160af7b1f88aed4c29154b0caf1e94b9 # v1.9.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
@@ -789,17 +844,17 @@ jobs:
               exit 1
           fi
 
-      - name: Login to Azure - Prod Subscription
-        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3
         if: failure()
         with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
         if: failure()
         env:
-          KEYVAULT: bitwarden-prod-kv
+          KEYVAULT: bitwarden-ci
           SECRETS: |
             devops-alerts-slack-webhook-url
         run: |
@@ -811,7 +866,7 @@ jobs:
           done
 
       - name: Notify Slack on failure
-        uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33
+        uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0
         if: failure()
         env:
           SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}

.github/workflows/crowdin-pull.yml

@@ -15,22 +15,22 @@ jobs:
       _CROWDIN_PROJECT_ID: "269690"
     steps:
       - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
 
-      - name: Login to Azure
-        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3
         with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af 
+        uses: bitwarden/gh-actions/get-keyvault-secrets@34ecb67b2a357795dc893549df0795e7383ff50f
         with:
-          keyvault: "bitwarden-prod-kv"               
+          keyvault: "bitwarden-ci"
           secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"
 
       - name: Download translations
-        uses: crowdin/github-action@12143a68c213f3c6d9913c9e5023224f7231face
+        uses: crowdin/github-action@965d501f160af7b1f88aed4c29154b0caf1e94b9 # v1.9.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
@@ -48,4 +48,4 @@ jobs:
           pull_request_title: "Autosync Crowdin Translations"
           pull_request_body: "Autosync the updated translations"
           gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
-          gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}   
+          gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}

.github/workflows/enforce-labels.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Enforce Label
-        uses: yogevbd/enforce-label-action@8d1e1709b1011e6d90400a0e6cf7c0b77aa5efeb
+        uses: yogevbd/enforce-label-action@a3c219da6b8fa73f6ba62b68ff09c469b3a1c024 # 2.2.2
         with:
           BANNED_LABELS: "hold,needs-qa"
           BANNED_LABELS_DESCRIPTION: "PRs with the hold or needs-qa labels cannot be merged"

.github/workflows/pr-labeler.yml

@@ -0,0 +1,17 @@
+---
+name: "Pull Request Labeler"
+
+on:
+  pull_request_target: {}
+
+jobs:
+  labeler:
+    name: "Pull Request Labeler"
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/labeler@ba790c862c380240c6d5e7427be5ace9a05c754b  # v4.0.3
+        with:
+          sync-labels: true

.github/workflows/release.yml

@@ -38,11 +38,11 @@ jobs:
           fi
 
       - name: Checkout repo
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579  # v2.4.0
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
 
       - name: Check Release Version
         id: version
-        uses: bitwarden/gh-actions/release-version-check@8f055ef543c7433c967a1b9b04a0f230923233bb
+        uses: bitwarden/gh-actions/release-version-check@34ecb67b2a357795dc893549df0795e7383ff50f
         with:
           release-type: ${{ github.event.inputs.release_type }}
           project-type: xamarin
@@ -56,7 +56,7 @@ jobs:
 
       - name: Create GitHub deployment
         if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: chrnorm/deployment-action@1b599fe41a0ef1f95191e7f2eec4743f2d7dfc48
+        uses: chrnorm/deployment-action@d42cde7132fcec920de534fffc3be83794335c00 # v2.0.5
         id: deployment
         with:
           token: '${{ secrets.GITHUB_TOKEN }}'
@@ -64,11 +64,11 @@ jobs:
           environment: 'production'
           description: 'Deployment ${{ steps.version.outputs.version }} from branch ${{ steps.branch.outputs.branch-name }}'
           task: release
-      
+
 
       - name: Download all artifacts
         if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: dawidd6/action-download-artifact@575b1e4167df67acf7e692af784566618b23c71e  # v2.17.10
+        uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615  # v2.27.0
         with:
           workflow: build.yml
           workflow_conclusion: success
@@ -76,7 +76,7 @@ jobs:
 
       - name: Dry Run - Download all artifacts
         if: ${{ github.event.inputs.release_type == 'Dry Run' }}
-        uses: dawidd6/action-download-artifact@575b1e4167df67acf7e692af784566618b23c71e  # v2.17.10
+        uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615  # v2.27.0
         with:
           workflow: build.yml
           workflow_conclusion: success
@@ -92,7 +92,9 @@ jobs:
           artifacts: "./com.x8bit.bitwarden.aab/com.x8bit.bitwarden.aab,
                       ./com.x8bit.bitwarden.apk/com.x8bit.bitwarden.apk,
                       ./com.x8bit.bitwarden-fdroid.apk/com.x8bit.bitwarden-fdroid.apk,
-                      ./Bitwarden iOS.zip"
+                      ./Bitwarden iOS.zip,
+                      ./bw-android-apk-sha256.txt/bw-android-apk-sha256.txt,
+                      ./bw-fdroid-apk-sha256.txt/bw-fdroid-apk-sha256.txt"
           commit: ${{ github.sha }}
           tag: v${{ steps.version.outputs.version }}
           name: Version ${{ steps.version.outputs.version }}
@@ -102,7 +104,7 @@ jobs:
 
       - name: Update deployment status to Success
         if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }}
-        uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86
+        uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
         with:
           token: '${{ secrets.GITHUB_TOKEN }}'
           state: 'success'
@@ -110,7 +112,7 @@ jobs:
 
       - name: Update deployment status to Failure
         if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }}
-        uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86
+        uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
         with:
           token: '${{ secrets.GITHUB_TOKEN }}'
           state: 'failure'
@@ -124,11 +126,11 @@ jobs:
     if: inputs.fdroid_publish
     steps:
       - name: Checkout repo
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579  # v2.4.0
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
 
       - name: Download F-Droid .apk artifact
         if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: dawidd6/action-download-artifact@575b1e4167df67acf7e692af784566618b23c71e  # v2.17.10
+        uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615  # v2.27.0
         with:
           workflow: build.yml
           workflow_conclusion: success
@@ -137,7 +139,7 @@ jobs:
 
       - name: Dry Run - Download F-Droid .apk artifact
         if: ${{ github.event.inputs.release_type == 'Dry Run' }}
-        uses: dawidd6/action-download-artifact@575b1e4167df67acf7e692af784566618b23c71e  # v2.17.10
+        uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615  # v2.27.0
         with:
           workflow: build.yml
           workflow_conclusion: success

.github/workflows/version-auto-bump.yml

@@ -14,7 +14,7 @@ jobs:
       version_number: ${{ steps.version.outputs.new-version }}
     steps:
       - name: Checkout Branch
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
 
       - name: Calculate bumped version
         id: version
@@ -32,32 +32,10 @@ jobs:
           echo "new-version=$NEW_VER" >> $GITHUB_OUTPUT
 
   trigger_version_bump:
-    name: "Trigger version bump workflow"
-    runs-on: ubuntu-22.04
-    needs:
-      - setup
-    steps:
-      - name: Login to Azure
-        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010
-        with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
-
-      - name: Retrieve secrets
-        id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
-        with:
-          keyvault: "bitwarden-prod-kv"
-          secrets: "github-pat-bitwarden-devops-bot-repo-scope"
-
-      - name: Call GitHub API to trigger workflow bump
-        env:
-          TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
-          VERSION: ${{ needs.setup.outputs.version_number}}
-        run: |
-          JSON_STRING=$(printf '{"ref":"master", "inputs": { "version_number":"%s"}}' "$VERSION")
-          curl \
-            -X POST \
-            -i -u bitwarden-devops-bot:$TOKEN \
-            -H "Accept: application/vnd.github.v3+json" \
-            https://api.github.com/repos/bitwarden/mobile/actions/workflows/version-bump.yml/dispatches \
-            -d $JSON_STRING
+    name: Bump version to ${{ needs.setup.outputs.version_number }}
+    needs: setup
+    uses: ./.github/workflows/version-bump.yml
+    secrets:
+      AZURE_PROD_KV_CREDENTIALS: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+    with:
+      version_number: ${{ needs.setup.outputs.version_number }}

.github/workflows/version-bump.yml

@@ -7,6 +7,14 @@ on:
       version_number:
         description: "New Version"
         required: true
+  workflow_call:
+    inputs:
+      version_number:
+        required: true
+        type: string
+    secrets:
+      AZURE_PROD_KV_CREDENTIALS:
+        required: true
 
 jobs:
   bump_version:
@@ -14,22 +22,22 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout Branch
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
 
-      - name: Login to Azure - Prod Subscription
-        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3
         with:
-         creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+         creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
+        uses: bitwarden/gh-actions/get-keyvault-secrets@34ecb67b2a357795dc893549df0795e7383ff50f
         with:
-          keyvault: "bitwarden-prod-kv"
+          keyvault: "bitwarden-ci"
           secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"
 
       - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@c8bb57c57e8df1be8c73ff3d59deab1dbc00e0d1
+        uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5.2.0
         with:
           gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
           passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
@@ -40,31 +48,31 @@ jobs:
         run: git switch -c version_bump_${{ github.event.inputs.version_number }}
 
       - name: Bump Version - Android XML
-        uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945
+        uses: bitwarden/gh-actions/version-bump@34ecb67b2a357795dc893549df0795e7383ff50f
         with:
           version: ${{ github.event.inputs.version_number }}
           file_path: "./src/Android/Properties/AndroidManifest.xml"
 
       - name: Bump Version - iOS.Autofill
-        uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945
+        uses: bitwarden/gh-actions/version-bump@34ecb67b2a357795dc893549df0795e7383ff50f
         with:
           version: ${{ github.event.inputs.version_number }}
           file_path: "./src/iOS.Autofill/Info.plist"
 
       - name: Bump Version - iOS.Extension
-        uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945
+        uses: bitwarden/gh-actions/version-bump@34ecb67b2a357795dc893549df0795e7383ff50f
         with:
           version: ${{ github.event.inputs.version_number }}
           file_path: "./src/iOS.Extension/Info.plist"
 
       - name: Bump Version - iOS.ShareExtension
-        uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945
+        uses: bitwarden/gh-actions/version-bump@34ecb67b2a357795dc893549df0795e7383ff50f
         with:
           version: ${{ github.event.inputs.version_number }}
           file_path: "./src/iOS.ShareExtension/Info.plist"
 
       - name: Bump Version - iOS
-        uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945
+        uses: bitwarden/gh-actions/version-bump@34ecb67b2a357795dc893549df0795e7383ff50f
         with:
           version: ${{ github.event.inputs.version_number }}
           file_path: "./src/iOS/Info.plist"

.github/workflows/workflow-linter.yml

@@ -8,4 +8,4 @@ on:
 
 jobs:
   call-workflow:
-    uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@master
+    uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@34ecb67b2a357795dc893549df0795e7383ff50f

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "lib/MessagePack"]
+	path = lib/MessagePack
+	url = https://github.com/bitwarden/MessagePack.git

README.md

@@ -4,7 +4,7 @@
 
 # Bitwarden Mobile Application
 
-<a href="https://play.google.com/store/apps/details?id=com.x8bit.bitwarden" target="_blank"><img alt="Get it on Google Play" src="https://imgur.com/YQzmZi9.png" width="153" height="46"></a> <a href="https://mobileapp.bitwarden.com/fdroid/" target="_blank"><img alt="Get it on Google Play" src="https://i.imgur.com/HDicnzz.png" width="154" height="46"></a> <a href="https://itunes.apple.com/us/app/bitwarden-free-password-manager/id1137397744?mt=8" target="_blank"><img src="https://imgur.com/GdGqPMY.png" width="135" height="40"></a>
+<a href="https://play.google.com/store/apps/details?id=com.x8bit.bitwarden" target="_blank"><img alt="Get it on Google Play" src="https://imgur.com/YQzmZi9.png" width="153" height="46"></a> <a href="https://mobileapp.bitwarden.com/fdroid/" target="_blank"><img alt="Get it on F-Droid" src="https://i.imgur.com/HDicnzz.png" width="154" height="46"></a> <a href="https://itunes.apple.com/us/app/bitwarden-free-password-manager/id1137397744?mt=8" target="_blank"><img src="https://imgur.com/GdGqPMY.png" width="135" height="40"></a>
 
 The Bitwarden mobile application is written in C# with Xamarin Android, Xamarin iOS, and Xamarin Forms.
 
@@ -23,15 +23,3 @@ Interested in contributing in a big way? Consider joining our team! We're hiring
 Code contributions are welcome! Please commit any pull requests against the `master` branch. Learn more about how to contribute by reading the [Contributing Guidelines](https://contributing.bitwarden.com/contributing/). Check out the [Contributing Documentation](https://contributing.bitwarden.com/) for how to get started with your first contribution.
 
 Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the [`SECURITY.md`](SECURITY.md) file.
-
-### Dotnet-format
-
-We recently migrated to using dotnet-format as code formatter. All previous branches will need to updated to avoid large merge conflicts using the following steps:
-
-1. Check out your local Branch
-2. Run `git merge e0efcfbe45b2a27c73e9593bfd7a71fad2aa7a35`
-3. Resolve any merge conflicts, commit.
-4. Run `dotnet tool run dotnet-format`
-5. Commit
-6. Run `git merge -Xours 04539af2a66668b6e85476d5cf318c9150ec4357`
-7. Push

appIcons/Android/beta-layered-excluded.svg

@@ -0,0 +1,11 @@
+<svg width="108" height="108" viewBox="0 0 108 108" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_41_29)">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M70.214 34C70.7096 34 71.1457 34.1883 71.5124 34.555C71.8791 34.9217 72.0674 35.3479 72.0971 35.8534V50.4336H71.0669V51.9453H72.0971V58.0938C72.0971 59.749 71.7701 61.3942 71.1258 63.0295C70.4816 64.6549 69.6788 66.1019 68.7274 67.3706C67.766 68.6293 66.6262 69.8582 65.308 71.0575C63.98 72.2567 62.7609 73.2478 61.6409 74.0407C60.521 74.8237 59.3515 75.5769 58.1324 76.2806C56.9134 76.9843 56.0511 77.4699 55.5357 77.7177C55.0303 77.9655 54.614 78.1538 54.3068 78.2926C54.0788 78.4115 53.8211 78.471 53.5535 78.471C53.2859 78.471 53.0282 78.4115 52.8003 78.2926C52.5297 78.1791 52.1822 78.0118 51.7511 77.8042C51.6927 77.7761 51.6328 77.7473 51.5713 77.7177C51.0559 77.46 50.1937 76.9843 48.9746 76.2806C47.7555 75.5769 46.586 74.8336 45.4661 74.0407C44.3461 73.2478 43.1172 72.2567 41.799 71.0575C40.4709 69.8682 39.3311 68.6392 38.3797 67.3706C37.4183 66.1119 36.6155 64.6648 35.9713 63.0295C35.3271 61.4041 35 59.749 35 58.0938V35.8534C35 35.3479 35.1883 34.9217 35.555 34.555C35.9217 34.1883 36.3479 34 36.8534 34H70.214ZM67.211 57.5H70.1118V59H67.177C66.4282 66.7468 53.5337 73.2875 53.5337 73.2875V38.7573H67.211V50.4336H70.1118V51.9219H67.211V53.8027H69.895V55.291H67.211V57.5Z" fill="white"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M58 46C56.3431 46 55 47.3431 55 49V60C55 61.6569 56.3431 63 58 63H107C108.657 63 110 61.6569 110 60V49C110 47.3431 108.657 46 107 46H58ZM59.7817 50.4336H57.1157V59H60.3208C60.9692 59 61.5278 58.9023 61.9966 58.707C62.4692 58.5078 62.8325 58.2227 63.0864 57.8516C63.3403 57.4805 63.4673 57.0352 63.4673 56.5156C63.4673 56.0664 63.397 55.707 63.2563 55.4375C63.1196 55.1641 62.936 54.957 62.7056 54.8164C62.4751 54.6719 62.2173 54.5703 61.9321 54.5117V54.4531C62.2134 54.4023 62.4517 54.293 62.647 54.125C62.8423 53.957 62.9907 53.7422 63.0923 53.4805C63.1978 53.2188 63.2505 52.9258 63.2505 52.6016C63.2505 51.7969 62.9575 51.2344 62.3716 50.9141C61.7856 50.5938 60.9224 50.4336 59.7817 50.4336ZM59.9868 53.8262H58.9321V51.9219H59.8872C60.4067 51.9219 60.7856 51.9941 61.0239 52.1387C61.2661 52.2793 61.3872 52.5137 61.3872 52.8418C61.3872 53.166 61.2856 53.4121 61.0825 53.5801C60.8794 53.7441 60.5142 53.8262 59.9868 53.8262ZM58.9321 57.5V55.2676H60.0571C60.4438 55.2676 60.7466 55.3125 60.9653 55.4023C61.188 55.4922 61.3462 55.6172 61.4399 55.7773C61.5337 55.9375 61.5806 56.123 61.5806 56.334C61.5806 56.6895 61.4731 56.9727 61.2583 57.1836C61.0435 57.3945 60.6626 57.5 60.1157 57.5H58.9321ZM65.1782 59H70.1118V57.5H66.9946V55.291H69.895V53.8027H66.9946V51.9219H70.1118V50.4336H65.1782V59ZM73.3931 59H75.2095V51.9453H77.5356V50.4336H71.0669V51.9453H73.3931V59ZM83.4771 56.9609L84.0981 59H86.0552L83.02 50.3984H80.7993L77.7759 59H79.7329L80.354 56.9609H83.4771ZM82.4224 53.4453L83.0435 55.4375H80.811L81.4263 53.4453C81.4536 53.3555 81.4985 53.2051 81.561 52.9941C81.6235 52.7832 81.688 52.5605 81.7544 52.3262C81.8247 52.0879 81.8794 51.8887 81.9185 51.7285C81.9575 51.8887 82.0083 52.0781 82.0708 52.2969C82.1372 52.5117 82.2017 52.7246 82.2642 52.9355C82.3306 53.1426 82.3833 53.3125 82.4224 53.4453Z" fill="#6795E8"/>
+</g>
+<defs>
+<clipPath id="clip0_41_29">
+<rect width="108" height="108" fill="white"/>
+</clipPath>
+</defs>
+</svg>

appIcons/Android/beta-layered.svg

@@ -0,0 +1,17 @@
+<svg width="108" height="108" viewBox="0 0 108 108" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_36_10)">
+<path d="M71.5717 34.6343L113 76.0625L89.709 119.077L40.6492 70.0168L53.5336 77.4501L70.8779 60.1057L71.5717 34.6343Z" fill="url(#paint0_linear_36_10)"/>
+<path d="M71.5124 34.555C71.1457 34.1883 70.7096 34 70.214 34H36.8534C36.3479 34 35.9217 34.1883 35.555 34.555C35.1883 34.9217 35 35.3479 35 35.8534V58.0938C35 59.749 35.3271 61.4041 35.9713 63.0295C36.6155 64.6648 37.4183 66.1119 38.3797 67.3706C39.3311 68.6392 40.4709 69.8682 41.799 71.0575C43.1172 72.2567 44.3461 73.2478 45.4661 74.0407C46.586 74.8336 47.7555 75.5769 48.9746 76.2806C50.1937 76.9843 51.0559 77.46 51.5713 77.7177C52.0867 77.9655 52.493 78.1637 52.8003 78.2926C53.0282 78.4115 53.2859 78.471 53.5535 78.471C53.8211 78.471 54.0788 78.4115 54.3068 78.2926C54.614 78.1538 55.0303 77.9655 55.5357 77.7177C56.0511 77.4699 56.9134 76.9843 58.1324 76.2806C59.3515 75.5769 60.521 74.8237 61.6409 74.0407C62.7609 73.2478 63.98 72.2567 65.308 71.0575C66.6262 69.8582 67.766 68.6293 68.7274 67.3706C69.6788 66.1019 70.4816 64.6549 71.1258 63.0295C71.7701 61.3942 72.0971 59.749 72.0971 58.0938V35.8534C72.0674 35.3479 71.8791 34.9217 71.5124 34.555ZM67.211 58.3019C67.211 66.3497 53.5337 73.2875 53.5337 73.2875V38.7573H67.211C67.211 38.7573 67.211 50.2542 67.211 58.3019Z" fill="white"/>
+<path d="M55 49C55 47.3431 56.3431 46 58 46H107C108.657 46 110 47.3431 110 49V60C110 61.6569 108.657 63 107 63H58C56.3431 63 55 61.6569 55 60V49Z" fill="#6795E8"/>
+<path d="M57.116 50.4336H59.782C60.9226 50.4336 61.7859 50.5938 62.3718 50.9141C62.9578 51.2344 63.2507 51.7969 63.2507 52.6016C63.2507 52.9258 63.198 53.2188 63.0925 53.4805C62.991 53.7422 62.8425 53.957 62.6472 54.125C62.4519 54.293 62.2136 54.4023 61.9324 54.4531V54.5117C62.2175 54.5703 62.4753 54.6719 62.7058 54.8164C62.9363 54.957 63.1199 55.1641 63.2566 55.4375C63.3972 55.707 63.4675 56.0664 63.4675 56.5156C63.4675 57.0352 63.3406 57.4805 63.0867 57.8516C62.8328 58.2227 62.4695 58.5078 61.9968 58.707C61.5281 58.9023 60.9695 59 60.321 59H57.116V50.4336ZM58.9324 53.8262H59.9871C60.5144 53.8262 60.8796 53.7441 61.0828 53.5801C61.2859 53.4121 61.3875 53.166 61.3875 52.8418C61.3875 52.5137 61.2664 52.2793 61.0242 52.1387C60.7859 51.9941 60.407 51.9219 59.8875 51.9219H58.9324V53.8262ZM58.9324 55.2676V57.5H60.116C60.6628 57.5 61.0437 57.3945 61.2585 57.1836C61.4734 56.9727 61.5808 56.6895 61.5808 56.334C61.5808 56.123 61.5339 55.9375 61.4402 55.7773C61.3464 55.6172 61.1882 55.4922 60.9656 55.4023C60.7468 55.3125 60.4441 55.2676 60.0574 55.2676H58.9324ZM70.1121 59H65.1785V50.4336H70.1121V51.9219H66.9949V53.8027H69.8953V55.291H66.9949V57.5H70.1121V59ZM75.2097 59H73.3933V51.9453H71.0671V50.4336H77.5359V51.9453H75.2097V59ZM84.0984 59L83.4773 56.9609H80.3542L79.7332 59H77.7761L80.7996 50.3984H83.0203L86.0554 59H84.0984ZM83.0437 55.4375L82.4226 53.4453C82.3835 53.3125 82.3308 53.1426 82.2644 52.9355C82.2019 52.7246 82.1375 52.5117 82.071 52.2969C82.0085 52.0781 81.9578 51.8887 81.9187 51.7285C81.8796 51.8887 81.825 52.0879 81.7546 52.3262C81.6882 52.5605 81.6238 52.7832 81.5613 52.9941C81.4988 53.2051 81.4539 53.3555 81.4265 53.4453L80.8113 55.4375H83.0437Z" fill="#212529"/>
+</g>
+<defs>
+<linearGradient id="paint0_linear_36_10" x1="37.8512" y1="38.8122" x2="89.011" y2="89.972" gradientUnits="userSpaceOnUse">
+<stop stop-opacity="0.247059"/>
+<stop offset="1" stop-opacity="0"/>
+</linearGradient>
+<clipPath id="clip0_36_10">
+<rect width="108" height="108" fill="white"/>
+</clipPath>
+</defs>
+</svg>

appIcons/Android/dev-layered-excluded.svg

@@ -0,0 +1,11 @@
+<svg width="108" height="108" viewBox="0 0 108 108" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_41_21)">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M70.214 34C70.7096 34 71.1457 34.1883 71.5124 34.555C71.8791 34.9217 72.0674 35.3479 72.0971 35.8534V50.4336H71.647L72.0971 51.7604V58.0938C72.0971 59.749 71.7701 61.3942 71.1258 63.0295C70.4816 64.6549 69.6788 66.1019 68.7274 67.3706C67.766 68.6293 66.6262 69.8582 65.308 71.0575C63.98 72.2567 62.7609 73.2478 61.6409 74.0407C60.521 74.8237 59.3515 75.5769 58.1324 76.2806C56.9134 76.9843 56.0511 77.4699 55.5357 77.7177C55.0303 77.9655 54.614 78.1538 54.3068 78.2926C54.0788 78.4115 53.8211 78.471 53.5535 78.471C53.2859 78.471 53.0282 78.4115 52.8003 78.2926C52.5297 78.1791 52.1822 78.0118 51.7511 77.8042C51.6927 77.7761 51.6328 77.7473 51.5713 77.7177C51.0559 77.46 50.1937 76.9843 48.9746 76.2806C47.7555 75.5769 46.586 74.8336 45.4661 74.0407C44.3461 73.2478 43.1172 72.2567 41.799 71.0575C40.4709 69.8682 39.3311 68.6392 38.3797 67.3706C37.4183 66.1119 36.6155 64.6648 35.9713 63.0295C35.3271 61.4041 35 59.749 35 58.0938V35.8534C35 35.3479 35.1883 34.9217 35.555 34.555C35.9217 34.1883 36.3479 34 36.8534 34H70.214ZM67.177 59C66.4282 66.7468 53.5337 73.2875 53.5337 73.2875V38.7573H67.211V50.4336H70.9321V51.9219H67.8149V53.8027H70.7153V55.291H67.8149V57.5H70.9321V59H67.177Z" fill="white"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M58 46C56.3431 46 55 47.3431 55 49V60C55 61.6569 56.3431 63 58 63H107C108.657 63 110 61.6569 110 60V49C110 47.3431 108.657 46 107 46H58ZM63.6665 57.0547C64.0376 56.4062 64.2231 55.5996 64.2231 54.6348C64.2231 53.7168 64.0415 52.9473 63.6782 52.3262C63.3149 51.7012 62.8032 51.2305 62.1431 50.9141C61.4829 50.5938 60.7036 50.4336 59.8052 50.4336H57.1157V59H59.5415C60.5259 59 61.3677 58.8379 62.0669 58.5137C62.7661 58.1855 63.2993 57.6992 63.6665 57.0547ZM62.0552 53.123C62.2427 53.5293 62.3364 54.0488 62.3364 54.6816C62.3364 55.6152 62.1196 56.3184 61.686 56.791C61.2563 57.2637 60.5981 57.5 59.7114 57.5H58.9321V51.9219H59.8989C60.4302 51.9219 60.8755 52.0195 61.2349 52.2148C61.5981 52.4102 61.8716 52.7129 62.0552 53.123ZM65.9985 59H70.9321V57.5H67.8149V55.291H70.7153V53.8027H67.8149V51.9219H70.9321V50.4336H65.9985V59ZM76.5337 59L79.4458 50.4336H77.6118L75.9888 55.5312C75.9614 55.6211 75.9165 55.7852 75.854 56.0234C75.7954 56.2578 75.7349 56.5059 75.6724 56.7676C75.6138 57.0293 75.5728 57.2461 75.5493 57.418C75.5259 57.2461 75.481 57.0293 75.4146 56.7676C75.3521 56.502 75.2896 56.252 75.2271 56.0176C75.1646 55.7793 75.1196 55.6172 75.0923 55.5312L73.481 50.4336H71.647L74.5532 59H76.5337Z" fill="#2DA49D"/>
+</g>
+<defs>
+<clipPath id="clip0_41_21">
+<rect width="108" height="108" fill="white"/>
+</clipPath>
+</defs>
+</svg>

appIcons/Android/dev-layered.svg

@@ -0,0 +1,17 @@
+<svg width="108" height="108" viewBox="0 0 108 108" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_36_2)">
+<path d="M71.5717 34.6343L113 76.0625L89.709 119.077L40.6492 70.0168L53.5336 77.4501L70.8779 60.1057L71.5717 34.6343Z" fill="url(#paint0_linear_36_2)"/>
+<path d="M71.5124 34.555C71.1457 34.1883 70.7096 34 70.214 34H36.8534C36.3479 34 35.9217 34.1883 35.555 34.555C35.1883 34.9217 35 35.3479 35 35.8534V58.0938C35 59.749 35.3271 61.4041 35.9713 63.0295C36.6155 64.6648 37.4183 66.1119 38.3797 67.3706C39.3311 68.6392 40.4709 69.8682 41.799 71.0575C43.1172 72.2567 44.3461 73.2478 45.4661 74.0407C46.586 74.8336 47.7555 75.5769 48.9746 76.2806C50.1937 76.9843 51.0559 77.46 51.5713 77.7177C52.0867 77.9655 52.493 78.1637 52.8003 78.2926C53.0282 78.4115 53.2859 78.471 53.5535 78.471C53.8211 78.471 54.0788 78.4115 54.3068 78.2926C54.614 78.1538 55.0303 77.9655 55.5357 77.7177C56.0511 77.4699 56.9134 76.9843 58.1324 76.2806C59.3515 75.5769 60.521 74.8237 61.6409 74.0407C62.7609 73.2478 63.98 72.2567 65.308 71.0575C66.6262 69.8582 67.766 68.6293 68.7274 67.3706C69.6788 66.1019 70.4816 64.6549 71.1258 63.0295C71.7701 61.3942 72.0971 59.749 72.0971 58.0938V35.8534C72.0674 35.3479 71.8791 34.9217 71.5124 34.555ZM67.211 58.3019C67.211 66.3497 53.5337 73.2875 53.5337 73.2875V38.7573H67.211C67.211 38.7573 67.211 50.2542 67.211 58.3019Z" fill="white"/>
+<path d="M55 49C55 47.3431 56.3431 46 58 46H107C108.657 46 110 47.3431 110 49V60C110 61.6569 108.657 63 107 63H58C56.3431 63 55 61.6569 55 60V49Z" fill="#2DA49D"/>
+<path d="M64.2234 54.6348C64.2234 55.5996 64.0378 56.4062 63.6667 57.0547C63.2996 57.6992 62.7664 58.1855 62.0671 58.5137C61.3679 58.8379 60.5261 59 59.5417 59H57.116V50.4336H59.8054C60.7039 50.4336 61.4832 50.5938 62.1433 50.9141C62.8035 51.2305 63.3152 51.7012 63.6785 52.3262C64.0417 52.9473 64.2234 53.7168 64.2234 54.6348ZM62.3367 54.6816C62.3367 54.0488 62.2429 53.5293 62.0554 53.123C61.8718 52.7129 61.5984 52.4102 61.2351 52.2148C60.8757 52.0195 60.4304 51.9219 59.8992 51.9219H58.9324V57.5H59.7117C60.5984 57.5 61.2566 57.2637 61.6863 56.791C62.1199 56.3184 62.3367 55.6152 62.3367 54.6816ZM70.9324 59H65.9988V50.4336H70.9324V51.9219H67.8152V53.8027H70.7156V55.291H67.8152V57.5H70.9324V59ZM79.446 50.4336L76.5339 59H74.5535L71.6472 50.4336H73.4812L75.0925 55.5312C75.1199 55.6172 75.1648 55.7793 75.2273 56.0176C75.2898 56.252 75.3523 56.502 75.4148 56.7676C75.4812 57.0293 75.5261 57.2461 75.5496 57.418C75.573 57.2461 75.614 57.0293 75.6726 56.7676C75.7351 56.5059 75.7957 56.2578 75.8542 56.0234C75.9167 55.7852 75.9617 55.6211 75.989 55.5312L77.6121 50.4336H79.446Z" fill="#212529"/>
+</g>
+<defs>
+<linearGradient id="paint0_linear_36_2" x1="37.8512" y1="38.8122" x2="89.011" y2="89.972" gradientUnits="userSpaceOnUse">
+<stop stop-opacity="0.247059"/>
+<stop offset="1" stop-opacity="0"/>
+</linearGradient>
+<clipPath id="clip0_36_2">
+<rect width="108" height="108" fill="white"/>
+</clipPath>
+</defs>
+</svg>

