PM-5154 [Passkeys iOS] Fixed empty top space on autofill password list

# Conflicts:
#	.github/workflows/build.yml
#	nuget.config
#	src/App/App.csproj
#	src/App/Platforms/Android/AndroidManifest.xml
#	src/App/Platforms/iOS/AppDelegate.cs
#	src/Core/Core.csproj
#	src/Core/Pages/Settings/AutofillSettingsPageViewModel.android.cs
#	src/Core/Utilities/ThemeManager.cs
#	src/iOS.Autofill/CredentialProviderViewController.cs
#	src/iOS.Autofill/iOS.Autofill.csproj

.github/CODEOWNERS

@@ -21,6 +21,7 @@ src/App/Platforms/iOS/Info.plist
 
 ## Platform team files ##
 appIcons @bitwarden/team-platform-dev
+build.cake @bitwarden/team-platform-dev
 
 ## Vault team files ##
 src/watchOS @bitwarden/team-vault-dev
@@ -29,14 +30,14 @@ src/watchOS @bitwarden/team-vault-dev
 src/Core/Services/EmailForwarders @bitwarden/team-tools-dev
 
 ## Crowdin Sync files ##
-src/Core/Resources/Localization @bitwarden/team-tools-dev
+src/App/Resources @bitwarden/team-tools-dev
 src/watchOS/bitwarden/bitwarden\ WatchKit\ Extension/Localization @bitwarden/team-tools-dev
 store/apple @bitwarden/team-tools-dev
 store/google @bitwarden/team-tools-dev
 
 ## Locales ## 
-src/Core/Resources/Localization/AppResources.Designer.cs
-src/Core/Resources/Localization/AppResources.resx
+src/App/Resources/AppResources.Designer.cs
+src/App/Resources/AppResources.resx
 src/watchOS/bitwarden/bitwarden\ WatchKit\ Extension/Localization/en.lproj
 store/apple/en
 store/google/en

.github/secrets/google-services.json.gpg

@@ -0,0 +1,3 @@
+<EFBFBD>
+	K<>Y#<23>(<28><><EFBFBD><EFBFBD>
EI֐߄T?)l<><6C><EFBFBD><18><><10>"=<3D>|<7C>'e<><0E>m<EFBFBD>/~<7E><>'F<><46>><3E><><EFBFBD><EFBFBD>l<EFBFBD>b<EFBFBD>[<5B>+R<><52>iL<69><4C>"<22><><EFBFBD>~V:<3A><>p<EFBFBD>a<17>ڵel%8t<38><74>튖<EFBFBD>y<<3C>n<EFBFBD><6E><EFBFBD>aU<61>w<16>JD<4A><44><1F><>We<57>9<EFBFBD><39><EFBFBD><EFBFBD><x8d<38>O<EFBFBD>j\<14>ד<EFBFBD><D793><EFBFBD>Vq<56><71>֋
+Ǻ<EFBFBD>-<2D>#<23><><11><>]$<24>(<28>l,<2C>Br<42><02><>d<><64><EFBFBD>•a-<2D><><EFBFBD>:<3A><>:<3A><04>9b,!Em<02><19><>Qf<>D<EFBFBD>g<EFBFBD><06><0E>x(P<>ȡ~<7E>͹<EFBFBD><CDB9>	<09><>[<06><>!:<3A>;f<><66>

.github/workflows/build-beta.yml

@@ -1,350 +0,0 @@
----
-name: Build Beta
-
-on:
-  workflow_dispatch:
-    inputs:
-      ref:
-        description: 'Branch or tag to build'
-        required: true
-        default: 'main'
-        type: string
-
-env:
-  main_app_folder_path: src/App
-  main_app_project_path: src/App/App.csproj
-  target-net-version: net8.0
-
-jobs:
-  setup:
-    name: Setup
-    runs-on: ubuntu-22.04
-    outputs:
-      rc_branch_exists: ${{ steps.branch-check.outputs.rc_branch_exists }}
-      hotfix_branch_exists: ${{ steps.branch-check.outputs.hotfix_branch_exists }}
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          submodules: 'true'
-
-      - name: Check if special branches exist
-        id: branch-check
-        run: |
-          if [[ $(git ls-remote --heads origin rc) ]]; then
-            echo "rc_branch_exists=1" >> $GITHUB_OUTPUT
-          else
-            echo "rc_branch_exists=0" >> $GITHUB_OUTPUT
-          fi
-
-          if [[ $(git ls-remote --heads origin hotfix-rc) ]]; then
-            echo "hotfix_branch_exists=1" >> $GITHUB_OUTPUT
-          else
-            echo "hotfix_branch_exists=0" >> $GITHUB_OUTPUT
-          fi
-
-  ios:
-    name: Apple iOS
-    runs-on: macos-13
-    needs: setup
-    env:
-      ios_folder_path: src/App/Platforms/iOS
-      app_output_name: App
-      app_ci_output_filename: App_x64_Debug
-    steps:
-      - name: Set XCode version
-        uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
-        with:
-          xcode-version: 15.1
-
-      - name: Setup NuGet
-        uses: nuget/setup-nuget@296fd3ccf8528660c91106efefe2364482f86d6f # v1.2.0
-        with:
-          nuget-version: 6.4.0
-      
-      - name: Set up .NET
-        uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
-        with:
-          dotnet-version: '8.0.x'
-  
-      # This step might be obsolete at some point as .NET MAUI workloads 
-      # are starting to come pre-installed on the GH Actions build agents.
-      - name: Install MAUI Workload
-        run: dotnet workload install maui --ignore-failed-sources
-
-      - name: Print environment
-        run: |
-          nuget help | grep Version
-          dotnet --info
-          echo "GitHub ref: $GITHUB_REF"
-          echo "GitHub event: $GITHUB_EVENT"
-
-      - name: Checkout repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          fetch-depth: 0
-          ref: ${{ inputs.ref }}
-          submodules: 'true'
-
-      - name: Login to Azure - CI Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
-        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-
-      - name: Retrieve secrets
-        id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@main
-        with:
-          keyvault: "bitwarden-ci"
-          secrets: "appcenter-ios-token"
-
-      - name: Download Provisioning Profiles secrets
-        env:
-          ACCOUNT_NAME: bitwardenci
-          CONTAINER_NAME: profiles
-        run: |
-          mkdir -p $HOME/secrets
-          profiles=(
-              "dist_beta_autofill.mobileprovision"
-              "dist_beta_bitwarden.mobileprovision"
-              "dist_beta_extension.mobileprovision"
-              "dist_beta_share_extension.mobileprovision"
-              "dist_beta_bitwarden_watch_app.mobileprovision"
-              "dist_beta_bitwarden_watch_app_extension.mobileprovision"
-          )
-
-          for FILE in "${profiles[@]}"
-          do
-            az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
-              --file $HOME/secrets/$FILE --output none
-          done
-
-      - name: Download Google Services secret
-        env:
-          ACCOUNT_NAME: bitwardenci
-          CONTAINER_NAME: mobile
-          FILE: GoogleService-Info.plist
-        run: |
-          mkdir -p $HOME/secrets
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
-            --file $HOME/secrets/$FILE --output none
-
-      - name: Increment version
-        run: |
-          BUILD_NUMBER=$((100 + $GITHUB_RUN_NUMBER))
-          echo "##### Setting CFBundleVersion $BUILD_NUMBER"
-
-          echo "### CFBundleVersion $BUILD_NUMBER" >> $GITHUB_STEP_SUMMARY
-
-          perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./${{ env.ios_folder_path }}/Info.plist
-          perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.Extension/Info.plist
-          perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.Autofill/Info.plist
-          perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.ShareExtension/Info.plist
-          cd src/watchOS/bitwarden
-          agvtool new-version -all  $BUILD_NUMBER
-
-      - name: Update Entitlements
-        run: |
-          echo "##### Updating Entitlements"
-          perl -0777 -pi.bak -e 's/<key>aps-environment<\/key>\s*<string>development<\/string>/<key>aps-environment<\/key>\n\t<string>beta<\/string>/' ./${{ env.ios_folder_path }}/Entitlements.plist
-
-      - name: Get certificates
-        run: |
-          mkdir -p $HOME/certificates
-          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/ios-distribution |
-            jq -r .value | base64 -d > $HOME/certificates/ios-distribution.p12
-
-      - name: Set up Keychain
-        env:
-          KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }}
-          MOBILE_KEY_PASSWORD: ${{ secrets.IOS_KEY_PASSWORD }}
-          DIST_CERT_PASSWORD: ${{ secrets.IOS_DIST_CERT_PASSWORD }}
-        run: |
-          security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
-          security default-keychain -s build.keychain
-          security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
-          security set-keychain-settings -lut 1200 build.keychain
-
-          security import $HOME/certificates/ios-distribution.p12 -k build.keychain -P "" -T /usr/bin/codesign \
-            -T /usr/bin/security
-          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
-
-      - name: Set up provisioning profiles
-        run: |
-          AUTOFILL_PROFILE_PATH=$HOME/secrets/dist_beta_autofill.mobileprovision
-          BITWARDEN_PROFILE_PATH=$HOME/secrets/dist_beta_bitwarden.mobileprovision
-          EXTENSION_PROFILE_PATH=$HOME/secrets/dist_beta_extension.mobileprovision
-          SHARE_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_beta_share_extension.mobileprovision
-          WATCH_APP_PROFILE_PATH=$HOME/secrets/dist_beta_bitwarden_watch_app.mobileprovision
-          WATCH_APP_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_beta_bitwarden_watch_app_extension.mobileprovision
-          PROFILES_DIR_PATH=$HOME/Library/MobileDevice/Provisioning\ Profiles
-
-          mkdir -p "$PROFILES_DIR_PATH"
-
-          AUTOFILL_UUID=$(grep UUID -A1 -a $AUTOFILL_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
-          cp $AUTOFILL_PROFILE_PATH "$PROFILES_DIR_PATH/$AUTOFILL_UUID.mobileprovision"
-
-          BITWARDEN_UUID=$(grep UUID -A1 -a $BITWARDEN_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
-          cp $BITWARDEN_PROFILE_PATH "$PROFILES_DIR_PATH/$BITWARDEN_UUID.mobileprovision"
-
-          EXTENSION_UUID=$(grep UUID -A1 -a $EXTENSION_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
-          cp $EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$EXTENSION_UUID.mobileprovision"
-
-          SHARE_EXTENSION_UUID=$(grep UUID -A1 -a $SHARE_EXTENSION_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
-          cp $SHARE_EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$SHARE_EXTENSION_UUID.mobileprovision"
-
-          WATCH_APP_UUID=$(grep UUID -A1 -a $WATCH_APP_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
-          cp $WATCH_APP_PROFILE_PATH "$PROFILES_DIR_PATH/$WATCH_APP_UUID.mobileprovision"
-
-          WATCH_APP_EXTENSION_UUID=$(grep UUID -A1 -a $WATCH_APP_EXTENSION_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
-          cp $WATCH_APP_EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$WATCH_APP_EXTENSION_UUID.mobileprovision"
-
-      - name: Restore packages
-        run: |
-          dotnet restore
-          dotnet tool restore
-
-      - name: Setup iOS build CAKE (Testing)
-        run: dotnet cake build.cake --target iOS --variant beta
-
-      - name: Bulid WatchApp
-        run: |
-          echo "##### Build WatchApp with Release Configuration"
-          xcodebuild archive -workspace ./src/watchOS/bitwarden/bitwarden.xcodeproj/project.xcworkspace -configuration Release -scheme bitwarden\ WatchKit\ App -archivePath ./src/watchOS/bitwarden
-
-          echo "##### Done"
-
-      - name: Archive Build for App Store
-        shell: pwsh
-        run: |
-          Write-Output "##### Archive for Release ios-arm64"
-          dotnet publish ${{ env.main_app_project_path }} -c Release -f ${{ env.target-net-version }}-ios /p:RuntimeIdentifier=ios-arm64 /p:ArchiveOnBuild=true /p:MtouchUseLlvm=false
-
-          Write-Output "##### Done"
-
-      - name: Archive Build for Mobile Automation
-        shell: pwsh
-        run: |
-          Write-Output "##### Archive Debug for iossimulator-x64"
-          dotnet build ${{ env.main_app_project_path }} -c Debug -f ${{ env.target-net-version }}-ios /p:RuntimeIdentifier=iossimulator-x64 /p:ArchiveOnBuild=true /p:MtouchUseLlvm=false
-
-          Write-Output "##### Done"
-          ls ~/Library/Developer/Xcode/Archives
-          
-      - name: Export .ipa for App Store
-        env:
-          EXPORT_OPTIONS_PATH: ./.github/resources/export-options-app-store.plist
-          EXPORT_PATH: ./bitwarden-export
-        run: |
-          ARCHIVE_PATH="$HOME/Library/Developer/Xcode/Archives/*/*.xcarchive"
-
-          xcodebuild -exportArchive -archivePath $ARCHIVE_PATH -exportPath $EXPORT_PATH \
-            -exportOptionsPlist $EXPORT_OPTIONS_PATH
-
-      - name: Export .app for Automation CI
-        env:
-          ARCHIVE_PATH: ./${{ env.main_app_folder_path }}/bin/Debug/${{ env.target-net-version }}-ios/iossimulator-x64
-          EXPORT_PATH: ./bitwarden-export
-        run: |
-          zip -r -q ${{ env.app_ci_output_filename }}.app.zip $ARCHIVE_PATH
-          mv ${{ env.app_ci_output_filename }}.app.zip $EXPORT_PATH
-
-      - name: Show Bitwarden Export
-        shell: bash
-        run:  ls -a -R ./bitwarden-export
-
-      - name: Copy all dSYMs files to upload
-        env:
-          EXPORT_PATH: ./bitwarden-export
-          WATCH_ARCHIVE_DSYMS_PATH: ./src/watchOS/bitwarden.xcarchive/dSYMs/
-          WATCH_DSYMS_EXPORT_PATH: ./bitwarden-export/Watch_dSYMs
-        run: |
-          ARCHIVE_DSYMS_PATH="$HOME/Library/Developer/Xcode/Archives/*/*.xcarchive/dSYMs"
-
-          cp -r -v $ARCHIVE_DSYMS_PATH $EXPORT_PATH
-          mkdir $WATCH_DSYMS_EXPORT_PATH
-          cp -r -v $WATCH_ARCHIVE_DSYMS_PATH $WATCH_DSYMS_EXPORT_PATH
-
-      - name: Upload App Store .ipa & dSYMs artifacts
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
-        with:
-          name: Bitwarden iOS
-          path: |
-            ./bitwarden-export/Bitwarden*.ipa
-            ./bitwarden-export/dSYMs/*.*
-          if-no-files-found: error
-
-      - name: Upload .app file for Automation CI
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
-        with:
-          name: ${{ env.app_ci_output_filename }}.app.zip
-          path: ./bitwarden-export/${{ env.app_ci_output_filename }}.app.zip
-          if-no-files-found: error
-
-      - name: Install AppCenter CLI
-        run: npm install -g appcenter-cli
-
-      - name: Upload dSYMs to App Center
-        env:
-          APPCENTER_IOS_TOKEN: ${{ steps.retrieve-secrets.outputs.appcenter-ios-token }}
-        run: appcenter crashes upload-symbols -a bitwarden/bitwarden -s "./bitwarden-export/dSYMs" --token $APPCENTER_IOS_TOKEN
-
-      - name: Upload Watch dSYMs to Firebase Crashlytics
-        run: |
-          echo "##### Uploading Watch dSYMs to Firebase"
-          find "$HOME/Library/Developer/XCode/DerivedData" -name "upload-symbols" -exec chmod +x {} \; -exec {} -gsp "./src/watchOS/bitwarden/GoogleService-Info.plist" -p ios "./bitwarden-export/Watch_dSYMs" \;
-
-      - name: Validate app in App Store
-        env:
-          APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
-          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
-        run: |
-          xcrun altool --validate-app --type ios --file "./bitwarden-export/Bitwarden Beta.ipa" \
-              --username "$APPLE_ID_USERNAME" --password "$APPLE_ID_PASSWORD"
-        shell: bash
-
-      - name: Deploy to App Store
-        env:
-          APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
-          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
-        run: |
-          xcrun altool --upload-app --type ios --file "./bitwarden-export/Bitwarden Beta.ipa" \
-              --username "$APPLE_ID_USERNAME" --password "$APPLE_ID_PASSWORD"
-
-  check-failures:
-    name: Check for failures
-    if: always()
-    runs-on: ubuntu-22.04
-    needs:
-      - setup
-      - ios
-    steps:
-      - name: Check if any job failed
-        if: |
-          (github.ref == 'refs/heads/main'
-          || github.ref == 'refs/heads/rc'
-          || github.ref == 'refs/heads/hotfix-rc')
-          && contains(needs.*.result, 'failure')
-        run: exit 1
-
-      - name: Login to Azure - CI Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
-        if: failure()
-        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-
-      - name: Retrieve secrets
-        id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@main
-        if: failure()
-        with:
-          keyvault: "bitwarden-ci"
-          secrets: "devops-alerts-slack-webhook-url"
-
-      - name: Notify Slack on failure
-        uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0
-        if: failure()
-        env:
-          SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}
-        with:
-          status: ${{ job.status }}