appIcons/Android/qa-layered-excluded.svg

@@ -0,0 +1,11 @@
+<svg width="108" height="108" viewBox="0 0 108 108" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_41_13)">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M70.214 34C70.7096 34 71.1457 34.1883 71.5124 34.555C71.8791 34.9217 72.0674 35.3479 72.0971 35.8534V52.9823L70.8325 49.3984H68.6118L67.211 53.3838V38.7573H53.5337V73.2875C53.5337 73.2875 67.211 66.3497 67.211 58.3019V58H67.5454L68.1665 55.9609H71.2896L71.9106 58H72.0971V58.0938C72.0971 59.749 71.7701 61.3942 71.1258 63.0295C70.4816 64.6549 69.6788 66.1019 68.7274 67.3706C67.766 68.6293 66.6262 69.8582 65.308 71.0575C63.98 72.2567 62.7609 73.2478 61.6409 74.0407C60.521 74.8237 59.3515 75.5769 58.1324 76.2806C56.9134 76.9843 56.0511 77.4699 55.5357 77.7177C55.0303 77.9655 54.614 78.1538 54.3068 78.2926C54.0788 78.4115 53.8211 78.471 53.5535 78.471C53.2859 78.471 53.0282 78.4115 52.8003 78.2926C52.5297 78.1791 52.1822 78.0118 51.7511 77.8042C51.6927 77.7761 51.6328 77.7473 51.5713 77.7177C51.0559 77.46 50.1937 76.9843 48.9746 76.2806C47.7555 75.5769 46.586 74.8336 45.4661 74.0407C44.3461 73.2478 43.1172 72.2567 41.799 71.0575C40.4709 69.8682 39.3311 68.6392 38.3797 67.3706C37.4183 66.1119 36.6155 64.6648 35.9713 63.0295C35.3271 61.4041 35 59.749 35 58.0938V35.8534C35 35.3479 35.1883 34.9217 35.555 34.555C35.9217 34.1883 36.3479 34 36.8534 34H70.214ZM70.2349 52.4453L70.856 54.4375H68.6235L69.2388 52.4453C69.2661 52.3555 69.311 52.2051 69.3735 51.9941C69.436 51.7832 69.5005 51.5605 69.5669 51.3262C69.6372 51.0879 69.6919 50.8887 69.731 50.7285C69.77 50.8887 69.8208 51.0781 69.8833 51.2969C69.9497 51.5117 70.0142 51.7246 70.0767 51.9355C70.1431 52.1426 70.1958 52.3125 70.2349 52.4453Z" fill="white"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M58 46C56.3431 46 55 47.3431 55 49V60C55 61.6569 56.3431 63 58 63H107C108.657 63 110 61.6569 110 60V49C110 47.3431 108.657 46 107 46H58ZM64.6626 55.457C64.8149 54.9258 64.8911 54.3418 64.8911 53.7051C64.8911 52.8145 64.7446 52.0391 64.4517 51.3789C64.1626 50.7188 63.7173 50.207 63.1157 49.8438C62.5181 49.4805 61.7544 49.2988 60.8247 49.2988C59.8911 49.2988 59.1216 49.4805 58.5161 49.8438C57.9106 50.207 57.4614 50.7188 57.1685 51.3789C56.8794 52.0352 56.7349 52.8066 56.7349 53.6934C56.7349 54.3574 56.8169 54.9609 56.981 55.5039C57.145 56.0469 57.3931 56.5137 57.7251 56.9043C58.061 57.2949 58.4849 57.5957 58.9966 57.8066C59.5083 58.0137 60.1138 58.1172 60.813 58.1172H60.8774H60.9478L62.5181 60.0391H64.8442L62.7817 57.7363C63.2622 57.5176 63.6587 57.2148 63.9712 56.8281C64.2837 56.4414 64.5142 55.9844 64.6626 55.457ZM58.8618 55.252C58.7134 54.8184 58.6392 54.3027 58.6392 53.7051C58.6392 53.1035 58.7134 52.5879 58.8618 52.1582C59.0142 51.7246 59.2505 51.3926 59.5708 51.1621C59.895 50.9277 60.313 50.8105 60.8247 50.8105C61.5942 50.8105 62.147 51.0684 62.4829 51.584C62.8188 52.0996 62.9868 52.8066 62.9868 53.7051C62.9868 54.3027 62.9126 54.8184 62.7642 55.252C62.6196 55.6816 62.3872 56.0137 62.0669 56.248C61.7466 56.4785 61.3286 56.5938 60.813 56.5938C60.3052 56.5938 59.8911 56.4785 59.5708 56.248C59.2505 56.0137 59.0142 55.6816 58.8618 55.252ZM71.2896 55.9609L71.9106 58H73.8677L70.8325 49.3984H68.6118L65.5884 58H67.5454L68.1665 55.9609H71.2896ZM70.2349 52.4453L70.856 54.4375H68.6235L69.2388 52.4453C69.2661 52.3555 69.311 52.2051 69.3735 51.9941C69.436 51.7832 69.5005 51.5605 69.5669 51.3262C69.6372 51.0879 69.6919 50.8887 69.731 50.7285C69.77 50.8887 69.8208 51.0781 69.8833 51.2969C69.9497 51.5117 70.0142 51.7246 70.0767 51.9355C70.1431 52.1426 70.1958 52.3125 70.2349 52.4453Z" fill="#C32998"/>
+</g>
+<defs>
+<clipPath id="clip0_41_13">
+<rect width="108" height="108" rx="34" fill="white"/>
+</clipPath>
+</defs>
+</svg>

appIcons/Android/qa-layered.svg

@@ -0,0 +1,17 @@
+<svg width="108" height="108" viewBox="0 0 108 108" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_34_2)">
+<path d="M71.5717 34.6343L113 76.0625L89.709 119.077L40.6492 70.0168L53.5336 77.4501L70.8779 60.1057L71.5717 34.6343Z" fill="url(#paint0_linear_34_2)"/>
+<path d="M71.5124 34.555C71.1457 34.1883 70.7096 34 70.214 34H36.8534C36.3479 34 35.9217 34.1883 35.555 34.555C35.1883 34.9217 35 35.3479 35 35.8534V58.0938C35 59.749 35.3271 61.4041 35.9713 63.0295C36.6155 64.6648 37.4183 66.1119 38.3797 67.3706C39.3311 68.6392 40.4709 69.8682 41.799 71.0575C43.1172 72.2567 44.3461 73.2478 45.4661 74.0407C46.586 74.8336 47.7555 75.5769 48.9746 76.2806C50.1937 76.9843 51.0559 77.46 51.5713 77.7177C52.0867 77.9655 52.493 78.1637 52.8003 78.2926C53.0282 78.4115 53.2859 78.471 53.5535 78.471C53.8211 78.471 54.0788 78.4115 54.3068 78.2926C54.614 78.1538 55.0303 77.9655 55.5357 77.7177C56.0511 77.4699 56.9134 76.9843 58.1324 76.2806C59.3515 75.5769 60.521 74.8237 61.6409 74.0407C62.7609 73.2478 63.98 72.2567 65.308 71.0575C66.6262 69.8582 67.766 68.6293 68.7274 67.3706C69.6788 66.1019 70.4816 64.6549 71.1258 63.0295C71.7701 61.3942 72.0971 59.749 72.0971 58.0938V35.8534C72.0674 35.3479 71.8791 34.9217 71.5124 34.555ZM67.211 58.3019C67.211 66.3497 53.5337 73.2875 53.5337 73.2875V38.7573H67.211C67.211 38.7573 67.211 50.2542 67.211 58.3019Z" fill="white"/>
+<path d="M55 49C55 47.3431 56.3431 46 58 46H107C108.657 46 110 47.3431 110 49V60C110 61.6569 108.657 63 107 63H58C56.3431 63 55 61.6569 55 60V49Z" fill="#C32998"/>
+<path d="M64.8914 53.7051C64.8914 54.3418 64.8152 54.9258 64.6628 55.457C64.5144 55.9844 64.2839 56.4414 63.9714 56.8281C63.6589 57.2148 63.2625 57.5176 62.782 57.7363L64.8445 60.0391H62.5183L60.948 58.1172C60.9207 58.1172 60.8972 58.1172 60.8777 58.1172C60.8582 58.1172 60.8367 58.1172 60.8132 58.1172C60.114 58.1172 59.5085 58.0137 58.9968 57.8066C58.4851 57.5957 58.0613 57.2949 57.7253 56.9043C57.3933 56.5137 57.1453 56.0469 56.9812 55.5039C56.8171 54.9609 56.7351 54.3574 56.7351 53.6934C56.7351 52.8066 56.8796 52.0352 57.1687 51.3789C57.4617 50.7188 57.9109 50.207 58.5164 49.8438C59.1218 49.4805 59.8914 49.2988 60.825 49.2988C61.7546 49.2988 62.5183 49.4805 63.116 49.8438C63.7175 50.207 64.1628 50.7188 64.4519 51.3789C64.7449 52.0391 64.8914 52.8145 64.8914 53.7051ZM58.6394 53.7051C58.6394 54.3027 58.7136 54.8184 58.8621 55.252C59.0144 55.6816 59.2507 56.0137 59.571 56.248C59.8914 56.4785 60.3054 56.5938 60.8132 56.5938C61.3289 56.5938 61.7468 56.4785 62.0671 56.248C62.3875 56.0137 62.6199 55.6816 62.7644 55.252C62.9128 54.8184 62.9871 54.3027 62.9871 53.7051C62.9871 52.8066 62.8191 52.0996 62.4832 51.584C62.1472 51.0684 61.5945 50.8105 60.825 50.8105C60.3132 50.8105 59.8953 50.9277 59.571 51.1621C59.2507 51.3926 59.0144 51.7246 58.8621 52.1582C58.7136 52.5879 58.6394 53.1035 58.6394 53.7051ZM71.9109 58L71.2898 55.9609H68.1667L67.5457 58H65.5886L68.6121 49.3984H70.8328L73.8679 58H71.9109ZM70.8562 54.4375L70.2351 52.4453C70.196 52.3125 70.1433 52.1426 70.0769 51.9355C70.0144 51.7246 69.95 51.5117 69.8835 51.2969C69.821 51.0781 69.7703 50.8887 69.7312 50.7285C69.6921 50.8887 69.6375 51.0879 69.5671 51.3262C69.5007 51.5605 69.4363 51.7832 69.3738 51.9941C69.3113 52.2051 69.2664 52.3555 69.239 52.4453L68.6238 54.4375H70.8562Z" fill="white"/>
+</g>
+<defs>
+<linearGradient id="paint0_linear_34_2" x1="37.8512" y1="38.8122" x2="89.011" y2="89.972" gradientUnits="userSpaceOnUse">
+<stop stop-opacity="0.247059"/>
+<stop offset="1" stop-opacity="0"/>
+</linearGradient>
+<clipPath id="clip0_34_2">
+<rect width="108" height="108" fill="white"/>
+</clipPath>
+</defs>
+</svg>

appIcons/icongen.sh

@@ -0,0 +1,136 @@
+#! /bin/sh
+
+function print_example() {
+    echo "Example"
+    echo "  icons ios ~/AppIcon.pdf ~/Icons/"
+}
+    
+function print_usage() {
+    echo "Usage"
+    echo "  icons <ios|watch|complication|macos> in-file.pdf (out-dir)"
+}
+
+function command_exists() {
+    if type "$1" >/dev/null 2>&1; then
+        return 1
+    else
+        return 0
+    fi
+}
+
+if command_exists "sips" == 0 ; then
+    echo "sips tool not found"
+    exit 1
+fi
+
+if [ "$1" = "--help" ] || [ "$1" = "-h" ] ; then
+    print_usage
+    exit 0
+fi
+
+PLATFORM="$1"
+FILE="$2"
+if [ -z "$PLATFORM" ] || [ -z "$FILE" ] ; then
+    echo "Error: missing arguments"
+    echo ""
+    print_usage
+    echo ""
+    print_example
+    exit 1
+fi
+
+DIR="$3"
+if [ -z "$DIR" ] ; then
+    DIR=$(dirname $FILE)
+fi
+
+# Create directory if needed
+mkdir -p "$DIR"
+
+if [[ "$PLATFORM" == *"ios"* ]] ; then # iOS
+    sips -s format png -Z '180'  "${FILE}" --out "${DIR}"/Icon-180.png
+    sips -s format png -Z '29'   "${FILE}" --out "${DIR}"/Icon-29.png
+    sips -s format png -Z '58'   "${FILE}" --out "${DIR}"/Icon-58.png
+    sips -s format png -Z '120'  "${FILE}" --out "${DIR}"/Icon-120.png
+    sips -s format png -Z '87'   "${FILE}" --out "${DIR}"/Icon-87.png
+    sips -s format png -Z '40'   "${FILE}" --out "${DIR}"/Icon-40.png
+    sips -s format png -Z '80'   "${FILE}" --out "${DIR}"/Icon-80.png
+    sips -s format png -Z '76'   "${FILE}" --out "${DIR}"/Icon-76.png
+    sips -s format png -Z '152'  "${FILE}" --out "${DIR}"/Icon-152.png
+    sips -s format png -Z '167'  "${FILE}" --out "${DIR}"/Icon-167.png
+    sips -s format png -Z '60'   "${FILE}" --out "${DIR}"/Icon-60.png
+    sips -s format png -Z '20'   "${FILE}" --out "${DIR}"/Icon-20.png
+    sips -s format png -Z '1024' "${FILE}" --out "${DIR}"/Icon-1024.png
+    
+    # https://developer.apple.com/library/archive/documentation/Xcode/Reference/xcode_ref-Asset_Catalog_Format/AppIconType.html
+    contents_json='{"images":[{"size":"20x20","idiom":"iphone","filename":"iPhoneNotification@2x.png","scale":"2x"},{"size":"20x20","idiom":"iphone","filename":"iPhoneNotification@3x.png","scale":"3x"},{"size":"29x29","idiom":"iphone","filename":"iPhoneSettings@2x.png","scale":"2x"},{"size":"29x29","idiom":"iphone","filename":"iPhoneSettings@3x.png","scale":"3x"},{"size":"40x40","idiom":"iphone","filename":"iPhoneSpotlight@2x.png","scale":"2x"},{"size":"40x40","idiom":"iphone","filename":"iPhoneSpotlight@3x.png","scale":"3x"},{"size":"60x60","idiom":"iphone","filename":"iPhone@2x.png","scale":"2x"},{"size":"60x60","idiom":"iphone","filename":"iPhone@3x.png","scale":"3x"},{"size":"20x20","idiom":"ipad","filename":"iPadNotification.png","scale":"1x"},{"size":"20x20","idiom":"ipad","filename":"iPadNotification@2x.png","scale":"2x"},{"size":"29x29","idiom":"ipad","filename":"iPadSettings.png","scale":"1x"},{"size":"29x29","idiom":"ipad","filename":"iPadSettings@2x.png","scale":"2x"},{"size":"40x40","idiom":"ipad","filename":"iPadSpotlight.png","scale":"1x"},{"size":"40x40","idiom":"ipad","filename":"iPadSpotlight@2x.png","scale":"2x"},{"size":"76x76","idiom":"ipad","filename":"iPad.png","scale":"1x"},{"size":"76x76","idiom":"ipad","filename":"iPad@2x.png","scale":"2x"},{"size":"83.5x83.5","idiom":"ipad","filename":"iPadPro@2x.png","scale":"2x"},{"size":"1024x1024","idiom":"ios-marketing","filename":"AppStoreMarketing.png","scale":"1x"}],"info":{"version":1,"author":"xcode"}}'
+    echo $contents_json > "${DIR}"/Contents.json
+fi
+
+if [[ "$PLATFORM" == *"watch"* ]] ; then # Apple Watch
+    sips -s format png -Z '48'  "${FILE}" --out "${DIR}"/Watch38mmNotificationCenter.png
+    sips -s format png -Z '55'  "${FILE}" --out "${DIR}"/Watch42mmNotificationCenter.png
+    sips -s format png -Z '66'  "${FILE}" --out "${DIR}"/Watch66NotificationCenter.png
+    sips -s format png -Z '58'  "${FILE}" --out "${DIR}"/WatchCompanionSettings@2x.png
+    sips -s format png -Z '87'  "${FILE}" --out "${DIR}"/WatchCompanionSettings@3x.png
+    sips -s format png -Z '80'  "${FILE}" --out "${DIR}"/Watch38MM42MMHomeScreen.png
+    sips -s format png -Z '88'  "${FILE}" --out "${DIR}"/Watch40MMHomeScreen.png
+    sips -s format png -Z '92' "${FILE}" --out "${DIR}"/Watch41MMHomeScreen.png
+    sips -s format png -Z '100' "${FILE}" --out "${DIR}"/Watch44MMHomeScreen.png
+    sips -s format png -Z '102' "${FILE}" --out "${DIR}"/Watch45MMHomeScreen.png
+    sips -s format png -Z '108' "${FILE}" --out "${DIR}"/Watch49MMHomeScreen.png
+    sips -s format png -Z '172' "${FILE}" --out "${DIR}"/Watch38MMShortLook.png
+    sips -s format png -Z '196' "${FILE}" --out "${DIR}"/Watch40MM42MMShortLook.png
+    sips -s format png -Z '216' "${FILE}" --out "${DIR}"/Watch44MMShortLook.png
+    sips -s format png -Z '234' "${FILE}" --out "${DIR}"/Watch234ShortLook.png
+    sips -s format png -Z '258' "${FILE}" --out "${DIR}"/Watch258ShortLook.png
+    sips -s format png -Z '1024' "${FILE}" --out "${DIR}"/WatchAppStore.png
+
+    # https://developer.apple.com/library/archive/documentation/Xcode/Reference/xcode_ref-Asset_Catalog_Format/AppIconType.html
+    contents_json='{"images":[{"size":"24x24","idiom":"watch","scale":"2x","filename":"Watch38mmNotificationCenter.png","role":"notificationCenter","subtype":"38mm"},{"size":"27.5x27.5","idiom":"watch","scale":"2x","filename":"Watch42mmNotificationCenter.png","role":"notificationCenter","subtype":"42mm"},{"size":"29x29","idiom":"watch","filename":"WatchCompanionSettings@2x.png","role":"companionSettings","scale":"2x"},{"size":"29x29","idiom":"watch","filename":"WatchCompanionSettings@3x.png","role":"companionSettings","scale":"3x"},{"size":"40x40","idiom":"watch","filename":"Watch38MM42MMHomeScreen.png","scale":"2x","role":"appLauncher","subtype":"38mm"},{"size":"44x44","idiom":"watch","scale":"2x","filename":"Watch40MMHomeScreen.png","role":"appLauncher","subtype":"40mm"},{"size":"50x50","idiom":"watch","scale":"2x","filename":"Watch44MMHomeScreen.png","role":"appLauncher","subtype":"44mm"},{"size":"86x86","idiom":"watch","scale":"2x","filename":"Watch38MMShortLook.png","role":"quickLook","subtype":"38mm"},{"size":"98x98","idiom":"watch","scale":"2x","filename":"Watch40MM42MMShortLook.png","role":"quickLook","subtype":"42mm"},{"size":"108x108","idiom":"watch","scale":"2x","filename":"Watch44MMShortLook.png","role":"quickLook","subtype":"44mm"},{"idiom":"watch-marketing","filename":"WatchAppStore.png","size":"1024x1024","scale":"1x"}],"info":{"version":1,"author":"xcode"}}'
+    echo $contents_json > "${DIR}"/Contents.json
+fi
+
+if [[ "$PLATFORM" == *"complication"* ]] ; then # Apple Watch
+    sips -s format png -Z '32'  "${FILE}" --out "${DIR}"/Circular38mm2x.png
+    sips -s format png -Z '36'  "${FILE}" --out "${DIR}"/Circular40mm2x.png
+    sips -s format png -Z '36'  "${FILE}" --out "${DIR}"/Circular42mm2x.png
+    sips -s format png -Z '40'  "${FILE}" --out "${DIR}"/Circular44mm2x.png
+    sips -s format png -Z '182'  "${FILE}" --out "${DIR}"/ExtraLarge38mm2x.png
+    sips -s format png -Z '203'  "${FILE}" --out "${DIR}"/ExtraLarge40mm2x.png
+    sips -s format png -Z '203'  "${FILE}" --out "${DIR}"/ExtraLarge42mm2x.png
+    sips -s format png -Z '224'  "${FILE}" --out "${DIR}"/ExtraLarge44mm2x.png
+    sips -s format png -Z '84'  "${FILE}" --out "${DIR}"/GraphicBezel40mm2x.png
+    sips -s format png -Z '84'  "${FILE}" --out "${DIR}"/GraphicBezel42mm2x.png
+    sips -s format png -Z '94'  "${FILE}" --out "${DIR}"/GraphicBezel44mm2x.png
+    sips -s format png -Z '84'  "${FILE}" --out "${DIR}"/GraphicCircular40mm2x.png
+    sips -s format png -Z '84'  "${FILE}" --out "${DIR}"/GraphicCircular42mm2x.png
+    sips -s format png -Z '94'  "${FILE}" --out "${DIR}"/GraphicCircular44mm2x.png
+    sips -s format png -Z '40'  "${FILE}" --out "${DIR}"/GraphicCorner40mm2x.png
+    sips -s format png -Z '40'  "${FILE}" --out "${DIR}"/GraphicCorner42mm2x.png
+    sips -s format png -Z '44'  "${FILE}" --out "${DIR}"/GraphicCorner44mm2x.png
+    sips -s format png -Z '52'  "${FILE}" --out "${DIR}"/GraphicModular38mm2x.png
+    sips -s format png -Z '58'  "${FILE}" --out "${DIR}"/GraphicModular40mm2x.png
+    sips -s format png -Z '58'  "${FILE}" --out "${DIR}"/GraphicModular42mm2x.png
+    sips -s format png -Z '64'  "${FILE}" --out "${DIR}"/GraphicModular44mm2x.png
+    sips -s format png -Z '40'  "${FILE}" --out "${DIR}"/GraphicUtilitarian38mm2x.png
+    sips -s format png -Z '44'  "${FILE}" --out "${DIR}"/GraphicUtilitarian40mm2x.png
+    sips -s format png -Z '44'  "${FILE}" --out "${DIR}"/GraphicUtilitarian42mm2x.png
+    sips -s format png -Z '50'  "${FILE}" --out "${DIR}"/GraphicUtilitarian44mm2x.png
+    sips -s format png -Z '206'  "${FILE}" --out "${DIR}"/GraphicExtraLarge38mm2x.png
+    sips -s format png -Z '264'  "${FILE}" --out "${DIR}"/GraphicExtraLarge44mm2x.png
+    echo "NOTE: Graphic Extra Large is not generated since that is not rectangular"
+fi
+
+if [[ "$PLATFORM" == *"macos"* ]] ; then # macOS
+    sips -s format png -Z '1024' "${FILE}" --out "${DIR}"/icon_512x512@2x.png
+    sips -s format png -Z '512'  "${FILE}" --out "${DIR}"/icon_512x512.png
+    sips -s format png -Z '512'  "${FILE}" --out "${DIR}"/icon_256x256@2x.png
+    sips -s format png -Z '256'  "${FILE}" --out "${DIR}"/icon_256x256.png
+    sips -s format png -Z '256'  "${FILE}" --out "${DIR}"/icon_128x128@2x.png
+    sips -s format png -Z '128'  "${FILE}" --out "${DIR}"/icon_128x128.png
+    sips -s format png -Z '64'   "${FILE}" --out "${DIR}"/icon_32x32@2x.png
+    sips -s format png -Z '32'   "${FILE}" --out "${DIR}"/icon_32x32.png
+    sips -s format png -Z '32'   "${FILE}" --out "${DIR}"/icon_16x16@2x.png
+    sips -s format png -Z '16'   "${FILE}" --out "${DIR}"/icon_16x16.png
+fi

build.cake

@@ -4,6 +4,7 @@
 #addin nuget:?package=Cake.Incubator&version=7.0.0
 #tool dotnet:?package=GitVersion.Tool&version=5.10.3
 using Path = System.IO.Path;
+using System.Text.RegularExpressions;
 
 var debugScript = Argument<bool>("debugScript", false);
 var target = Argument("target", "Default");
@@ -35,6 +36,7 @@ VariantConfig GetVariant() => variant.ToLower() switch{
 GitVersion _gitVersion; //will be set by GetGitInfo task
 var _slnPath = Path.Combine(""); //base path used to access files. If build.cake file is moved, just update this
 string _androidPackageName = string.Empty; //will be set by UpdateAndroidManifest task
+string _iOSVersionName = string.Empty;  //will be set by UpdateiOSPlist task
 string CreateFeatureBranch(string prevVersionName, GitVersion git) => $"{prevVersionName}-{git.BranchName.Replace("/","-")}";
 string GetVersionName(string prevVersionName, VariantConfig buildVariant, GitVersion git) => buildVariant is Prod? prevVersionName : CreateFeatureBranch(prevVersionName, git); 
 int CreateBuildNumber(int previousNumber) => ++previousNumber; 
@@ -163,7 +165,8 @@ enum iOSProjectType
     MainApp,
     Autofill,
     Extension,
-    ShareExtension
+    ShareExtension,
+    WatchApp
 }
 
 string GetiOSBundleId(VariantConfig buildVariant, iOSProjectType projectType) => projectType switch
@@ -171,6 +174,7 @@ string GetiOSBundleId(VariantConfig buildVariant, iOSProjectType projectType) =>
     iOSProjectType.Autofill => $"{buildVariant.iOSBundleId}.autofill",
     iOSProjectType.Extension => $"{buildVariant.iOSBundleId}.find-login-action-extension",
     iOSProjectType.ShareExtension => $"{buildVariant.iOSBundleId}.share-extension",
+    iOSProjectType.WatchApp => $"{buildVariant.iOSBundleId}.watchkitapp",
     _ => buildVariant.iOSBundleId
 };
 
@@ -205,6 +209,7 @@ private void UpdateiOSInfoPlist(string plistPath, VariantConfig buildVariant, Gi
 
     if(projectType == iOSProjectType.MainApp)
     {
+        _iOSVersionName = newVersionName;
         plist["CFBundleURLTypes"][0]["CFBundleURLName"] = $"{buildVariant.iOSBundleId}.url";
     }
 
@@ -240,10 +245,79 @@ private void UpdateiOSEntitlementsPlist(string entitlementsPath, VariantConfig b
     Information($"{entitlementsPath} updated with success!");
 }
 
-Task("UpdateiOSIcon")
+private void UpdateWatchKitAppInfoPlist(string plistPath, VariantConfig buildVariant)
+{
+    var plistFile = File(plistPath);
+    dynamic plist = DeserializePlist(plistFile);
+
+    var prevBundleId = plist["NSExtension"]["NSExtensionAttributes"]["WKAppBundleIdentifier"];
+    var newBundleId = GetiOSBundleId(buildVariant, iOSProjectType.WatchApp);
+
+    plist["NSExtension"]["NSExtensionAttributes"]["WKAppBundleIdentifier"] = newBundleId;
+
+    SerializePlist(plistFile, plist);
+
+    Information($"Changed Bundle Identifier from {prevBundleId} to {newBundleId}");
+    Information($"{plistPath} updated with success!");
+}
+
+private void UpdateWatchPbxproj(string pbxprojPath, string newVersion)
+{
+    var fileText = FileReadText(pbxprojPath);
+    if (string.IsNullOrEmpty(fileText))
+    {
+        throw new Exception($"Couldn't find {pbxprojPath}");
+    }
+
+    const string pattern = @"MARKETING_VERSION = [^;]*;";
+
+    fileText = Regex.Replace(fileText, pattern, $"MARKETING_VERSION = {newVersion};");
+
+    FileWriteText(pbxprojPath, fileText);
+    Information($"{pbxprojPath} modified successfully.");
+}
+
+/// <summary>
+/// Updates the target icons on the given appiconset target
+/// taking as source the icon in appIcons/iOS folder for the giving variant
+/// </summary>
+/// <param name="target">It can be <ios|watch|complication|macos></param>
+/// <param name="appiconsetTarget">Folder to copy the generated icons to</param>
+private void UpdateAppleIcons(string target, string appiconsetTarget)
+{
+    Information($"Updating {target} App Icons");
+
+    var iconsTempDirPath = Path.Combine(_slnPath, "appIcons", "temp");
+    CreateDirectory(iconsTempDirPath);
+
+    var arguments = new ProcessArgumentBuilder();
+    arguments.Append(target);
+    arguments.Append(Path.Combine(_slnPath, "appIcons", "iOS", $"{variant}.png"));
+    arguments.Append(iconsTempDirPath);
+
+    using(var process = StartAndReturnProcess(Path.Combine(_slnPath, "appIcons", "icongen.sh"), 
+        new ProcessSettings { Arguments = arguments }))
+    {
+        process.WaitForExit();
+        Information("Exit code: {0}", process.GetExitCode());
+    }
+
+    var generatedIconsPath = Path.Combine(iconsTempDirPath, "*.png");
+    CopyFiles(generatedIconsPath, appiconsetTarget);        
+
+    DeleteDirectory(iconsTempDirPath, new DeleteDirectorySettings {
+        Recursive = true,
+        Force = true
+    });
+
+    Information($"{target} App Icons have been updated");
+}
+
+Task("UpdateiOSIcons")
     .Does(()=>{
-        //TODO we'll implement variant icons later
-        Information($"Updating IOS App Icon");
+        UpdateAppleIcons("ios", Path.Combine(_slnPath, "src", "iOS", "Resources", "Assets.xcassets", "AppIcons.appiconset"));
+        UpdateAppleIcons("watch", Path.Combine(_slnPath, "src", "watchOS", "bitwarden", "bitwarden WatchKit App", "Assets.xcassets", "AppIcon.appiconset"));
+        // TODO: Update complication icons when they start working
     });
 
 Task("UpdateiOSPlist")
@@ -296,8 +370,10 @@ Task("UpdateiOSCodeFiles")
         var fileList = new string[] {
             Path.Combine(_slnPath, "src", "iOS.Core", "Utilities", "iOSCoreHelpers.cs"),
             Path.Combine(_slnPath, "src", "iOS.Core", "Constants.cs"),
+            Path.Combine(_slnPath, "src", "watchOS", "bitwarden", "bitwarden.xcodeproj", "project.pbxproj"),
+            Path.Combine(_slnPath, "src", "watchOS", "bitwarden", "bitwarden WatchKit Extension", "Helpers", "KeychainHelper.swift"),
             Path.Combine(".github", "resources", "export-options-ad-hoc.plist"),
-            Path.Combine(".github", "resources", "export-options-app-store.plist"),
+            Path.Combine(".github", "resources", "export-options-app-store.plist")
         };
 
         foreach(string path in fileList)
@@ -305,6 +381,22 @@ Task("UpdateiOSCodeFiles")
             ReplaceInFile(path, "com.8bit.bitwarden", buildVariant.iOSBundleId);
         }
     });
+
+Task("UpdateWatchProject")
+    .IsDependentOn("UpdateiOSPlist")
+    .WithCriteria(() => !string.IsNullOrEmpty(_iOSVersionName))
+    .Does(()=> {
+        var watchProjectPath = Path.Combine(_slnPath, "src", "watchOS", "bitwarden", "bitwarden.xcodeproj", "project.pbxproj");
+        UpdateWatchPbxproj(watchProjectPath, _iOSVersionName);
+    });
+
+Task("UpdateWatchKitAppInfoPlist")
+    .Does(()=> {
+        var buildVariant = GetVariant();
+        var infoPath = Path.Combine(_slnPath, "src", "watchOS", "bitwarden", "bitwarden WatchKit Extension", "Info.plist");
+        UpdateWatchKitAppInfoPlist(infoPath, buildVariant);
+    });
+
 #endregion iOS
 
 #region Main Tasks
@@ -318,12 +410,14 @@ Task("Android")
     });
 