.github/workflows/build.yml

@@ -31,7 +31,6 @@ jobs:
       - name: Print lines of code
         run: cloc --vcs git --exclude-dir Resources,store,test,Properties --include-lang C#,XAML
 
-
   setup:
     name: Setup
     runs-on: ubuntu-22.04
@@ -59,7 +58,6 @@ jobs:
             echo "hotfix_branch_exists=0" >> $GITHUB_OUTPUT
           fi
 
-
   android:
     name: Android
     runs-on: windows-2022
@@ -69,8 +67,7 @@ jobs:
       matrix:
         variant: ["prod", "qa"]
     env:
-      android_folder_path: src\App\Platforms\Android
-      android_folder_path_bash: src/App/Platforms/Android
+      android_folder_path: src/App/Platforms/Android
     steps:
       - name: Setup NuGet
         uses: nuget/setup-nuget@296fd3ccf8528660c91106efefe2364482f86d6f # v1.2.0
@@ -85,7 +82,7 @@ jobs:
       - name: Set up MSBuild
         uses: microsoft/setup-msbuild@ede762b26a2de8d110bb5a3db4d7e0e080c0e917 # v1.3.3
 
-      # This step might be obsolete at some point as .NET MAUI workloads
+      # This step might be obsolete at some point as .NET MAUI workloads 
       # are starting to come pre-installed on the GH Actions build agents.
       - name: Install MAUI Workload
         run: dotnet workload install maui --ignore-failed-sources
@@ -96,8 +93,7 @@ jobs:
       - name: Install Microsoft OpenJDK 11
         run: |
           choco install microsoft-openjdk11 --no-progress
-          Write-Output "JAVA_HOME=$(Get-ChildItem -Path 'C:\Program Files\Microsoft\jdk*' | `
-            Select -First 1 -ExpandProperty FullName)" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+          Write-Output "JAVA_HOME=$(Get-ChildItem -Path 'C:\Program Files\Microsoft\jdk*' | Select -First 1 -ExpandProperty FullName)" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
           Write-Output "Java Home: $env:JAVA_HOME"
 
       - name: Print environment
@@ -113,43 +109,39 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Login to Azure - CI Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
-        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-
-      - name: Download secrets
+      - name: Decrypt secrets
         env:
-          ACCOUNT_NAME: bitwardenci
-          CONTAINER_NAME: mobile
+          DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
         run: |
-          mkdir -p $HOME/secrets
+          mkdir -p ~/secrets
 
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
-          --name app_play-keystore.jks --file ./${{ env.android_folder_path_bash }}/app_play-keystore.jks --output none
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
-          --name app_upload-keystore.jks --file ./${{ env.android_folder_path_bash }}/app_upload-keystore.jks --output none
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
-          --name play_creds.json --file $HOME/secrets/play_creds.json --output none
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output ./${{ env.main_app_folder_path }}/app_play-keystore.jks ./.github/secrets/app_play-keystore.jks.gpg
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output ./${{ env.main_app_folder_path }}/app_upload-keystore.jks ./.github/secrets/app_upload-keystore.jks.gpg
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output $HOME/secrets/play_creds.json ./.github/secrets/play_creds.json.gpg
         shell: bash
 
-      - name: Download secrets - Google Services
+      - name: Decrypt secrets - Google Services
         if: ${{ matrix.variant == 'prod' }}
         env:
-          ACCOUNT_NAME: bitwardenci
-          CONTAINER_NAME: mobile
+          DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
         run: |
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
-          --name google-services.json --file ./${{ env.android_folder_path_bash }}/google-services.json --output none
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output ./${{ env.android_folder_path }}/google-services.json ./.github/secrets/google-services.json.gpg
         shell: bash
 
       - name: Increment version
         run: |
           BUILD_NUMBER=$((3000 + $GITHUB_RUN_NUMBER))
-          echo "##### Setting Android Version Code to $BUILD_NUMBER" | tee -a $GITHUB_STEP_SUMMARY
 
+          echo "########################################"
+          echo "##### Setting Version Code $BUILD_NUMBER"
+          echo "########################################"
+          
           sed -i "s/android:versionCode=\"1\"/android:versionCode=\"$BUILD_NUMBER\"/" \
-            ./${{ env.android_folder_path_bash }}/AndroidManifest.xml
+            ./${{ env.android_folder_path }}/AndroidManifest.xml
         shell: bash
 
       - name: Restore packages
@@ -158,70 +150,78 @@ jobs:
       - name: Restore tools
         run: dotnet tool restore
 
-      # - name: Run Core tests
-      #   run: |
-      #     dotnet test test/Core.Test/Core.Test.csproj --logger "trx;LogFileName=test-results.trx" `
-      #       /p:CustomConstants=UT
+      # - name: Verify Format
+      #   run: dotnet tool run dotnet-format --check
 
-      # - name: Report test results
-      #   uses: dorny/test-reporter@eaa763f6ffc21c7a37837f56cd5f9737f27fc6c8 # v1.8.0
-      #   if: always()
-      #   with:
-      #     name: Test Results
-      #     path: "**/test-results.trx"
-      #     reporter: dotnet-trx
-      #     fail-on-error: true
+      - name: Run Core tests
+        run: dotnet test test/Core.Test/Core.Test.csproj --logger "trx;LogFileName=test-results.trx" /p:CustomConstants=UT
+
+      - name: Report test results
+        uses: dorny/test-reporter@eaa763f6ffc21c7a37837f56cd5f9737f27fc6c8 # v1.8.0
+        if: always()
+        with:
+          name: Test Results
+          path: "**/test-results.trx"
+          reporter: dotnet-trx
+          fail-on-error: true
 
       - name: Build Play Store publisher
         if: ${{ matrix.variant == 'prod' }}
-        run: dotnet build .\store\google\Publisher\Publisher.csproj /p:Configuration=Release
+        run: dotnet build ./store/google/Publisher/Publisher.csproj -p:Configuration=Release
 
       - name: Setup Android build  (${{ matrix.variant }})
         run: dotnet cake build.cake --target Android --variant ${{ matrix.variant }}
 
-      - name: Build & Sign Android
+      - name: Build Android
+        run: |
+          $configuration = "Release";
+          $projToBuild = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_project_path }}");
+
+          Write-Output "########################################"
+          Write-Output "##### Build $configuration Configuration"
+          Write-Output "########################################"
+          
+          dotnet build $projToBuild -c $configuration -f ${{ env.target-net-version }}-android
+
+      - name: Sign Android Build
         env:
           PLAY_KEYSTORE_PASSWORD: ${{ secrets.PLAY_KEYSTORE_PASSWORD }}
           UPLOAD_KEYSTORE_PASSWORD: ${{ secrets.UPLOAD_KEYSTORE_PASSWORD }}
         run: |
-          $projToBuild = "$($env:GITHUB_WORKSPACE)/${{ env.main_app_project_path }}";
+          $projToBuild = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_project_path }}");
           $packageName = "com.x8bit.bitwarden";
 
           if ("${{ matrix.variant }}" -ne "prod")
           {
             $packageName = "com.x8bit.bitwarden.${{ matrix.variant }}";
           }
+          Write-Output "########################################"
           Write-Output "##### Sign Google Play Bundle Release Configuration"
+          Write-Output "########################################"
 
-          $signingUploadKeyStore = "$($env:GITHUB_WORKSPACE)\${{ env.android_folder_path }}\app_upload-keystore.jks"
-          dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android `
-            /p:AndroidPackageFormats=aab `
-            /p:AndroidKeyStore=true `
-            /p:AndroidSigningKeyStore=$signingUploadKeyStore `
-            /p:AndroidSigningKeyAlias=upload `
-            /p:AndroidSigningKeyPass="$($env:UPLOAD_KEYSTORE_PASSWORD)" `
-            /p:AndroidSigningStorePass="$($env:UPLOAD_KEYSTORE_PASSWORD)" --no-restore
+          dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android /p:AndroidPackageFormats=aab /p:AndroidKeyStore=true /p:AndroidSigningKeyStore=$("app_upload-keystore.jks") /p:AndroidSigningKeyAlias=upload /p:AndroidSigningKeyPass="$($env:UPLOAD_KEYSTORE_PASSWORD)" /p:AndroidSigningStorePass="$($env:UPLOAD_KEYSTORE_PASSWORD)" --no-restore
 
+          Write-Output "########################################"
           Write-Output "##### Copy Google Play Bundle to project root"
+          Write-Output "########################################"
 
-          $signedAabPath = "$($env:GITHUB_WORKSPACE)\${{ env.main_app_folder_path }}\bin\Release\${{ env.target-net-version }}-android\publish\$($packageName)-Signed.aab";
-          $signedAabDestPath = "$($env:GITHUB_WORKSPACE)\$($packageName).aab";
+          $signedAabPath = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_folder_path }}/bin/Release/${{ env.target-net-version }}-android/publish/$($packageName)-Signed.aab");
+          $signedAabDestPath = $($env:GITHUB_WORKSPACE + "/$($packageName).aab");
           Copy-Item $signedAabPath $signedAabDestPath
 
+          Write-Output "########################################"
           Write-Output "##### Sign APK Release Configuration"
+          Write-Output "########################################"
 
-          $signingPlayKeyStore = "$($env:GITHUB_WORKSPACE)\${{ env.android_folder_path }}\app_play-keystore.jks"
-          dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android `
-            /p:AndroidKeyStore=true `
-            /p:AndroidSigningKeyStore=$signingPlayKeyStore `
-            /p:AndroidSigningKeyAlias=bitwarden `
-            /p:AndroidSigningKeyPass="$($env:PLAY_KEYSTORE_PASSWORD)" `
-            /p:AndroidSigningStorePass="$($env:PLAY_KEYSTORE_PASSWORD)" --no-restore
+          dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android /p:AndroidKeyStore=true /p:AndroidSigningKeyStore=$("app_play-keystore.jks") /p:AndroidSigningKeyAlias=bitwarden /p:AndroidSigningKeyPass="$($env:PLAY_KEYSTORE_PASSWORD)" /p:AndroidSigningStorePass="$($env:PLAY_KEYSTORE_PASSWORD)" --no-restore
 
+          Write-Output "########################################"
           Write-Output "##### Copy Release APK to project root"
+          Write-Output "########################################"
+
+          $signedApkPath = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_folder_path }}/bin/Release/${{ env.target-net-version }}-android/publish/$($packageName)-Signed.apk");
+          $signedApkDestPath = $($env:GITHUB_WORKSPACE + "/$($packageName).apk");
 
-          $signedApkPath = "$($env:GITHUB_WORKSPACE)\${{ env.main_app_folder_path }}\bin\Release\${{ env.target-net-version }}-android\publish\$($packageName)-Signed.apk";
-          $signedApkDestPath = "$($env:GITHUB_WORKSPACE)\$($packageName).apk";
           Copy-Item $signedApkPath $signedApkDestPath
 
       - name: Upload Prod .aab artifact
@@ -283,20 +283,20 @@ jobs:
           || (github.ref == 'refs/heads/rc' && needs.setup.outputs.hotfix_branch_exists == 0)
           || github.ref == 'refs/heads/hotfix-rc' ) }}
         run: |
-          $publisherPath = "$($env:GITHUB_WORKSPACE)\store\google\Publisher\bin\Release\net8.0\Publisher.dll"
-          $credsPath = "$($HOME)\secrets\play_creds.json"
-          $aabPath = "$($env:GITHUB_WORKSPACE)\com.x8bit.bitwarden.aab"
-          $track = "internal"
+          PUBLISHER_PATH="$GITHUB_WORKSPACE/store/google/Publisher/bin/Release/net7.0/Publisher.dll"
+          CREDS_PATH="$HOME/secrets/play_creds.json"
+          AAB_PATH="$GITHUB_WORKSPACE/com.x8bit.bitwarden.aab"
+          TRACK="internal"
 
-          dotnet $publisherPath $credsPath $aabPath $track
+          dotnet $PUBLISHER_PATH $CREDS_PATH $AAB_PATH $TRACK
+        shell: bash
 
 
   f-droid:
     name: F-Droid Build
     runs-on: windows-2022
     env:
-      android_folder_path: src\App\Platforms\Android
-      android_folder_path_bash: src/App/Platforms/Android
+      android_folder_path: src/App/Platforms/Android
       android_manifest_path: src/App/Platforms/Android/AndroidManifest.xml
     steps:
       - name: Setup NuGet
@@ -305,14 +305,14 @@ jobs:
           nuget-version: 6.4.0
 
       - name: Set up .NET
-        uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
+        uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
         with:
           dotnet-version: '8.0.x'
 
       - name: Set up MSBuild
         uses: microsoft/setup-msbuild@ede762b26a2de8d110bb5a3db4d7e0e080c0e917 # v1.3.3
 
-      # This step might be obsolete at some point as .NET MAUI workloads
+      # This step might be obsolete at some point as .NET MAUI workloads 
       # are starting to come pre-installed on the GH Actions build agents.
       - name: Install MAUI Workload
         run: dotnet workload install maui --ignore-failed-sources
@@ -337,25 +337,23 @@ jobs:
       - name: Checkout repo
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - name: Login to Azure - CI Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
-        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-
-      - name: Download secrets
+      - name: Decrypt secrets
         env:
-          ACCOUNT_NAME: bitwardenci
-          CONTAINER_NAME: mobile
-          FILE: app_fdroid-keystore.jks
+          DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
         run: |
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
-            --file ${{ env.android_folder_path_bash }}/$FILE --output none
+          mkdir -p ~/secrets
+
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output ./${{ env.main_app_folder_path }}/app_fdroid-keystore.jks ./.github/secrets/app_fdroid-keystore.jks.gpg
         shell: bash
 
       - name: Increment version
         run: |
           BUILD_NUMBER=$((3000 + $GITHUB_RUN_NUMBER))
-          echo "##### Setting F-Droid Version Code to $BUILD_NUMBER" | tee -a $GITHUB_STEP_SUMMARY
+
+          echo "########################################"
+          echo "##### Setting Version Code $BUILD_NUMBER"
+          echo "########################################"
 
           sed -i "s/android:versionCode=\"1\"/android:versionCode=\"$BUILD_NUMBER\"/" \
             ./${{ env.android_manifest_path }}
@@ -363,16 +361,21 @@ jobs:
 
       - name: Clean for F-Droid
         run: |
-          $directoryBuildProps = $($env:GITHUB_WORKSPACE + "/Directory.Build.props");
+          $appPath = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_project_path }}");
+          $corePath = $($env:GITHUB_WORKSPACE + "/src/Core/Core.csproj");
 
           $androidManifest = $($env:GITHUB_WORKSPACE + "/${{ env.android_manifest_path }}");
 
-          Write-Output "##### Back up project files"
+          Write-Output "########################################"
+          Write-Output "##### Backup project files"
+          Write-Output "########################################"
 
           Copy-Item $androidManifest $($androidManifest + ".original");
-          Copy-Item $directoryBuildProps $($directoryBuildProps + ".original");
+          Copy-Item $appPath $($appPath + ".original");
 
+          Write-Output "########################################"
           Write-Output "##### Cleanup Android Manifest"
+          Write-Output "########################################"
 
           $xml=New-Object XML;
           $xml.Load($androidManifest);
@@ -382,34 +385,39 @@ jobs:
 
           $xml.Save($androidManifest);
 
-          Write-Output "##### Enabling FDROID constant"
-
-          (Get-Content $directoryBuildProps).Replace('<!-- <CustomConstants>FDROID</CustomConstants> -->', '<CustomConstants>FDROID</CustomConstants>') | Set-Content $directoryBuildProps
-
       - name: Restore packages
         run: dotnet restore
 
-      - name: Build & Sign F-Droid
+      - name: Build for F-Droid
+        run: |
+          $configuration = "Release";
+          $projToBuild = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_project_path }}");
+
+          Write-Output "########################################"
+          Write-Output "##### Build $configuration FDROID
+          Write-Output "########################################"
+          
+          dotnet build $projToBuild -c $configuration -f ${{ env.target-net-version }}-android /p:CustomConstants="FDROID"
+
+      - name: Sign for F-Droid
         env:
           FDROID_KEYSTORE_PASSWORD: ${{ secrets.FDROID_KEYSTORE_PASSWORD }}
         run: |
-          $projToBuild = "$($env:GITHUB_WORKSPACE)\${{ env.main_app_project_path }}";
+          $projToBuild = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_project_path }}");
           $packageName = "com.x8bit.bitwarden";
 
+          Write-Output "########################################"
           Write-Output "##### Sign FDroid"
+          Write-Output "########################################"
 
-          $signingFdroidKeyStore = "$($env:GITHUB_WORKSPACE)\${{ env.android_folder_path }}\app_fdroid-keystore.jks"
-          dotnet build $projToBuild -c Release -f ${{ env.target-net-version }}-android `
-            /p:AndroidKeyStore=true `
-            /p:AndroidSigningKeyStore=$signingFdroidKeyStore `
-            /p:AndroidSigningKeyAlias=bitwarden `
-            /p:AndroidSigningKeyPass="$($env:FDROID_KEYSTORE_PASSWORD)" `
-            /p:AndroidSigningStorePass="$($env:FDROID_KEYSTORE_PASSWORD)" ` --no-restore
+          dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android /p:AndroidKeyStore=true /p:AndroidSigningKeyStore=$("app_fdroid-keystore.jks") /p:AndroidSigningKeyAlias=bitwarden /p:AndroidSigningKeyPass="$($env:FDROID_KEYSTORE_PASSWORD)" /p:AndroidSigningStorePass="$($env:FDROID_KEYSTORE_PASSWORD)" /p:CustomConstants="FDROID" --no-restore
 
+          Write-Output "########################################"
           Write-Output "##### Copy FDroid apk to project root"
+          Write-Output "########################################"
 
-          $signedApkPath = "$($env:GITHUB_WORKSPACE)\${{ env.main_app_folder_path }}\bin\Release\${{ env.target-net-version }}-android\$($packageName)-Signed.apk";
-          $signedApkDestPath = "$($env:GITHUB_WORKSPACE)\com.x8bit.bitwarden-fdroid.apk";
+          $signedApkPath = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_folder_path }}/bin/Release/${{ env.target-net-version }}-android/publish/$($packageName)-Signed.apk");
+          $signedApkDestPath = $($env:GITHUB_WORKSPACE + "/com.x8bit.bitwarden-fdroid.apk");
 
           Copy-Item $signedApkPath $signedApkDestPath
 
@@ -432,7 +440,6 @@ jobs:
           path: ./bw-fdroid-apk-sha256.txt
           if-no-files-found: error
 
-
   ios:
     name: Apple iOS
     runs-on: macos-13
@@ -451,13 +458,13 @@ jobs:
         uses: nuget/setup-nuget@296fd3ccf8528660c91106efefe2364482f86d6f # v1.2.0
         with:
           nuget-version: 6.4.0
-
+      
       - name: Set up .NET
-        uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
+        uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
         with:
           dotnet-version: '8.0.x'
-
-      # This step might be obsolete at some point as .NET MAUI workloads
+  
+      # This step might be obsolete at some point as .NET MAUI workloads 
       # are starting to come pre-installed on the GH Actions build agents.
       - name: Install MAUI Workload
         run: dotnet workload install maui --ignore-failed-sources
@@ -486,71 +493,73 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "appcenter-ios-token"
 