 Task("iOS")
-    //.IsDependentOn("UpdateiOSIcon")
+    .IsDependentOn("UpdateiOSIcons")
     .IsDependentOn("UpdateiOSPlist")
     .IsDependentOn("UpdateiOSAutofillPlist")
     .IsDependentOn("UpdateiOSExtensionPlist")
     .IsDependentOn("UpdateiOSShareExtensionPlist")
     .IsDependentOn("UpdateiOSCodeFiles")
+    .IsDependentOn("UpdateWatchProject")
+    .IsDependentOn("UpdateWatchKitAppInfoPlist")
     .Does(()=>
     {
         Information("iOS app updated");

crowdin.yml

@@ -38,3 +38,15 @@ files:
         pt-PT: pt-PT
         en-GB: en-GB
         en-IN: en-IN
+  - source: "/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/en.lproj/Localizable.strings"
+    dest: "/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/en.lproj/%original_file_name%"
+    translation: "/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization//%two_letters_code%.lproj/%original_file_name%"
+    update_option: update_as_unapproved
+    languages_mapping:
+      two_letters_code:
+        zh-CN: zh-Hans
+        zh-TW: zh-Hant
+        pt-BR: pt-BR
+        pt-PT: pt-PT
+        en-GB: en-GB
+        en-IN: en-IN

src/Android/Android.csproj

@@ -77,22 +77,21 @@
     <PackageReference Include="Portable.BouncyCastle">
       <Version>1.9.0</Version>
     </PackageReference>
-    <PackageReference Include="Xamarin.AndroidX.AppCompat" Version="1.5.1.1" />
-    <PackageReference Include="Xamarin.AndroidX.AutoFill" Version="1.1.0.14" />
-    <PackageReference Include="Xamarin.AndroidX.CardView" Version="1.0.0.17" />
-    <PackageReference Include="Xamarin.AndroidX.Core" Version="1.9.0.1" />
-    <PackageReference Include="Xamarin.AndroidX.Legacy.Support.V4" Version="1.0.0.15" />
-    <PackageReference Include="Xamarin.AndroidX.MediaRouter" Version="1.3.1.1" />
+    <PackageReference Include="Xamarin.AndroidX.AppCompat" Version="1.6.1.3" />
+    <PackageReference Include="Xamarin.AndroidX.AutoFill" Version="1.1.0.18" />
+    <PackageReference Include="Xamarin.AndroidX.CardView" Version="1.0.0.21" />
+    <PackageReference Include="Xamarin.AndroidX.Core" Version="1.10.1.2" />
+    <PackageReference Include="Xamarin.AndroidX.MediaRouter" Version="1.4.0.2" />
     <PackageReference Include="Xamarin.Essentials">
-      <Version>1.7.3</Version>
+      <Version>1.8.0</Version>
     </PackageReference>
     <PackageReference Include="Xamarin.Firebase.Messaging">
-      <Version>123.0.8</Version>
+      <Version>123.1.2.2</Version>
     </PackageReference>
-    <PackageReference Include="Xamarin.Google.Android.Material" Version="1.6.1.1" />
-    <PackageReference Include="Xamarin.Google.Dagger" Version="2.41.0.2" />
+    <PackageReference Include="Xamarin.Google.Android.Material" Version="1.9.0.2" />
+    <PackageReference Include="Xamarin.Google.Dagger" Version="2.46.1.2" />
     <PackageReference Include="Xamarin.GooglePlayServices.SafetyNet">
-      <Version>118.0.1.2</Version>
+      <Version>118.0.1.5</Version>
     </PackageReference>
   </ItemGroup>
   <ItemGroup>
@@ -160,6 +159,7 @@
     <Compile Include="Constants.cs" />
     <Compile Include="Effects\RemoveFontPaddingEffect.cs" />
     <Compile Include="Services\WatchDeviceService.cs" />
+    <Compile Include="Renderers\CustomLabelRenderer.cs" />
   </ItemGroup>
   <ItemGroup>
     <AndroidAsset Include="Assets\bwi-font.ttf" />
@@ -233,6 +233,18 @@
       <SubType></SubType>
       <Generator></Generator>
     </AndroidResource>
+    <AndroidResource Include="Resources\layout\validatable_input_dialog_layout.xml">
+      <SubType></SubType>
+      <Generator></Generator>
+    </AndroidResource>
+    <AndroidResource Include="Resources\drawable\empty_uris_placeholder.xml">
+      <SubType></SubType>
+      <Generator></Generator>
+    </AndroidResource>
+    <AndroidResource Include="Resources\drawable\empty_uris_placeholder_dark.xml">
+      <SubType></SubType>
+      <Generator></Generator>
+    </AndroidResource>
   </ItemGroup>
   <ItemGroup>
     <AndroidResource Include="Resources\drawable\splash_screen.xml" />

src/Android/Autofill/FieldCollection.cs

@@ -12,7 +12,7 @@ namespace Bit.Droid.Autofill
         private List<Field> _passwordFields = null;
         private List<Field> _usernameFields = null;
         private HashSet<string> _ignoreSearchTerms = new HashSet<string> { "search", "find", "recipient", "edit" };
-        private HashSet<string> _usernameTerms = new HashSet<string> { "email", "phone", "username"};
+        private HashSet<string> _usernameTerms = new HashSet<string> { "email", "phone", "username" };
         private HashSet<string> _passwordTerms = new HashSet<string> { "password", "pswd" };
 
         public List<AutofillId> AutofillIds { get; private set; } = new List<AutofillId>();
@@ -54,15 +54,14 @@ namespace Bit.Droid.Autofill
                     if (HintToFieldsMap.ContainsKey(View.AutofillHintPassword))
                     {
                         _passwordFields.AddRange(HintToFieldsMap[View.AutofillHintPassword]);
+                        return _passwordFields;
                     }
                 }
-                else
+
+                _passwordFields = Fields.Where(f => FieldIsPassword(f)).ToList();
+                if (!_passwordFields.Any())
                 {
-                    _passwordFields = Fields.Where(f => FieldIsPassword(f)).ToList();
-                    if (!_passwordFields.Any())
-                    {
-                        _passwordFields = Fields.Where(f => FieldHasPasswordTerms(f)).ToList();
-                    }
+                    _passwordFields = Fields.Where(f => FieldHasPasswordTerms(f)).ToList();
                 }
                 return _passwordFields;
             }
@@ -87,24 +86,26 @@ namespace Bit.Droid.Autofill
                     {
                         _usernameFields.AddRange(HintToFieldsMap[View.AutofillHintUsername]);
                     }
+                    if (_usernameFields.Any())
+                    {
+                        return _usernameFields;
+                    }
                 }
-                else
-                {
-                    foreach (var passwordField in PasswordFields)
-                    {
-                        var usernameField = Fields.TakeWhile(f => f.AutofillId != passwordField.AutofillId)
-                            .LastOrDefault();
-                        if (usernameField != null)
-                        {
-                            _usernameFields.Add(usernameField);
-                        }
-                    }
 
-                    if (!_usernameFields.Any())
+                foreach (var passwordField in PasswordFields)
+                {
+                    var usernameField = Fields.TakeWhile(f => f.AutofillId != passwordField.AutofillId)
+                        .LastOrDefault();
+                    if (usernameField != null)
                     {
-                        _usernameFields = Fields.Where(f => FieldHasUsernameTerms(f)).ToList();
+                        _usernameFields.Add(usernameField);
                     }
                 }
+
+                if (!_usernameFields.Any())
+                {
+                    _usernameFields = Fields.Where(f => FieldIsUsername(f)).ToList();
+                }
                 return _usernameFields;
             }
         }
@@ -327,13 +328,18 @@ namespace Bit.Droid.Autofill
             }
 
             return inputTypePassword && !ValueContainsAnyTerms(f.IdEntry, _ignoreSearchTerms) &&
-                !ValueContainsAnyTerms(f.Hint, _ignoreSearchTerms) && !FieldHasUsernameTerms(f);
+                !ValueContainsAnyTerms(f.Hint, _ignoreSearchTerms) && !FieldIsUsername(f);
         }
 
         private bool FieldHasPasswordTerms(Field f)
         {
             return ValueContainsAnyTerms(f.IdEntry, _passwordTerms) || ValueContainsAnyTerms(f.Hint, _passwordTerms);
         }
+        
+        private bool FieldIsUsername(Field f)
+        {
+            return f.InputType.HasFlag(InputTypes.TextVariationWebEmailAddress) || FieldHasUsernameTerms(f);
+        }
 
         private bool FieldHasUsernameTerms(Field f)
         {
@@ -350,4 +356,4 @@ namespace Bit.Droid.Autofill
             return terms.Any(t => lowerValue.Contains(t));
         }
     }
-}
+}

src/Android/MainActivity.cs

@@ -170,7 +170,7 @@ namespace Bit.Droid
             {
                 if (intent?.GetStringExtra("uri") is string uri)
                 {
-                    _messagingService.Send("popAllAndGoToAutofillCiphers");
+                    _messagingService.Send(App.App.POP_ALL_AND_GO_TO_AUTOFILL_CIPHERS_MESSAGE);
                     if (_appOptions != null)
                     {
                        _appOptions.Uri = uri;
@@ -178,7 +178,7 @@ namespace Bit.Droid
                 }
                 else if (intent.GetBooleanExtra("generatorTile", false))
                 {
-                    _messagingService.Send("popAllAndGoToTabGenerator");
+                    _messagingService.Send(App.App.POP_ALL_AND_GO_TO_TAB_GENERATOR_MESSAGE);
                     if (_appOptions != null)
                     {
                         _appOptions.GeneratorTile = true;
@@ -186,7 +186,7 @@ namespace Bit.Droid
                 }
                 else if (intent.GetBooleanExtra("myVaultTile", false))
                 {
-                    _messagingService.Send("popAllAndGoToTabMyVault");
+                    _messagingService.Send(App.App.POP_ALL_AND_GO_TO_TAB_MYVAULT_MESSAGE);
                     if (_appOptions != null)
                     {
                         _appOptions.MyVaultTile = true;
@@ -198,7 +198,7 @@ namespace Bit.Droid
                     {
                         _appOptions.CreateSend = GetCreateSendRequest(intent);
                     }
-                    _messagingService.Send("popAllAndGoToTabSend");
+                    _messagingService.Send(App.App.POP_ALL_AND_GO_TO_TAB_SEND_MESSAGE);
                 }
                 else
                 {

src/Android/MainApplication.cs

@@ -21,6 +21,7 @@ using Bit.App.Utilities;
 using Bit.App.Pages;
 using Bit.App.Utilities.AccountManagement;
 using Bit.App.Controls;
+using Bit.Core.Enums;
 #if !FDROID
 using Android.Gms.Security;
 #endif
@@ -67,9 +68,9 @@ namespace Bit.Droid
                 ServiceContainer.Register<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner", deleteAccountActionFlowExecutioner);
 
                 var verificationActionsFlowHelper = new VerificationActionsFlowHelper(
-                    ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService"),
                     ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"),
-                    ServiceContainer.Resolve<ICryptoService>("cryptoService"));
+                    ServiceContainer.Resolve<ICryptoService>("cryptoService"),
+                    ServiceContainer.Resolve<IUserVerificationService>());
                 ServiceContainer.Register<IVerificationActionsFlowHelper>("verificationActionsFlowHelper", verificationActionsFlowHelper);
 
                 var accountsManager = new AccountsManager(
@@ -81,7 +82,8 @@ namespace Bit.Droid
                     ServiceContainer.Resolve<IAuthService>("authService"),
                     ServiceContainer.Resolve<ILogger>("logger"),
                     ServiceContainer.Resolve<IMessagingService>("messagingService"),
-                    ServiceContainer.Resolve<IWatchDeviceService>());
+                    ServiceContainer.Resolve<IWatchDeviceService>(),
+                    ServiceContainer.Resolve<IConditionedAwaiterManager>());
                 ServiceContainer.Register<IAccountsManager>("accountsManager", accountsManager);
             }
 #if !FDROID
@@ -143,9 +145,10 @@ namespace Bit.Droid
             var secureStorageService = new SecureStorageService();
             var cryptoPrimitiveService = new CryptoPrimitiveService();
             var mobileStorageService = new MobileStorageService(preferencesStorage, liteDbStorage);
-            var stateService = new StateService(mobileStorageService, secureStorageService, messagingService);
+            var storageMediatorService = new StorageMediatorService(mobileStorageService, secureStorageService, preferencesStorage);
+            var stateService = new StateService(mobileStorageService, secureStorageService, storageMediatorService, messagingService);
             var stateMigrationService =
-                new StateMigrationService(liteDbStorage, preferencesStorage, secureStorageService);
+                new StateMigrationService(DeviceType.Android, liteDbStorage, preferencesStorage, secureStorageService);
             var clipboardService = new ClipboardService(stateService);
             var deviceActionService = new DeviceActionService(stateService, messagingService);
             var fileService = new FileService(stateService, broadcasterService);
@@ -153,11 +156,12 @@ namespace Bit.Droid
                 messagingService, broadcasterService);
             var autofillHandler = new AutofillHandler(stateService, messagingService, clipboardService,
                 platformUtilsService, new LazyResolve<IEventService>());
-            var biometricService = new BiometricService();
             var cryptoFunctionService = new PclCryptoFunctionService(cryptoPrimitiveService);
             var cryptoService = new CryptoService(stateService, cryptoFunctionService);
+            var biometricService = new BiometricService(stateService, cryptoService);
             var passwordRepromptService = new MobilePasswordRepromptService(platformUtilsService, cryptoService);
 
+            ServiceContainer.Register<ISynchronousStorageService>(preferencesStorage);
             ServiceContainer.Register<IBroadcasterService>("broadcasterService", broadcasterService);
             ServiceContainer.Register<IMessagingService>("messagingService", messagingService);
             ServiceContainer.Register<ILocalizeService>("localizeService", localizeService);
@@ -165,6 +169,7 @@ namespace Bit.Droid
             ServiceContainer.Register<ICryptoPrimitiveService>("cryptoPrimitiveService", cryptoPrimitiveService);
             ServiceContainer.Register<IStorageService>("storageService", mobileStorageService);
             ServiceContainer.Register<IStorageService>("secureStorageService", secureStorageService);
+            ServiceContainer.Register<IStorageMediatorService>(storageMediatorService);
             ServiceContainer.Register<IStateService>("stateService", stateService);
             ServiceContainer.Register<IStateMigrationService>("stateMigrationService", stateMigrationService);
             ServiceContainer.Register<IClipboardService>("clipboardService", clipboardService);
@@ -197,7 +202,9 @@ namespace Bit.Droid
 
         private void Bootstrap()
         {
-            (ServiceContainer.Resolve<II18nService>("i18nService") as MobileI18nService).Init();
+            var locale = ServiceContainer.Resolve<IStateService>().GetLocale();
+            (ServiceContainer.Resolve<II18nService>("i18nService") as MobileI18nService)
+                .Init(locale != null ? new System.Globalization.CultureInfo(locale) : null);
             ServiceContainer.Resolve<IAuthService>("authService").Init();
             // Note: This is not awaited
             var bootstrapTask = BootstrapAsync();

src/Android/Properties/AndroidManifest.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:versionCode="1" android:versionName="2023.1.1" android:installLocation="internalOnly" package="com.x8bit.bitwarden">
+<manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:versionCode="1" android:versionName="2023.7.1" android:installLocation="internalOnly" package="com.x8bit.bitwarden">
 	<uses-sdk android:minSdkVersion="21" android:targetSdkVersion="33" />
 	<uses-permission android:name="android.permission.INTERNET" />
 	<uses-permission android:name="android.permission.NFC" />
@@ -45,11 +45,11 @@
 	<queries>
 		<intent>
 			<action android:name="android.intent.action.VIEW" />
-			<data android:scheme="http"/>
+			<data android:scheme="http" />
 		</intent>
 		<intent>
 			<action android:name="android.intent.action.VIEW" />
-			<data android:scheme="https"/>
+			<data android:scheme="https" />
 		</intent>
 	</queries>
 </manifest>

src/Android/Renderers/CustomLabelRenderer.cs

@@ -0,0 +1,43 @@
+using System.ComponentModel;
+using Android.Content;
+using Android.OS;
+using Bit.App.Controls;
+using Bit.Droid.Renderers;
+using Xamarin.Forms;
+using Xamarin.Forms.Platform.Android;
+
+[assembly: ExportRenderer(typeof(CustomLabel), typeof(CustomLabelRenderer))]
+namespace Bit.Droid.Renderers
+{
+    public class CustomLabelRenderer : LabelRenderer
+    {
+        public CustomLabelRenderer(Context context)
+            : base(context)
+        { }
+
+        protected override void OnElementChanged(ElementChangedEventArgs<Label> e)
+        {
+            base.OnElementChanged(e);
+
+            if (Control != null && e.NewElement is CustomLabel label)
+            {
+                if (label.FontWeight.HasValue && Build.VERSION.SdkInt >= BuildVersionCodes.P)
+                {
+                    Control.Typeface = Android.Graphics.Typeface.Create(null, label.FontWeight.Value, false);
+                }
+            }
+        }
+
+        protected override void OnElementPropertyChanged(object sender, PropertyChangedEventArgs e)
+        {
+            var label = sender as CustomLabel;
+            switch (e.PropertyName)
+            {
+                case nameof(CustomLabel.AutomationId):
+                    Control.ContentDescription = label.AutomationId;
+                    break;
+            }
+            base.OnElementPropertyChanged(sender, e);
+        }
+    }
+}

src/Android/Resources/drawable/empty_uris_placeholder.xml

@@ -0,0 +1,35 @@
+<vector xmlns:android="http://schemas.android.com/apk/res/android" xmlns:aapt="http://schemas.android.com/aapt"
+    android:viewportWidth="129"
+    android:viewportHeight="124"
+    android:width="129dp"
+    android:height="124dp">
+    <path
+        android:pathData="M126.8227 61.9441A59.6843 59.6843 0 0 1 7.4541 61.9441A59.6843 59.6843 0 0 1 126.8227 61.9441Z"
+        android:fillColor="#F0F0F0"
+        android:strokeColor="#89929F"
+        android:strokeWidth="3" />
+    <path
+        android:pathData="M21.6167 100.851C52.597 103.31 79.6937 80.3264 82.1391 49.5156C83.6205 30.8497 76.0789 14.8844 62.7275 3.63385"
+        android:strokeColor="#89929F"
+        android:strokeWidth="1.5"
+        android:strokeLineCap="round" />
+    <path
+        android:pathData="M14.5633 34.2845C12.2035 66.7711 38.5225 96.3429 72.6666 98.8232C74.2596 98.9389 78.629 98.9975 80.1951 99C84.6245 98.8232 97.8063 96.593 106.813 91.8485C113.439 88.3581 119.745 84.6984 124.644 79.1121"
+        android:strokeColor="#89929F"
+        android:strokeWidth="1.5"
+        android:strokeLineCap="round" />
+    <path
+        android:pathData="M124.502 48.5051C106.554 24.3817 68.8237 21.6709 41.4178 42.0617C24.8146 54.4149 14.7327 72.4183 13.9255 90.1427"
+        android:strokeColor="#89929F"
+        android:strokeWidth="1.5"
+        android:strokeLineCap="round" />
+    <path
+        android:pathData="M83.4034 28.3934A5 5 0 0 1 73.4034 28.3934A5 5 0 0 1 83.4034 28.3934Z"
+        android:fillColor="#89929F" />
+    <path
+        android:pathData="M24.7698 66.5518A5 5 0 0 1 14.7698 66.5518A5 5 0 0 1 24.7698 66.5518Z"
+        android:fillColor="#89929F" />
+    <path
+        android:pathData="M57.344 94.4726A5 5 0 0 1 47.344 94.4726A5 5 0 0 1 57.344 94.4726Z"
+        android:fillColor="#89929F" />
+</vector>

src/Android/Resources/drawable/empty_uris_placeholder_dark.xml

@@ -0,0 +1,35 @@
+<vector xmlns:android="http://schemas.android.com/apk/res/android" xmlns:aapt="http://schemas.android.com/aapt"
+    android:viewportWidth="129"
+    android:viewportHeight="124"
+    android:width="129dp"
+    android:height="124dp">
+    <path
+        android:pathData="M126.8227 61.9441A59.6843 59.6843 0 0 1 7.4541 61.9441A59.6843 59.6843 0 0 1 126.8227 61.9441Z"
+        android:fillColor="@android:color/transparent"
+        android:strokeColor="#A3A3A3"
+        android:strokeWidth="3" />
+    <path
+        android:pathData="M21.6167 100.851C52.597 103.31 79.6937 80.3264 82.1391 49.5156C83.6205 30.8497 76.0789 14.8844 62.7275 3.63385"
+        android:strokeColor="#A3A3A3"
+        android:strokeWidth="1.5"
+        android:strokeLineCap="round" />
+    <path
+        android:pathData="M14.5633 34.2845C12.2035 66.7711 38.5225 96.3429 72.6666 98.8232C74.2596 98.9389 78.629 98.9975 80.1951 99C84.6245 98.8232 97.8063 96.593 106.813 91.8485C113.439 88.3581 119.745 84.6984 124.644 79.1121"
+        android:strokeColor="#A3A3A3"
+        android:strokeWidth="1.5"
+        android:strokeLineCap="round" />
+    <path
+        android:pathData="M124.502 48.5051C106.554 24.3817 68.8237 21.6709 41.4178 42.0617C24.8146 54.4149 14.7327 72.4183 13.9255 90.1427"
+        android:strokeColor="#A3A3A3"
+        android:strokeWidth="1.5"
+        android:strokeLineCap="round" />
+    <path
+        android:pathData="M83.4034 28.3934A5 5 0 0 1 73.4034 28.3934A5 5 0 0 1 83.4034 28.3934Z"
+        android:fillColor="#A3A3A3" />
+    <path
+        android:pathData="M24.7698 66.5518A5 5 0 0 1 14.7698 66.5518A5 5 0 0 1 24.7698 66.5518Z"
+        android:fillColor="#A3A3A3" />
+    <path
+        android:pathData="M57.344 94.4726A5 5 0 0 1 47.344 94.4726A5 5 0 0 1 57.344 94.4726Z"
+        android:fillColor="#A3A3A3" />
+</vector>

src/Android/Resources/layout/validatable_input_dialog_layout.xml

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
+    android:orientation="vertical"
+    android:layout_width="match_parent"
+    android:layout_height="wrap_content"
+    android:paddingLeft="30dp"
+    android:paddingRight="30dp">
+    <TextView
+        android:id="@+id/lblHeader"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:textSize="@dimen/dialog_header_text_size"
+        android:layout_marginTop="5dp"
+        android:layout_marginBottom="-3dp"
+        android:labelFor="@+id/txtValue"/>
+    <EditText
+        android:id="@id/txtValue"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:textSize="@dimen/dialog_input_text_size"/>
+    <TextView
+        android:id="@+id/lblValueSubinfo"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:textSize="@dimen/dialog_sub_value_info_text_size"/>
+</LinearLayout>
+

src/Android/Resources/values/dimens.xml

@@ -2,4 +2,7 @@
 <resources xmlns:tools="http://schemas.android.com/tools">
   <dimen name="design_bottom_navigation_text_size" tools:override="true">15sp</dimen>
   <dimen name="design_bottom_navigation_active_text_size" tools:override="true">15sp</dimen>
+  <dimen name="dialog_input_text_size">16sp</dimen>
+  <dimen name="dialog_header_text_size">12sp</dimen>
+  <dimen name="dialog_sub_value_info_text_size">12sp</dimen>
 </resources>

src/Android/Services/BiometricService.cs

@@ -2,15 +2,15 @@
 using System.Threading.Tasks;
 using Android.OS;
 using Android.Security.Keystore;
+using Bit.App.Services;
 using Bit.Core.Abstractions;
 using Bit.Core.Services;
-using Bit.Core.Utilities;
 using Java.Security;
 using Javax.Crypto;
 
 namespace Bit.Droid.Services
 {
-    public class BiometricService : IBiometricService
+    public class BiometricService : BaseBiometricService
     {
         private const string KeyName = "com.8bit.bitwarden.biometric_integrity";
 
@@ -23,28 +23,28 @@ namespace Bit.Droid.Services
 
         private readonly KeyStore _keystore;
 
-        public BiometricService()
+        public BiometricService(IStateService stateService, ICryptoService cryptoService)
+            : base(stateService, cryptoService)
         {
             _keystore = KeyStore.GetInstance(KeyStoreName);
             _keystore.Load(null);
         }
 
-        public Task<bool> SetupBiometricAsync(string bioIntegrityKey = null)
+        public override async Task<bool> SetupBiometricAsync(string bioIntegritySrcKey = null)
         {
-            // bioIntegrityKey used in iOS only
             if (Build.VERSION.SdkInt >= BuildVersionCodes.M)
             {
-                CreateKey();
+                await CreateKeyAsync(bioIntegritySrcKey);
             }
 
-            return Task.FromResult(true);
+            return true;
         }
 
-        public Task<bool> ValidateIntegrityAsync(string bioIntegrityKey = null)
+        public override async Task<bool> IsSystemBiometricIntegrityValidAsync(string bioIntegritySrcKey = null)
         {
             if (Build.VERSION.SdkInt < BuildVersionCodes.M)
             {
-                return Task.FromResult(true);
+                return true;
             }
 
             try
@@ -55,7 +55,7 @@ namespace Bit.Droid.Services
 
                 if (key == null || cipher == null)
                 {
-                    return Task.FromResult(true);
+                    return true;
                 }
 
                 cipher.Init(CipherMode.EncryptMode, key);
@@ -63,25 +63,32 @@ namespace Bit.Droid.Services
             catch (KeyPermanentlyInvalidatedException e)
             {
                 // Biometric has changed
-                return Task.FromResult(false);
+                await ClearStateAsync(bioIntegritySrcKey);
+                return false;
             }
             catch (UnrecoverableKeyException e)
             {
                 // Biometric was disabled and re-enabled
-                return Task.FromResult(false);
+                await ClearStateAsync(bioIntegritySrcKey);
+                return false;
             }
             catch (InvalidKeyException e)
             {
                 // Fallback for old bitwarden users without a key
                 LoggerHelper.LogEvenIfCantBeResolved(e);
-                CreateKey();
+                await CreateKeyAsync(bioIntegritySrcKey);
             }
 
-            return Task.FromResult(true);
+            return true;
         }
 
-        private void CreateKey()
+        private async Task CreateKeyAsync(string bioIntegritySrcKey = null)
         {
+            bioIntegritySrcKey ??= Core.Constants.BiometricIntegritySourceKey;
+            await _stateService.SetSystemBiometricIntegrityState(bioIntegritySrcKey,
+                await GetStateAsync(bioIntegritySrcKey));
+            await _stateService.SetAccountBiometricIntegrityValidAsync(bioIntegritySrcKey);
+
             try
             {
                 var keyGen = KeyGenerator.GetInstance(KeyAlgorithm, KeyStoreName);
@@ -101,5 +108,16 @@ namespace Bit.Droid.Services
                 LoggerHelper.LogEvenIfCantBeResolved(e);
             }
         }
+
+        private async Task<string> GetStateAsync(string bioIntegritySrcKey)
+        {
+            return await _stateService.GetSystemBiometricIntegrityState(bioIntegritySrcKey) ??
+                   Guid.NewGuid().ToString();
+        }
+
+        private async Task ClearStateAsync(string bioIntegritySrcKey)
+        {
+            await _stateService.SetSystemBiometricIntegrityState(bioIntegritySrcKey, null);
+        }
     }
 }

src/Android/Services/ClipboardService.cs

@@ -49,12 +49,6 @@ namespace Bit.Droid.Services
             }
         }
 
-        public bool IsCopyNotificationHandledByPlatform()
-        {
-            // Android 13+ provides built-in notification when text is copied to the clipboard
-            return (int)Build.VERSION.SdkInt >= 33;
-        }
-
         private void CopyToClipboard(string text, bool isSensitive = true)
         {
             var clipboardManager = Application.Context.GetSystemService(Context.ClipboardService) as ClipboardManager;

src/Android/Services/DeviceActionService.cs

@@ -13,12 +13,13 @@ using Android.Views.InputMethods;
 using Android.Widget;
 using Bit.App.Abstractions;
 using Bit.App.Resources;
+using Bit.App.Utilities;
+using Bit.App.Utilities.Prompts;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
-using Bit.Core.Utilities;
 using Bit.Droid.Utilities;
 using Plugin.CurrentActivity;
-using static Bit.App.Pages.SettingsPageViewModel;
+using Xamarin.Forms.Platform.Android;
 
 namespace Bit.Droid.Services
 {
@@ -209,10 +210,7 @@ namespace Bit.Droid.Services
             }
             if (numericKeyboard)
             {
-                input.InputType = InputTypes.ClassNumber | InputTypes.NumberFlagDecimal | InputTypes.NumberFlagSigned;
-#pragma warning disable CS0618 // Type or member is obsolete
-                input.KeyListener = DigitsKeyListener.GetInstance(false, false);
-#pragma warning restore CS0618 // Type or member is obsolete
+                SetNumericKeyboardTo(input);
             }
             if (password)
             {
@@ -248,6 +246,83 @@ namespace Bit.Droid.Services
             return result.Task;
         }
 
+        public Task<ValidatablePromptResponse?> DisplayValidatablePromptAsync(ValidatablePromptConfig config)
+        {
+            var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+            if (activity == null)
+            {
+                return Task.FromResult<ValidatablePromptResponse?>(null);
+            }
+
+            var alertBuilder = new AlertDialog.Builder(activity);
+            alertBuilder.SetTitle(config.Title);
+            var view = activity.LayoutInflater.Inflate(Resource.Layout.validatable_input_dialog_layout, null);
+            alertBuilder.SetView(view);
+            
+            var result = new TaskCompletionSource<ValidatablePromptResponse?>();
+
+            alertBuilder.SetOnCancelListener(new BasicDialogWithResultCancelListener(result));
+            alertBuilder.SetPositiveButton(config.OkButtonText ?? AppResources.Ok, listener: null);
+            alertBuilder.SetNegativeButton(config.CancelButtonText ?? AppResources.Cancel, (sender, args) => result.TrySetResult(null));
+            if (!string.IsNullOrEmpty(config.ThirdButtonText))
+            {
+                alertBuilder.SetNeutralButton(config.ThirdButtonText, (sender, args) => result.TrySetResult(new ValidatablePromptResponse(null, true)));
+            }
+
+            var alert = alertBuilder.Create();
+
+            var input = view.FindViewById<EditText>(Resource.Id.txtValue);
+            var lblHeader = view.FindViewById<TextView>(Resource.Id.lblHeader);
+            var lblValueSubinfo = view.FindViewById<TextView>(Resource.Id.lblValueSubinfo);
+
+            lblHeader.Text = config.Subtitle;
+            lblValueSubinfo.Text = config.ValueSubInfo;
+
+            var defaultSubInfoColor = lblValueSubinfo.TextColors;
+
+            input.InputType = InputTypes.ClassText;
+
+            if (config.NumericKeyboard)
+            {
+                SetNumericKeyboardTo(input);
+            }
+
+            input.ImeOptions = input.ImeOptions | (ImeAction)ImeFlags.NoPersonalizedLearning | (ImeAction)ImeFlags.NoExtractUi;
+            input.Text = config.Text ?? string.Empty;
+            input.SetSelection(config.Text?.Length ?? 0);
+            input.AfterTextChanged += (sender, args) =>
+            {
+                if (lblValueSubinfo.Text != config.ValueSubInfo)
+                {
+                    lblValueSubinfo.Text = config.ValueSubInfo;
+                    lblHeader.SetTextColor(defaultSubInfoColor);
+                    lblValueSubinfo.SetTextColor(defaultSubInfoColor);
+                }
+            };
+
+            alert.Window.SetSoftInputMode(SoftInput.StateVisible);
+            alert.Show();
+
+            var positiveButton = alert.GetButton((int)DialogButtonType.Positive);
+            positiveButton.Click += (sender, args) =>
+            {
+                var error = config.ValidateText(input.Text);
+                if (error != null)
+                {
+                    lblHeader.SetTextColor(ThemeManager.GetResourceColor("DangerColor").ToAndroid());
+                    lblValueSubinfo.SetTextColor(ThemeManager.GetResourceColor("DangerColor").ToAndroid());
+                    lblValueSubinfo.Text = error;
+                    lblValueSubinfo.SendAccessibilityEvent(Android.Views.Accessibility.EventTypes.ViewFocused);
+                    return;
+                }
+
+                result.TrySetResult(new ValidatablePromptResponse(input.Text, false));
+                alert.Dismiss();
+            };
+
+            return result.Task;
+        }
+
         public void RateApp()
         {
             var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
@@ -502,11 +577,6 @@ namespace Bit.Droid.Services
 
         public async Task SetScreenCaptureAllowedAsync()
         {
-            if (CoreHelpers.ForceScreenCaptureEnabled())
-            {
-                return;
-            }
-
             var activity = CrossCurrentActivity.Current?.Activity;
             if (await _stateService.GetScreenCaptureAllowedAsync())
             {
@@ -530,5 +600,29 @@ namespace Bit.Droid.Services
             // only used by iOS
             throw new NotImplementedException();
         }
+
+        private void SetNumericKeyboardTo(EditText editText)
+        {
+            editText.InputType = InputTypes.ClassNumber | InputTypes.NumberFlagDecimal | InputTypes.NumberFlagSigned;
+#pragma warning disable CS0618 // Type or member is obsolete
+            editText.KeyListener = DigitsKeyListener.GetInstance(false, false);
+#pragma warning restore CS0618 // Type or member is obsolete
+        }
+    }
+
+    class BasicDialogWithResultCancelListener : Java.Lang.Object, IDialogInterfaceOnCancelListener
+    {
+        private readonly TaskCompletionSource<ValidatablePromptResponse?> _taskCompletionSource;
+
+        public BasicDialogWithResultCancelListener(TaskCompletionSource<ValidatablePromptResponse?> taskCompletionSource)
+        {
+            _taskCompletionSource = taskCompletionSource;
+        }
+
+        public void OnCancel(IDialogInterface dialog)
+        {
+            _taskCompletionSource?.TrySetResult(null);
+            dialog?.Dismiss();
+        }
     }
 }

src/Android/Services/WatchDeviceService.cs

@@ -2,7 +2,6 @@
 using System.Threading.Tasks;
 using Bit.App.Services;
 using Bit.Core.Abstractions;
-using Bit.Core.Models;
 
 namespace Bit.Droid.Services
 {
@@ -22,7 +21,7 @@ namespace Bit.Droid.Services
 
         protected override bool CanSendData => false;
 
-        protected override Task SendDataToWatchAsync(WatchDTO watchDto) => throw new NotImplementedException();
+        protected override Task SendDataToWatchAsync(byte[] rawData) => throw new NotImplementedException();
 
         protected override void ConnectToWatch() => throw new NotImplementedException();
     }

src/Android/Utilities/IntentExtensions.cs

@@ -1,5 +1,6 @@
 using Android.Content;
 using Android.OS;
+using Java.Lang;
 
 namespace Bit.Droid.Utilities
 {
@@ -13,7 +14,12 @@ namespace Bit.Droid.Utilities
                 // Note: getting the bundle like this will cause to call unparcel() internally
                 var b = intent?.Extras?.GetBundle("trashstringwhichhasnousebuttocheckunparcel");
             }
-            catch (BadParcelableException)
+            catch (Exception ex) when
+            (
+                ex is BadParcelableException ||
+                ex is ClassNotFoundException ||
+                ex is RuntimeException
+            )
             {
                 intent.ReplaceExtras((Bundle)null);
             }

src/App/Abstractions/IAccountsManager.cs

@@ -8,6 +8,7 @@ namespace Bit.App.Abstractions
     {
         void Init(Func<AppOptions> getOptionsFunc, IAccountsManagerHost accountsManagerHost);
         Task NavigateOnAccountChangeAsync(bool? isAuthed = null);
+        Task StartDefaultNavigationFlowAsync(Action<AppOptions> appOptionsAction);
         Task LogOutAsync(string userId, bool userInitiated, bool expired);
         Task PromptToSwitchToExistingAccountAsync(string userId);
     }

src/App/Abstractions/IDeepLinkContext.cs

@@ -0,0 +1,9 @@
+using System;
+
+namespace Bit.App.Abstractions
+{
+    public interface IDeepLinkContext
+    {
+        bool OnNewUri(Uri uri);
+    }
+}

src/App/Abstractions/IDeviceActionService.cs

@@ -1,4 +1,5 @@
 using System.Threading.Tasks;
+using Bit.App.Utilities.Prompts;
 using Bit.Core.Enums;
 using Bit.Core.Models;
 
@@ -18,6 +19,7 @@ namespace Bit.App.Abstractions
         Task<string> DisplayPromptAync(string title = null, string description = null, string text = null,
             string okButtonText = null, string cancelButtonText = null, bool numericKeyboard = false,
             bool autofocus = true, bool password = false);
+        Task<ValidatablePromptResponse?> DisplayValidatablePromptAsync(ValidatablePromptConfig config);
         Task<string> DisplayAlertAsync(string title, string message, string cancel, params string[] buttons);
         Task<string> DisplayActionSheetAsync(string title, string cancel, string destruction, params string[] buttons);
 

src/App/Abstractions/IPasswordRepromptService.cs

@@ -1,4 +1,5 @@
 using System.Threading.Tasks;
+using Bit.Core.Enums;
 
 namespace Bit.App.Abstractions
 {
@@ -6,10 +7,8 @@ namespace Bit.App.Abstractions
     {
         string[] ProtectedFields { get; }
 
-        Task<bool> ShowPasswordPromptAsync();
+        Task<bool> PromptAndCheckPasswordIfNeededAsync(CipherRepromptType repromptType = CipherRepromptType.Password);
 
         Task<(string password, bool valid)> ShowPasswordPromptAndGetItAsync();
-
-        Task<bool> Enabled();
     }
 }

src/App/App.csproj

@@ -14,13 +14,14 @@
 
   <ItemGroup>
     <PackageReference Include="Plugin.Fingerprint" Version="2.1.5" />
-    <PackageReference Include="SkiaSharp.Views.Forms" Version="2.88.2" />
-    <PackageReference Include="Xamarin.CommunityToolkit" Version="2.0.5" />
-    <PackageReference Include="Xamarin.Essentials" Version="1.7.3" />
+    <PackageReference Include="SkiaSharp.Views.Forms" Version="2.88.3" />
+    <PackageReference Include="Xamarin.CommunityToolkit" Version="2.0.6" />
+    <PackageReference Include="Xamarin.Essentials" Version="1.8.0" />
     <PackageReference Include="Xamarin.FFImageLoading.Forms" Version="2.4.11.982" />
-    <PackageReference Include="Xamarin.Forms" Version="5.0.0.2515" />
+    <PackageReference Include="Xamarin.Forms" Version="5.0.0.2612" />
     <PackageReference Include="ZXing.Net.Mobile" Version="2.4.1" />
     <PackageReference Include="ZXing.Net.Mobile.Forms" Version="2.4.1" />
+    <PackageReference Include="MessagePack" Version="2.4.59" />
   </ItemGroup>
 
   <ItemGroup>
@@ -144,6 +145,8 @@
     <Folder Include="Controls\DateTime\" />
     <Folder Include="Controls\IconLabelButton\" />
     <Folder Include="Controls\PasswordStrengthProgressBar\" />
+    <Folder Include="Utilities\Automation\" />
+    <Folder Include="Utilities\Prompts\" />
   </ItemGroup>
 
   <ItemGroup>
@@ -436,6 +439,10 @@
     <None Remove="Utilities\AccountManagement\" />
     <None Remove="Controls\DateTime\" />
     <None Remove="Controls\IconLabelButton\" />
+    <None Remove="MessagePack" />
+    <None Remove="MessagePack.MSBuild.Tasks" />
     <None Remove="Controls\PasswordStrengthProgressBar\" />
+    <None Remove="Utilities\Automation\" />
+    <None Remove="Utilities\Prompts\" />
   </ItemGroup>
 </Project>

src/App/App.xaml.cs

@@ -23,6 +23,11 @@ namespace Bit.App
 {
     public partial class App : Application, IAccountsManagerHost
     {
+        public const string POP_ALL_AND_GO_TO_TAB_GENERATOR_MESSAGE = "popAllAndGoToTabGenerator";
+        public const string POP_ALL_AND_GO_TO_TAB_MYVAULT_MESSAGE = "popAllAndGoToTabMyVault";
+        public const string POP_ALL_AND_GO_TO_TAB_SEND_MESSAGE = "popAllAndGoToTabSend";
+        public const string POP_ALL_AND_GO_TO_AUTOFILL_CIPHERS_MESSAGE = "popAllAndGoToAutofillCiphers";
+
         private readonly IBroadcasterService _broadcasterService;
         private readonly IMessagingService _messagingService;
         private readonly IStateService _stateService;
@@ -33,6 +38,7 @@ namespace Bit.App
         private readonly IFileService _fileService;
         private readonly IAccountsManager _accountsManager;
         private readonly IPushNotificationService _pushNotificationService;
+        private readonly IConfigService _configService;
         private static bool _isResumed;
         // these variables are static because the app is launching new activities on notification click, creating new instances of App. 
         private static bool _pendingCheckPasswordlessLoginRequests;
@@ -56,6 +62,7 @@ namespace Bit.App
             _fileService = ServiceContainer.Resolve<IFileService>();
             _accountsManager = ServiceContainer.Resolve<IAccountsManager>("accountsManager");
             _pushNotificationService = ServiceContainer.Resolve<IPushNotificationService>();
+            _configService = ServiceContainer.Resolve<IConfigService>();
 
             _accountsManager.Init(() => Options, this);
 
@@ -103,12 +110,18 @@ namespace Bit.App
                         await Task.Delay(1000);
                         await _accountsManager.NavigateOnAccountChangeAsync();
                     }
-                    else if (message.Command == "popAllAndGoToTabGenerator" ||
-                        message.Command == "popAllAndGoToTabMyVault" ||
-                        message.Command == "popAllAndGoToTabSend" ||
-                        message.Command == "popAllAndGoToAutofillCiphers")
+                    else if (message.Command == POP_ALL_AND_GO_TO_TAB_GENERATOR_MESSAGE ||
+                        message.Command == POP_ALL_AND_GO_TO_TAB_MYVAULT_MESSAGE ||
+                        message.Command == POP_ALL_AND_GO_TO_TAB_SEND_MESSAGE ||
+                        message.Command == POP_ALL_AND_GO_TO_AUTOFILL_CIPHERS_MESSAGE ||
+                        message.Command == DeepLinkContext.NEW_OTP_MESSAGE)
                     {
-                        Device.BeginInvokeOnMainThread(async () =>
+                        if (message.Command == DeepLinkContext.NEW_OTP_MESSAGE)
+                        {
+                            Options.OtpData = new OtpData((string)message.Data);
+                        }
+
+                        await Device.InvokeOnMainThreadAsync(async () =>
                         {
                             if (Current.MainPage is TabsPage tabsPage)
                             {
@@ -116,24 +129,29 @@ namespace Bit.App
                                 {
                                     await tabsPage.Navigation.PopModalAsync(false);
                                 }
-                                if (message.Command == "popAllAndGoToAutofillCiphers")
+                                if (message.Command == POP_ALL_AND_GO_TO_AUTOFILL_CIPHERS_MESSAGE)
                                 {
-                                    Current.MainPage = new NavigationPage(new AutofillCiphersPage(Options));
+                                    Current.MainPage = new NavigationPage(new CipherSelectionPage(Options));
                                 }
-                                else if (message.Command == "popAllAndGoToTabMyVault")
+                                else if (message.Command == POP_ALL_AND_GO_TO_TAB_MYVAULT_MESSAGE)
                                 {
                                     Options.MyVaultTile = false;
                                     tabsPage.ResetToVaultPage();
                                 }
-                                else if (message.Command == "popAllAndGoToTabGenerator")
+                                else if (message.Command == POP_ALL_AND_GO_TO_TAB_GENERATOR_MESSAGE)
                                 {
                                     Options.GeneratorTile = false;
                                     tabsPage.ResetToGeneratorPage();
                                 }
-                                else if (message.Command == "popAllAndGoToTabSend")
+                                else if (message.Command == POP_ALL_AND_GO_TO_TAB_SEND_MESSAGE)
                                 {
                                     tabsPage.ResetToSendPage();
                                 }
+                                else if (message.Command == DeepLinkContext.NEW_OTP_MESSAGE)
+                                {
+                                    tabsPage.ResetToVaultPage();
+                                    await tabsPage.Navigation.PushModalAsync(new NavigationPage(new CipherSelectionPage(Options)));
+                                }
                             }
                         });
                     }
@@ -145,6 +163,18 @@ namespace Bit.App
                                 new NavigationPage(new RemoveMasterPasswordPage()));
                         });
                     }
+                    else if (message.Command == Constants.ForceUpdatePassword)
+                    {
+                        Device.BeginInvokeOnMainThread(async () =>
+                        {
+                            await Application.Current.MainPage.Navigation.PushModalAsync(
+                                new NavigationPage(new UpdateTempPasswordPage()));
+                        });
+                    }
+                    else if (message.Command == "syncCompleted")
+                    {
+                        await _configService.GetAsync(true);
+                    }
                     else if (message.Command == Constants.PasswordlessLoginRequestKey
                         || message.Command == "unlocked"
                         || message.Command == AccountsManagerMessageCommands.ACCOUNT_SWITCH_COMPLETED)
@@ -201,7 +231,7 @@ namespace Bit.App
                 Id = loginRequestData.Id,
                 IpAddress = loginRequestData.RequestIpAddress,
                 Email = await _stateService.GetEmailAsync(),
-                FingerprintPhrase = loginRequestData.RequestFingerprint,
+                FingerprintPhrase = loginRequestData.FingerprintPhrase,
                 RequestDate = loginRequestData.CreationDate,
                 DeviceType = loginRequestData.RequestDeviceType,
                 Origin = loginRequestData.Origin
@@ -269,6 +299,8 @@ namespace Bit.App
                 // Reset delay on every start
                 _vaultTimeoutService.DelayLockAndLogoutMs = null;
             }
+
+            await _configService.GetAsync();
             _messagingService.Send("startEventTimer");
         }
 
@@ -308,6 +340,7 @@ namespace Bit.App
         private async Task SleptAsync()
         {
             await _vaultTimeoutService.CheckVaultTimeoutAsync();
+            await ClearSensitiveFieldsAsync();
             _messagingService.Send("stopEventTimer");
         }
 
@@ -315,6 +348,7 @@ namespace Bit.App
         {
             await _stateService.CheckExtensionActiveUserAndSwitchIfNeededAsync();
             await _vaultTimeoutService.CheckVaultTimeoutAsync();
+            await ClearSensitiveFieldsAsync();
             _messagingService.Send("startEventTimer");
             await UpdateThemeAsync();
             await ClearCacheIfNeededAsync();
@@ -335,6 +369,14 @@ namespace Bit.App
             });
         }
 
+        private async Task ClearSensitiveFieldsAsync()
+        {
+            await Device.InvokeOnMainThreadAsync(() =>
+            {
+                _messagingService.Send(Constants.ClearSensitiveFields);
+            });
+        }
+
         private void SetCulture()
         {
             // Calendars are removed by linker. ref https://bugzilla.xamarin.com/show_bug.cgi?id=59077
@@ -484,7 +526,8 @@ namespace Bit.App
                     Current.MainPage = new NavigationPage(new CipherAddEditPage(appOptions: Options));
                     break;
                 case NavigationTarget.AutofillCiphers:
-                    Current.MainPage = new NavigationPage(new AutofillCiphersPage(Options));
+                case NavigationTarget.OtpCipherSelection:
+                    Current.MainPage = new NavigationPage(new CipherSelectionPage(Options));
                     break;
                 case NavigationTarget.SendAddEdit:
                     Current.MainPage = new NavigationPage(new SendAddEditPage(Options));

src/App/Controls/AccountSwitchingOverlay/AccountSwitchingOverlayView.xaml

@@ -30,13 +30,15 @@
                 BackgroundColor="{DynamicResource BackgroundColor}"
                 VerticalOptions="Start"
                 RowHeight="{Binding AccountListRowHeight, Source={x:Reference _mainOverlay}}"
-                effects:ScrollViewContentInsetAdjustmentBehaviorEffect.ContentInsetAdjustmentBehavior="Never">
+                effects:ScrollViewContentInsetAdjustmentBehaviorEffect.ContentInsetAdjustmentBehavior="Never"
+                AutomationId="AccountListView">
                 <ListView.ItemTemplate>
                     <DataTemplate x:DataType="view:AccountView">
                         <controls:AccountViewCell
                             Account="{Binding .}"
                             SelectAccountCommand="{Binding SelectAccountCommand, Source={x:Reference _mainOverlay}}"
                             LongPressAccountCommand="{Binding LongPressAccountCommand, Source={x:Reference _mainOverlay}}"
+                            AutomationId="AccountViewCell"
                             />
                     </DataTemplate>
                 </ListView.ItemTemplate>

src/App/Controls/AccountViewCell/AccountViewCell.xaml

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <ViewCell xmlns="http://xamarin.com/schemas/2014/forms"
           xmlns:x="http://schemas.microsoft.com/winfx/2009/xaml"
           xmlns:xct="http://xamarin.com/schemas/2020/toolkit"
@@ -60,20 +60,23 @@
                     Text="{Binding AccountView.Email}"
                     IsVisible="{Binding IsActive}"
                     StyleClass="accountlist-title, accountlist-title-platform"
-                    LineBreakMode="TailTruncation" />
+                    LineBreakMode="TailTruncation"
+                    AutomationId="AccountEmailLabel" />
                 <Label
                     Grid.Row="0"
                     Text="{Binding AccountView.Email}"
                     IsVisible="{Binding IsActive, Converter={StaticResource inverseBool}}"
                     StyleClass="accountlist-title, accountlist-title-platform"
                     TextColor="{DynamicResource MutedColor}"
-                    LineBreakMode="TailTruncation" />
+                    LineBreakMode="TailTruncation"
+                    AutomationId="AccountEmailLabel" />
                 <Label
                     Grid.Row="1"
                     IsVisible="{Binding ShowHostname}"
                     Text="{Binding AccountView.Hostname}"
                     StyleClass="accountlist-sub, accountlist-sub-platform"
-                    LineBreakMode="TailTruncation" />
+                    LineBreakMode="TailTruncation"
+                    AutomationId="AccountHostUrlLabel" />
                 <Label
                     Grid.Row="2"
                     Text="{u:I18n AccountUnlocked}"
@@ -81,7 +84,8 @@
                     StyleClass="accountlist-sub, accountlist-sub-platform"
                     FontAttributes="Italic"
                     TextTransform="Lowercase"
-                    LineBreakMode="TailTruncation" />
+                    LineBreakMode="TailTruncation"
+                    AutomationId="AccountStatusLabel" />
                 <Label
                     Grid.Row="2"
                     Text="{u:I18n AccountLocked}"
@@ -89,7 +93,8 @@
                     StyleClass="accountlist-sub, accountlist-sub-platform"
                     FontAttributes="Italic"
                     TextTransform="Lowercase"
-                    LineBreakMode="TailTruncation" />
+                    LineBreakMode="TailTruncation"
+                    AutomationId="AccountStatusLabel" />
                 <Label
                     Grid.Row="2"
                     Text="{u:I18n AccountLoggedOut}"
@@ -97,7 +102,8 @@
                     StyleClass="accountlist-sub, accountlist-sub-platform"
                     FontAttributes="Italic"
                     TextTransform="Lowercase"
-                    LineBreakMode="TailTruncation" />
+                    LineBreakMode="TailTruncation"
+                    AutomationId="AccountStatusLabel" />
             </Grid>
 
             <controls:IconLabel
@@ -107,7 +113,8 @@
                 Margin="12,0"
                 HorizontalOptions="Center"
                 VerticalOptions="Center"
-                StyleClass="list-icon, list-icon-platform" />
+                StyleClass="list-icon, list-icon-platform"
+                AutomationId="InactiveVaultIcon" />
             <controls:IconLabel
                 Grid.Column="2"
                 Text="{Binding AuthStatusIconActive}" 
@@ -116,7 +123,8 @@
                 HorizontalOptions="Center"
                 VerticalOptions="Center"
                 StyleClass="list-icon, list-icon-platform"
-                TextColor="{DynamicResource TextColor}"/>
+                TextColor="{DynamicResource TextColor}"
+                AutomationId="ActiveVaultIcon" />
         </Grid>
 
         <Grid
@@ -147,7 +155,8 @@
                 StyleClass="accountlist-title, accountlist-title-platform"
                 LineBreakMode="TailTruncation"
                 VerticalOptions="Center"
-                Grid.Column="1" />
+                Grid.Column="1"
+                AutomationId="AddAccountButton" />
         </Grid>
     </Grid>
 </ViewCell>

src/App/Controls/CipherViewCell/CipherViewCell.xaml

@@ -9,7 +9,8 @@
     StyleClass="list-row, list-row-platform"
     RowSpacing="0"
     ColumnSpacing="0"
-    x:DataType="controls:CipherViewCellViewModel">
+    x:DataType="controls:CipherViewCellViewModel"
+    AutomationId="CipherCell">
 
     <Grid.Resources>
         <u:IconGlyphConverter x:Key="iconGlyphConverter"/>
@@ -36,7 +37,8 @@
         IsVisible="{Binding ShowIconImage, Converter={StaticResource inverseBool}}"
         Text="{Binding Cipher, Converter={StaticResource iconGlyphConverter}}"
         ShouldUpdateFontSizeDynamicallyForAccesibility="True"
-        AutomationProperties.IsInAccessibleTree="False" />
+        AutomationProperties.IsInAccessibleTree="False"
+        AutomationId="CipherTypeIcon" />
 
     <ff:CachedImage
         x:Name="_iconImage"
@@ -52,7 +54,8 @@
         Aspect="AspectFit"
         IsVisible="{Binding ShowIconImage}"
         Source="{Binding IconImageSource, Mode=OneTime}"
-        AutomationProperties.IsInAccessibleTree="False" />
+        AutomationProperties.IsInAccessibleTree="False"
+        AutomationId="CipherWebsiteIcon" />
 
     <Grid RowSpacing="0" ColumnSpacing="0" Grid.Row="0" Grid.Column="1" VerticalOptions="Center" Padding="0, 7">
         <Grid.RowDefinitions>
@@ -71,7 +74,8 @@
             Grid.Column="0"
             Grid.Row="0"
             StyleClass="list-title, list-title-platform"
-            Text="{Binding Cipher.Name}" />
+            Text="{Binding Cipher.Name}"
+            AutomationId="CipherNameLabel" />
         <Label
             LineBreakMode="TailTruncation"
             Grid.Column="0"
@@ -80,7 +84,8 @@
             StyleClass="list-subtitle, list-subtitle-platform"
             Text="{Binding Cipher.SubTitle}"
             IsVisible="{Binding Source={RelativeSource Self}, Path=Text,
-                        Converter={StaticResource stringHasValueConverter}}"/>
+                        Converter={StaticResource stringHasValueConverter}}"
+            AutomationId="CipherSubTitleLabel" />
         <controls:IconLabel
             Grid.Column="1"
             Grid.Row="0"
@@ -91,7 +96,8 @@
             Text="{Binding Source={x:Static core:BitwardenIcons.Collection}}"
             IsVisible="{Binding Cipher.Shared, Mode=OneTime}"
             AutomationProperties.IsInAccessibleTree="True"
-            AutomationProperties.Name="{u:I18n Shared}" />
+            AutomationProperties.Name="{u:I18n Shared}"
+            AutomationId="CipherInCollectionIcon" />
         <controls:IconLabel
             Grid.Column="2"
             Grid.Row="0"
@@ -102,7 +108,8 @@
             Text="{Binding Source={x:Static core:BitwardenIcons.Paperclip}}"
             IsVisible="{Binding Cipher.HasAttachments, Mode=OneTime}"
             AutomationProperties.IsInAccessibleTree="True"
-            AutomationProperties.Name="{u:I18n Attachments}" />
+            AutomationProperties.Name="{u:I18n Attachments}"
+            AutomationId="CipherWithAttachmentsIcon" />
     </Grid>
 
     <controls:MiButton
@@ -114,6 +121,7 @@
         VerticalOptions="CenterAndExpand"
         HorizontalOptions="EndAndExpand"
         AutomationProperties.IsInAccessibleTree="True"
-        AutomationProperties.Name="{u:I18n Options}" />
+        AutomationProperties.Name="{u:I18n Options}"
+        AutomationId="CipherOptionsButton" />
 
 </controls:ExtendedGrid>

src/App/Controls/CipherViewCell/CipherViewCell.xaml.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Windows.Input;
 using Bit.App.Abstractions;
 using Bit.Core.Models.View;
 using Bit.Core.Utilities;
@@ -18,7 +19,7 @@ namespace Bit.App.Controls
             nameof(WebsiteIconsEnabled), typeof(bool?), typeof(CipherViewCell));
 
         public static readonly BindableProperty ButtonCommandProperty = BindableProperty.Create(
-            nameof(ButtonCommand), typeof(Command<CipherView>), typeof(CipherViewCell));
+            nameof(ButtonCommand), typeof(ICommand), typeof(CipherViewCell));
 
         public CipherViewCell()
         {
@@ -42,9 +43,9 @@ namespace Bit.App.Controls
             set => SetValue(CipherProperty, value);
         }
 
-        public Command<CipherView> ButtonCommand
+        public ICommand ButtonCommand
         {
-            get => GetValue(ButtonCommandProperty) as Command<CipherView>;
+            get => GetValue(ButtonCommandProperty) as ICommand;
             set => SetValue(ButtonCommandProperty, value);
         }
 

src/App/Controls/CipherViewCell/CipherViewCellViewModel.cs

@@ -31,7 +31,7 @@ namespace Bit.App.Controls
         public bool ShowIconImage
         {
             get => WebsiteIconsEnabled
-                && !string.IsNullOrWhiteSpace(Cipher.Login?.Uri)
+                && !string.IsNullOrWhiteSpace(Cipher.LaunchUri)
                 && IconImageSource != null;
         }
 
@@ -41,7 +41,7 @@ namespace Bit.App.Controls
             {
                 if (_iconImageSource == string.Empty) // default value since icon source can return null
                 {
-                    _iconImageSource = IconImageHelper.GetLoginIconImage(Cipher);
+                    _iconImageSource = IconImageHelper.GetIconImage(Cipher);
                 }
                 return _iconImageSource;
             }

src/App/Controls/CustomLabel.cs

@@ -0,0 +1,13 @@
+using Xamarin.Forms;
+
+namespace Bit.App.Controls
+{
+    public class CustomLabel : Label
+    {
+        public CustomLabel()
+        {
+        }
+
+        public int? FontWeight { get; set; }
+    }
+}

src/App/Controls/PasswordStrengthProgressBar/PasswordStrengthProgressBar.xaml.cs

@@ -69,6 +69,7 @@ namespace Bit.App.Controls
         {
             InitializeComponent();
             SetBinding(PasswordStrengthProgressBar.PasswordStrengthLevelProperty, new Binding() { Path = nameof(PasswordStrengthViewModel.PasswordStrengthLevel) });
+            UpdateColors();
         }
 
         private static void OnControlPropertyChanged(BindableObject bindable, object oldValue, object newValue)

src/App/Controls/SendViewCell/SendViewCell.xaml

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <controls:ExtendedGrid xmlns="http://xamarin.com/schemas/2014/forms"
     xmlns:x="http://schemas.microsoft.com/winfx/2009/xaml"
     x:Class="Bit.App.Controls.SendViewCell"
@@ -54,14 +54,16 @@
             Grid.Column="0"
             Grid.Row="0"
             StyleClass="list-title, list-title-platform"
-            Text="{Binding Send.Name}" />
+            Text="{Binding Send.Name}"
+            AutomationId="SendNameLabel" />
         <Label
             LineBreakMode="TailTruncation"
             Grid.Column="0"
             Grid.Row="1"
             Grid.ColumnSpan="6"
             StyleClass="list-subtitle, list-subtitle-platform"
-            Text="{Binding Send.DisplayDate}" />
+            Text="{Binding Send.DisplayDate}"
+            AutomationId="SendDateLabel" />
         <controls:IconLabel
             Grid.Column="1"
             Grid.Row="0"
@@ -72,7 +74,8 @@
             Text="{Binding Source={x:Static core:BitwardenIcons.ExclamationTriangle}}"
             IsVisible="{Binding Send.Disabled, Mode=OneTime}"
             AutomationProperties.IsInAccessibleTree="True"
-            AutomationProperties.Name="{u:I18n Disabled}" />
+            AutomationProperties.Name="{u:I18n Disabled}"
+            AutomationId="DisabledSendLabel" />
         <controls:IconLabel
             Grid.Column="2"
             Grid.Row="0"
@@ -83,7 +86,8 @@
             Text="{Binding Source={x:Static core:BitwardenIcons.Key}}"
             IsVisible="{Binding Send.HasPassword, Mode=OneTime}"
             AutomationProperties.IsInAccessibleTree="True"
-            AutomationProperties.Name="{u:I18n Password}" />
+            AutomationProperties.Name="{u:I18n Password}"
+            AutomationId="PasswordProtectedSendLabel" />
         <controls:IconLabel
             Grid.Column="3"
             Grid.Row="0"
@@ -94,7 +98,8 @@
             Text="{Binding Source={x:Static core:BitwardenIcons.Ban}}"
             IsVisible="{Binding Send.MaxAccessCountReached, Mode=OneTime}"
             AutomationProperties.IsInAccessibleTree="True"
-            AutomationProperties.Name="{u:I18n MaxAccessCountReached}" />
+            AutomationProperties.Name="{u:I18n MaxAccessCountReached}"
+            AutomationId="SendMaxAccessCountReachedLabel" />
         <controls:IconLabel
             Grid.Column="4"
             Grid.Row="0"
@@ -105,7 +110,8 @@
             Text="{Binding Source={x:Static core:BitwardenIcons.Clock}}"
             IsVisible="{Binding Send.Expired, Mode=OneTime}"
             AutomationProperties.IsInAccessibleTree="True"
-            AutomationProperties.Name="{u:I18n Expired}" />
+            AutomationProperties.Name="{u:I18n Expired}"
+            AutomationId="ExpiredSendLabel" />
         <controls:IconLabel
             Grid.Column="5"
             Grid.Row="0"
@@ -116,7 +122,8 @@
             Text="{Binding Source={x:Static core:BitwardenIcons.Trash}}"
             IsVisible="{Binding Send.PendingDelete, Mode=OneTime}"
             AutomationProperties.IsInAccessibleTree="True"
-            AutomationProperties.Name="{u:I18n PendingDelete}" />
+            AutomationProperties.Name="{u:I18n PendingDelete}"
+            AutomationId="SendWithPendingDeletionLabel" />
     </Grid>
 
     <controls:MiButton
@@ -129,6 +136,7 @@
         VerticalOptions="CenterAndExpand"
         HorizontalOptions="EndAndExpand"
         AutomationProperties.IsInAccessibleTree="True"
-        AutomationProperties.Name="{u:I18n Options}" />
+        AutomationProperties.Name="{u:I18n Options}"
+        AutomationId="SendOptionsButton" />
 