-      - name: Download Provisioning Profiles secrets
+      - name: Decrypt secrets
         env:
-          ACCOUNT_NAME: bitwardenci
-          CONTAINER_NAME: profiles
+          DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
         run: |
-          mkdir -p $HOME/secrets
-          profiles=(
-              "dist_autofill.mobileprovision"
-              "dist_bitwarden.mobileprovision"
-              "dist_extension.mobileprovision"
-              "dist_share_extension.mobileprovision"
-              "dist_bitwarden_watch_app.mobileprovision"
-              "dist_bitwarden_watch_app_extension.mobileprovision"
-          )
+          mkdir -p ~/secrets
 
-          for FILE in "${profiles[@]}"
-          do
-            az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
-              --file $HOME/secrets/$FILE --output none
-          done
-
-      - name: Download Google Services secret
-        env:
-          ACCOUNT_NAME: bitwardenci
-          CONTAINER_NAME: mobile
-          FILE: GoogleService-Info.plist
-        run: |
-          mkdir -p $HOME/secrets
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
-            --file src/watchOS/bitwarden/$FILE --output none
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output $HOME/secrets/bitwarden-mobile-key.p12 ./.github/secrets/bitwarden-mobile-key.p12.gpg
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output $HOME/secrets/iphone-distribution-cert.p12 ./.github/secrets/iphone-distribution-cert.p12.gpg
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output $HOME/secrets/dist_autofill.mobileprovision ./.github/secrets/dist_autofill.mobileprovision.gpg
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output $HOME/secrets/dist_bitwarden.mobileprovision ./.github/secrets/dist_bitwarden.mobileprovision.gpg
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output $HOME/secrets/dist_extension.mobileprovision ./.github/secrets/dist_extension.mobileprovision.gpg
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output $HOME/secrets/dist_share_extension.mobileprovision \
+            ./.github/secrets/dist_share_extension.mobileprovision.gpg
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output $HOME/secrets/dist_watch_app.mobileprovision \
+            ./.github/secrets/dist_watch_app.mobileprovision.gpg
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output $HOME/secrets/dist_watch_app_extension.mobileprovision \
+            ./.github/secrets/dist_watch_app_extension.mobileprovision.gpg
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output ./src/watchOS/bitwarden/GoogleService-Info.plist ./.github/secrets/GoogleService-Info.plist.gpg
 
       - name: Increment version
         run: |
           BUILD_NUMBER=$((100 + $GITHUB_RUN_NUMBER))
-          echo "##### Setting iOS CFBundleVersion to $BUILD_NUMBER" | tee -a $GITHUB_STEP_SUMMARY
+
+          echo "########################################"
+          echo "##### Setting CFBundleVersion $BUILD_NUMBER"
+          echo "########################################"
+
+          echo "### CFBundleVersion $BUILD_NUMBER" >> $GITHUB_STEP_SUMMARY
 
           perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./${{ env.ios_folder_path }}/Info.plist
           perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.Extension/Info.plist
           perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.Autofill/Info.plist
           perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.ShareExtension/Info.plist
           cd src/watchOS/bitwarden
-          agvtool new-version -all $BUILD_NUMBER
+          agvtool new-version -all  $BUILD_NUMBER
 
       - name: Update Entitlements
         run: |
+          echo "########################################"
           echo "##### Updating Entitlements"
+          echo "########################################"
+
           perl -0777 -pi.bak -e 's/<key>aps-environment<\/key>\s*<string>development<\/string>/<key>aps-environment<\/key>\n\t<string>production<\/string>/' ./${{ env.ios_folder_path }}/Entitlements.plist
-
-      - name: Get certificates
-        run: |
-          mkdir -p $HOME/certificates
-          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/ios-distribution |
-            jq -r .value | base64 -d > $HOME/certificates/ios-distribution.p12
-
+        
       - name: Set up Keychain
         env:
           KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }}
+          MOBILE_KEY_PASSWORD: ${{ secrets.IOS_KEY_PASSWORD }}
+          DIST_CERT_PASSWORD: ${{ secrets.IOS_DIST_CERT_PASSWORD }}
         run: |
           security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security default-keychain -s build.keychain
           security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security set-keychain-settings -lut 1200 build.keychain
-
-          security import $HOME/certificates/ios-distribution.p12 -k build.keychain -P "" -T /usr/bin/codesign \
-            -T /usr/bin/security
+          security import ~/secrets/bitwarden-mobile-key.p12 -k build.keychain -P $MOBILE_KEY_PASSWORD \
+            -T /usr/bin/codesign -T /usr/bin/security
+          security import ~/secrets/iphone-distribution-cert.p12 -k build.keychain -P $DIST_CERT_PASSWORD \
+            -T /usr/bin/codesign -T /usr/bin/security
           security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
 
       - name: Set up provisioning profiles
@@ -559,8 +568,8 @@ jobs:
           BITWARDEN_PROFILE_PATH=$HOME/secrets/dist_bitwarden.mobileprovision
           EXTENSION_PROFILE_PATH=$HOME/secrets/dist_extension.mobileprovision
           SHARE_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_share_extension.mobileprovision
-          WATCH_APP_PROFILE_PATH=$HOME/secrets/dist_bitwarden_watch_app.mobileprovision
-          WATCH_APP_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_bitwarden_watch_app_extension.mobileprovision
+          WATCH_APP_PROFILE_PATH=$HOME/secrets/dist_watch_app.mobileprovision
+          WATCH_APP_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_watch_app_extension.mobileprovision
           PROFILES_DIR_PATH=$HOME/Library/MobileDevice/Provisioning\ Profiles
 
           mkdir -p "$PROFILES_DIR_PATH"
@@ -588,44 +597,68 @@ jobs:
 
       - name: Bulid WatchApp
         run: |
+          echo "########################################"
           echo "##### Build WatchApp with Release Configuration"
+          echo "########################################"
+
           xcodebuild archive -workspace ./src/watchOS/bitwarden/bitwarden.xcodeproj/project.xcworkspace -configuration Release -scheme bitwarden\ WatchKit\ App -archivePath ./src/watchOS/bitwarden
 
+          echo "########################################"
+          echo "##### Done"
+          echo "########################################"
+
       - name: Archive Build for App Store
         run: |
-          echo "##### Archive for Release ios-arm64"
+          Write-Output "########################################"
+          Write-Output "##### Archive for Release ios-arm64
+          Write-Output "########################################"
+
           dotnet publish ${{ env.main_app_project_path }} -c Release -f ${{ env.target-net-version }}-ios /p:RuntimeIdentifier=ios-arm64 /p:ArchiveOnBuild=true /p:MtouchUseLlvm=false
 
+          Write-Output "########################################"
+          Write-Output "##### Done"
+          Write-Output "########################################"
+        shell: pwsh
+
       - name: Archive Build for Mobile Automation
         run: |
-          echo "##### Archive Debug for iossimulator-x64"
+          Write-Output "########################################"
+          Write-Output "##### Archive Debug for iossimulator-x64
+          Write-Output "########################################"
+
           dotnet build ${{ env.main_app_project_path }} -c Debug -f ${{ env.target-net-version }}-ios /p:RuntimeIdentifier=iossimulator-x64 /p:ArchiveOnBuild=true /p:MtouchUseLlvm=false
-          ls $HOME/Library/Developer/Xcode/Archives
+
+          Write-Output "########################################"
+          Write-Output "##### Done"
+          Write-Output "########################################"
+          ls ~/Library/Developer/Xcode/Archives
+        shell: pwsh
 
       - name: Export .ipa for App Store
-        env:
-          EXPORT_OPTIONS_PATH: ./.github/resources/export-options-app-store.plist
-          EXPORT_PATH: ./bitwarden-export
         run: |
+          EXPORT_OPTIONS_PATH="./.github/resources/export-options-app-store.plist"
           ARCHIVE_PATH="$HOME/Library/Developer/Xcode/Archives/*/*.xcarchive"
+          EXPORT_PATH="./bitwarden-export"
+
           xcodebuild -exportArchive -archivePath $ARCHIVE_PATH -exportPath $EXPORT_PATH \
             -exportOptionsPlist $EXPORT_OPTIONS_PATH
 
       - name: Export .app for Automation CI
-        env:
-          ARCHIVE_PATH: ./${{ env.main_app_folder_path }}/bin/Debug/${{ env.target-net-version }}-ios/iossimulator-x64
-          EXPORT_PATH: ./bitwarden-export
         run: |
+          ARCHIVE_PATH="./${{ env.main_app_folder_path }}/bin/Debug/${{ env.target-net-version }}-ios/iossimulator-x64"
+          EXPORT_PATH="./bitwarden-export"
+
           zip -r -q ${{ env.app_ci_output_filename }}.app.zip $ARCHIVE_PATH
           mv ${{ env.app_ci_output_filename }}.app.zip $EXPORT_PATH
 
       - name: Copy all dSYMs files to upload
-        env:
-          EXPORT_PATH: ./bitwarden-export
-          WATCH_ARCHIVE_DSYMS_PATH: ./src/watchOS/bitwarden.xcarchive/dSYMs/
-          WATCH_DSYMS_EXPORT_PATH: ./bitwarden-export/Watch_dSYMs
         run: |
           ARCHIVE_DSYMS_PATH="$HOME/Library/Developer/Xcode/Archives/*/*.xcarchive/dSYMs"
+          EXPORT_PATH="./bitwarden-export"
+
+          WATCH_ARCHIVE_DSYMS_PATH="./src/watchOS/bitwarden.xcarchive/dSYMs/"
+          WATCH_DSYMS_EXPORT_PATH="$EXPORT_PATH/Watch_dSYMs"
+
           cp -r -v $ARCHIVE_DSYMS_PATH $EXPORT_PATH
           mkdir $WATCH_DSYMS_EXPORT_PATH
           cp -r -v $WATCH_ARCHIVE_DSYMS_PATH $WATCH_DSYMS_EXPORT_PATH
@@ -674,7 +707,10 @@ jobs:
           || (github.ref == 'refs/heads/rc' && needs.setup.outputs.hotfix_branch_exists == 0)
           || github.ref == 'refs/heads/hotfix-rc'
         run: |
+          echo "########################################"
           echo "##### Uploading Watch dSYMs to Firebase"
+          echo "########################################"
+
           find "$HOME/Library/Developer/XCode/DerivedData" -name "upload-symbols" -exec chmod +x {} \; -exec {} -gsp "./src/watchOS/bitwarden/GoogleService-Info.plist" -p ios "./bitwarden-export/Watch_dSYMs" \;
 
       - name: Validate app in App Store
@@ -690,6 +726,7 @@ jobs:
         run: |
           xcrun altool --validate-app --type ios --file "./bitwarden-export/Bitwarden.ipa" \
               --username "$APPLE_ID_USERNAME" --password "$APPLE_ID_PASSWORD"
+        shell: bash
 
       - name: Deploy to App Store
         if: |
@@ -733,13 +770,13 @@ jobs:
           secrets: "crowdin-api-token"
 
       - name: Upload Sources
-        uses: crowdin/github-action@c953b17499daa6be3e5afbf7a63616fb02d8b18d # v1.19.0
+        uses: crowdin/github-action@198daeb2d30636c4608d6a6bb96c009dbefc02a2 # v1.18.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
         with:
           config: crowdin.yml
-          crowdin_branch_name: main
+          crowdin_branch_name: main 
           upload_sources: true
           upload_translations: false
 
@@ -757,11 +794,27 @@ jobs:
     steps:
       - name: Check if any job failed
         if: |
-          (github.ref == 'refs/heads/main'
-          || github.ref == 'refs/heads/rc'
-          || github.ref == 'refs/heads/hotfix-rc')
-          && contains(needs.*.result, 'failure')
-        run: exit 1
+          (github.ref == 'refs/heads/main')
+          || (github.ref == 'refs/heads/rc')
+          || (github.ref == 'refs/heads/hotfix-rc')
+        env:
+          CLOC_STATUS: ${{ needs.cloc.result }}
+          ANDROID_STATUS: ${{ needs.android.result }}
+          F_DROID_STATUS: ${{ needs.f-droid.result }}
+          IOS_STATUS: ${{ needs.ios.result }}
+          CROWDIN_PUSH_STATUS: ${{ needs.crowdin-push.result }}
+        run: |
+          if [ "$CLOC_STATUS" = "failure" ]; then
+              exit 1
+          elif [ "$ANDROID_STATUS" = "failure" ]; then
+              exit 1
+          elif [ "$F_DROID_STATUS" = "failure" ]; then
+              exit 1
+          elif [ "$IOS_STATUS" = "failure" ]; then
+              exit 1
+          elif [ "$CROWDIN_PUSH_STATUS" = "failure" ]; then
+              exit 1
+          fi
 