 </controls:ExtendedGrid>

src/App/Lists/ItemLayouts/CustomFields/BooleanCustomFieldItemLayout.xaml

@@ -33,7 +33,8 @@
             StyleClass="box-label"
             Grid.Row="0"
             Grid.Column="0"
-            IsVisible="{Binding IsEditing, Mode=OneWay, Converter={StaticResource inverseBool}}" />
+            IsVisible="{Binding IsEditing, Mode=OneWay, Converter={StaticResource inverseBool}}"
+            AutomationId="BooleanCustomFieldNameLabel" />
         <Label
             Text="{Binding Field.Name, Mode=OneWay}"
             IsVisible="{Binding IsEditing}"
@@ -49,13 +50,15 @@
             Grid.Row="1"
             Grid.Column="0"
             Margin="0, 5, 0, 0"
-            IsVisible="{Binding IsEditing, Mode=OneWay, Converter={StaticResource inverseBool}}"  />
+            IsVisible="{Binding IsEditing, Mode=OneWay, Converter={StaticResource inverseBool}}"
+            AutomationId="BooleanCustomFieldValueLabel" />
         <Switch
             IsToggled="{Binding BooleanValue}"
             IsVisible="{Binding IsEditing}"
             Grid.Row="0"
             Grid.Column="1"
-            Grid.RowSpan="2" />
+            Grid.RowSpan="2"
+            AutomationId="BooleanCustomFieldValueToggle" />
         <controls:IconButton 
             StyleClass="box-row-button, box-row-button-platform"
             Text="{Binding Source={x:Static core:BitwardenIcons.Cog}}"

src/App/Lists/ItemLayouts/CustomFields/HiddenCustomFieldItemLayout.xaml

@@ -31,7 +31,8 @@
             Text="{Binding Field.Name, Mode=OneWay}"
             StyleClass="box-label"
             Grid.Row="0"
-            Grid.Column="0" />
+            Grid.Column="0"
+            AutomationId="HiddenCustomFieldNameLabel" />
         <StackLayout
             Grid.Row="1"
             Grid.Column="0"
@@ -39,7 +40,8 @@
             <controls:MonoLabel
                 Text="{Binding ValueText, Mode=OneWay}"
                 StyleClass="box-value"
-                IsVisible="{Binding ShowHiddenValue}" />
+                IsVisible="{Binding ShowHiddenValue}"
+                AutomationId="HiddenCustomFieldValueLabel" />
             <controls:MonoLabel
                 Text="{Binding Field.MaskedValue, Mode=OneWay}"
                 StyleClass="box-value"
@@ -54,7 +56,10 @@
             IsPassword="{Binding ShowHiddenValue, Converter={StaticResource inverseBool}}"
             IsEnabled="{Binding ShowViewHidden}"
             IsSpellCheckEnabled="False"
-            IsTextPredictionEnabled="False">
+            IsTextPredictionEnabled="False"
+            AutomationProperties.IsInAccessibleTree="True"
+            AutomationProperties.Name="{Binding Field.Name}"
+            AutomationId="HiddenCustomFieldValueEntry">
             <Entry.Keyboard>
                 <Keyboard x:FactoryMethod="Create">
                     <x:Arguments>
@@ -72,7 +77,8 @@
             Grid.Column="1"
             Grid.RowSpan="2"
             AutomationProperties.IsInAccessibleTree="True"
-            AutomationProperties.Name="{u:I18n ToggleVisibility}" />
+            AutomationProperties.Name="{u:I18n ToggleVisibility}"
+            AutomationId="HiddenCustomFieldShowValueButton" />
         <controls:IconButton
             StyleClass="box-row-button, box-row-button-platform"
             Text="{Binding Source={x:Static core:BitwardenIcons.Clone}}"

src/App/Lists/ItemLayouts/CustomFields/LinkedCustomFieldItemLayout.xaml

@@ -29,13 +29,15 @@
             Text="{Binding Field.Name, Mode=OneWay}"
             StyleClass="box-label"
             Grid.Row="0"
-            Grid.Column="0" />
+            Grid.Column="0"
+            AutomationId="LinkedCustomFieldNameLabel" />
         <controls:IconLabel
             Text="{Binding ValueText, Mode=OneWay}"
             StyleClass="box-value"
             Grid.Row="1"
             Grid.Column="0"
-            IsVisible="{Binding IsEditing, Mode=OneWay, Converter={StaticResource inverseBool}}" />
+            IsVisible="{Binding IsEditing, Mode=OneWay, Converter={StaticResource inverseBool}}"
+            AutomationId="LinkedCustomFieldValueLabel" />
         <StackLayout
             StyleClass="box-row, box-row-input"
             IsVisible="{Binding IsEditing}">
@@ -44,7 +46,8 @@
                 ItemsSource="{Binding LinkedFieldOptions, Mode=OneTime}"
                 SelectedIndex="{Binding LinkedFieldOptionSelectedIndex}"
                 ItemDisplayBinding="{Binding Key}"
-                StyleClass="box-value" />
+                StyleClass="box-value"
+                AutomationId="LinkedCustomFieldValuePicker" />
         </StackLayout>
         <controls:IconButton 
             StyleClass="box-row-button, box-row-button-platform"
@@ -55,7 +58,8 @@
             Grid.Column="1"
             Grid.RowSpan="2"
             AutomationProperties.IsInAccessibleTree="True"
-            AutomationProperties.Name="{u:I18n Options}" />
+            AutomationProperties.Name="{u:I18n Options}"
+            AutomationId="LinkedCustomFieldOptionsButton" />
     </Grid>
     <BoxView StyleClass="box-row-separator" IsVisible="{Binding IsEditing, Mode=OneWay, Converter={StaticResource inverseBool}}" />
 </StackLayout>

src/App/Lists/ItemLayouts/CustomFields/TextCustomFieldItemLayout.xaml

@@ -29,19 +29,24 @@
             Text="{Binding Field.Name, Mode=OneWay}"
             StyleClass="box-label"
             Grid.Row="0"
-            Grid.Column="0" />
+            Grid.Column="0"
+            AutomationId="TextCustomFieldNameLabel" />
         <Label
             Text="{Binding ValueText, Mode=OneWay}"
             StyleClass="box-value"
             Grid.Row="1"
             Grid.Column="0"
-            IsVisible="{Binding IsEditing, Mode=OneWay, Converter={StaticResource inverseBool}}" />
+            IsVisible="{Binding IsEditing, Mode=OneWay, Converter={StaticResource inverseBool}}"
+            AutomationId="TextCustomFieldValueLabel" />
         <Entry
             Text="{Binding Field.Value}"
             StyleClass="box-value"
             Grid.Row="1"
             Grid.Column="0"
-            IsVisible="{Binding IsEditing}" />
+            IsVisible="{Binding IsEditing}"
+            AutomationProperties.IsInAccessibleTree="True"
+            AutomationProperties.Name="{Binding Field.Name}"
+            AutomationId="TextCustomFieldValueEntry" />
         <controls:IconButton
             StyleClass="box-row-button, box-row-button-platform"
             Text="{Binding Source={x:Static core:BitwardenIcons.Clone}}"
@@ -51,7 +56,8 @@
             Grid.Column="1"
             Grid.RowSpan="2"
             AutomationProperties.IsInAccessibleTree="True"
-            AutomationProperties.Name="{u:I18n Copy}" />
+            AutomationProperties.Name="{u:I18n Copy}"
+            AutomationId="TextCustomFieldCopyValue" />
         <controls:IconButton 
             StyleClass="box-row-button, box-row-button-platform"
             Text="{Binding Source={x:Static core:BitwardenIcons.Cog}}"
@@ -61,7 +67,8 @@
             Grid.Column="1"
             Grid.RowSpan="2"
             AutomationProperties.IsInAccessibleTree="True"
-            AutomationProperties.Name="{u:I18n Options}" />
+            AutomationProperties.Name="{u:I18n Options}"
+            AutomationId="TextCustomFieldOptionsButton" />
     </Grid>
     <BoxView StyleClass="box-row-separator" IsVisible="{Binding IsEditing, Mode=OneWay, Converter={StaticResource inverseBool}}" />
 </StackLayout>

src/App/Models/AppOptions.cs

@@ -1,5 +1,6 @@
 using System;
 using Bit.Core.Enums;
+using Bit.Core.Utilities;
 
 namespace Bit.App.Models
 {
@@ -23,6 +24,7 @@ namespace Bit.App.Models
         public Tuple<SendType, string, byte[], string> CreateSend { get; set; }
         public bool CopyInsteadOfShareAfterSaving { get; set; }
         public bool HideAccountSwitcher { get; set; }
+        public OtpData? OtpData { get; set; }
 
         public void SetAllFrom(AppOptions o)
         {
@@ -48,6 +50,7 @@ namespace Bit.App.Models
             CreateSend = o.CreateSend;
             CopyInsteadOfShareAfterSaving = o.CopyInsteadOfShareAfterSaving;
             HideAccountSwitcher = o.HideAccountSwitcher;
+            OtpData = o.OtpData;
         }
     }
 }

src/App/Pages/Accounts/BaseChangePasswordViewModel.cs

@@ -1,10 +1,7 @@
-using System.Collections.Generic;
-using System.Text;
-using System.Text.RegularExpressions;
+using System.Text;
 using System.Threading.Tasks;
 using Bit.App.Abstractions;
 using Bit.App.Resources;
-using Bit.App.Utilities;
 using Bit.Core;
 using Bit.Core.Abstractions;
 using Bit.Core.Models.Domain;
@@ -73,13 +70,13 @@ namespace Bit.App.Pages
             set => SetProperty(ref _policy, value);
         }
 
-        public string ShowPasswordIcon => ShowPassword ? "" : "";
+        public string ShowPasswordIcon => ShowPassword ? BitwardenIcons.EyeSlash : BitwardenIcons.Eye;
         public string PasswordVisibilityAccessibilityText => ShowPassword ? AppResources.PasswordIsVisibleTapToHide : AppResources.PasswordIsNotVisibleTapToShow;
         public string MasterPassword { get; set; }
         public string ConfirmMasterPassword { get; set; }
         public string Hint { get; set; }
 
-        public async Task InitAsync(bool forceSync = false)
+        public virtual async Task InitAsync(bool forceSync = false)
         {
             if (forceSync)
             {
@@ -162,7 +159,7 @@ namespace Bit.App.Pages
             {
                 if (MasterPassword.Length < Constants.MasterPasswordMinimumChars)
                 {
-                    await _platformUtilsService.ShowDialogAsync(AppResources.MasterPasswordLengthValMessage,
+                    await _platformUtilsService.ShowDialogAsync(string.Format(AppResources.MasterPasswordLengthValMessageX, Constants.MasterPasswordMinimumChars),
                         AppResources.MasterPasswordPolicyValidationTitle, AppResources.Ok);
                     return false;
                 }

src/App/Pages/Accounts/EnvironmentPage.xaml

@@ -34,7 +34,8 @@
                         Placeholder="ex. https://bitwarden.company.com"
                         StyleClass="box-value"
                         ReturnType="Go"
-                        ReturnCommand="{Binding SubmitCommand}" />
+                        ReturnCommand="{Binding SubmitCommand}"
+                        AutomationId="ServerUrlEntry"/>
                 </StackLayout>
                 <Label
                     Text="{u:I18n SelfHostedEnvironmentFooter}"
@@ -53,7 +54,8 @@
                         x:Name="_webVaultEntry"
                         Text="{Binding WebVaultUrl}"
                         Keyboard="Url"
-                        StyleClass="box-value" />
+                        StyleClass="box-value"
+                        AutomationId="WebVaultUrlEntry"/>
                 </StackLayout>
                 <StackLayout StyleClass="box-row">
                     <Label
@@ -63,7 +65,8 @@
                         x:Name="_apiEntry"
                         Text="{Binding ApiUrl}"
                         Keyboard="Url"
-                        StyleClass="box-value" />
+                        StyleClass="box-value"
+                        AutomationId="ApiUrlEntry"/>
                 </StackLayout>
                 <StackLayout StyleClass="box-row">
                     <Label
@@ -73,7 +76,8 @@
                         x:Name="_identityEntry"
                         Text="{Binding IdentityUrl}"
                         Keyboard="Url"
-                        StyleClass="box-value" />
+                        StyleClass="box-value"
+                        AutomationId="IdentityUrlEntry"/>
                 </StackLayout>
                 <StackLayout StyleClass="box-row">
                     <Label
@@ -85,7 +89,8 @@
                         Keyboard="Url"
                         StyleClass="box-value"
                         ReturnType="Go"
-                        ReturnCommand="{Binding SubmitCommand}" />
+                        ReturnCommand="{Binding SubmitCommand}"
+                        AutomationId="IconsUrlEntry"/>
                 </StackLayout>
                 <Label
                     Text="{u:I18n CustomEnvironmentFooter}"

src/App/Pages/Accounts/EnvironmentPageViewModel.cs

@@ -3,6 +3,7 @@ using System.Threading.Tasks;
 using System.Windows.Input;
 using Bit.App.Resources;
 using Bit.Core.Abstractions;
+using Bit.Core.Models.Data;
 using Bit.Core.Utilities;
 using Xamarin.CommunityToolkit.ObjectModel;
 
@@ -18,7 +19,8 @@ namespace Bit.App.Pages
             _environmentService = ServiceContainer.Resolve<IEnvironmentService>("environmentService");
 
             PageTitle = AppResources.Settings;
-            BaseUrl = _environmentService.BaseUrl;
+            BaseUrl = _environmentService.BaseUrl == EnvironmentUrlData.DefaultEU.Base || EnvironmentUrlData.DefaultUS.Base == _environmentService.BaseUrl ?
+                string.Empty : _environmentService.BaseUrl;
             WebVaultUrl = _environmentService.WebVaultUrl;
             ApiUrl = _environmentService.ApiUrl;
             IdentityUrl = _environmentService.IdentityUrl;

src/App/Pages/Accounts/HomePage.xaml

@@ -23,12 +23,9 @@
             Priority="-1"
             UseOriginalImage="True"
             AutomationProperties.IsInAccessibleTree="True"
-            AutomationProperties.Name="{u:I18n Account}" />
+            AutomationProperties.Name="{u:I18n Account}"
+            AutomationId="AccountIconButton" />
         <ToolbarItem x:Name="_closeButton" Text="{u:I18n Close}" Command="{Binding CloseCommand}" Order="Primary" Priority="-1"/>
-        <ToolbarItem
-            Icon="cog_environment.png" Clicked="Environment_Clicked" Order="Primary"
-            AutomationProperties.IsInAccessibleTree="True"
-            AutomationProperties.Name="{u:I18n Options}" />
     </ContentPage.ToolbarItems>
 
     <ContentPage.Resources>
@@ -53,7 +50,9 @@
                         Keyboard="Email"
                         StyleClass="box-value"
                         ReturnType="Go"
-                        ReturnCommand="{Binding ContinueCommand}">
+                        ReturnCommand="{Binding ContinueCommand}"
+                        AutomationId="EmailAddressEntry"
+                        >
                         <VisualStateManager.VisualStateGroups>
                             <VisualStateGroup x:Name="CommonStates">
                                 <VisualState x:Name="Disabled">
@@ -66,7 +65,28 @@
                     </Entry>
                     <StackLayout
                         Orientation="Horizontal"
-                        Margin="0, 16, 0 ,0">
+                        Margin="0, 6, 0 ,0">
+                        <StackLayout.GestureRecognizers>
+                            <TapGestureRecognizer
+                                Command="{Binding ShowEnvironmentPickerCommand}" />
+                        </StackLayout.GestureRecognizers>
+                        <Label
+                            Text="{Binding RegionText}"
+                            FontSize="13"
+                            TextColor="{DynamicResource MutedColor}"
+                            VerticalOptions="Center"
+                            VerticalTextAlignment="Center"/>
+                        <controls:IconLabel
+                            Text="{Binding SelectedEnvironmentName}"
+                            FontSize="13"
+                            TextColor="{DynamicResource PrimaryColor}"
+                            VerticalOptions="Center"
+                            VerticalTextAlignment="Center"
+                            AutomationId="RegionSelectorDropdown"/>
+                    </StackLayout>
+                    <StackLayout
+                        Orientation="Horizontal"
+                        Margin="0, 20, 0 ,0">
                         <StackLayout.GestureRecognizers>
                             <TapGestureRecognizer
                                 Command="{Binding RememberEmailCommand}" />
@@ -76,21 +96,27 @@
                             StyleClass="text-sm"
                             HorizontalOptions="FillAndExpand"
                             VerticalOptions="Center"
-                            VerticalTextAlignment="Center"/>
+                            VerticalTextAlignment="Center"
+                            />
                         <Switch
                             Scale="0.8"
                             IsToggled="{Binding RememberEmail}"
-                            VerticalOptions="Center"/>
+                            VerticalOptions="Center"
+                            AutomationId="RememberMeSwitch"
+                            />
                     </StackLayout>
                 </StackLayout>
                 <Button Text="{u:I18n Continue}"
                         StyleClass="btn-primary"
                         IsEnabled="{Binding CanContinue}"
-                        Command="{Binding ContinueCommand}" />
+                        Command="{Binding ContinueCommand}"
+                        AutomationId="ContinueButton"
+                        />
                         
                 <Label FormattedText="{Binding CreateAccountText}"
                        Margin="0, 10"
-                        StyleClass="box-footer-label">
+                        StyleClass="box-footer-label"
+                        AutomationId="CreateAccountLabel">
                     <Label.GestureRecognizers>
                         <TapGestureRecognizer Command="{Binding CreateAccountCommand}" />
                     </Label.GestureRecognizers>
@@ -116,5 +142,4 @@
             MainPage="{Binding Source={x:Reference _page}}"
             BindingContext="{Binding AccountSwitchingOverlayViewModel}"/>
     </AbsoluteLayout>
-
 </pages:BaseContentPage>

src/App/Pages/Accounts/HomePage.xaml.cs

@@ -15,6 +15,8 @@ namespace Bit.App.Pages
         private readonly AppOptions _appOptions;
         private IBroadcasterService _broadcasterService;
 
+        readonly LazyResolve<ILogger> _logger = new LazyResolve<ILogger>();
+
         public HomePage(AppOptions appOptions = null)
         {
             _broadcasterService = ServiceContainer.Resolve<IBroadcasterService>("broadcasterService");
@@ -70,6 +72,14 @@ namespace Bit.App.Pages
                     });
                 }
             });
+            try
+            {
+                await _vm.UpdateEnvironment();
+            }
+            catch (Exception ex)
+            {
+                _logger.Value?.Exception(ex);
+            }
         }
 
         protected override bool OnBackButtonPressed()
@@ -128,14 +138,6 @@ namespace Bit.App.Pages
             await Navigation.PushModalAsync(new NavigationPage(page));
         }
 
-        private void Environment_Clicked(object sender, EventArgs e)
-        {
-            if (DoOnce())
-            {
-                _vm.StartEnvironmentAction();
-            }
-        }
-
         private async Task StartEnvironmentAsync()
         {
             await _accountListOverlay.HideAsync();

src/App/Pages/Accounts/HomePageViewModel.cs

@@ -4,29 +4,33 @@ using Bit.App.Abstractions;
 using Bit.App.Controls;
 using Bit.App.Resources;
 using Bit.App.Utilities;
+using Bit.Core;
 using Bit.Core.Abstractions;
-using Bit.Core.Services;
+using Bit.Core.Models.Data;
 using Bit.Core.Utilities;
 using Xamarin.CommunityToolkit.ObjectModel;
-using Xamarin.Essentials;
 using Xamarin.Forms;
 
 namespace Bit.App.Pages
 {
     public class HomeViewModel : BaseViewModel
     {
+        private const string LOGGING_IN_ON_US = "bitwarden.com";
+        private const string LOGGING_IN_ON_EU = "bitwarden.eu";
+
         private readonly IStateService _stateService;
         private readonly IMessagingService _messagingService;
+        private readonly IPlatformUtilsService _platformUtilsService;
+        private readonly ILogger _logger;
+        private readonly IEnvironmentService _environmentService;
+        private readonly IAccountsManager _accountManager;
+        private readonly IConfigService _configService;
 
         private bool _showCancelButton;
         private bool _rememberEmail;
         private string _email;
-        private bool _isEmailEnabled;
-        private bool _canLogin;
-        private IPlatformUtilsService _platformUtilsService;
-        private ILogger _logger;
-        private IEnvironmentService _environmentService;
-        private IAccountsManager _accountManager;
+        private string _selectedEnvironmentName;
+        private bool _displayEuEnvironment;
 
         public HomeViewModel()
         {
@@ -36,6 +40,7 @@ namespace Bit.App.Pages
             _logger = ServiceContainer.Resolve<ILogger>();
             _environmentService = ServiceContainer.Resolve<IEnvironmentService>();
             _accountManager = ServiceContainer.Resolve<IAccountsManager>();
+            _configService = ServiceContainer.Resolve<IConfigService>();
 
             PageTitle = AppResources.Bitwarden;
 
@@ -49,6 +54,8 @@ namespace Bit.App.Pages
                 onException: _logger.Exception, allowsMultipleExecutions: false);
             CloseCommand = new AsyncCommand(async () => await Device.InvokeOnMainThreadAsync(CloseAction),
                 onException: _logger.Exception, allowsMultipleExecutions: false);
+            ShowEnvironmentPickerCommand = new AsyncCommand(ShowEnvironmentPickerAsync,
+                onException: _logger.Exception, allowsMultipleExecutions: false);
             InitAsync().FireAndForget();
         }
 
@@ -71,6 +78,13 @@ namespace Bit.App.Pages
                 additionalPropertyNames: new[] { nameof(CanContinue) });
         }
 
+        public string SelectedEnvironmentName
+        {
+            get => $"{_selectedEnvironmentName} {BitwardenIcons.AngleDown}";
+            set => SetProperty(ref _selectedEnvironmentName, value);
+        }
+
+        public string RegionText => $"{AppResources.LoggingInOn}:";
         public bool CanContinue => !string.IsNullOrEmpty(Email);
 
         public FormattedString CreateAccountText
@@ -101,11 +115,13 @@ namespace Bit.App.Pages
         public AsyncCommand ContinueCommand { get; }
         public AsyncCommand CloseCommand { get; }
         public AsyncCommand CreateAccountCommand { get; }
+        public AsyncCommand ShowEnvironmentPickerCommand { get; }
 
         public async Task InitAsync()
         {
             Email = await _stateService.GetRememberedEmailAsync();
             RememberEmail = !string.IsNullOrEmpty(Email);
+            _displayEuEnvironment = await _configService.GetFeatureFlagBoolAsync(Constants.DisplayEuEnvironmentFlag, forceRefresh: true);
         }
 
         public async Task ContinueToLoginStepAsync()
@@ -125,16 +141,16 @@ namespace Bit.App.Pages
                         AppResources.Ok);
                     return;
                 }
+
                 await _stateService.SetRememberedEmailAsync(RememberEmail ? Email : null);
                 var userId = await _stateService.GetUserIdAsync(Email);
-                if (!string.IsNullOrWhiteSpace(userId))
+
+                if (!string.IsNullOrWhiteSpace(userId) &&
+                    (await _stateService.GetEnvironmentUrlsAsync(userId))?.Base == _environmentService.BaseUrl &&
+                    await _stateService.IsAuthenticatedAsync(userId))
                 {
-                    var userEnvUrls = await _stateService.GetEnvironmentUrlsAsync(userId);
-                    if (userEnvUrls?.Base == _environmentService.BaseUrl)
-                    {
-                        await _accountManager.PromptToSwitchToExistingAccountAsync(userId);
-                        return;
-                    }
+                    await _accountManager.PromptToSwitchToExistingAccountAsync(userId);
+                    return;
                 }
                 StartLoginAction();
             }
@@ -144,5 +160,59 @@ namespace Bit.App.Pages
                 await _platformUtilsService.ShowDialogAsync(AppResources.GenericErrorMessage, AppResources.AnErrorHasOccurred, AppResources.Ok);
             }
         }
+
+        public async Task ShowEnvironmentPickerAsync()
+        {
+            _displayEuEnvironment = await _configService.GetFeatureFlagBoolAsync(Constants.DisplayEuEnvironmentFlag);
+            var options = _displayEuEnvironment
+                    ? new string[] { LOGGING_IN_ON_US, LOGGING_IN_ON_EU, AppResources.SelfHosted }
+                    : new string[] { LOGGING_IN_ON_US, AppResources.SelfHosted };
+
+            await Device.InvokeOnMainThreadAsync(async () =>
+            {
+                var result = await Page.DisplayActionSheet(AppResources.LoggingInOn, AppResources.Cancel, null, options);
+
+                if (result is null || result == AppResources.Cancel)
+                {
+                    return;
+                }
+
+                if (result == AppResources.SelfHosted)
+                {
+                    StartEnvironmentAction?.Invoke();
+                    return;
+                }
+
+                await _environmentService.SetUrlsAsync(result == LOGGING_IN_ON_EU ? EnvironmentUrlData.DefaultEU : EnvironmentUrlData.DefaultUS);
+                await _configService.GetAsync(true);
+                SelectedEnvironmentName = result;
+            });
+        }
+
+        public async Task UpdateEnvironment()
+        {
+            var environmentsSaved = await _stateService.GetPreAuthEnvironmentUrlsAsync();
+            if (environmentsSaved == null || environmentsSaved.IsEmpty)
+            {
+                await _environmentService.SetUrlsAsync(EnvironmentUrlData.DefaultUS);
+                environmentsSaved = EnvironmentUrlData.DefaultUS;
+                SelectedEnvironmentName = LOGGING_IN_ON_US;
+                return;
+            }
+
+            if (environmentsSaved.Base == EnvironmentUrlData.DefaultUS.Base)
+            {
+                SelectedEnvironmentName = LOGGING_IN_ON_US;
+            }
+            else if (environmentsSaved.Base == EnvironmentUrlData.DefaultEU.Base)
+            {
+                SelectedEnvironmentName = LOGGING_IN_ON_EU;
+            }
+            else
+            {
+                await _configService.GetAsync(true);
+                SelectedEnvironmentName = AppResources.SelfHosted;
+            }
+        }
     }
 }

src/App/Pages/Accounts/LockPage.xaml

@@ -24,7 +24,8 @@
                 Priority="-1"
                 UseOriginalImage="True"
                 AutomationProperties.IsInAccessibleTree="True"
-                AutomationProperties.Name="{u:I18n Account}" />
+                AutomationProperties.Name="{u:I18n Account}"
+                AutomationId="AccountIconButton" />
     </ContentPage.ToolbarItems>
     
     <ContentPage.Resources>
@@ -45,7 +46,7 @@
                     <StackLayout StyleClass="box">
                         <Grid
                             StyleClass="box-row"
-                            IsVisible="{Binding PinLock}"
+                            IsVisible="{Binding PinEnabled}"
                             Padding="0, 10, 0, 0">
                             <Grid.RowDefinitions>
                                 <RowDefinition Height="Auto" />
@@ -71,7 +72,8 @@
                                 Grid.Row="1"
                                 Grid.Column="0"
                                 ReturnType="Go"
-                                ReturnCommand="{Binding SubmitCommand}" />
+                                ReturnCommand="{Binding SubmitCommand}" 
+                                AutomationId="PinEntry" />
                             <controls:IconButton
                                 StyleClass="box-row-button, box-row-button-platform"
                                 Text="{Binding ShowPasswordIcon}"
@@ -81,12 +83,13 @@
                                 Grid.RowSpan="2"
                                 AutomationProperties.IsInAccessibleTree="True"
                                 AutomationProperties.Name="{u:I18n ToggleVisibility}" 
-                                AutomationProperties.HelpText="{Binding PasswordVisibilityAccessibilityText}"/>
+                                AutomationProperties.HelpText="{Binding PasswordVisibilityAccessibilityText}"
+                                AutomationId="PinVisibilityToggle" />
                         </Grid>
                         <Grid
                             x:Name="_passwordGrid"
                             StyleClass="box-row"
-                            IsVisible="{Binding PinLock, Converter={StaticResource inverseBool}}"
+                            IsVisible="{Binding PinEnabled, Converter={StaticResource inverseBool}}"
                             Padding="0, 10, 0, 0">
                             <Grid.RowDefinitions>
                                 <RowDefinition Height="Auto" />
@@ -111,7 +114,8 @@
                                 Grid.Row="1"
                                 Grid.Column="0"
                                 ReturnType="Go"
-                                ReturnCommand="{Binding SubmitCommand}" />
+                                ReturnCommand="{Binding SubmitCommand}"
+                                AutomationId="MasterPasswordEntry" />
                             <controls:IconButton
                                 StyleClass="box-row-button, box-row-button-platform"
                                 Text="{Binding ShowPasswordIcon}"
@@ -121,7 +125,9 @@
                                 Grid.RowSpan="2"
                                 AutomationProperties.IsInAccessibleTree="True"
                                 AutomationProperties.Name="{u:I18n ToggleVisibility}"
-                                AutomationProperties.HelpText="{Binding PasswordVisibilityAccessibilityText}" />
+                                AutomationProperties.HelpText="{Binding PasswordVisibilityAccessibilityText}"
+                                AutomationId="PasswordVisibilityToggle"
+                                />
                         </Grid>
                         <StackLayout
                             StyleClass="box-row"
@@ -137,7 +143,7 @@
                     </StackLayout>
                     <StackLayout Padding="10, 0">
                         <Label
-                            Text="{u:I18n BiometricInvalidated}"
+                            Text="{u:I18n AccountBiometricInvalidated}"
                             StyleClass="box-footer-label,text-danger,text-bold"
                             IsVisible="{Binding BiometricIntegrityValid, Converter={StaticResource inverseBool}}" />
                         <Button Text="{Binding BiometricButtonText}" Clicked="Biometric_Clicked"
@@ -147,7 +153,8 @@
                             x:Name="_unlockButton"
                             Text="{u:I18n Unlock}"
                             StyleClass="btn-primary"
-                            Clicked="Unlock_Clicked" />
+                            Clicked="Unlock_Clicked"
+                            AutomationId="UnlockVaultButton" />
                     </StackLayout>
                 </StackLayout>
             </ScrollView>

src/App/Pages/Accounts/LockPage.xaml.cs

@@ -3,6 +3,8 @@ using System.Threading.Tasks;
 using Bit.App.Models;
 using Bit.App.Resources;
 using Bit.App.Utilities;
+using Bit.Core;
+using Bit.Core.Abstractions;
 using Bit.Core.Utilities;
 using Xamarin.Forms;
 
@@ -10,6 +12,7 @@ namespace Bit.App.Pages
 {
     public partial class LockPage : BaseContentPage
     {
+        private readonly IBroadcasterService _broadcasterService;
         private readonly AppOptions _appOptions;
         private readonly bool _autoPromptBiometric;
         private readonly LockPageViewModel _vm;
@@ -17,12 +20,14 @@ namespace Bit.App.Pages
         private bool _promptedAfterResume;
         private bool _appeared;
 
-        public LockPage(AppOptions appOptions = null, bool autoPromptBiometric = true)
+        public LockPage(AppOptions appOptions = null, bool autoPromptBiometric = true, bool checkPendingAuthRequests = true)
         {
             _appOptions = appOptions;
             _autoPromptBiometric = autoPromptBiometric;
             InitializeComponent();
+            _broadcasterService = ServiceContainer.Resolve<IBroadcasterService>();
             _vm = BindingContext as LockPageViewModel;
+            _vm.CheckPendingAuthRequests = checkPendingAuthRequests;
             _vm.Page = this;
             _vm.UnlockedAction = () => Device.BeginInvokeOnMainThread(async () => await UnlockedAsync());
 
@@ -40,7 +45,7 @@ namespace Bit.App.Pages
         {
             get
             {
-                if (_vm?.PinLock ?? false)
+                if (_vm?.PinEnabled ?? false)
                 {
                     return _pin;
                 }
@@ -50,7 +55,7 @@ namespace Bit.App.Pages
 
         public async Task PromptBiometricAfterResumeAsync()
         {
-            if (_vm.BiometricLock)
+            if (_vm.BiometricEnabled)
             {
                 await Task.Delay(500);
                 if (!_promptedAfterResume)
@@ -64,6 +69,13 @@ namespace Bit.App.Pages
         protected override async void OnAppearing()
         {
             base.OnAppearing();
+            _broadcasterService.Subscribe(nameof(LockPage), message =>
+            {
+                if (message.Command == Constants.ClearSensitiveFields)
+                {
+                    Device.BeginInvokeOnMainThread(_vm.ResetPinPasswordFields);
+                }
+            });
             if (_appeared)
             {
                 return;
@@ -80,13 +92,13 @@ namespace Bit.App.Pages
 
             _vm.FocusSecretEntry += PerformFocusSecretEntry;
 
-            if (!_vm.BiometricLock)
+            if (!_vm.BiometricEnabled)
             {
                 RequestFocus(SecretEntry);
             }
             else
             {
-                if (_vm.UsingKeyConnector && !_vm.PinLock)
+                if (!_vm.HasMasterPassword && !_vm.PinEnabled)
                 {
                     _passwordGrid.IsVisible = false;
                     _unlockButton.IsVisible = false;
@@ -129,6 +141,7 @@ namespace Bit.App.Pages
             base.OnDisappearing();
 