       - name: Login to Azure - CI Subscription
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0

.github/workflows/cleanup-rc-branch.yml

@@ -1,53 +0,0 @@
----
-name: Cleanup RC Branch
-
-on:
-  push:
-    tags:
-      - v**
-
-jobs:
-  delete-rc:
-    name: Delete RC Branch
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Login to Azure - CI Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
-        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-
-      - name: Retrieve bot secrets
-        id: retrieve-bot-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@main
-        with:
-          keyvault: bitwarden-ci
-          secrets: "github-pat-bitwarden-devops-bot-repo-scope"
-
-      - name: Checkout main
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          ref: main
-          token: ${{ steps.retrieve-bot-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
-
-      - name: Check if a RC branch exists
-        id: branch-check
-        run: |
-          hotfix_rc_branch_check=$(git ls-remote --heads origin hotfix-rc | wc -l)
-          rc_branch_check=$(git ls-remote --heads origin rc | wc -l)
-
-          if [[ "${hotfix_rc_branch_check}" -gt 0 ]]; then
-            echo "hotfix-rc branch exists." | tee -a $GITHUB_STEP_SUMMARY
-            echo "name=hotfix-rc" >> $GITHUB_OUTPUT
-          elif [[ "${rc_branch_check}" -gt 0 ]]; then
-            echo "rc branch exists." | tee -a $GITHUB_STEP_SUMMARY
-            echo "name=rc" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Delete RC branch
-        env:
-          BRANCH_NAME: ${{ steps.branch-check.outputs.name }}
-        run: |
-          if ! [[ -z "$BRANCH_NAME" ]]; then
-            git push --quiet origin --delete $BRANCH_NAME
-            echo "Deleted $BRANCH_NAME branch." | tee -a $GITHUB_STEP_SUMMARY
-          fi

.github/workflows/crowdin-pull.yml

@@ -15,7 +15,7 @@ jobs:
       _CROWDIN_PROJECT_ID: "269690"
     steps:
       - name: Checkout repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       - name: Login to Azure - CI Subscription
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@@ -30,7 +30,7 @@ jobs:
           secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"
 
       - name: Download translations
-        uses: crowdin/github-action@c953b17499daa6be3e5afbf7a63616fb02d8b18d # v1.19.0
+        uses: crowdin/github-action@198daeb2d30636c4608d6a6bb96c009dbefc02a2 # v1.18.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}

.github/workflows/pr-labeler.yml

@@ -12,6 +12,6 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
+      - uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594  # v4.3.0
         with:
           sync-labels: true

.github/workflows/release.yml

@@ -28,7 +28,7 @@ jobs:
       branch-name: ${{ steps.branch.outputs.branch-name }}
     steps:
       - name: Branch check
-        if: inputs.release_type != 'Dry Run'
+        if: github.event.inputs.release_type != 'Dry Run'
         run: |
           if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
             echo "==================================="
@@ -38,15 +38,15 @@ jobs:
           fi
 
       - name: Checkout repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       - name: Check Release Version
         id: version
         uses: bitwarden/gh-actions/release-version-check@main
         with:
-          release-type: ${{ inputs.release_type }}
+          release-type: ${{ github.event.inputs.release_type }}
           project-type: xamarin
-          file: src/App/Platforms/Android/AndroidManifest.xml
+          file: src/Android/Properties/AndroidManifest.xml
 
       - name: Get branch name
         id: branch
@@ -55,7 +55,7 @@ jobs:
           echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT
 
       - name: Create GitHub deployment
-        if: ${{ inputs.release_type != 'Dry Run' }}
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
         uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
         id: deployment
         with:
@@ -67,16 +67,16 @@ jobs:
 
 
       - name: Download all artifacts
-        if: ${{ inputs.release_type != 'Dry Run' }}
-        uses: dawidd6/action-download-artifact@71072fbb1229e1317f1a8de6b04206afb461bd67 # v3.1.2
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d # v3.0.0
         with:
           workflow: build.yml
           workflow_conclusion: success
           branch: ${{ steps.branch.outputs.branch-name }}
 
       - name: Dry Run - Download all artifacts
-        if: ${{ inputs.release_type == 'Dry Run' }}
-        uses: dawidd6/action-download-artifact@71072fbb1229e1317f1a8de6b04206afb461bd67 # v3.1.2
+        if: ${{ github.event.inputs.release_type == 'Dry Run' }}
+        uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d # v3.0.0
         with:
           workflow: build.yml
           workflow_conclusion: success
@@ -86,7 +86,7 @@ jobs:
         run: zip -r Bitwarden\ iOS.zip Bitwarden\ iOS
 
       - name: Create release
-        if: ${{ inputs.release_type != 'Dry Run' }}
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
         uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
         with:
           artifacts: "./com.x8bit.bitwarden.aab/com.x8bit.bitwarden.aab,
@@ -103,16 +103,16 @@ jobs:
           draft: true
 
       - name: Update deployment status to Success
-        if: ${{ inputs.release_type != 'Dry Run' && success() }}
-        uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
+        if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }}
+        uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
         with:
           token: '${{ secrets.GITHUB_TOKEN }}'
           state: 'success'
           deployment-id: ${{ steps.deployment.outputs.deployment_id }}
 
       - name: Update deployment status to Failure
-        if: ${{ inputs.release_type != 'Dry Run' && failure() }}
-        uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
+        if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }}
+        uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
         with:
           token: '${{ secrets.GITHUB_TOKEN }}'
           state: 'failure'
@@ -126,11 +126,11 @@ jobs:
     if: inputs.fdroid_publish
     steps:
       - name: Checkout repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       - name: Download F-Droid .apk artifact
-        if: ${{ inputs.release_type != 'Dry Run' }}
-        uses: dawidd6/action-download-artifact@71072fbb1229e1317f1a8de6b04206afb461bd67 # v3.1.2
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d # v3.0.0
         with:
           workflow: build.yml
           workflow_conclusion: success
@@ -138,8 +138,8 @@ jobs:
           name: com.x8bit.bitwarden-fdroid.apk
 
       - name: Dry Run - Download F-Droid .apk artifact
-        if: ${{ inputs.release_type == 'Dry Run' }}
-        uses: dawidd6/action-download-artifact@71072fbb1229e1317f1a8de6b04206afb461bd67 # v3.1.2
+        if: ${{ github.event.inputs.release_type == 'Dry Run' }}
+        uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d # v3.0.0
         with:
           workflow: build.yml
           workflow_conclusion: success
@@ -176,19 +176,13 @@ jobs:
       - name: Install Node dependencies
         run: npm install
 
-      - name: Login to Azure - CI Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
-        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-
-      - name: Download secrets
+      - name: Decrypt secrets
         env:
-          ACCOUNT_NAME: bitwardenci
-          CONTAINER_NAME: mobile
+          DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
         run: |
-          mkdir -p $HOME/secrets
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
-          --name store_fdroid-keystore.jks --file ./store/fdroid/keystore.jks --output none
+          mkdir -p ~/secrets
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output ./store/fdroid/keystore.jks ./.github/secrets/store_fdroid-keystore.jks.gpg
 
       - name: Compile for F-Droid Store
         env:
@@ -217,5 +211,5 @@ jobs:
           cd $GITHUB_WORKSPACE
 
       - name: Deploy to gh-pages
-        if: ${{ inputs.release_type != 'Dry Run' }}
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
         run: npm run deploy

.github/workflows/version-auto-bump.yml

@@ -11,6 +11,24 @@ jobs:
     name: Bump Mobile Version
     runs-on: ubuntu-22.04
     steps:
+      - name: Checkout Branch
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Calculate bumped version
+        id: version
+        env:
+          RELEASE_TAG: ${{ github.ref }}
+        run: |
+          CURR_MAJOR=$(echo $RELEASE_TAG | sed -r 's/refs\/tags\/v([0-9]{4}\.[0-9]{1,2})\.([0-9]{1,2})/\1/')
+          CURR_PATCH=$(echo $RELEASE_TAG | sed -r 's/refs\/tags\/v([0-9]{4}\.[0-9]{1,2})\.([0-9]{1,2})/\2/')
+          echo "Current Major: $CURR_MAJOR"
+          echo "Current Patch: $CURR_PATCH"
+
+          NEW_PATCH=$((CURR_PATCH+1))
+          NEW_VER=$CURR_MAJOR.$NEW_PATCH
+          echo "New Version: $NEW_VER"
+          echo "new_version=$NEW_VER" >> $GITHUB_OUTPUT
+
       - name: Login to Azure - CI Subscription
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
         with:
@@ -23,9 +41,9 @@ jobs:
           keyvault: bitwarden-ci
           secrets: "github-pat-bitwarden-devops-bot-repo-scope"
 
-      - name: Trigger Version Bump workflow
+      - name: "Bump version to ${{ steps.version.outputs.new_version }}"
         env:
           GH_TOKEN: ${{ steps.retrieve-bot-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
         run: |
-          echo '{"cut_rc_branch": "false"}' | \
-          gh workflow run version-bump.yml --json --repo bitwarden/mobile
+          echo '{"cut_rc_branch": "false", "version_number": "${{ steps.version.outputs.new_version }}"}' | \
+          gh workflow run version-bump.yml --json --repo bitwarden/mobile

.github/workflows/version-bump.yml

@@ -1,13 +1,13 @@
 ---
 name: Version Bump
+run-name: Version Bump - v${{ inputs.version_number }}
 
 on:
   workflow_dispatch:
     inputs:
-      version_number_override:
-        description: "New version override (leave blank for automatic calculation, example: '2024.1.0')"
-        required: false
-        type: string
+      version_number:
+        description: "New version (example: '2024.1.0')"
+        required: true
       cut_rc_branch:
         description: "Cut RC branch?"
         default: true
@@ -15,16 +15,22 @@ on:
 
 jobs:
   bump_version:
-    name: Bump Version
+    name: "Bump Version to v${{ inputs.version_number }}"
     runs-on: ubuntu-22.04
-    outputs:
-      version: ${{ steps.set-final-version-output.outputs.version }}
     steps:
-      - name: Validate version input
-        if: ${{ inputs.version_number_override != '' }}
-        uses: bitwarden/gh-actions/version-check@main
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
         with:
-          version: ${{ inputs.version_number_override }}
+         creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "github-gpg-private-key,
+            github-gpg-private-key-passphrase,
+            github-pat-bitwarden-devops-bot-repo-scope"
 
       - name: Checkout Branch
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -41,20 +47,6 @@ jobs:
             exit 1
           fi
 
-      - name: Login to Azure - CI Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
-        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-
-      - name: Retrieve secrets
-        id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@main
-        with:
-          keyvault: "bitwarden-ci"
-          secrets: "github-gpg-private-key,
-            github-gpg-private-key-passphrase,
-            github-pat-bitwarden-devops-bot-repo-scope"
-
       - name: Import GPG key
         uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
         with:
@@ -63,38 +55,25 @@ jobs:
           git_user_signingkey: true
           git_commit_gpgsign: true
 
-      - name: Setup git
-        run: |
-          git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
-          git config --local user.name "bitwarden-devops-bot"
-
       - name: Create Version Branch
         id: create-branch
         run: |
-          NAME=version_bump_${{ github.ref_name }}_$(date +"%Y-%m-%d")
+          NAME=version_bump_${{ github.ref_name }}_${{ inputs.version_number }}
           git switch -c $NAME
           echo "name=$NAME" >> $GITHUB_OUTPUT
 
       - name: Install xmllint
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y libxml2-utils
-
-      - name: Get current version
-        id: current-version
-        run: |
-          CURRENT_VERSION=$(xmllint --xpath '
-            string(/manifest/@*[local-name()="versionName"
-              and namespace-uri()="http://schemas.android.com/apk/res/android"])
-            ' src/App/Platforms/Android/AndroidManifest.xml)
-          echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
+        run: sudo apt install -y libxml2-utils
 