             _accountAvatar?.OnDisappearing();
+            _broadcasterService.Unsubscribe(nameof(LockPage));
         }
 
         private void Unlock_Clicked(object sender, EventArgs e)

src/App/Pages/Accounts/LockPageViewModel.cs

@@ -9,6 +9,7 @@ using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Models.Domain;
 using Bit.Core.Models.Request;
+using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Xamarin.CommunityToolkit.Helpers;
 using Xamarin.Forms;
@@ -26,23 +27,27 @@ namespace Bit.App.Pages
         private readonly IEnvironmentService _environmentService;
         private readonly IStateService _stateService;
         private readonly IBiometricService _biometricService;
-        private readonly IKeyConnectorService _keyConnectorService;
+        private readonly IUserVerificationService _userVerificationService;
         private readonly ILogger _logger;
         private readonly IWatchDeviceService _watchDeviceService;
         private readonly WeakEventManager<int?> _secretEntryFocusWeakEventManager = new WeakEventManager<int?>();
-
+        private readonly IPolicyService _policyService;
+        private readonly IPasswordGenerationService _passwordGenerationService;
+        private IDeviceTrustCryptoService _deviceTrustCryptoService;
+        private readonly ISyncService _syncService;
         private string _email;
+        private string _masterPassword;
+        private string _pin;
         private bool _showPassword;
-        private bool _pinLock;
-        private bool _biometricLock;
+        private PinLockType _pinStatus;
+        private bool _pinEnabled;
+        private bool _biometricEnabled;
         private bool _biometricIntegrityValid = true;
         private bool _biometricButtonVisible;
-        private bool _usingKeyConnector;
+        private bool _hasMasterPassword;
         private string _biometricButtonText;
         private string _loggedInAsText;
         private string _lockedVerifyText;
-        private bool _isPinProtected;
-        private bool _isPinProtectedWithKey;
 
         public LockPageViewModel()
         {
@@ -55,9 +60,13 @@ namespace Bit.App.Pages
             _environmentService = ServiceContainer.Resolve<IEnvironmentService>("environmentService");
             _stateService = ServiceContainer.Resolve<IStateService>("stateService");
             _biometricService = ServiceContainer.Resolve<IBiometricService>("biometricService");
-            _keyConnectorService = ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService");
+            _userVerificationService = ServiceContainer.Resolve<IUserVerificationService>();
             _logger = ServiceContainer.Resolve<ILogger>("logger");
             _watchDeviceService = ServiceContainer.Resolve<IWatchDeviceService>();
+            _policyService = ServiceContainer.Resolve<IPolicyService>();
+            _passwordGenerationService = ServiceContainer.Resolve<IPasswordGenerationService>();
+            _deviceTrustCryptoService = ServiceContainer.Resolve<IDeviceTrustCryptoService>();
+            _syncService = ServiceContainer.Resolve<ISyncService>();
 
             PageTitle = AppResources.VerifyMasterPassword;
             TogglePasswordCommand = new Command(TogglePassword);
@@ -70,6 +79,18 @@ namespace Bit.App.Pages
             };
         }
 
+        public string MasterPassword
+        {
+            get => _masterPassword;
+            set => SetProperty(ref _masterPassword, value);
+        }
+
+        public string Pin
+        {
+            get => _pin;
+            set => SetProperty(ref _pin, value);
+        }
+
         public bool ShowPassword
         {
             get => _showPassword;
@@ -81,21 +102,21 @@ namespace Bit.App.Pages
                 });
         }
 
-        public bool PinLock
+        public bool PinEnabled
         {
-            get => _pinLock;
-            set => SetProperty(ref _pinLock, value);
+            get => _pinEnabled;
+            set => SetProperty(ref _pinEnabled, value);
         }
 
-        public bool UsingKeyConnector
+        public bool HasMasterPassword
         {
-            get => _usingKeyConnector;
+            get => _hasMasterPassword;
         }
 
-        public bool BiometricLock
+        public bool BiometricEnabled
         {
-            get => _biometricLock;
-            set => SetProperty(ref _biometricLock, value);
+            get => _biometricEnabled;
+            set => SetProperty(ref _biometricEnabled, value);
         }
 
         public bool BiometricIntegrityValid
@@ -128,14 +149,14 @@ namespace Bit.App.Pages
             set => SetProperty(ref _lockedVerifyText, value);
         }
 
+        public bool CheckPendingAuthRequests { get; set; }
+
         public AccountSwitchingOverlayViewModel AccountSwitchingOverlayViewModel { get; }
 
         public Command SubmitCommand { get; }
         public Command TogglePasswordCommand { get; }
         public string ShowPasswordIcon => ShowPassword ? BitwardenIcons.EyeSlash : BitwardenIcons.Eye;
         public string PasswordVisibilityAccessibilityText => ShowPassword ? AppResources.PasswordIsVisibleTapToHide : AppResources.PasswordIsNotVisibleTapToShow;
-        public string MasterPassword { get; set; }
-        public string Pin { get; set; }
         public Action UnlockedAction { get; set; }
         public event Action<int?> FocusSecretEntry
         {
@@ -145,18 +166,32 @@ namespace Bit.App.Pages
 
         public async Task InitAsync()
         {
-            (_isPinProtected, _isPinProtectedWithKey) = await _vaultTimeoutService.IsPinLockSetAsync();
-            PinLock = (_isPinProtected && await _stateService.GetPinProtectedKeyAsync() != null) ||
-                      _isPinProtectedWithKey;
-            BiometricLock = await _vaultTimeoutService.IsBiometricLockSetAsync() && await _cryptoService.HasKeyAsync();
-
-            // Users with key connector and without biometric or pin has no MP to unlock with
-            _usingKeyConnector = await _keyConnectorService.GetUsesKeyConnector();
-            if (_usingKeyConnector && !(BiometricLock || PinLock))
+            var pendingRequest = await _stateService.GetPendingAdminAuthRequestAsync();
+            if (pendingRequest != null && CheckPendingAuthRequests)
             {
                 await _vaultTimeoutService.LogOutAsync();
                 return;
             }
+
+            _pinStatus = await _vaultTimeoutService.GetPinLockTypeAsync();
+
+            var ephemeralPinSet = await _stateService.GetPinKeyEncryptedUserKeyEphemeralAsync()
+                ?? await _stateService.GetPinProtectedKeyAsync();
+            PinEnabled = (_pinStatus == PinLockType.Transient && ephemeralPinSet != null) ||
+                      _pinStatus == PinLockType.Persistent;
+            BiometricEnabled = await _vaultTimeoutService.IsBiometricLockSetAsync() && await _biometricService.CanUseBiometricsUnlockAsync();
+
+            // Users without MP and without biometric or pin has no MP to unlock with
+            _hasMasterPassword = await _userVerificationService.HasMasterPasswordAsync();
+            if (await _stateService.IsAuthenticatedAsync()
+                 && !_hasMasterPassword
+                 && !BiometricEnabled
+                 && !PinEnabled)
+            {
+                await _vaultTimeoutService.LogOutAsync();
+                return;
+            }
+
             _email = await _stateService.GetEmailAsync();
             if (string.IsNullOrWhiteSpace(_email))
             {
@@ -171,28 +206,20 @@ namespace Bit.App.Pages
             }
             var webVaultHostname = CoreHelpers.GetHostname(webVault);
             LoggedInAsText = string.Format(AppResources.LoggedInAsOn, _email, webVaultHostname);
-            if (PinLock)
+            if (PinEnabled)
             {
                 PageTitle = AppResources.VerifyPIN;
                 LockedVerifyText = AppResources.VaultLockedPIN;
             }
             else
             {
-                if (_usingKeyConnector)
-                {
-                    PageTitle = AppResources.UnlockVault;
-                    LockedVerifyText = AppResources.VaultLockedIdentity;
-                }
-                else
-                {
-                    PageTitle = AppResources.VerifyMasterPassword;
-                    LockedVerifyText = AppResources.VaultLockedMasterPassword;
-                }
+                PageTitle = _hasMasterPassword ? AppResources.VerifyMasterPassword : AppResources.UnlockVault;
+                LockedVerifyText = _hasMasterPassword ? AppResources.VaultLockedMasterPassword : AppResources.VaultLockedIdentity;
             }
 
-            if (BiometricLock)
+            if (BiometricEnabled)
             {
-                BiometricIntegrityValid = await _biometricService.ValidateIntegrityAsync();
+                BiometricIntegrityValid = await _platformUtilsService.IsBiometricIntegrityValidAsync();
                 if (!_biometricIntegrityValid)
                 {
                     BiometricButtonVisible = false;
@@ -212,14 +239,14 @@ namespace Bit.App.Pages
 
         public async Task SubmitAsync()
         {
-            if (PinLock && string.IsNullOrWhiteSpace(Pin))
+            if (PinEnabled && string.IsNullOrWhiteSpace(Pin))
             {
                 await Page.DisplayAlert(AppResources.AnErrorHasOccurred,
                     string.Format(AppResources.ValidationFieldRequired, AppResources.PIN),
                     AppResources.Ok);
                 return;
             }
-            if (!PinLock && string.IsNullOrWhiteSpace(MasterPassword))
+            if (!PinEnabled && string.IsNullOrWhiteSpace(MasterPassword))
             {
                 await Page.DisplayAlert(AppResources.AnErrorHasOccurred,
                     string.Format(AppResources.ValidationFieldRequired, AppResources.MasterPassword),
@@ -230,34 +257,54 @@ namespace Bit.App.Pages
             ShowPassword = false;
             var kdfConfig = await _stateService.GetActiveUserCustomDataAsync(a => new KdfConfig(a?.Profile));
 
-            if (PinLock)
+            if (PinEnabled)
             {
                 var failed = true;
                 try
                 {
-                    if (_isPinProtected)
+                    EncString userKeyPin = null;
+                    EncString oldPinProtected = null;
+                    if (_pinStatus == PinLockType.Persistent)
                     {
-                        var key = await _cryptoService.MakeKeyFromPinAsync(Pin, _email,
+                        userKeyPin = await _stateService.GetPinKeyEncryptedUserKeyAsync();
+                        var oldEncryptedKey = await _stateService.GetPinProtectedAsync();
+                        oldPinProtected = oldEncryptedKey != null ? new EncString(oldEncryptedKey) : null;
+                    }
+                    else if (_pinStatus == PinLockType.Transient)
+                    {
+                        userKeyPin = await _stateService.GetPinKeyEncryptedUserKeyEphemeralAsync();
+                        oldPinProtected = await _stateService.GetPinProtectedKeyAsync();
+                    }
+
+                    UserKey userKey;
+                    if (oldPinProtected != null)
+                    {
+                        userKey = await _cryptoService.DecryptAndMigrateOldPinKeyAsync(
+                            _pinStatus == PinLockType.Transient,
+                            Pin,
+                            _email,
                             kdfConfig,
-                            await _stateService.GetPinProtectedKeyAsync());
-                        var encKey = await _cryptoService.GetEncKeyAsync(key);
-                        var protectedPin = await _stateService.GetProtectedPinAsync();
-                        var decPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), encKey);
-                        failed = decPin != Pin;
-                        if (!failed)
-                        {
-                            Pin = string.Empty;
-                            await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-                            await SetKeyAndContinueAsync(key);
-                        }
+                            oldPinProtected
+                        );
                     }
                     else
                     {
-                        var key = await _cryptoService.MakeKeyFromPinAsync(Pin, _email, kdfConfig);
-                        failed = false;
+                        userKey = await _cryptoService.DecryptUserKeyWithPinAsync(
+                            Pin,
+                            _email,
+                            kdfConfig,
+                            userKeyPin
+                        );
+                    }
+
+                    var protectedPin = await _stateService.GetProtectedPinAsync();
+                    var decryptedPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), userKey);
+                    failed = decryptedPin != Pin;
+                    if (!failed)
+                    {
                         Pin = string.Empty;
                         await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-                        await SetKeyAndContinueAsync(key);
+                        await SetUserKeyAndContinueAsync(userKey);
                     }
                 }
                 catch
@@ -278,26 +325,31 @@ namespace Bit.App.Pages
             }
             else
             {
-                var key = await _cryptoService.MakeKeyAsync(MasterPassword, _email, kdfConfig);
-                var storedKeyHash = await _cryptoService.GetKeyHashAsync();
+                var masterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, _email, kdfConfig);
+                var storedKeyHash = await _cryptoService.GetMasterKeyHashAsync();
                 var passwordValid = false;
+                MasterPasswordPolicyOptions enforcedMasterPasswordOptions = null;
 
                 if (storedKeyHash != null)
                 {
-                    passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(MasterPassword, key);
+                    // Offline unlock possible
+                    passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(MasterPassword, masterKey);
                 }
                 else
                 {
+                    // Online unlock required
                     await _deviceActionService.ShowLoadingAsync(AppResources.Loading);
-                    var keyHash = await _cryptoService.HashPasswordAsync(MasterPassword, key, HashPurpose.ServerAuthorization);
+                    var keyHash = await _cryptoService.HashMasterKeyAsync(MasterPassword, masterKey, HashPurpose.ServerAuthorization);
                     var request = new PasswordVerificationRequest();
                     request.MasterPasswordHash = keyHash;
+
                     try
                     {
-                        await _apiService.PostAccountVerifyPasswordAsync(request);
+                        var response = await _apiService.PostAccountVerifyPasswordAsync(request);
+                        enforcedMasterPasswordOptions = response.MasterPasswordPolicy;
                         passwordValid = true;
-                        var localKeyHash = await _cryptoService.HashPasswordAsync(MasterPassword, key, HashPurpose.LocalAuthorization);
-                        await _cryptoService.SetKeyHashAsync(localKeyHash);
+                        var localKeyHash = await _cryptoService.HashMasterKeyAsync(MasterPassword, masterKey, HashPurpose.LocalAuthorization);
+                        await _cryptoService.SetMasterKeyHashAsync(localKeyHash);
                     }
                     catch (Exception e)
                     {
@@ -307,20 +359,22 @@ namespace Bit.App.Pages
                 }
                 if (passwordValid)
                 {
-                    if (_isPinProtected)
+                    if (await RequirePasswordChangeAsync(enforcedMasterPasswordOptions))
                     {
-                        var protectedPin = await _stateService.GetProtectedPinAsync();
-                        var encKey = await _cryptoService.GetEncKeyAsync(key);
-                        var decPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), encKey);
-                        var pinKey = await _cryptoService.MakePinKeyAysnc(decPin, _email, kdfConfig);
-                        await _stateService.SetPinProtectedKeyAsync(await _cryptoService.EncryptAsync(key.Key, pinKey));
+                        // Save the ForcePasswordResetReason to force a password reset after unlock
+                        await _stateService.SetForcePasswordResetReasonAsync(
+                            ForcePasswordResetReason.WeakMasterPasswordOnLogin);
                     }
+
                     MasterPassword = string.Empty;
                     await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-                    await SetKeyAndContinueAsync(key);
+
+                    var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey);
+                    await _cryptoService.SetMasterKeyAsync(masterKey);
+                    await SetUserKeyAndContinueAsync(userKey);
 
                     // Re-enable biometrics
-                    if (BiometricLock & !BiometricIntegrityValid)
+                    if (BiometricEnabled & !BiometricIntegrityValid)
                     {
                         await _biometricService.SetupBiometricAsync();
                     }
@@ -339,6 +393,37 @@ namespace Bit.App.Pages
             }
         }
 
+        /// <summary>
+        /// Checks if the master password requires updating to meet the enforced policy requirements
+        /// </summary>
+        /// <param name="options"></param>
+        private async Task<bool> RequirePasswordChangeAsync(MasterPasswordPolicyOptions options = null)
+        {
+            // If no policy options are provided, attempt to load them from the policy service
+            var enforcedOptions = options ?? await _policyService.GetMasterPasswordPolicyOptions();
+
+            // No policy to enforce on login/unlock
+            if (!(enforcedOptions is { EnforceOnLogin: true }))
+            {
+                return false;
+            }
+
+            var strength = _passwordGenerationService.PasswordStrength(
+                MasterPassword, _passwordGenerationService.GetPasswordStrengthUserInput(_email))?.Score;
+
+            if (!strength.HasValue)
+            {
+                _logger.Error("Unable to evaluate master password strength during unlock");
+                return false;
+            }
+
+            return !await _policyService.EvaluateMasterPassword(
+                strength.Value,
+                MasterPassword,
+                enforcedOptions
+            );
+        }
+
         public async Task LogOutAsync()
         {
             var confirmed = await _platformUtilsService.ShowDialogAsync(AppResources.LogoutConfirmation,
@@ -349,42 +434,60 @@ namespace Bit.App.Pages
             }
         }
 
+        public void ResetPinPasswordFields()
+        {
+            try
+            {
+                MasterPassword = string.Empty;
+                Pin = string.Empty;
+                ShowPassword = false;
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+            }
+        }
+
         public void TogglePassword()
         {
             ShowPassword = !ShowPassword;
-            var secret = PinLock ? Pin : MasterPassword;
+            var secret = PinEnabled ? Pin : MasterPassword;
             _secretEntryFocusWeakEventManager.RaiseEvent(string.IsNullOrEmpty(secret) ? 0 : secret.Length, nameof(FocusSecretEntry));
         }
 
         public async Task PromptBiometricAsync()
         {
-            BiometricIntegrityValid = await _biometricService.ValidateIntegrityAsync();
-            if (!BiometricLock || !BiometricIntegrityValid)
+            BiometricIntegrityValid = await _platformUtilsService.IsBiometricIntegrityValidAsync();
+            BiometricButtonVisible = BiometricIntegrityValid;
+            if (!BiometricEnabled || !BiometricIntegrityValid)
             {
                 return;
             }
             var success = await _platformUtilsService.AuthenticateBiometricAsync(null,
-                PinLock ? AppResources.PIN : AppResources.MasterPassword,
+                PinEnabled ? AppResources.PIN : AppResources.MasterPassword,
                 () => _secretEntryFocusWeakEventManager.RaiseEvent((int?)null, nameof(FocusSecretEntry)));
             await _stateService.SetBiometricLockedAsync(!success);
             if (success)
             {
-                await DoContinueAsync();
+                var userKey = await _cryptoService.GetBiometricUnlockKeyAsync();
+                await SetUserKeyAndContinueAsync(userKey);
             }
         }
 
-        private async Task SetKeyAndContinueAsync(SymmetricCryptoKey key)
+        private async Task SetUserKeyAndContinueAsync(UserKey key)
         {
-            var hasKey = await _cryptoService.HasKeyAsync();
+            var hasKey = await _cryptoService.HasUserKeyAsync();
             if (!hasKey)
             {
-                await _cryptoService.SetKeyAsync(key);
+                await _cryptoService.SetUserKeyAsync(key);
             }
+            await _deviceTrustCryptoService.TrustDeviceIfNeededAsync();
             await DoContinueAsync();
         }
 
         private async Task DoContinueAsync()
         {
+            _syncService.FullSyncAsync(false).FireAndForget();
             await _stateService.SetBiometricLockedAsync(false);
             _watchDeviceService.SyncDataToWatchAsync().FireAndForget();
             _messagingService.Send("unlocked");

src/App/Pages/Accounts/LoginApproveDevicePage.xaml

@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<pages:BaseContentPage 
+    xmlns="http://xamarin.com/schemas/2014/forms"
+    xmlns:x="http://schemas.microsoft.com/winfx/2009/xaml"
+    x:Class="Bit.App.Pages.LoginApproveDevicePage"
+    xmlns:pages="clr-namespace:Bit.App.Pages"
+    xmlns:u="clr-namespace:Bit.App.Utilities"
+    x:DataType="pages:LoginApproveDeviceViewModel"
+    x:Name="_page"
+    Title="{Binding PageTitle}">
+    
+    <ContentPage.BindingContext>
+        <pages:LoginApproveDeviceViewModel />
+    </ContentPage.BindingContext>
+
+    <StackLayout Padding="10, 10">
+        <StackLayout Padding="5, 10" Orientation="Horizontal">
+            <StackLayout HorizontalOptions="FillAndExpand">
+                <Label
+                    StyleClass="text-md"
+                    Text="{u:I18n RememberThisDevice}"/>
+                <Label
+                    StyleClass="box-sub-label"
+                    Text="{u:I18n TurnOffUsingPublicDevice}"/>
+            </StackLayout>
+            <Switch
+                Scale="0.8"
+                IsToggled="{Binding RememberThisDevice}"
+                VerticalOptions="Center"/>
+        </StackLayout>
+        <StackLayout Margin="0, 20, 0, 0">
+            <Button
+                x:Name="_continue"
+                Text="{u:I18n Continue}" 
+                StyleClass="btn-primary"
+                Command="{Binding ContinueCommand}"
+                IsVisible="{Binding IsNewUser}"/>
+            <Button
+                x:Name="_approveWithMyOtherDevice"
+                Text="{u:I18n ApproveWithMyOtherDevice}" 
+                StyleClass="btn-primary"
+                Command="{Binding ApproveWithMyOtherDeviceCommand}"
+                IsVisible="{Binding ApproveWithMyOtherDeviceEnabled}"/>
+            <Button
+                x:Name="_requestAdminApproval"
+                Text="{u:I18n RequestAdminApproval}" 
+                StyleClass="box-button-row"
+                Command="{Binding RequestAdminApprovalCommand}"
+                IsVisible="{Binding RequestAdminApprovalEnabled}"/>
+            <Button
+                x:Name="_approveWithMasterPassword"
+                Text="{u:I18n ApproveWithMasterPassword}" 
+                StyleClass="box-button-row"
+                Command="{Binding ApproveWithMasterPasswordCommand}"
+                IsVisible="{Binding ApproveWithMasterPasswordEnabled}"/>
+            <Label
+                Text="{Binding LoggingInAsText}"
+                StyleClass="text-sm"
+                Margin="0,40,0,0"
+                AutomationId="LoggingInAsLabel"
+                />
+            <Label
+                Text="{u:I18n NotYou}"
+                StyleClass="text-md"
+                HorizontalOptions="Start"
+                TextColor="{DynamicResource HyperlinkColor}"
+                AutomationId="NotYouLabel">
+                <Label.GestureRecognizers>
+                    <TapGestureRecognizer Command="{Binding LogoutCommand}" />
+                </Label.GestureRecognizers>
+            </Label>
+        </StackLayout>
+    </StackLayout>
+</pages:BaseContentPage>
+
+

src/App/Pages/Accounts/LoginApproveDevicePage.xaml.cs

@@ -0,0 +1,64 @@
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Bit.App.Models;
+using Bit.App.Utilities;
+using Bit.Core.Enums;
+using Bit.Core.Utilities;
+using Xamarin.Forms;
+
+namespace Bit.App.Pages
+{
+    public partial class LoginApproveDevicePage : BaseContentPage
+    {
+
+        private readonly LoginApproveDeviceViewModel _vm;
+        private readonly AppOptions _appOptions;
+
+        public LoginApproveDevicePage(AppOptions appOptions = null)
+        {
+            InitializeComponent();
+            _vm = BindingContext as LoginApproveDeviceViewModel;
+            _vm.LogInWithMasterPasswordAction = () => StartLogInWithMasterPasswordAsync().FireAndForget();
+            _vm.LogInWithDeviceAction = () => StartLoginWithDeviceAsync().FireAndForget();
+            _vm.RequestAdminApprovalAction = () => RequestAdminApprovalAsync().FireAndForget();
+            _vm.ContinueToVaultAction = () => ContinueToVaultAsync().FireAndForget();
+            _vm.Page = this;
+            _appOptions = appOptions;
+        }
+
+        protected override void OnAppearing()
+        {
+            _vm.InitAsync();
+        }
+
+        private async Task ContinueToVaultAsync()
+        {
+            if (AppHelpers.SetAlternateMainPage(_appOptions))
+            {
+                return;
+            }
+            var previousPage = await AppHelpers.ClearPreviousPage();
+            Application.Current.MainPage = new TabsPage(_appOptions, previousPage);
+        }
+
+        private async Task StartLogInWithMasterPasswordAsync()
+        {
+            var page = new LockPage(_appOptions, checkPendingAuthRequests: false);
+            await Navigation.PushModalAsync(new NavigationPage(page));
+        }
+
+        private async Task StartLoginWithDeviceAsync()
+        {
+            var page = new LoginPasswordlessRequestPage(_vm.Email, AuthRequestType.AuthenticateAndUnlock, _appOptions, true);
+            await Navigation.PushModalAsync(new NavigationPage(page));
+        }
+
+        private async Task RequestAdminApprovalAsync()
+        {
+            var page = new LoginPasswordlessRequestPage(_vm.Email, AuthRequestType.AdminApproval, _appOptions, true);
+            await Navigation.PushModalAsync(new NavigationPage(page));
+        }
+    }
+}
+

src/App/Pages/Accounts/LoginApproveDeviceViewModel.cs

@@ -0,0 +1,150 @@
+using System;
+using System.Security.Cryptography.X509Certificates;
+using System.Threading.Tasks;
+using System.Windows.Input;
+using Bit.App.Abstractions;
+using Bit.App.Resources;
+using Bit.App.Utilities.AccountManagement;
+using Bit.Core.Abstractions;
+using Bit.Core.Enums;
+using Bit.Core.Models.Domain;
+using Bit.Core.Models.Request;
+using Bit.Core.Services;
+using Bit.Core.Utilities;
+using Xamarin.CommunityToolkit.ObjectModel;
+using Xamarin.Essentials;
+using Xamarin.Forms;
+
+namespace Bit.App.Pages
+{
+    public class LoginApproveDeviceViewModel : BaseViewModel
+    {
+        private bool _rememberThisDevice;
+        private bool _approveWithMyOtherDeviceEnabled;
+        private bool _requestAdminApprovalEnabled;
+        private bool _approveWithMasterPasswordEnabled;
+        private string _email;
+        private readonly IStateService _stateService;
+        private readonly IApiService _apiService;
+        private IDeviceTrustCryptoService _deviceTrustCryptoService;
+        private readonly IAuthService _authService;
+        private readonly ISyncService _syncService;
+        private readonly IMessagingService _messagingService;
+
+        public ICommand ApproveWithMyOtherDeviceCommand { get; }
+        public ICommand RequestAdminApprovalCommand { get; }
+        public ICommand ApproveWithMasterPasswordCommand { get; }
+        public ICommand ContinueCommand { get; }
+        public ICommand LogoutCommand { get; }
+
+        public Action LogInWithMasterPasswordAction { get; set; }
+        public Action LogInWithDeviceAction { get; set; }
+        public Action RequestAdminApprovalAction { get; set; }
+        public Action ContinueToVaultAction { get; set; }
+
+        public LoginApproveDeviceViewModel()
+        {
+            _stateService = ServiceContainer.Resolve<IStateService>();
+            _apiService = ServiceContainer.Resolve<IApiService>();
+            _deviceTrustCryptoService = ServiceContainer.Resolve<IDeviceTrustCryptoService>();
+            _authService = ServiceContainer.Resolve<IAuthService>();
+            _syncService = ServiceContainer.Resolve<ISyncService>();
+            _messagingService = ServiceContainer.Resolve<IMessagingService>();
+
+            PageTitle = AppResources.LogInInitiated;
+            RememberThisDevice = true;
+
+            ApproveWithMyOtherDeviceCommand = new AsyncCommand(() => SetDeviceTrustAndInvokeAsync(LogInWithDeviceAction),
+                onException: ex => HandleException(ex),
+                allowsMultipleExecutions: false);
+
+            RequestAdminApprovalCommand = new AsyncCommand(() => SetDeviceTrustAndInvokeAsync(RequestAdminApprovalAction),
+                onException: ex => HandleException(ex),
+                allowsMultipleExecutions: false);
+
+            ApproveWithMasterPasswordCommand = new AsyncCommand(() => SetDeviceTrustAndInvokeAsync(LogInWithMasterPasswordAction),
+                onException: ex => HandleException(ex),
+                allowsMultipleExecutions: false);
+
+            ContinueCommand = new AsyncCommand(CreateNewSsoUserAsync,
+                onException: ex => HandleException(ex),
+                allowsMultipleExecutions: false);
+
+            LogoutCommand = new Command(() => _messagingService.Send(AccountsManagerMessageCommands.LOGOUT));
+        }
+
+        public string LoggingInAsText => string.Format(AppResources.LoggingInAsX, Email);
+
+        public bool RememberThisDevice
+        {
+            get => _rememberThisDevice;
+            set => SetProperty(ref _rememberThisDevice, value);
+        }
+
+        public bool ApproveWithMyOtherDeviceEnabled
+        {
+            get => _approveWithMyOtherDeviceEnabled;
+            set => SetProperty(ref _approveWithMyOtherDeviceEnabled, value);
+        }
+
+        public bool RequestAdminApprovalEnabled
+        {
+            get => _requestAdminApprovalEnabled;
+            set => SetProperty(ref _requestAdminApprovalEnabled, value,
+                additionalPropertyNames: new[] { nameof(IsNewUser) });
+        }
+
+        public bool ApproveWithMasterPasswordEnabled
+        {
+            get => _approveWithMasterPasswordEnabled;
+            set => SetProperty(ref _approveWithMasterPasswordEnabled, value,
+                additionalPropertyNames: new[] { nameof(IsNewUser) });
+        }
+
+        public bool IsNewUser => !RequestAdminApprovalEnabled && !ApproveWithMasterPasswordEnabled;
+
+        public string Email
+        {
+            get => _email;
+            set => SetProperty(ref _email, value, additionalPropertyNames:
+                new string[] {
+                    nameof(LoggingInAsText)
+                });
+        }
+
+        public async Task InitAsync()
+        {
+            try
+            {
+                Email = await _stateService.GetActiveUserEmailAsync();
+                var decryptOptions = await _stateService.GetAccountDecryptionOptions();
+                RequestAdminApprovalEnabled = decryptOptions?.TrustedDeviceOption?.HasAdminApproval ?? false;
+                ApproveWithMasterPasswordEnabled = decryptOptions?.HasMasterPassword ?? false;
+                ApproveWithMyOtherDeviceEnabled = decryptOptions?.TrustedDeviceOption?.HasLoginApprovingDevice ?? false;
+            }
+            catch (Exception ex)
+            {
+                HandleException(ex);
+            }
+        }
+
+        public async Task CreateNewSsoUserAsync()
+        {
+            await _authService.CreateNewSsoUserAsync(await _stateService.GetRememberedOrgIdentifierAsync());
+            if (RememberThisDevice)
+            {
+                await _deviceTrustCryptoService.TrustDeviceAsync();
+            }
+
+            _syncService.FullSyncAsync(true).FireAndForget();
+            await Device.InvokeOnMainThreadAsync(ContinueToVaultAction);
+        }
+
+        private async Task SetDeviceTrustAndInvokeAsync(Action action)
+        {
+            await _deviceTrustCryptoService.SetShouldTrustDeviceAsync(RememberThisDevice);
+            await Device.InvokeOnMainThreadAsync(action);
+        }
+    }
+}
+

src/App/Pages/Accounts/LoginPage.xaml

@@ -9,23 +9,23 @@
     xmlns:u="clr-namespace:Bit.App.Utilities"
     x:DataType="pages:LoginPageViewModel"
     x:Name="_page"
-    Title="{Binding PageTitle}">
+    Title="{Binding PageTitle}"
+    AutomationId="PageTitleLabel">
     
     <ContentPage.BindingContext>
         <pages:LoginPageViewModel />
     </ContentPage.BindingContext>
-
     <ContentPage.ToolbarItems>
         <controls:ExtendedToolbarItem
                 x:Name="_accountAvatar"
-                x:Key="accountAvatar"
                 IconImageSource="{Binding AvatarImageSource}"
                 Command="{Binding Source={x:Reference _accountListOverlay}, Path=ToggleVisibililtyCommand}"
                 Order="Primary"
                 Priority="-1"
                 UseOriginalImage="True"
                 AutomationProperties.IsInAccessibleTree="True"
-                AutomationProperties.Name="{u:I18n Account}" />
+                AutomationProperties.Name="{u:I18n Account}"
+                AutomationId="AccountIconButton" />
     </ContentPage.ToolbarItems>
 