       - name: Verify input version
-        if: ${{ inputs.version_number_override != '' }}
         env:
-          CURRENT_VERSION: ${{ steps.current-version.outputs.version }}
-          NEW_VERSION: ${{ inputs.version_number_override }}
+          NEW_VERSION: ${{ inputs.version_number }}
         run: |
+          CURRENT_VERSION=$(xmllint --xpath '
+            string(/manifest/@*[local-name()="versionName" 
+              and namespace-uri()="http://schemas.android.com/apk/res/android"])
+            ' src/App/Platforms/Android/AndroidManifest.xml)
+
           # Error if version has not changed.
           if [[ "$NEW_VERSION" == "$CURRENT_VERSION" ]]; then
             echo "Version has not changed."
@@ -110,93 +89,40 @@ jobs:
             exit 1
           fi
 
-      - name: Calculate next release version
-        if: ${{ inputs.version_number_override == '' }}
-        id: calculate-next-version
-        uses: bitwarden/gh-actions/version-next@main
-        with:
-          version: ${{ steps.current-version.outputs.version }}
-
-      - name: Bump Version - Android XML - Version Override
-        if: ${{ inputs.version_number_override != '' }}
-        id: bump-version-override
+      - name: Bump Version - Android XML
         uses: bitwarden/gh-actions/version-bump@main
         with:
+          version: ${{ inputs.version_number }}
           file_path: "src/App/Platforms/Android/AndroidManifest.xml"
-          version: ${{ inputs.version_number_override }}
 
-      - name: Bump Version - Android XML - Automatic Calculation
-        if: ${{ inputs.version_number_override == '' }}
-        id: bump-version-automatic
-        uses: bitwarden/gh-actions/version-bump@main
-        with:
-          file_path: "src/App/Platforms/Android/AndroidManifest.xml"
-          version: ${{ steps.calculate-next-version.outputs.version }}
-
-      - name: Bump Version - iOS.Autofill - Version Override
-        if: ${{ inputs.version_number_override != '' }}
+      - name: Bump Version - iOS.Autofill
         uses: bitwarden/gh-actions/version-bump@main
         with:
+          version: ${{ inputs.version_number }}
           file_path: "src/iOS.Autofill/Info.plist"
-          version: ${{ inputs.version_number_override }}
 
-      - name: Bump Version - iOS.Autofill - Automatic Calculation
-        if: ${{ inputs.version_number_override == '' }}
-        uses: bitwarden/gh-actions/version-bump@main
-        with:
-          file_path: "src/iOS.Autofill/Info.plist"
-          version: ${{ steps.calculate-next-version.outputs.version }}
-
-      - name: Bump Version - iOS.Extension - Version Override
-        if: ${{ inputs.version_number_override != '' }}
+      - name: Bump Version - iOS.Extension
         uses: bitwarden/gh-actions/version-bump@main
         with:
+          version: ${{ inputs.version_number }}
           file_path: "src/iOS.Extension/Info.plist"
-          version: ${{ inputs.version_number_override }}
 
-      - name: Bump Version - iOS.Extension - Automatic Calculation
-        if: ${{ inputs.version_number_override == '' }}
-        uses: bitwarden/gh-actions/version-bump@main
-        with:
-          file_path: "src/iOS.Extension/Info.plist"
-          version: ${{ steps.calculate-next-version.outputs.version }}
-
-      - name: Bump Version - iOS.ShareExtension - Version Override
-        if: ${{ inputs.version_number_override != '' }}
+      - name: Bump Version - iOS.ShareExtension
         uses: bitwarden/gh-actions/version-bump@main
         with:
+          version: ${{ inputs.version_number }}
           file_path: "src/iOS.ShareExtension/Info.plist"
-          version: ${{ inputs.version_number_override }}
 
-      - name: Bump Version - iOS.ShareExtension - Automatic Calculation
-        if: ${{ inputs.version_number_override == '' }}
-        uses: bitwarden/gh-actions/version-bump@main
-        with:
-          file_path: "src/iOS.ShareExtension/Info.plist"
-          version: ${{ steps.calculate-next-version.outputs.version }}
-
-      - name: Bump Version - iOS - Version Override
-        if: ${{ inputs.version_number_override != '' }}
+      - name: Bump Version - iOS
         uses: bitwarden/gh-actions/version-bump@main
         with:
+          version: ${{ inputs.version_number }}
           file_path: "src/App/Platforms/iOS/Info.plist"
-          version: ${{ inputs.version_number_override }}
 
-      - name: Bump Version - iOS - Automatic Calculation
-        if: ${{ inputs.version_number_override == '' }}
-        uses: bitwarden/gh-actions/version-bump@main
-        with:
-          file_path: "src/App/Platforms/iOS/Info.plist"
-          version: ${{ steps.calculate-next-version.outputs.version }}
-
-      - name: Set Job output
-        id: set-final-version-output
+      - name: Setup git
         run: |
-          if [[ "${{ steps.bump-version-override.outcome }}" == "success" ]]; then
-            echo "version=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT
-          elif [[ "${{ steps.bump-version-automatic.outcome }}" == "success" ]]; then
-            echo "version=${{ steps.calculate-next-version.outputs.version }}" >> $GITHUB_OUTPUT
-          fi
+          git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
+          git config --local user.name "bitwarden-devops-bot"
 
       - name: Check if version changed
         id: version-changed
@@ -210,7 +136,7 @@ jobs:
 
       - name: Commit files
         if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        run: git commit -m "Bumped version to ${{ steps.set-final-version-output.outputs.version }}" -a
+        run: git commit -m "Bumped version to ${{ inputs.version_number }}" -a
 
       - name: Push changes
         if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
@@ -224,7 +150,7 @@ jobs:
         env:
           GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
           PR_BRANCH: ${{ steps.create-branch.outputs.name }}
-          TITLE: "Bump version to ${{ steps.set-final-version-output.outputs.version }}"
+          TITLE: "Bump version to ${{ inputs.version_number }}"
         run: |
           PR_URL=$(gh pr create --title "$TITLE" \
             --base "main" \
@@ -240,18 +166,16 @@ jobs:
               - [X] Other
 
               ## Objective
-              Automated version bump to ${{ steps.set-final-version-output.outputs.version }}")
+              Automated version bump to ${{ inputs.version_number }}")
           echo "pr_number=${PR_URL##*/}" >> $GITHUB_OUTPUT
 
       - name: Approve PR
-        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }}
         run: gh pr review $PR_NUMBER --approve
 
       - name: Merge PR
-        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
         env:
           GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
           PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }}
@@ -259,30 +183,28 @@ jobs:
 
   cut_rc:
     name: Cut RC branch
-    if: ${{ inputs.cut_rc_branch == true }}
     needs: bump_version
+    if: ${{ inputs.cut_rc_branch == true }}
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout Branch
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           ref: main
-
+      
       - name: Install xmllint
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y libxml2-utils
+        run: sudo apt install -y libxml2-utils
 
       - name: Verify version has been updated
         env:
-          NEW_VERSION: ${{ needs.bump_version.outputs.version }}
+          NEW_VERSION: ${{ inputs.version_number }}
         run: |
           # Wait for version to change.
           while : ; do
             echo "Waiting for version to be updated..."
             git pull --force
             CURRENT_VERSION=$(xmllint --xpath '
-            string(/manifest/@*[local-name()="versionName"
+            string(/manifest/@*[local-name()="versionName" 
               and namespace-uri()="http://schemas.android.com/apk/res/android"])
             ' src/App/Platforms/Android/AndroidManifest.xml)
 

.github/workflows/workflow-linter.yml

@@ -0,0 +1,11 @@
+---
+name: Workflow Linter
+
+on:
+  pull_request:
+    paths:
+      - .github/workflows/**
+
+jobs:
+  call-workflow:
+    uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@main

.gitignore

@@ -148,6 +148,7 @@ publish/
 
 # NuGet Packages
 *.nupkg
+!**/Xamarin.AndroidX.Credentials.1.0.0.nupkg
 # The packages folder can be ignored because of Package Restore
 **/packages/*
 # except build/, which is used as an MSBuild target.

Directory.Build.props

@@ -1,6 +1,6 @@
 <Project>
  <PropertyGroup>
-   <MauiVersion>8.0.7</MauiVersion>
+   <MauiVersion>8.0.7-nightly.*</MauiVersion>
    <ReleaseCodesignProvision>Automatic:AppStore</ReleaseCodesignProvision>
    <ReleaseCodesignKey>iPhone Distribution</ReleaseCodesignKey>
    <IncludeBitwardeniOSExtensions>True</IncludeBitwardeniOSExtensions>
@@ -9,8 +9,5 @@
    
    <!-- Uncomment this when Unit Testing-->
    <!-- <CustomConstants>UT</CustomConstants> -->
-
-   <!-- Uncomment this when building FDROID-->
-   <!-- <CustomConstants>FDROID</CustomConstants> -->
  </PropertyGroup>
-</Project>
+</Project>

README.md

@@ -12,7 +12,7 @@ The Bitwarden mobile application is written in C# using .NET MAUI.
 
 # Build/Run
 
-Please refer to the [Mobile section](https://contributing.bitwarden.com/getting-started/mobile/) of the [Contributing Documentation](https://contributing.bitwarden.com/) for build instructions, recommended tooling, code style tips, and lots of other great information to get you started.
+Please refer to the [Mobile section](https://contributing.bitwarden.com/getting-started/clients/mobile/) of the [Contributing Documentation](https://contributing.bitwarden.com/) for build instructions, recommended tooling, code style tips, and lots of other great information to get you started.
 
 # We're Hiring!
 

build.cake

@@ -15,18 +15,16 @@ abstract record VariantConfig(
     string AppName, 
     string AndroidPackageName,
     string iOSBundleId,
-    string ApsEnvironment,
-    string DistProvisioningProfilePrefix
+    string ApsEnvironment
     );
 
 const string BASE_BUNDLE_ID_DROID = "com.x8bit.bitwarden";
 const string BASE_BUNDLE_ID_IOS = "com.8bit.bitwarden";
 
-//NOTE: Beta iOS variants have a different ITSEncryptionExportComplianceCode 
-record Dev(): VariantConfig("Bitwarden Dev", $"{BASE_BUNDLE_ID_DROID}.dev", $"{BASE_BUNDLE_ID_IOS}.dev", "development", "Dist:");
-record QA(): VariantConfig("Bitwarden QA", $"{BASE_BUNDLE_ID_DROID}.qa", $"{BASE_BUNDLE_ID_IOS}.qa", "development", "Dist:");
-record Beta(): VariantConfig("Bitwarden Beta", $"{BASE_BUNDLE_ID_DROID}.beta", $"{BASE_BUNDLE_ID_IOS}.beta", "production", "Dist: Beta");
-record Prod(): VariantConfig("Bitwarden", $"{BASE_BUNDLE_ID_DROID}", $"{BASE_BUNDLE_ID_IOS}", "production", "Dist:");
+record Dev(): VariantConfig("Bitwarden Dev", $"{BASE_BUNDLE_ID_DROID}.dev", $"{BASE_BUNDLE_ID_IOS}.dev", "development");
+record QA(): VariantConfig("Bitwarden QA", $"{BASE_BUNDLE_ID_DROID}.qa", $"{BASE_BUNDLE_ID_IOS}.qa", "development");
+record Beta(): VariantConfig("Bitwarden Beta", $"{BASE_BUNDLE_ID_DROID}.beta", $"{BASE_BUNDLE_ID_IOS}.beta", "production");
+record Prod(): VariantConfig("Bitwarden", $"{BASE_BUNDLE_ID_DROID}", $"{BASE_BUNDLE_ID_IOS}", "production");
 
 VariantConfig GetVariant() => variant.ToLower() switch{
     "qa" => new QA(),
@@ -199,8 +197,7 @@ private void UpdateiOSInfoPlist(string plistPath, VariantConfig buildVariant, Gi
     var prevBundleId = plist["CFBundleIdentifier"];
     var prevBundleName = plist["CFBundleName"];
     //var newVersion = CreateBuildNumber(prevVersion).ToString();
-    // we need to maintain version formatting here composed of one to three period-separated integers, so we cannot use the GetVersionName method as in Android for non-Prod.
-    var newVersionName = prevVersionName;
+    var newVersionName = GetVersionName(prevVersionName, buildVariant, git);
     var newBundleId = GetiOSBundleId(buildVariant, projectType);
     var newBundleName = GetiOSBundleName(buildVariant, projectType);
 
@@ -222,11 +219,6 @@ private void UpdateiOSInfoPlist(string plistPath, VariantConfig buildVariant, Gi
         plist["NSExtension"]["NSExtensionAttributes"]["NSExtensionActivationRule"] = keyText.Replace("com.8bit.bitwarden", buildVariant.iOSBundleId);
     }
 
-    if(buildVariant is Beta)
-    {
-        plist["ITSEncryptionExportComplianceCode"] = "3dd3e32f-efa6-4d99-b410-28aa28b1cb77";
-    }
-
     SerializePlist(plistFile, plist);
 
     Information($"Changed app name from {prevBundleName} to {newBundleName}");
@@ -236,15 +228,12 @@ private void UpdateiOSInfoPlist(string plistPath, VariantConfig buildVariant, Gi
     Information($"{plistPath} updated with success!");
 }
 
-private void UpdateiOSEntitlementsPlist(string entitlementsPath, VariantConfig buildVariant, bool updateApsEnv)
+private void UpdateiOSEntitlementsPlist(string entitlementsPath, VariantConfig buildVariant)
 {
     var EntitlementlistFile = File(entitlementsPath);
     dynamic Entitlements = DeserializePlist(EntitlementlistFile);
 
-    if (updateApsEnv)
-    {
-        Entitlements["aps-environment"] = buildVariant.ApsEnvironment;
-    }
+    Entitlements["aps-environment"] = buildVariant.ApsEnvironment;
     Entitlements["keychain-access-groups"] = new List<string>() { "$(AppIdentifierPrefix)" + buildVariant.iOSBundleId };
     Entitlements["com.apple.security.application-groups"] = new List<string>() { $"group.{buildVariant.iOSBundleId}" };;
 
@@ -283,10 +272,9 @@ private void UpdateWatchPbxproj(string pbxprojPath, string newVersion)
     const string pattern = @"MARKETING_VERSION = [^;]*;";
 
     fileText = Regex.Replace(fileText, pattern, $"MARKETING_VERSION = {newVersion};");
-    
-    FileWriteText(pbxprojPath, fileText);
 
-    Information($"{pbxprojPath} modified Marketing Version successfully.");
+    FileWriteText(pbxprojPath, fileText);
+    Information($"{pbxprojPath} modified successfully.");
 }
 
 /// <summary>
@@ -339,7 +327,7 @@ Task("UpdateiOSPlist")
         var infoPath = Path.Combine(_slnPath, "src", "App", "Platforms", "iOS", "Info.plist");
         var entitlementsPath = Path.Combine(_slnPath, "src", "App", "Platforms", "iOS", "Entitlements.plist");
         UpdateiOSInfoPlist(infoPath, buildVariant, _gitVersion, iOSProjectType.MainApp);
-        UpdateiOSEntitlementsPlist(entitlementsPath, buildVariant, true);
+        UpdateiOSEntitlementsPlist(entitlementsPath, buildVariant);
     });
 
 Task("UpdateiOSAutofillPlist")
@@ -350,7 +338,7 @@ Task("UpdateiOSAutofillPlist")
         var infoPath = Path.Combine(_slnPath, "src", "iOS.Autofill", "Info.plist");
         var entitlementsPath = Path.Combine(_slnPath, "src", "iOS.Autofill", "Entitlements.plist");
         UpdateiOSInfoPlist(infoPath, buildVariant, _gitVersion, iOSProjectType.Autofill);
-        UpdateiOSEntitlementsPlist(entitlementsPath, buildVariant, false);
+        UpdateiOSEntitlementsPlist(entitlementsPath, buildVariant);
     });
 
 Task("UpdateiOSExtensionPlist")
@@ -361,7 +349,7 @@ Task("UpdateiOSExtensionPlist")
         var infoPath = Path.Combine(_slnPath, "src", "iOS.Extension", "Info.plist");
         var entitlementsPath = Path.Combine(_slnPath, "src", "iOS.Extension", "Entitlements.plist");
         UpdateiOSInfoPlist(infoPath, buildVariant, _gitVersion, iOSProjectType.Extension);
-        UpdateiOSEntitlementsPlist(entitlementsPath, buildVariant, false);
+        UpdateiOSEntitlementsPlist(entitlementsPath, buildVariant);
     });
 
 Task("UpdateiOSShareExtensionPlist")
@@ -372,7 +360,7 @@ Task("UpdateiOSShareExtensionPlist")
         var infoPath = Path.Combine(_slnPath, "src", "iOS.ShareExtension", "Info.plist");
         var entitlementsPath = Path.Combine(_slnPath, "src", "iOS.ShareExtension", "Entitlements.plist");
         UpdateiOSInfoPlist(infoPath, buildVariant, _gitVersion, iOSProjectType.ShareExtension);
-        UpdateiOSEntitlementsPlist(entitlementsPath, buildVariant, false);
+        UpdateiOSEntitlementsPlist(entitlementsPath, buildVariant);
     });
 
 Task("UpdateiOSCodeFiles")
@@ -409,22 +397,6 @@ Task("UpdateWatchKitAppInfoPlist")
         UpdateWatchKitAppInfoPlist(infoPath, buildVariant);
     });
 
-Task("UpdateDistProfiles")
-    .IsDependentOn("UpdateiOSCodeFiles")
-    .Does(()=> {
-        var buildVariant = GetVariant();
-    
-        var filesToReplace = new string[] {
-            Path.Combine(".github", "resources", "export-options-app-store.plist"),
-            Path.Combine(_slnPath, "src", "watchOS", "bitwarden", "bitwarden.xcodeproj", "project.pbxproj")
-        };
-
-        foreach(string path in filesToReplace)
-        {
-            ReplaceInFile(path, "Dist:", buildVariant.DistProvisioningProfilePrefix);
-        }
-    });
-
 #endregion iOS
 
 #region Main Tasks
@@ -446,7 +418,6 @@ Task("iOS")
     .IsDependentOn("UpdateiOSCodeFiles")
     .IsDependentOn("UpdateWatchProject")
     .IsDependentOn("UpdateWatchKitAppInfoPlist")
-    .IsDependentOn("UpdateDistProfiles")
     .Does(()=>
     {
         Information("iOS app updated");
@@ -466,4 +437,4 @@ Options:
     });
 #endregion Main Tasks
 
-RunTarget(target);
+RunTarget(target);

lib/android/Xamarin.AndroidX.Credentials/net8.0-android/Xamarin.AndroidX.Credentials.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<doc>
+    <assembly>
+        <name>Xamarin.AndroidX.Credentials</name>
+    </assembly>
+    <members>
+    </members>
+</doc>

nuget.config

@@ -2,5 +2,6 @@
 <configuration>
     <packageSources>
         <add key="MAUI Nightly builds" value="https://pkgs.dev.azure.com/xamarin/public/_packaging/maui-nightly/nuget/v3/index.json" />
+        <add key="Local AndroidX Credentials" value="lib/android/Xamarin.AndroidX.Credentials" />
     </packageSources>
 </configuration>

src/App/App.csproj

@@ -121,6 +121,7 @@
 	<ItemGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'android'">
 	  <PackageReference Include="Xamarin.AndroidX.AutoFill" Version="1.1.0.18" />
 	  <PackageReference Include="Xamarin.AndroidX.Activity.Ktx" Version="1.7.2.1" />
+      <PackageReference Include="Xamarin.AndroidX.Credentials" Version="1.0.0" />
 	</ItemGroup>
 	<ItemGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'android' AND !$(DefineConstants.Contains(FDROID))">
 	  <PackageReference Include="Xamarin.GooglePlayServices.SafetyNet" Version="118.0.1.5" />

src/App/Platforms/Android/AndroidManifest.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:versionCode="1" android:versionName="2024.4.0" android:installLocation="internalOnly" package="com.x8bit.bitwarden">
+<manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:versionCode="1" android:versionName="2024.2.2" android:installLocation="internalOnly" package="com.x8bit.bitwarden">
 	<uses-sdk android:minSdkVersion="21" android:targetSdkVersion="34" />
 	<uses-permission android:name="android.permission.INTERNET" />
 	<uses-permission android:name="android.permission.NFC" />
@@ -43,9 +43,6 @@
 	<!-- Support for Xamarin.Essentials.Browser.OpenAsync  (for Android > 11) -->
 	<!-- Related docs: https://learn.microsoft.com/en-us/xamarin/essentials/open-browser?tabs=android -->
 	<queries>
-		<intent>
-			<action android:name="android.support.customtabs.action.CustomTabsService" />
-		</intent>
 		<intent>
 			<action android:name="android.intent.action.VIEW" />
 			<data android:scheme="http" />

src/App/Platforms/Android/Autofill/AutofillHelpers.cs

@@ -347,7 +347,7 @@ namespace Bit.Droid.Autofill
                 // InlinePresentation requires nonNull pending intent (even though we only utilize one for the
                 // "my vault" presentation) so we're including an empty one here
                 pendingIntent = PendingIntent.GetService(context, 0, new Intent(),
-                    AndroidHelpers.AddPendingIntentMutabilityFlag(PendingIntentFlags.OneShot | PendingIntentFlags.UpdateCurrent, false));
+                    AndroidHelpers.AddPendingIntentMutabilityFlag(PendingIntentFlags.OneShot | PendingIntentFlags.UpdateCurrent, true));
             }
             var slice = CreateInlinePresentationSlice(
                 inlinePresentationSpec,

src/App/Platforms/Android/Autofill/CredentialProviderConstants.cs

@@ -0,0 +1,9 @@
+namespace Bit.Droid.Autofill
+{
+    public class CredentialProviderConstants
+    {
+        public const string CredentialProviderCipherId = "credentialProviderCipherId";
+        public const string CredentialDataIntentExtra = "CREDENTIAL_DATA";
+        public const string CredentialIdIntentExtra = "credId";
+    }
+}

src/App/Platforms/Android/Autofill/CredentialProviderSelectionActivity.cs

@@ -0,0 +1,65 @@
+using System.Threading.Tasks;
+using Android.App;
+using Android.Content.PM;
+using Android.OS;
+using AndroidX.Credentials.Provider;
+using AndroidX.Credentials.WebAuthn;
+using Bit.Core.Abstractions;
+using Bit.Core.Utilities;
+using Bit.App.Droid.Utilities;
+
+namespace Bit.Droid.Autofill
+{
+    [Activity(
+        NoHistory = true,
+        LaunchMode = LaunchMode.SingleTop)]
+    public class CredentialProviderSelectionActivity : MauiAppCompatActivity
+    {
+        protected override void OnCreate(Bundle bundle)
+        {
+            Intent?.Validate();
+            base.OnCreate(bundle);
+
+            var cipherId = Intent?.GetStringExtra(CredentialProviderConstants.CredentialProviderCipherId);
+            if (string.IsNullOrEmpty(cipherId))
+            {
+                SetResult(Result.Canceled);
+                Finish();
+                return;
+            }
+
+            GetCipherAndPerformPasskeyAuthAsync(cipherId).FireAndForget();
+        }
+
+        private async Task GetCipherAndPerformPasskeyAuthAsync(string cipherId)
+        {
+            // TODO this is a work in progress
+            // https://developer.android.com/training/sign-in/credential-provider#passkeys-implement
+
+            var getRequest = PendingIntentHandler.RetrieveProviderGetCredentialRequest(Intent);
+            // var publicKeyRequest = getRequest?.CredentialOptions as PublicKeyCredentialRequestOptions;
+
+            var requestInfo = Intent.GetBundleExtra(CredentialProviderConstants.CredentialDataIntentExtra);
+            var credIdEnc = requestInfo?.GetString(CredentialProviderConstants.CredentialIdIntentExtra);
+
+            var cipherService = ServiceContainer.Resolve<ICipherService>();
+            var cipher = await cipherService.GetAsync(cipherId);
+            var decCipher = await cipher.DecryptAsync();
+
+            var passkey = decCipher.Login.Fido2Credentials.Find(f => f.CredentialId == credIdEnc);
+
+            var credId = Convert.FromBase64String(credIdEnc);
+            // var privateKey = Convert.FromBase64String(passkey.PrivateKey);
+            // var uid = Convert.FromBase64String(passkey.uid);
+
+            var origin = getRequest?.CallingAppInfo.Origin;
+            var packageName = getRequest?.CallingAppInfo.PackageName;
+
+            // --- continue WIP here (save TOTP copy as last step) ---
+
+            // Copy TOTP if needed
+            var autofillHandler = ServiceContainer.Resolve<IAutofillHandler>();
+            autofillHandler.Autofill(decCipher);
+        }
+    }
+}