     <ContentPage.Resources>
@@ -34,7 +34,8 @@
             <ToolbarItem Icon="more_vert.png" Clicked="More_Clicked" Order="Primary"
                 x:Name="_moreItem" x:Key="moreItem"
                  AutomationProperties.IsInAccessibleTree="True"
-                 AutomationProperties.Name="{u:I18n Options}" />
+                 AutomationProperties.Name="{u:I18n Options}"
+                 AutomationId="OptionsButton" />
             <ToolbarItem Text="{u:I18n GetPasswordHint}"
                 x:Key="getPasswordHint"
                 x:Name="_getPasswordHint"
@@ -75,7 +76,9 @@
                                 Grid.Row="1"
                                 Grid.Column="0"
                                 ReturnType="Go"
-                                ReturnCommand="{Binding LogInCommand}" />
+                                ReturnCommand="{Binding LogInCommand}"
+                                AutomationId="MasterPasswordEntry"
+                            />
                             <controls:IconButton
                                 StyleClass="box-row-button, box-row-button-platform"
                                 Text="{Binding ShowPasswordIcon}"
@@ -84,6 +87,7 @@
                                 Grid.Column="1"
                                 Grid.RowSpan="1"
                                 AutomationProperties.IsInAccessibleTree="True"
+                                AutomationId="PasswordVisibilityToggle"
                                 AutomationProperties.Name="{u:I18n ToggleVisibility}"
                                 AutomationProperties.HelpText="{Binding PasswordVisibilityAccessibilityText}"/>
                             <Label
@@ -93,7 +97,9 @@
                                 Padding="0,5,0,0"
                                 Grid.Row="2"
                                 Grid.Column="0"
-                                Grid.ColumnSpan="2">
+                                Grid.ColumnSpan="2"
+                                AutomationId="GetMasterPasswordHintLabel"
+                                >
                                 <Label.GestureRecognizers>
                                     <TapGestureRecognizer Tapped="Hint_Clicked" />
                                 </Label.GestureRecognizers>
@@ -104,19 +110,24 @@
                         <Button x:Name="_loginWithMasterPassword"
                             Text="{u:I18n LogInWithMasterPassword}" 
                                 StyleClass="btn-primary"
-                                Clicked="LogIn_Clicked" />
+                                Clicked="LogIn_Clicked"
+                                AutomationId="LogInWithMasterPasswordButton"
+                                />
                         <controls:IconLabelButton
                             HorizontalOptions="Fill"
                             VerticalOptions="CenterAndExpand"
                             Icon="{Binding Source={x:Static core:BitwardenIcons.Device}}"
                             Label="{u:I18n LogInWithAnotherDevice}"
                             ButtonCommand="{Binding LogInWithDeviceCommand}"
-                            IsVisible="{Binding IsKnownDevice}"/>
+                            IsVisible="{Binding IsKnownDevice}"
+                            AutomationId="LogInWithAnotherDeviceButton"
+                            />
                         <controls:IconLabelButton
                             HorizontalOptions="Fill"
                             VerticalOptions="CenterAndExpand"
                             Icon="{Binding Source={x:Static core:BitwardenIcons.Suitcase}}"
-                            Label="{u:I18n LogInSso}">
+                            Label="{u:I18n LogInSso}"
+                            AutomationId="LogInWithSsoButton">
                             <controls:IconLabelButton.GestureRecognizers>
                                 <TapGestureRecognizer Tapped="LogInSSO_Clicked" />
                             </controls:IconLabelButton.GestureRecognizers>
@@ -124,12 +135,15 @@
                         <Label
                             Text="{Binding LoggingInAsText}"
                             StyleClass="text-sm"
-                            Margin="0,40,0,0"/>
+                            Margin="0,40,0,0"
+                            AutomationId="LoggingInAsLabel"
+                            />
                         <Label
                             Text="{u:I18n NotYou}"
                             StyleClass="text-md"
                             HorizontalOptions="Start"
-                            TextColor="{DynamicResource HyperlinkColor}">
+                            TextColor="{DynamicResource HyperlinkColor}"
+                            AutomationId="NotYouLabel">
                             <Label.GestureRecognizers>
                                 <TapGestureRecognizer Tapped="Cancel_Clicked" />
                             </Label.GestureRecognizers>

src/App/Pages/Accounts/LoginPage.xaml.cs

@@ -2,7 +2,9 @@
 using System.Threading.Tasks;
 using Bit.App.Models;
 using Bit.App.Utilities;
+using Bit.Core;
 using Bit.Core.Abstractions;
+using Bit.Core.Enums;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Xamarin.CommunityToolkit.ObjectModel;
@@ -12,6 +14,7 @@ namespace Bit.App.Pages
 {
     public partial class LoginPage : BaseContentPage
     {
+        private readonly IBroadcasterService _broadcasterService;
         private readonly LoginPageViewModel _vm;
         private readonly AppOptions _appOptions;
 
@@ -23,6 +26,7 @@ namespace Bit.App.Pages
         {
             _appOptions = appOptions;
             InitializeComponent();
+            _broadcasterService = ServiceContainer.Resolve<IBroadcasterService>();
             _vm = BindingContext as LoginPageViewModel;
             _vm.Page = this;
             _vm.StartTwoFactorAction = () => Device.BeginInvokeOnMainThread(async () => await StartTwoFactorAsync());
@@ -70,6 +74,13 @@ namespace Bit.App.Pages
         protected override async void OnAppearing()
         {
             base.OnAppearing();
+            _broadcasterService.Subscribe(nameof(LoginPage), message =>
+            {
+                if (message.Command == Constants.ClearSensitiveFields)
+                {
+                    Device.BeginInvokeOnMainThread(_vm.ResetPasswordField);
+                }
+            });
             _mainContent.Content = _mainLayout;
             _accountAvatar?.OnAppearing();
 
@@ -104,6 +115,7 @@ namespace Bit.App.Pages
             base.OnDisappearing();
 
             _accountAvatar?.OnDisappearing();
+            _broadcasterService.Unsubscribe(nameof(LoginPage));
         }
 
         private async void LogIn_Clicked(object sender, EventArgs e)
@@ -124,7 +136,7 @@ namespace Bit.App.Pages
 
         private async Task StartLoginWithDeviceAsync()
         {
-            var page = new LoginPasswordlessRequestPage(_vm.Email, _appOptions);
+            var page = new LoginPasswordlessRequestPage(_vm.Email, AuthRequestType.AuthenticateAndUnlock, _appOptions);
             await Navigation.PushModalAsync(new NavigationPage(page));
         }
 

src/App/Pages/Accounts/LoginPageViewModel.cs

@@ -40,6 +40,8 @@ namespace Bit.App.Pages
         private string _masterPassword;
         private bool _isEmailEnabled;
         private bool _isKnownDevice;
+        private bool _isExecutingLogin;
+        private string _environmentHostName;
 
         public LoginPageViewModel()
         {
@@ -114,6 +116,16 @@ namespace Bit.App.Pages
             set => SetProperty(ref _isKnownDevice, value);
         }
 
+        public string EnvironmentDomainName
+        {
+            get => _environmentHostName;
+            set => SetProperty(ref _environmentHostName, value,
+                additionalPropertyNames: new string[]
+                {
+                    nameof(LoggingInAsText)
+                });
+        }
+
         public AccountSwitchingOverlayViewModel AccountSwitchingOverlayViewModel { get; }
         public Command LogInCommand { get; }
         public Command TogglePasswordCommand { get; }
@@ -121,7 +133,7 @@ namespace Bit.App.Pages
         public ICommand LogInWithDeviceCommand { get; }
         public string ShowPasswordIcon => ShowPassword ? BitwardenIcons.EyeSlash : BitwardenIcons.Eye;
         public string PasswordVisibilityAccessibilityText => ShowPassword ? AppResources.PasswordIsVisibleTapToHide : AppResources.PasswordIsNotVisibleTapToShow;
-        public string LoggingInAsText => string.Format(AppResources.LoggingInAsX, Email);
+        public string LoggingInAsText => string.Format(AppResources.LoggingInAsXOnY, Email, EnvironmentDomainName);
         public bool IsIosExtension { get; set; }
         public bool CanRemoveAccount { get; set; }
         public Action StartTwoFactorAction { get; set; }
@@ -143,20 +155,28 @@ namespace Bit.App.Pages
             try
             {
                 await _deviceActionService.ShowLoadingAsync(AppResources.Loading);
+                await _stateService.SetPreLoginEmailAsync(Email);
                 await AccountSwitchingOverlayViewModel.RefreshAccountViewsAsync();
                 if (string.IsNullOrWhiteSpace(Email))
                 {
                     Email = await _stateService.GetRememberedEmailAsync();
                 }
-                var deviceIdentifier = await _appIdService.GetAppIdAsync();
-                IsKnownDevice = await _apiService.GetKnownDeviceAsync(Email, deviceIdentifier);
                 CanRemoveAccount = await _stateService.GetActiveUserEmailAsync() != Email;
-                await _deviceActionService.HideLoadingAsync();
+                EnvironmentDomainName = CoreHelpers.GetDomain((await _stateService.GetPreAuthEnvironmentUrlsAsync())?.Base);
+                IsKnownDevice = await _apiService.GetKnownDeviceAsync(Email, await _appIdService.GetAppIdAsync());
+            }
+            catch (ApiException apiEx) when (apiEx.Error.StatusCode == System.Net.HttpStatusCode.Unauthorized)
+            {
+                _logger.Exception(apiEx);
             }
             catch (Exception ex)
             {
                 HandleException(ex);
             }
+            finally
+            {
+                await _deviceActionService.HideLoadingAsync();
+            }
         }
 
         public async Task LogInAsync(bool showLoading = true, bool checkForExistingAccount = false)
@@ -191,6 +211,7 @@ namespace Bit.App.Pages
             ShowPassword = false;
             try
             {
+                _isExecutingLogin = true;
                 if (checkForExistingAccount)
                 {
                     var userId = await _stateService.GetUserIdAsync(Email);
@@ -252,6 +273,26 @@ namespace Bit.App.Pages
                         AppResources.AnErrorHasOccurred, AppResources.Ok);
                 }
             }
+            finally
+            {
+                _isExecutingLogin = false;
+            }
+        }
+
+        public void ResetPasswordField()
+        {
+            try
+            {
+                if (!_isExecutingLogin)
+                {
+                    MasterPassword = string.Empty;
+                    ShowPassword = false;
+                }
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+            }
         }
 
         private async Task MoreAsync()

src/App/Pages/Accounts/LoginPasswordlessPage.xaml

@@ -32,7 +32,8 @@
                 <Label
                     Text="{Binding LogInAttemptByLabel}"
                     FontSize="Small"
-                    Margin="0,0,0,24"/>
+                    Margin="0,0,0,24"
+                    AutomationId="LogInAttemptByLabel" />
                 <Label
                     Text="{u:I18n FingerprintPhrase}"
                     FontSize="Small"
@@ -41,7 +42,8 @@
                     FormattedText="{Binding LoginRequest.FingerprintPhrase}"
                     FontSize="Medium"
                     TextColor="{DynamicResource FingerprintPhrase}"
-                    Margin="0,0,0,27"/>
+                    Margin="0,0,0,27"
+                    AutomationId="FingerprintValueLabel" />
                 <Label
                     Text="{u:I18n DeviceType}"
                     FontSize="Small"
@@ -49,7 +51,8 @@
                 <Label
                     Text="{Binding LoginRequest.DeviceType}"
                     FontSize="Small"
-                    Margin="0,0,0,21"/>
+                    Margin="0,0,0,21"
+                    AutomationId="DeviceTypeValueLabel" />
                 <Label
                     Text="{u:I18n IpAddress}"
                     IsVisible="{Binding ShowIpAddress}"
@@ -59,7 +62,8 @@
                     Text="{Binding LoginRequest.IpAddress}"
                     IsVisible="{Binding ShowIpAddress}"
                     FontSize="Small"
-                    Margin="0,0,0,21"/>
+                    Margin="0,0,0,21"
+                    AutomationId="IpAddressValueLabel" />
                 <Label
                     Text="{u:I18n Time}"
                     FontSize="Small"
@@ -67,7 +71,8 @@
                 <Label
                     Text="{Binding TimeOfRequestText}"
                     FontSize="Small"
-                    Margin="0,0,0,57"/>
+                    Margin="0,0,0,57"
+                    AutomationId="TimeOfRequestValueLabel" />
             </StackLayout>
         </ScrollView>
 
@@ -75,11 +80,13 @@
                 Text="{u:I18n ConfirmLogIn}"
                 Command="{Binding AcceptRequestCommand}"
                 Margin="0,0,0,17"
-                StyleClass="btn-primary"/>
+                StyleClass="btn-primary"
+                AutomationId="ConfirmLoginButton" />
         <Button
                 Text="{u:I18n DenyLogIn}"
                 Command="{Binding RejectRequestCommand}"
-                StyleClass="btn-secundary"/>
+                StyleClass="btn-secundary"
+                AutomationId="DenyLoginButton" />
 
     </StackLayout>
 </pages:BaseContentPage>

src/App/Pages/Accounts/LoginPasswordlessRequestPage.xaml

@@ -21,16 +21,17 @@
         <StackLayout
             Padding="7, 0, 7, 20">
             <Label
-                Text="{u:I18n LogInInitiated}"
+                Text="{Binding Title}"
                 FontSize="Title"
                 FontAttributes="Bold"
-                Margin="0,14,0,21"/>
+                Margin="0,14,0,21"
+                AutomationId="LogInInitiatedLabel" />
             <Label
-                Text="{u:I18n ANotificationHasBeenSentToYourDevice}"
+                Text="{Binding SubTitle}"
                 FontSize="Small"
                 Margin="0,0,0,10"/>
             <Label
-                Text="{u:I18n PleaseMakeSureYourVaultIsUnlockedAndTheFingerprintPhraseMatchesOnTheOtherDevice}"
+                Text="{Binding Description}"
                 FontSize="Small"
                 Margin="0,0,0,24"/>
             <Label
@@ -39,38 +40,39 @@
                 FontAttributes="Bold"/>
             <controls:MonoLabel
                 FormattedText="{Binding FingerprintPhrase}"
-                FontSize="Medium"
-                TextColor="{DynamicResource FingerprintPhrase}"/>
+                FontSize="Small"
+                TextColor="{DynamicResource FingerprintPhrase}"
+                AutomationId="FingerprintPhraseValue" />
             <Label
                 Text="{u:I18n ResendNotification}"
-                StyleClass="text-md"
+                IsVisible="{Binding ResendNotificationVisible}"
+                StyleClass="text-sm"
+                FontAttributes="Bold"
                 HorizontalOptions="Start"
-                Margin="0,40,0,0"
-                TextColor="{DynamicResource HyperlinkColor}">
+                Margin="0,24,0,0"
+                TextColor="{DynamicResource HyperlinkColor}"
+                AutomationId="ResendNotificationButton">
                 <Label.GestureRecognizers>
                     <TapGestureRecognizer Command="{Binding CreatePasswordlessLoginCommand}" />
                 </Label.GestureRecognizers>
             </Label>
-            <StackLayout
-                Orientation="Horizontal"
-                Margin="0,30,0,0">
-                <Label
-                    Text="{u:I18n NeedAnotherOption}"
-                    FontSize="Small"
-                    VerticalTextAlignment="End"/>
-                <Label
-                    Text="{u:I18n ViewAllLoginOptions}"
-                    StyleClass="text-md"
-                    VerticalTextAlignment="End"
-                    VerticalOptions="CenterAndExpand"
-                    Margin="5, 0"
-                    TextColor="{DynamicResource HyperlinkColor}">
-                    <Label.GestureRecognizers>
-                        <TapGestureRecognizer Command="{Binding CloseCommand}" />
-                    </Label.GestureRecognizers>
-                </Label>
-            </StackLayout>
-               
+            <BoxView
+                HeightRequest="1"
+                Margin="0,24,0,24"
+                Color="{DynamicResource DisabledIconColor}" />
+            <Label
+                Text="{Binding OtherOptions}"
+                FontSize="Small"/>
+            <Label
+                Text="{u:I18n ViewAllLoginOptions}"
+                StyleClass="text-sm"
+                FontAttributes="Bold"
+                TextColor="{DynamicResource HyperlinkColor}"
+                AutomationId="ViewAllLoginOptionsButton">
+                <Label.GestureRecognizers>
+                    <TapGestureRecognizer Command="{Binding CloseCommand}" />
+                </Label.GestureRecognizers>
+            </Label>
         </StackLayout>
     </ScrollView>
 </pages:BaseContentPage>

src/App/Pages/Accounts/LoginPasswordlessRequestPage.xaml.cs

@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.Threading.Tasks;
 using Bit.App.Models;
 using Bit.App.Utilities;
+using Bit.Core.Enums;
 using Xamarin.Forms;
 
 namespace Bit.App.Pages
@@ -12,13 +13,15 @@ namespace Bit.App.Pages
         private LoginPasswordlessRequestViewModel _vm;
         private readonly AppOptions _appOptions;
 
-        public LoginPasswordlessRequestPage(string email, AppOptions appOptions = null)
+        public LoginPasswordlessRequestPage(string email, AuthRequestType authRequestType, AppOptions appOptions = null, bool authingWithSso = false)
         {
             InitializeComponent();
             _appOptions = appOptions;
             _vm = BindingContext as LoginPasswordlessRequestViewModel;
             _vm.Page = this;
             _vm.Email = email;
+            _vm.AuthRequestType = authRequestType;
+            _vm.AuthingWithSso = authingWithSso;
             _vm.StartTwoFactorAction = () => Device.BeginInvokeOnMainThread(async () => await StartTwoFactorAsync());
             _vm.LogInSuccessAction = () => Device.BeginInvokeOnMainThread(async () => await LogInSuccessAsync());
             _vm.UpdateTempPasswordAction = () => Device.BeginInvokeOnMainThread(async () => await UpdateTempPasswordAsync());

src/App/Pages/Accounts/LoginPasswordlessRequestViewModel.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Net.Http;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
@@ -11,7 +12,9 @@ using Bit.App.Utilities;
 using Bit.Core;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
+using Bit.Core.Exceptions;
 using Bit.Core.Models.Domain;
+using Bit.Core.Models.Response;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Xamarin.CommunityToolkit.ObjectModel;
@@ -32,6 +35,9 @@ namespace Bit.App.Pages
         private IPlatformUtilsService _platformUtilsService;
         private IEnvironmentService _environmentService;
         private ILogger _logger;
+        private IDeviceTrustCryptoService _deviceTrustCryptoService;
+        private readonly ICryptoFunctionService _cryptoFunctionService;
+        private readonly ICryptoService _cryptoService;
 
         protected override II18nService i18nService => _i18nService;
         protected override IEnvironmentService environmentService => _environmentService;
@@ -44,6 +50,7 @@ namespace Bit.App.Pages
         private string _email;
         private string _requestId;
         private string _requestAccessCode;
+        private AuthRequestType _authRequestType;
         // Item1 publicKey, Item2 privateKey
         private Tuple<byte[], byte[]> _requestKeyPair;
 
@@ -57,8 +64,9 @@ namespace Bit.App.Pages
             _i18nService = ServiceContainer.Resolve<II18nService>();
             _stateService = ServiceContainer.Resolve<IStateService>();
             _logger = ServiceContainer.Resolve<ILogger>();
-
-            PageTitle = AppResources.LogInWithAnotherDevice;
+            _deviceTrustCryptoService = ServiceContainer.Resolve<IDeviceTrustCryptoService>();
+            _cryptoFunctionService = ServiceContainer.Resolve<ICryptoFunctionService>();
+            _cryptoService = ServiceContainer.Resolve<ICryptoService>();
 
             CreatePasswordlessLoginCommand = new AsyncCommand(CreatePasswordlessLoginAsync,
                 onException: ex => HandleException(ex),
@@ -73,10 +81,91 @@ namespace Bit.App.Pages
         public Action LogInSuccessAction { get; set; }
         public Action UpdateTempPasswordAction { get; set; }
         public Action CloseAction { get; set; }
+        public bool AuthingWithSso { get; set; }
 
         public ICommand CreatePasswordlessLoginCommand { get; }
         public ICommand CloseCommand { get; }
 
+        public string HeaderTitle
+        {
+            get
+            {
+                switch (_authRequestType)
+                {
+                    case AuthRequestType.AuthenticateAndUnlock:
+                        return AppResources.LogInWithDevice;
+                    case AuthRequestType.AdminApproval:
+                        return AppResources.LogInInitiated;
+                    default:
+                        return string.Empty;
+                };
+            }
+        }
+
+        public string Title
+        {
+            get
+            {
+                switch (_authRequestType)
+                {
+                    case AuthRequestType.AuthenticateAndUnlock:
+                        return AppResources.LogInInitiated;
+                    case AuthRequestType.AdminApproval:
+                        return AppResources.AdminApprovalRequested;
+                    default:
+                        return string.Empty;
+                };
+            }
+        }
+
+        public string SubTitle
+        {
+            get
+            {
+                switch (_authRequestType)
+                {
+                    case AuthRequestType.AuthenticateAndUnlock:
+                        return AppResources.ANotificationHasBeenSentToYourDevice;
+                    case AuthRequestType.AdminApproval:
+                        return AppResources.YourRequestHasBeenSentToYourAdmin;
+                    default:
+                        return string.Empty;
+                };
+            }
+        }
+
+        public string Description
+        {
+            get
+            {
+                switch (_authRequestType)
+                {
+                    case AuthRequestType.AuthenticateAndUnlock:
+                        return AppResources.PleaseMakeSureYourVaultIsUnlockedAndTheFingerprintPhraseMatchesOnTheOtherDevice;
+                    case AuthRequestType.AdminApproval:
+                        return AppResources.YouWillBeNotifiedOnceApproved;
+                    default:
+                        return string.Empty;
+                };
+            }
+        }
+
+        public string OtherOptions
+        {
+            get
+            {
+                switch (_authRequestType)
+                {
+                    case AuthRequestType.AuthenticateAndUnlock:
+                        return AppResources.LogInWithDeviceMustBeSetUpInTheSettingsOfTheBitwardenAppNeedAnotherOption;
+                    case AuthRequestType.AdminApproval:
+                        return AppResources.TroubleLoggingIn;
+                    default:
+                        return string.Empty;
+                };
+            }
+        }
+
         public string FingerprintPhrase
         {
             get => _fingerprintPhrase;
@@ -89,6 +178,25 @@ namespace Bit.App.Pages
             set => SetProperty(ref _email, value);
         }
 
+        public AuthRequestType AuthRequestType
+        {
+            get => _authRequestType;
+            set
+            {
+                SetProperty(ref _authRequestType, value, additionalPropertyNames: new string[]
+                {
+                    nameof(Title),
+                    nameof(SubTitle),
+                    nameof(Description),
+                    nameof(OtherOptions),
+                    nameof(ResendNotificationVisible)
+                });
+                PageTitle = HeaderTitle;
+            }
+        }
+
+        public bool ResendNotificationVisible => AuthRequestType == AuthRequestType.AuthenticateAndUnlock;
+
         public void StartCheckLoginRequestStatus()
         {
             try
@@ -119,25 +227,39 @@ namespace Bit.App.Pages
 
         private async Task CheckLoginRequestStatus()
         {
-            if (string.IsNullOrEmpty(_requestId) || string.IsNullOrEmpty(_requestAccessCode))
+            if (string.IsNullOrEmpty(_requestId))
             {
                 return;
             }
 
             try
             {
-                var response = await _authService.GetPasswordlessLoginResponseAsync(_requestId, _requestAccessCode);
+                PasswordlessLoginResponse response = null;
+                if (AuthingWithSso)
+                {
+                    response = await _authService.GetPasswordlessLoginRequestByIdAsync(_requestId);
+                }
+                else
+                {
+                    response = await _authService.GetPasswordlessLoginResquestAsync(_requestId, _requestAccessCode);
+                }
 
-                if (response.RequestApproved == null || !response.RequestApproved.Value)
+                if (response?.RequestApproved != true)
                 {
                     return;
                 }
 
                 StopCheckLoginRequestStatus();
 
-                var authResult = await _authService.LogInPasswordlessAsync(Email, _requestAccessCode, _requestId, _requestKeyPair.Item2, response.Key, response.MasterPasswordHash);
+                var authResult = await _authService.LogInPasswordlessAsync(AuthingWithSso, Email, _requestAccessCode, _requestId, _requestKeyPair.Item2, response.Key, response.MasterPasswordHash);
                 await AppHelpers.ResetInvalidUnlockAttemptsAsync();
 
+                if (authResult == null && await _stateService.IsAuthenticatedAsync())
+                {
+                    await HandleLoginCompleteAsync();
+                    return;
+                }
+
                 if (await HandleCaptchaAsync(authResult.CaptchaSiteKey, authResult.CaptchaNeeded, CheckLoginRequestStatus))
                 {
                     return;
@@ -153,10 +275,13 @@ namespace Bit.App.Pages
                 }
                 else
                 {
-                    _syncService.FullSyncAsync(true).FireAndForget();
-                    LogInSuccessAction?.Invoke();
+                    await HandleLoginCompleteAsync();
                 }
             }
+            catch (ApiException ex) when (ex.Error?.StatusCode == System.Net.HttpStatusCode.BadRequest)
+            {
+                HandleException(ex);
+            }
             catch (Exception ex)
             {
                 StartCheckLoginRequestStatus();
@@ -164,30 +289,65 @@ namespace Bit.App.Pages
             }
         }
 
+        private async Task HandleLoginCompleteAsync()
+        {
+            await _stateService.SetPendingAdminAuthRequestAsync(null);
+            _syncService.FullSyncAsync(true).FireAndForget();
+            LogInSuccessAction?.Invoke();
+        }
+
         private async Task CreatePasswordlessLoginAsync()
         {
             await Device.InvokeOnMainThreadAsync(() => _deviceActionService.ShowLoadingAsync(AppResources.Loading));
 
-            var response = await _authService.PasswordlessCreateLoginRequestAsync(_email);
-            if (response != null)
+            PasswordlessLoginResponse response = null;
+            var pendingRequest = await _stateService.GetPendingAdminAuthRequestAsync();
+            if (pendingRequest != null && _authRequestType == AuthRequestType.AdminApproval)
             {
-                FingerprintPhrase = response.RequestFingerprint;
-                _requestId = response.Id;
-                _requestAccessCode = response.RequestAccessCode;
-                _requestKeyPair = response.RequestKeyPair;
+                response = await _authService.GetPasswordlessLoginRequestByIdAsync(pendingRequest.Id);
+                if (response == null || (response.IsAnswered && !response.RequestApproved.Value))
+                {
+                    // handle pending auth request not valid remove it from state
+                    await _stateService.SetPendingAdminAuthRequestAsync(null);
+                    pendingRequest = null;
+                    response = null;
+                }
+                else
+                {
+                    // Derive pubKey from privKey in state to avoid MITM attacks
+                    // Also generate FingerprintPhrase locally for the same reason
+                    var derivedPublicKey = await _cryptoFunctionService.RsaExtractPublicKeyAsync(pendingRequest.PrivateKey);
+                    response.FingerprintPhrase = string.Join("-", await _cryptoService.GetFingerprintAsync(Email, derivedPublicKey));
+                    response.RequestKeyPair = new Tuple<byte[], byte[]>(derivedPublicKey, pendingRequest.PrivateKey);
+                }
             }
 
+            if (response == null)
+            {
+                response = await _authService.PasswordlessCreateLoginRequestAsync(_email, AuthRequestType);
+            }
+
+            await HandlePasswordlessLoginAsync(response, pendingRequest == null && _authRequestType == AuthRequestType.AdminApproval);
             await _deviceActionService.HideLoadingAsync();
         }
 
-        private void HandleException(Exception ex)
+        private async Task HandlePasswordlessLoginAsync(PasswordlessLoginResponse response, bool createPendingAdminRequest)
         {
-            Xamarin.Essentials.MainThread.InvokeOnMainThreadAsync(async () =>
+            if (response == null)
             {
-                await _deviceActionService.HideLoadingAsync();
-                await _platformUtilsService.ShowDialogAsync(AppResources.GenericErrorMessage);
-            }).FireAndForget();
-            _logger.Exception(ex);
+                throw new ArgumentNullException(nameof(response));
+            }
+
+            if (createPendingAdminRequest)
+            {
+                var pendingAuthRequest = new PendingAdminAuthRequest { Id = response.Id, PrivateKey = response.RequestKeyPair.Item2 };
+                await _stateService.SetPendingAdminAuthRequestAsync(pendingAuthRequest);
+            }
+
+            FingerprintPhrase = response.FingerprintPhrase;
+            _requestId = response.Id;
+            _requestAccessCode = response.RequestAccessCode;
+            _requestKeyPair = response.RequestKeyPair;
         }
     }
 }

src/App/Pages/Accounts/LoginSsoPage.xaml.cs

@@ -29,6 +29,8 @@ namespace Bit.App.Pages
             _vm.SsoAuthSuccessAction = () => Device.BeginInvokeOnMainThread(async () => await SsoAuthSuccessAsync());
             _vm.UpdateTempPasswordAction =
                 () => Device.BeginInvokeOnMainThread(async () => await UpdateTempPasswordAsync());
+            _vm.StartDeviceApprovalOptionsAction =
+                () => Device.BeginInvokeOnMainThread(async () => await StartDeviceApprovalOptionsAsync());
             _vm.CloseAction = async () =>
             {
                 await Navigation.PopModalAsync();
@@ -106,10 +108,17 @@ namespace Bit.App.Pages
             await Navigation.PushModalAsync(new NavigationPage(page));
         }
 
+        private async Task StartDeviceApprovalOptionsAsync()
+        {
+            var page = new LoginApproveDevicePage();
+            await Navigation.PushModalAsync(new NavigationPage(page));
+        }
+
         private async Task SsoAuthSuccessAsync()
         {
             RestoreAppOptionsFromCopy();
             await AppHelpers.ClearPreviousPage();
+
             if (await _vaultTimeoutService.IsLockedAsync())
             {
                 Application.Current.MainPage = new NavigationPage(new LockPage(_appOptions));

src/App/Pages/Accounts/LoginSsoPageViewModel.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Net;
 using System.Threading.Tasks;
 using System.Windows.Input;
 using Bit.App.Abstractions;
@@ -8,6 +9,7 @@ using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Domain;
+using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Xamarin.CommunityToolkit.ObjectModel;
 using Xamarin.Essentials;
@@ -27,6 +29,9 @@ namespace Bit.App.Pages
         private readonly IPlatformUtilsService _platformUtilsService;
         private readonly IStateService _stateService;
         private readonly ILogger _logger;
+        private readonly IOrganizationService _organizationService;
+        private readonly IDeviceTrustCryptoService _deviceTrustCryptoService;
+        private readonly ICryptoService _cryptoService;
 
         private string _orgIdentifier;
 
@@ -42,7 +47,9 @@ namespace Bit.App.Pages
             _platformUtilsService = ServiceContainer.Resolve<IPlatformUtilsService>("platformUtilsService");
             _stateService = ServiceContainer.Resolve<IStateService>("stateService");
             _logger = ServiceContainer.Resolve<ILogger>("logger");
-
+            _organizationService = ServiceContainer.Resolve<IOrganizationService>();
+            _deviceTrustCryptoService = ServiceContainer.Resolve<IDeviceTrustCryptoService>();
+            _cryptoService = ServiceContainer.Resolve<ICryptoService>();
 
             PageTitle = AppResources.Bitwarden;
             LogInCommand = new AsyncCommand(LogInAsync, allowsMultipleExecutions: false);
@@ -58,14 +65,31 @@ namespace Bit.App.Pages
         public Action StartTwoFactorAction { get; set; }
         public Action StartSetPasswordAction { get; set; }
         public Action SsoAuthSuccessAction { get; set; }
+        public Action StartDeviceApprovalOptionsAction { get; set; }
         public Action CloseAction { get; set; }
         public Action UpdateTempPasswordAction { get; set; }
 
         public async Task InitAsync()
         {
-            if (string.IsNullOrWhiteSpace(OrgIdentifier))
+            try
             {
-                OrgIdentifier = await _stateService.GetRememberedOrgIdentifierAsync();
+                if (await TryClaimedDomainLogin())
+                {
+                    return;
+                }
+
+                if (string.IsNullOrWhiteSpace(OrgIdentifier))
+                {
+                    OrgIdentifier = await _stateService.GetRememberedOrgIdentifierAsync();
+                }
+            }
+            catch (Exception ex)
+            {
+                _logger.Exception(ex);
+            }
+            finally
+            {
+                await _deviceActionService.HideLoadingAsync();
             }
         }
 
@@ -90,7 +114,7 @@ namespace Bit.App.Pages
 
                 await _deviceActionService.ShowLoadingAsync(AppResources.LoggingIn);
 
-                var response = await _apiService.PreValidateSso(OrgIdentifier);
+                var response = await _apiService.PreValidateSsoAsync(OrgIdentifier);
 
                 if (string.IsNullOrWhiteSpace(response?.Token))
                 {
@@ -102,9 +126,8 @@ namespace Bit.App.Pages
 
                 var ssoToken = response.Token;
 
-
-                var passwordOptions = new PasswordGenerationOptions(true);
-                passwordOptions.Length = 64;
+                var passwordOptions = PasswordGenerationOptions.CreateDefault
+                                                               .WithLength(64);
 
                 var codeVerifier = await _passwordGenerationService.GeneratePasswordAsync(passwordOptions);
                 var codeVerifierHash = await _cryptoFunctionService.HashAsync(codeVerifier, CryptoHashAlgorithm.Sha256);
@@ -126,7 +149,6 @@ namespace Bit.App.Pages
                 authResult = await WebAuthenticator.AuthenticateAsync(new Uri(url),
                     new Uri(REDIRECT_URI));
 
-
                 var code = GetResultCode(authResult, state);
                 if (!string.IsNullOrEmpty(code))
                 {
@@ -179,33 +201,130 @@ namespace Bit.App.Pages
             try
             {
                 var response = await _authService.LogInSsoAsync(code, codeVerifier, REDIRECT_URI, orgId);
+                var decryptOptions = await _stateService.GetAccountDecryptionOptions();
                 await AppHelpers.ResetInvalidUnlockAttemptsAsync();
                 await _stateService.SetRememberedOrgIdentifierAsync(OrgIdentifier);
                 await _deviceActionService.HideLoadingAsync();
                 if (response.TwoFactor)
                 {
                     StartTwoFactorAction?.Invoke();
+                    return;
                 }
-                else if (response.ResetMasterPassword)
+
+                // Trusted device option is sent regardless if this is a trusted device or not
+                // If it is trusted, it will have the necessary keys
+                if (decryptOptions?.TrustedDeviceOption != null)
                 {
+                    if (await _deviceTrustCryptoService.IsDeviceTrustedAsync())
+                    {
+                        // If we have a device key but no keys on server, we need to remove the device key
+                        if (decryptOptions.TrustedDeviceOption.EncryptedPrivateKey == null && decryptOptions.TrustedDeviceOption.EncryptedUserKey == null)
+                        {
+                            await _deviceTrustCryptoService.RemoveTrustedDeviceAsync();
+                            StartDeviceApprovalOptionsAction?.Invoke();
+                            return;
+                        }
+                        // If user doesn't have a MP, but has reset password permission, they must set a MP
+                        if (!decryptOptions.HasMasterPassword &&
+                            decryptOptions.TrustedDeviceOption.HasManageResetPasswordPermission)
+                        {
+                            StartSetPasswordAction?.Invoke();
+                            return;
+                        }
+                        // Update temp password only if the device is trusted and therefore has a decrypted User Key set
+                        if (response.ForcePasswordReset)
+                        {
+                            UpdateTempPasswordAction?.Invoke();
+                            return;
+                        }
+                        // Device is trusted and has keys, so we can decrypt
+                        _syncService.FullSyncAsync(true).FireAndForget();
+                        SsoAuthSuccessAction?.Invoke();
+                        return;
+                    }
+
+                    // Check for pending Admin Auth requests before navigating to device approval options
+                    var pendingRequest = await _stateService.GetPendingAdminAuthRequestAsync();
+                    if (pendingRequest != null)
+                    {
+                        var authRequest = await _authService.GetPasswordlessLoginRequestByIdAsync(pendingRequest.Id);
+                        if (authRequest?.RequestApproved == true)
+                        {
+                            var authResult = await _authService.LogInPasswordlessAsync(true, await _stateService.GetActiveUserEmailAsync(), authRequest.RequestAccessCode, pendingRequest.Id, pendingRequest.PrivateKey, authRequest.Key, authRequest.MasterPasswordHash);
+                            if (authResult == null && await _stateService.IsAuthenticatedAsync())
+                            {
+                                await Xamarin.Essentials.MainThread.InvokeOnMainThreadAsync(
+                                 () => _platformUtilsService.ShowToast("info", null, AppResources.LoginApproved));
+                                await _stateService.SetPendingAdminAuthRequestAsync(null);
+                                _syncService.FullSyncAsync(true).FireAndForget();
+                                SsoAuthSuccessAction?.Invoke();
+                            }
+                        }
+                        else
+                        {
+                            await _stateService.SetPendingAdminAuthRequestAsync(null);
+                            StartDeviceApprovalOptionsAction?.Invoke();
+                        }
+                    }
+                    else
+                    {
+                        StartDeviceApprovalOptionsAction?.Invoke();
+                    }
+                    return;
+                }
+
+                // In the standard, non TDE case, a user must set password if they don't
+                // have one and they aren't using key connector.
+                // Note: TDE & Key connector are mutually exclusive org config options.
+                if (response.ResetMasterPassword || (decryptOptions?.RequireSetPassword == true))
+                {
+                    // TODO: We need to look into how to handle this when Org removes TDE
+                    // Will we have the User Key by now to set a new password?
                     StartSetPasswordAction?.Invoke();
+                    return;
                 }
-                else if (response.ForcePasswordReset)
-                {
-                    UpdateTempPasswordAction?.Invoke();
-                }
-                else
-                {
-                    var task = Task.Run(async () => await _syncService.FullSyncAsync(true));
-                    SsoAuthSuccessAction?.Invoke();
-                }
+
+                _syncService.FullSyncAsync(true).FireAndForget();
+                SsoAuthSuccessAction?.Invoke();
             }
-            catch (Exception e)
+            catch (Exception)
             {
                 await _deviceActionService.HideLoadingAsync();
                 await _platformUtilsService.ShowDialogAsync(AppResources.LoginSsoError,
                     AppResources.AnErrorHasOccurred);
             }
         }
+
+        private async Task<bool> TryClaimedDomainLogin()
+        {
+            try
+            {
+                await _deviceActionService.ShowLoadingAsync(AppResources.Loading);
+                var userEmail = await _stateService.GetPreLoginEmailAsync();
+                var claimedDomainOrgDetails = await _organizationService.GetClaimedOrganizationDomainAsync(userEmail);
+                await _deviceActionService.HideLoadingAsync();
+
+                if (claimedDomainOrgDetails == null || !claimedDomainOrgDetails.SsoAvailable)
+                {
+                    return false;
+                }
+
+                if (string.IsNullOrEmpty(claimedDomainOrgDetails.OrganizationIdentifier))
+                {
+                    await _platformUtilsService.ShowDialogAsync(AppResources.OrganizationSsoIdentifierRequired, AppResources.AnErrorHasOccurred);
+                    return false;
+                }
+
+                OrgIdentifier = claimedDomainOrgDetails.OrganizationIdentifier;
+                await LogInAsync();
+                return true;
+            }
+            catch (Exception ex)
+            {
+                HandleException(ex);
+            }
+
+            return false;
+        }
     }
 }

src/App/Pages/Accounts/RegisterPage.xaml

@@ -35,7 +35,8 @@
                         x:Name="_email"
                         Text="{Binding Email}"
                         Keyboard="Email"
-                        StyleClass="box-value" />
+                        StyleClass="box-value"
+                        AutomationId="EmailAddressEntry"/>
                 </StackLayout>
                 <Grid StyleClass="box-row">
                     <Grid.RowDefinitions>
@@ -59,7 +60,8 @@
                         IsTextPredictionEnabled="False"
                         IsPassword="{Binding ShowPassword, Converter={StaticResource inverseBool}}"
                         Grid.Row="1"
-                        Grid.Column="0" />
+                        Grid.Column="0"
+                        AutomationId="MasterPasswordEntry"/>
                     <controls:IconButton
                         StyleClass="box-row-button, box-row-button-platform"
                         Text="{Binding ShowPasswordIcon}"
@@ -69,7 +71,8 @@
                         Grid.RowSpan="2"
                         AutomationProperties.IsInAccessibleTree="True"
                         AutomationProperties.Name="{u:I18n ToggleVisibility}" 
-                        AutomationProperties.HelpText="{Binding PasswordVisibilityAccessibilityText}"/>
+                        AutomationProperties.HelpText="{Binding PasswordVisibilityAccessibilityText}"
+                        AutomationId="PasswordVisibilityToggle"/>
                 </Grid>
                 <Label
                     StyleClass="box-sub-label"
@@ -109,7 +112,8 @@
                         IsTextPredictionEnabled="False"
                         IsPassword="{Binding ShowPassword, Converter={StaticResource inverseBool}}"
                         Grid.Row="1"
-                        Grid.Column="0" />
+                        Grid.Column="0"
+                        AutomationId="ConfirmMasterPasswordEntry"/>
                     <controls:IconButton
                         StyleClass="box-row-button, box-row-button-platform"
                         Text="{Binding ShowPasswordIcon}"
@@ -118,6 +122,7 @@
                         Grid.Column="1"
                         Grid.RowSpan="2"
                         AutomationProperties.IsInAccessibleTree="True"
+                        AutomationId="ConfirmPasswordVisibilityToggle"
                         AutomationProperties.Name="{u:I18n ToggleVisibility}"
                         AutomationProperties.HelpText="{Binding PasswordVisibilityAccessibilityText}" />
                 </Grid>
@@ -130,7 +135,8 @@
                         Text="{Binding Hint}"
                         StyleClass="box-value"
                         ReturnType="Go"
-                        ReturnCommand="{Binding SubmitCommand}" />
+                        ReturnCommand="{Binding SubmitCommand}"
+                        AutomationId="MasterPasswordHintLabel" />
                 </StackLayout>
                 <Label
                     Text="{u:I18n MasterPasswordHintDescription}"
@@ -142,7 +148,8 @@
                         IsToggled="{Binding CheckExposedMasterPassword}"
                         StyleClass="box-value"
                         HorizontalOptions="Start"
-                        Margin="0, 0, 10, 0"/>
+                        Margin="0, 0, 10, 0"
+                        AutomationId="CheckExposedMasterPasswordToggle"/>
                     <Label
                         Text="{u:I18n CheckKnownDataBreachesForThisPassword}"
                         StyleClass="box-footer-label"
@@ -154,7 +161,8 @@
                         IsToggled="{Binding AcceptPolicies}"
                         StyleClass="box-value"
                         HorizontalOptions="Start"
-                        Margin="0, 0, 10, 0"/>
+                        Margin="0, 0, 10, 0"
+                        AutomationId="AcceptPoliciesToggle"/>
                     <Label StyleClass="box-footer-label"
                            HorizontalOptions="Fill">
                         <Label.FormattedText>

src/App/Pages/Accounts/RegisterPageViewModel.cs

@@ -48,6 +48,7 @@ namespace Bit.App.Pages
             SubmitCommand = new Command(async () => await SubmitAsync());
             ShowTerms = !_platformUtilsService.IsSelfHost();
             PasswordStrengthViewModel = new PasswordStrengthViewModel(this);
+            CheckExposedMasterPassword = true;
         }
 
         public ICommand PoliciesClickCommand => new Command<string>((url) =>
@@ -147,7 +148,7 @@ namespace Bit.App.Pages
             }
             if (MasterPassword.Length < Constants.MasterPasswordMinimumChars)
             {
-                await _platformUtilsService.ShowDialogAsync(AppResources.MasterPasswordLengthValMessage,
+                await _platformUtilsService.ShowDialogAsync(string.Format(AppResources.MasterPasswordLengthValMessageX, Constants.MasterPasswordMinimumChars),
                     AppResources.AnErrorHasOccurred, AppResources.Ok);
                 return;
             }
@@ -176,25 +177,28 @@ namespace Bit.App.Pages
             Name = string.IsNullOrWhiteSpace(Name) ? null : Name;
             Email = Email.Trim().ToLower();
             var kdfConfig = new KdfConfig(KdfType.PBKDF2_SHA256, Constants.Pbkdf2Iterations, null, null);
-            var key = await _cryptoService.MakeKeyAsync(MasterPassword, Email, kdfConfig);
-            var encKey = await _cryptoService.MakeEncKeyAsync(key);
-            var hashedPassword = await _cryptoService.HashPasswordAsync(MasterPassword, key);
-            var keys = await _cryptoService.MakeKeyPairAsync(encKey.Item1);
+            var newMasterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, Email, kdfConfig);
+            var (newUserKey, newProtectedUserKey) = await _cryptoService.EncryptUserKeyWithMasterKeyAsync(
+                newMasterKey,
+                await _cryptoService.MakeUserKeyAsync()
+            );
+            var hashedPassword = await _cryptoService.HashMasterKeyAsync(MasterPassword, newMasterKey);
+            var (newPublicKey, newProtectedPrivateKey) = await _cryptoService.MakeKeyPairAsync(newUserKey);
             var request = new RegisterRequest
             {
                 Email = Email,
                 Name = Name,
                 MasterPasswordHash = hashedPassword,
                 MasterPasswordHint = Hint,
-                Key = encKey.Item2.EncryptedString,
+                Key = newProtectedUserKey.EncryptedString,
                 Kdf = kdfConfig.Type,
                 KdfIterations = kdfConfig.Iterations,
                 KdfMemory = kdfConfig.Memory,
                 KdfParallelism = kdfConfig.Parallelism,
                 Keys = new KeysRequest
                 {
-                    PublicKey = keys.Item1,
-                    EncryptedPrivateKey = keys.Item2.EncryptedString
+                    PublicKey = newPublicKey,
+                    EncryptedPrivateKey = newProtectedPrivateKey.EncryptedString
                 },
                 CaptchaResponse = _captchaToken,
             };

src/App/Pages/Accounts/RemoveMasterPasswordPageViewModel.cs

@@ -30,14 +30,14 @@ namespace Bit.App.Pages
 
         public async Task Init()
         {
-            Organization = await _keyConnectorService.GetManagingOrganization();
+            Organization = await _keyConnectorService.GetManagingOrganizationAsync();
         }
 
         public async Task MigrateAccount()
         {
             await _deviceActionService.ShowLoadingAsync(AppResources.Loading);
 
-            await _keyConnectorService.MigrateUser();
+            await _keyConnectorService.MigrateUserAsync();
             await _syncService.FullSyncAsync(true);
 
             await _deviceActionService.HideLoadingAsync();
@@ -47,7 +47,7 @@ namespace Bit.App.Pages
         {
             await _deviceActionService.ShowLoadingAsync(AppResources.Loading);
 
-            await _apiService.PostLeaveOrganization(Organization.Id);
+            await _apiService.PostLeaveOrganizationAsync(Organization.Id);
             await _syncService.FullSyncAsync(true);
 
             await _deviceActionService.HideLoadingAsync();

src/App/Pages/Accounts/SetPasswordPageViewModel.cs

@@ -152,7 +152,7 @@ namespace Bit.App.Pages
                 if (MasterPassword.Length < Constants.MasterPasswordMinimumChars)
                 {
                     await Page.DisplayAlert(AppResources.MasterPasswordPolicyValidationTitle,
-                        AppResources.MasterPasswordLengthValMessage, AppResources.Ok);
+                        string.Format(AppResources.MasterPasswordLengthValMessageX, Constants.MasterPasswordMinimumChars), AppResources.Ok);
                     return;
                 }
             }
@@ -165,26 +165,18 @@ namespace Bit.App.Pages
 
             var kdfConfig = new KdfConfig(KdfType.PBKDF2_SHA256, Constants.Pbkdf2Iterations, null, null);
             var email = await _stateService.GetEmailAsync();
-            var key = await _cryptoService.MakeKeyAsync(MasterPassword, email, kdfConfig);
-            var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, key, HashPurpose.ServerAuthorization);
-            var localMasterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, key, HashPurpose.LocalAuthorization);
+            var newMasterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, email, kdfConfig);
+            var masterPasswordHash = await _cryptoService.HashMasterKeyAsync(MasterPassword, newMasterKey, HashPurpose.ServerAuthorization);
+            var localMasterPasswordHash = await _cryptoService.HashMasterKeyAsync(MasterPassword, newMasterKey, HashPurpose.LocalAuthorization);
 
-            Tuple<SymmetricCryptoKey, EncString> encKey;
-            var existingEncKey = await _cryptoService.GetEncKeyAsync();
-            if (existingEncKey == null)
-            {
-                encKey = await _cryptoService.MakeEncKeyAsync(key);
-            }
-            else
-            {
-                encKey = await _cryptoService.RemakeEncKeyAsync(key);
-            }
+            var (newUserKey, newProtectedUserKey) = await _cryptoService.EncryptUserKeyWithMasterKeyAsync(newMasterKey,
+                await _cryptoService.GetUserKeyAsync() ?? await _cryptoService.MakeUserKeyAsync());
 
-            var keys = await _cryptoService.MakeKeyPairAsync(encKey.Item1);
+            var (newPublicKey, newProtectedPrivateKey) = await _cryptoService.MakeKeyPairAsync(newUserKey);
             var request = new SetPasswordRequest
             {
                 MasterPasswordHash = masterPasswordHash,
-                Key = encKey.Item2.EncryptedString,
+                Key = newProtectedUserKey.EncryptedString,
                 MasterPasswordHint = Hint,
                 Kdf = kdfConfig.Type.GetValueOrDefault(KdfType.PBKDF2_SHA256),
                 KdfIterations = kdfConfig.Iterations.GetValueOrDefault(Constants.Pbkdf2Iterations),
@@ -193,8 +185,8 @@ namespace Bit.App.Pages
                 OrgIdentifier = OrgIdentifier,
                 Keys = new KeysRequest
                 {
-                    PublicKey = keys.Item1,
-                    EncryptedPrivateKey = keys.Item2.EncryptedString
+                    PublicKey = newPublicKey,
+                    EncryptedPrivateKey = newProtectedPrivateKey.EncryptedString
                 }
             };
 
@@ -204,19 +196,20 @@ namespace Bit.App.Pages
                 // Set Password and relevant information
                 await _apiService.SetPasswordAsync(request);
                 await _stateService.SetKdfConfigurationAsync(kdfConfig);
-                await _cryptoService.SetKeyAsync(key);
-                await _cryptoService.SetKeyHashAsync(localMasterPasswordHash);
-                await _cryptoService.SetEncKeyAsync(encKey.Item2.EncryptedString);
-                await _cryptoService.SetEncPrivateKeyAsync(keys.Item2.EncryptedString);
+                await _cryptoService.SetUserKeyAsync(newUserKey);
+                await _cryptoService.SetMasterKeyAsync(newMasterKey);
+                await _cryptoService.SetMasterKeyHashAsync(localMasterPasswordHash);
+                await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(newProtectedUserKey.EncryptedString);
+                await _cryptoService.SetUserPrivateKeyAsync(newProtectedPrivateKey.EncryptedString);
 
                 if (ResetPasswordAutoEnroll)
                 {
                     // Grab Organization Keys
                     var response = await _apiService.GetOrganizationKeysAsync(OrgId);
                     var publicKey = CoreHelpers.Base64UrlDecode(response.PublicKey);
-                    // Grab user's Encryption Key and encrypt with Org Public Key
-                    var userEncKey = await _cryptoService.GetEncKeyAsync();
-                    var encryptedKey = await _cryptoService.RsaEncryptAsync(userEncKey.Key, publicKey);
+                    // Grab User Key and encrypt with Org Public Key
+                    var userKey = await _cryptoService.GetUserKeyAsync();
+                    var encryptedKey = await _cryptoService.RsaEncryptAsync(userKey.Key, publicKey);
                     // Request
                     var resetRequest = new OrganizationUserResetPasswordEnrollmentRequest
                     {

src/App/Pages/Accounts/TwoFactorPage.xaml.cs

@@ -4,6 +4,7 @@ using Bit.App.Controls;
 using Bit.App.Models;
 using Bit.App.Utilities;
 using Bit.Core.Abstractions;
+using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Xamarin.Forms;
 
@@ -17,26 +18,29 @@ namespace Bit.App.Pages
 
         private TwoFactorPageViewModel _vm;
         private bool _inited;
-        private bool _authingWithSso;
         private string _orgIdentifier;
 
         public TwoFactorPage(bool? authingWithSso = false, AppOptions appOptions = null, string orgIdentifier = null)
         {
             InitializeComponent();
             SetActivityIndicator();
-            _authingWithSso = authingWithSso ?? false;
             _appOptions = appOptions;
             _orgIdentifier = orgIdentifier;
             _broadcasterService = ServiceContainer.Resolve<IBroadcasterService>("broadcasterService");
             _messagingService = ServiceContainer.Resolve<IMessagingService>("messagingService");
             _vm = BindingContext as TwoFactorPageViewModel;
             _vm.Page = this;
+            _vm.AuthingWithSso = authingWithSso ?? false;
             _vm.StartSetPasswordAction = () =>
                 Device.BeginInvokeOnMainThread(async () => await StartSetPasswordAsync());
             _vm.TwoFactorAuthSuccessAction = () =>
-                Device.BeginInvokeOnMainThread(async () => await TwoFactorAuthSuccessAsync());
+                Device.BeginInvokeOnMainThread(async () => await TwoFactorAuthSuccessToMainAsync());
+            _vm.LockAction = () =>
+                Device.BeginInvokeOnMainThread(TwoFactorAuthSuccessWithSSOLocked);
             _vm.UpdateTempPasswordAction =
                 () => Device.BeginInvokeOnMainThread(async () => await UpdateTempPasswordAsync());
+            _vm.StartDeviceApprovalOptionsAction =
+                () => Device.BeginInvokeOnMainThread(async () => await StartDeviceApprovalOptionsAsync());
             _vm.CloseAction = async () => await Navigation.PopModalAsync();
             DuoWebView = _duoWebView;
             if (Device.RuntimePlatform == Device.Android)
@@ -180,21 +184,25 @@ namespace Bit.App.Pages
             await Navigation.PushModalAsync(new NavigationPage(page));
         }
 
-        private async Task TwoFactorAuthSuccessAsync()
+        private async Task StartDeviceApprovalOptionsAsync()
         {
-            if (_authingWithSso)
+            var page = new LoginApproveDevicePage();
+            await Navigation.PushModalAsync(new NavigationPage(page));
+        }
+
+        private void TwoFactorAuthSuccessWithSSOLocked()
+        {
+            Application.Current.MainPage = new NavigationPage(new LockPage(_appOptions));
+        }
+
+        private async Task TwoFactorAuthSuccessToMainAsync()
+        {
+            if (AppHelpers.SetAlternateMainPage(_appOptions))
             {
-                Application.Current.MainPage = new NavigationPage(new LockPage(_appOptions));
-            }
-            else
-            {
-                if (AppHelpers.SetAlternateMainPage(_appOptions))
-                {
-                    return;
-                }
-                var previousPage = await AppHelpers.ClearPreviousPage();
-                Application.Current.MainPage = new TabsPage(_appOptions, previousPage);
+                return;
             }
+            var previousPage = await AppHelpers.ClearPreviousPage();
+            Application.Current.MainPage = new TabsPage(_appOptions, previousPage);
         }
 
         private void Token_TextChanged(object sender, TextChangedEventArgs e)

src/App/Pages/Accounts/TwoFactorPageViewModel.cs

@@ -11,6 +11,7 @@ using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Request;
+using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Newtonsoft.Json;
 using Xamarin.CommunityToolkit.ObjectModel;
@@ -32,12 +33,12 @@ namespace Bit.App.Pages
         private readonly IStateService _stateService;
         private readonly II18nService _i18nService;
         private readonly IAppIdService _appIdService;
+        private readonly IVaultTimeoutService _vaultTimeoutService;
         private readonly ILogger _logger;
-
+        private readonly IDeviceTrustCryptoService _deviceTrustCryptoService;
         private TwoFactorProviderType? _selectedProviderType;
         private string _totpInstruction;
         private string _webVaultUrl = "https://vault.bitwarden.com";
-        private bool _authingWithSso = false;
         private bool _enableContinue = false;
         private bool _showContinue = true;
 
@@ -54,7 +55,9 @@ namespace Bit.App.Pages
             _stateService = ServiceContainer.Resolve<IStateService>("stateService");
             _i18nService = ServiceContainer.Resolve<II18nService>("i18nService");
             _appIdService = ServiceContainer.Resolve<IAppIdService>("appIdService");
+            _vaultTimeoutService = ServiceContainer.Resolve<IVaultTimeoutService>();
             _logger = ServiceContainer.Resolve<ILogger>();
+            _deviceTrustCryptoService = ServiceContainer.Resolve<IDeviceTrustCryptoService>();
 
             PageTitle = AppResources.TwoStepLogin;
             SubmitCommand = new Command(async () => await SubmitAsync());
@@ -69,6 +72,8 @@ namespace Bit.App.Pages
 
         public bool Remember { get; set; }
 
+        public bool AuthingWithSso { get; set; }
+
         public string Token { get; set; }
 
         public bool DuoMethod => SelectedProviderType == TwoFactorProviderType.Duo ||
@@ -118,6 +123,8 @@ namespace Bit.App.Pages
         public Command SubmitCommand { get; }
         public ICommand MoreCommand { get; }
         public Action TwoFactorAuthSuccessAction { get; set; }
+        public Action LockAction { get; set; }
+        public Action StartDeviceApprovalOptionsAction { get; set; }
         public Action StartSetPasswordAction { get; set; }
         public Action CloseAction { get; set; }
         public Action UpdateTempPasswordAction { get; set; }
@@ -136,8 +143,6 @@ namespace Bit.App.Pages
                 return;
             }
 
-            _authingWithSso = _authService.AuthingWithSso();
-
             if (!string.IsNullOrWhiteSpace(_environmentService.BaseUrl))
             {
                 _webVaultUrl = _environmentService.BaseUrl;
@@ -315,21 +320,84 @@ namespace Bit.App.Pages
 
                 var task = Task.Run(() => _syncService.FullSyncAsync(true));
                 await _deviceActionService.HideLoadingAsync();
+                var decryptOptions = await _stateService.GetAccountDecryptionOptions();
                 _messagingService.Send("listenYubiKeyOTP", false);
                 _broadcasterService.Unsubscribe(nameof(TwoFactorPage));
 
-                if (_authingWithSso && result.ResetMasterPassword)
+                if (decryptOptions?.TrustedDeviceOption != null)
                 {
+                    if (await _deviceTrustCryptoService.IsDeviceTrustedAsync())
+                    {
+                        // If we have a device key but no keys on server, we need to remove the device key
+                        if (decryptOptions.TrustedDeviceOption.EncryptedPrivateKey == null && decryptOptions.TrustedDeviceOption.EncryptedUserKey == null)
+                        {
+                            await _deviceTrustCryptoService.RemoveTrustedDeviceAsync();
+                            StartDeviceApprovalOptionsAction?.Invoke();
+                            return;
+                        }
+                        // If user doesn't have a MP, but has reset password permission, they must set a MP
+                        if (!decryptOptions.HasMasterPassword &&
+                            decryptOptions.TrustedDeviceOption.HasManageResetPasswordPermission)
+                        {
+                            StartSetPasswordAction?.Invoke();
+                            return;
+                        }
+                        // Update temp password only if the device is trusted and therefore has a decrypted User Key set
+                        if (result.ForcePasswordReset)
+                        {
+                            UpdateTempPasswordAction?.Invoke();
+                            return;
+                        }
+
+                        // Device is trusted and has keys, so we can decrypt
+                        _syncService.FullSyncAsync(true).FireAndForget();
+                        await TwoFactorAuthSuccessAsync();
+                        return;
+                    }
+
+                    // Check for pending Admin Auth requests before navigating to device approval options
+                    var pendingRequest = await _stateService.GetPendingAdminAuthRequestAsync();
+                    if (pendingRequest != null)
+                    {
+                        var authRequest = await _authService.GetPasswordlessLoginRequestByIdAsync(pendingRequest.Id);
+                        if (authRequest?.RequestApproved == true)
+                        {
+                            var authResult = await _authService.LogInPasswordlessAsync(true, await _stateService.GetActiveUserEmailAsync(), authRequest.RequestAccessCode, pendingRequest.Id, pendingRequest.PrivateKey, authRequest.Key, authRequest.MasterPasswordHash);
+                            if (authResult == null && await _stateService.IsAuthenticatedAsync())
+                            {
+                                await Xamarin.Essentials.MainThread.InvokeOnMainThreadAsync(
+                                 () => _platformUtilsService.ShowToast("info", null, AppResources.LoginApproved));
+                                await _stateService.SetPendingAdminAuthRequestAsync(null);
+                                _syncService.FullSyncAsync(true).FireAndForget();
+                                await TwoFactorAuthSuccessAsync();
+                            }
+                        }
+                        else
+                        {
+                            await _stateService.SetPendingAdminAuthRequestAsync(null);
+                            StartDeviceApprovalOptionsAction?.Invoke();
+                        }
+                    }
+                    else
+                    {
+                        StartDeviceApprovalOptionsAction?.Invoke();
+                    }
+                    return;
+                }
+
+                // In the standard, non TDE case, a user must set password if they don't
+                // have one and they aren't using key connector.
+                // Note: TDE & Key connector are mutually exclusive org config options.
+                if (result.ResetMasterPassword || (decryptOptions?.RequireSetPassword ?? false))
+                {
+                    // TODO: We need to look into how to handle this when Org removes TDE
+                    // Will we have the User Key by now to set a new password?
                     StartSetPasswordAction?.Invoke();
+                    return;
                 }
-                else if (result.ForcePasswordReset)
-                {
-                    UpdateTempPasswordAction?.Invoke();
-                }
-                else
-                {
-                    TwoFactorAuthSuccessAction?.Invoke();
-                }
+
+                _syncService.FullSyncAsync(true).FireAndForget();
+                await TwoFactorAuthSuccessAsync();
             }
             catch (ApiException e)
             {
@@ -422,5 +490,17 @@ namespace Bit.App.Pages
                 return false;
             }
         }
+
+        public async Task TwoFactorAuthSuccessAsync()
+        {
+            if (AuthingWithSso && await _vaultTimeoutService.IsLockedAsync())
+            {
+                LockAction?.Invoke();
+            }
+            else
+            {
+                TwoFactorAuthSuccessAction?.Invoke();
+            }
+        }
     }
 }

src/App/Pages/Accounts/UpdateTempPasswordPage.xaml

@@ -46,7 +46,7 @@
                            BackgroundColor="Transparent"
                            BorderColor="{DynamicResource PrimaryColor}">
                         <Label
-                            Text="{u:I18n UpdateMasterPasswordWarning}"
+                            Text="{Binding UpdateMasterPasswordWarningText }"
                             StyleClass="text-muted, text-sm, text-bold"
                             HorizontalTextAlignment="Center" />
                     </Frame>
@@ -74,6 +74,40 @@
                             HorizontalTextAlignment="Start" />
                     </Frame>
                 </Grid>
+                <Grid StyleClass="box-row" IsVisible="{Binding RequireCurrentPassword }">
+                    <Grid.RowDefinitions>
+                        <RowDefinition Height="Auto" />
+                        <RowDefinition Height="*" />
+                    </Grid.RowDefinitions>
+                    <Grid.ColumnDefinitions>
+                        <ColumnDefinition Width="*" />
+                        <ColumnDefinition Width="Auto" />
+                    </Grid.ColumnDefinitions>
+                    <Label
+                        Text="{u:I18n CurrentMasterPassword}"
+                        StyleClass="box-label" 
+                        Grid.Row="0"
+                        Grid.Column="0" />
+                    <controls:MonoEntry
+                        x:Name="_currentMasterPassword"
+                        Text="{Binding CurrentMasterPassword}"
+                        StyleClass="box-value"
+                        IsSpellCheckEnabled="False"
+                        IsTextPredictionEnabled="False"
+                        IsPassword="{Binding ShowPassword, Converter={StaticResource inverseBool}}"
+                        Grid.Row="1"
+                        Grid.Column="0" />
+                    <controls:IconButton
+                        StyleClass="box-row-button, box-row-button-platform"
+                        Text="{Binding ShowPasswordIcon}"
+                        Command="{Binding TogglePasswordCommand}"
+                        Grid.Row="0"
+                        Grid.Column="1"
+                        Grid.RowSpan="2"
+                        AutomationProperties.IsInAccessibleTree="True"
+                        AutomationProperties.Name="{u:I18n ToggleVisibility}"
+                        AutomationProperties.HelpText="{Binding PasswordVisibilityAccessibilityText}" />
+                </Grid>
                 <Grid StyleClass="box-row">
                     <Grid.RowDefinitions>
                         <RowDefinition Height="Auto" />