src/App/Platforms/Android/Autofill/CredentialProviderService.cs

@@ -0,0 +1,147 @@
+using Android;
+using Android.App;
+using Android.Content;
+using Android.Graphics.Drawables;
+using Android.OS;
+using Android.Runtime;
+using AndroidX.Credentials.Provider;
+using Bit.Core.Abstractions;
+using Bit.Core.Utilities;
+using AndroidX.Credentials.Exceptions;
+using AndroidX.Credentials.WebAuthn;
+using Bit.Core.Models.View;
+using Resource = Microsoft.Maui.Resource;
+
+namespace Bit.Droid.Autofill
+{
+    [Service(Permission = Manifest.Permission.BindCredentialProviderService, Label = "Bitwarden", Exported = true)]
+    [IntentFilter(new string[] { "android.service.credentials.CredentialProviderService" })]
+    [MetaData("android.credentials.provider", Resource = "@xml/provider")]
+    [Register("com.x8bit.bitwarden.Autofill.CredentialProviderService")]
+    public class CredentialProviderService : AndroidX.Credentials.Provider.CredentialProviderService
+    {
+        private const string GetPasskeyIntentAction = "PACKAGE_NAME.GET_PASSKEY";
+        private const int UniqueRequestCode = 94556023;
+
+        private ICipherService _cipherService;
+        private IUserVerificationService _userVerificationService;
+        private IVaultTimeoutService _vaultTimeoutService;
+        private LazyResolve<ILogger> _logger = new LazyResolve<ILogger>("logger");
+
+        public override async void OnBeginCreateCredentialRequest(BeginCreateCredentialRequest request,
+            CancellationSignal cancellationSignal, IOutcomeReceiver callback) => throw new NotImplementedException();
+
+        public override async void OnBeginGetCredentialRequest(BeginGetCredentialRequest request,
+            CancellationSignal cancellationSignal, IOutcomeReceiver callback)
+        {
+            try
+            {
+                _vaultTimeoutService ??= ServiceContainer.Resolve<IVaultTimeoutService>();
+
+                await _vaultTimeoutService.CheckVaultTimeoutAsync();
+                var locked = await _vaultTimeoutService.IsLockedAsync();
+                if (!locked)
+                {
+                    var response = await ProcessGetCredentialsRequestAsync(request);
+                    callback.OnResult(response);
+                }
+                // TODO handle auth/unlock account flow
+            }
+            catch (GetCredentialException e)
+            {
+                _logger.Value.Exception(e);
+                callback.OnError(e.ErrorMessage ?? "Error getting credentials");
+            }
+            catch (Exception e)
+            {
+                _logger.Value.Exception(e);
+                throw;
+            }
+        }
+
+        private async Task<BeginGetCredentialResponse> ProcessGetCredentialsRequestAsync(
+            BeginGetCredentialRequest request)
+        {
+            IList<CredentialEntry> credentialEntries = null;
+
+            foreach (var option in request.BeginGetCredentialOptions)
+            {
+                var credentialOption = option as BeginGetPublicKeyCredentialOption;
+                if (credentialOption != null)
+                {
+                    credentialEntries ??= new List<CredentialEntry>();
+                    ((List<CredentialEntry>)credentialEntries).AddRange(
+                        await PopulatePasskeyDataAsync(request.CallingAppInfo, credentialOption));
+                }
+            }
+
+            if (credentialEntries == null)
+            {
+                return new BeginGetCredentialResponse();
+            }
+
+            return new BeginGetCredentialResponse.Builder()
+                .SetCredentialEntries(credentialEntries)
+                .Build();
+        }
+
+        private async Task<List<CredentialEntry>> PopulatePasskeyDataAsync(CallingAppInfo callingAppInfo,
+            BeginGetPublicKeyCredentialOption option)
+        {
+            var packageName = callingAppInfo.PackageName;
+            var origin = callingAppInfo.Origin;
+            var signingInfo = callingAppInfo.SigningInfo;
+
+            var request = new PublicKeyCredentialRequestOptions(option.RequestJson);
+
+            var passkeyEntries = new List<CredentialEntry>();
+
+            _cipherService ??= ServiceContainer.Resolve<ICipherService>();
+            var ciphers = await _cipherService.GetAllDecryptedForUrlAsync(origin);
+            if (ciphers == null)
+            {
+                return passkeyEntries;
+            }
+
+            var passkeyCiphers = ciphers.Where(cipher => cipher.HasFido2Credential).ToList();
+            if (!passkeyCiphers.Any())
+            {
+                return passkeyEntries;
+            }
+
+            foreach (var cipher in passkeyCiphers)
+            {
+                var passkeyEntry = GetPasskey(cipher, option);
+                passkeyEntries.Add(passkeyEntry);
+            }
+
+            return passkeyEntries;
+        }
+
+        private PublicKeyCredentialEntry GetPasskey(CipherView cipher, BeginGetPublicKeyCredentialOption option)
+        {
+            var credDataBundle = new Bundle();
+            credDataBundle.PutString(CredentialProviderConstants.CredentialIdIntentExtra,
+                cipher.Login.MainFido2Credential.CredentialId);
+
+            var intent = new Intent(ApplicationContext, typeof(CredentialProviderSelectionActivity))
+                .SetAction(GetPasskeyIntentAction).SetPackage(Constants.PACKAGE_NAME);
+            intent.PutExtra(CredentialProviderConstants.CredentialDataIntentExtra, credDataBundle);
+            intent.PutExtra(CredentialProviderConstants.CredentialProviderCipherId, cipher.Id);
+            var pendingIntent = PendingIntent.GetActivity(ApplicationContext, UniqueRequestCode, intent,
+                PendingIntentFlags.Mutable | PendingIntentFlags.UpdateCurrent);
+
+            return new PublicKeyCredentialEntry.Builder(
+                    ApplicationContext,
+                    cipher.Login.Username ?? "No username",
+                    pendingIntent,
+                    option)
+                .SetDisplayName(cipher.Name)
+                .SetIcon(Icon.CreateWithResource(ApplicationContext, Resource.Drawable.icon))
+                .Build();
+        }
+
+        public override void OnClearCredentialStateRequest(ProviderClearCredentialStateRequest request,
+            CancellationSignal cancellationSignal, IOutcomeReceiver callback) => throw new NotImplementedException();
+    }
+}

src/App/Platforms/Android/Resources/xml/provider.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<credential-provider xmlns:android="http://schemas.android.com/apk/res/android">
+    <capabilities>
+        <capability name="androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" />
+    </capabilities>
+</credential-provider>

src/App/Platforms/Android/Services/AutofillHandler.cs

@@ -37,6 +37,23 @@ namespace Bit.Droid.Services
             _eventService = eventService;
         }
 
+        public bool CredentialProviderServiceEnabled()
+        {
+            if (Build.VERSION.SdkInt < BuildVersionCodes.UpsideDownCake)
+            {
+                return false;
+            }
+            try
+            {
+                // TODO - find a way to programmatically check if the credential provider service is enabled
+                return false;
+            }
+            catch
+            {
+                return false;
+            }
+        }
+
         public bool AutofillServiceEnabled()
         {
             if (Build.VERSION.SdkInt < BuildVersionCodes.O)
@@ -163,7 +180,14 @@ namespace Bit.Droid.Services
             return Accessibility.AccessibilityHelpers.OverlayPermitted();
         }
 
-        
+        public void DisableCredentialProviderService()
+        {
+            try
+            {
+                // TODO - find a way to programmatically disable the provider service, or take the user to the settings page where they can do it
+            }
+            catch { }
+        }
 
         public void DisableAutofillService()
         {

src/App/Platforms/Android/Services/DeviceActionService.cs

@@ -11,6 +11,7 @@ using Android.Text.Method;
 using Android.Views;
 using Android.Views.InputMethods;
 using Android.Widget;
+using AndroidX.Credentials;
 using Bit.App.Abstractions;
 using Bit.Core.Resources.Localization;
 using Bit.App.Utilities;
@@ -72,28 +73,17 @@ namespace Bit.Droid.Services
 
         public bool LaunchApp(string appName)
         {
-            try
-            {
-                if ((int)Build.VERSION.SdkInt < 33)
-                {
-                    // API 33 required to avoid using wildcard app visibility or dangerous permissions
-                    // https://developer.android.com/reference/android/content/pm/PackageManager#getLaunchIntentSenderForPackage(java.lang.String)
-                    return false;
-                }
-                var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
-                appName = appName.Replace("androidapp://", string.Empty);
-                var launchIntentSender = activity?.PackageManager?.GetLaunchIntentSenderForPackage(appName);
-                launchIntentSender?.SendIntent(activity, Result.Ok, null, null, null);
-                return launchIntentSender != null;
-            }
-            catch (IntentSender.SendIntentException)
-            {
-                return false;
-            }
-            catch (Android.Util.AndroidException)
+            if ((int)Build.VERSION.SdkInt < 33)
             {
+                // API 33 required to avoid using wildcard app visibility or dangerous permissions
+                // https://developer.android.com/reference/android/content/pm/PackageManager#getLaunchIntentSenderForPackage(java.lang.String)
                 return false;
             }
+            var activity = Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
+            appName = appName.Replace("androidapp://", string.Empty);
+            var launchIntentSender = activity?.PackageManager?.GetLaunchIntentSenderForPackage(appName);
+            launchIntentSender?.SendIntent(activity, Result.Ok, null, null, null);
+            return launchIntentSender != null;
         }
 
         public async Task ShowLoadingAsync(string text)
@@ -501,6 +491,27 @@ namespace Bit.Droid.Services
             }
         }
 
+        public void OpenCredentialProviderSettings()
+        {
+            var activity = (MainActivity)Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
+            try
+            {
+                var pendingIntent = CredentialManager.Create(activity).CreateSettingsPendingIntent();
+                pendingIntent.Send();
+            }
+            catch (ActivityNotFoundException)
+            {
+                var alertBuilder = new AlertDialog.Builder(activity);
+                alertBuilder.SetMessage(AppResources.BitwardenCredentialProviderGoToSettings);
+                alertBuilder.SetCancelable(true);
+                alertBuilder.SetPositiveButton(AppResources.Ok, (sender, args) =>
+                {
+                    (sender as AlertDialog)?.Cancel();
+                });
+                alertBuilder.Create().Show();
+            }
+        }
+
         public void OpenAccessibilitySettings()
         {
             try
@@ -559,6 +570,8 @@ namespace Bit.Droid.Services
             return true;
         }
 
+        public bool SupportsCredentialProviderService() => Build.VERSION.SdkInt >= BuildVersionCodes.UpsideDownCake;
+
         public bool SupportsAutofillServices() => Build.VERSION.SdkInt >= BuildVersionCodes.O;
 
         public bool SupportsInlineAutofill() => Build.VERSION.SdkInt >= BuildVersionCodes.R;

src/App/Platforms/Android/Tiles/AutofillTileService.cs

@@ -8,7 +8,6 @@ using Bit.Core.Abstractions;
 using Bit.Core.Utilities;
 using Bit.Droid.Accessibility;
 using Java.Lang;
-using Bit.App.Droid.Utilities;
 
 namespace Bit.Droid.Tile
 {
@@ -77,7 +76,7 @@ namespace Bit.Droid.Tile
             var intent = new Intent(this, typeof(AccessibilityActivity));
             intent.SetFlags(ActivityFlags.NewTask | ActivityFlags.SingleTop | ActivityFlags.ClearTop);
             intent.PutExtra("autofillTileClicked", true);
-            this.StartActivityAndCollapseWithIntent(intent, isMutable: true);
+            StartActivityAndCollapse(intent);
         }
 
         private void ShowConfigErrorDialog()

src/App/Platforms/Android/Tiles/GeneratorTileService.cs

@@ -1,8 +1,15 @@
-using Android.App;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+
+using Android.App;
 using Android.Content;
+using Android.OS;
 using Android.Runtime;
 using Android.Service.QuickSettings;
-using Bit.App.Droid.Utilities;
+using Android.Views;
+using Android.Widget;
 using Java.Lang;
 
 namespace Bit.Droid.Tile
@@ -55,7 +62,7 @@ namespace Bit.Droid.Tile
             var intent = new Intent(this, typeof(MainActivity));
             intent.SetFlags(ActivityFlags.NewTask | ActivityFlags.SingleTop | ActivityFlags.ClearTop);
             intent.PutExtra("generatorTile", true);
-            this.StartActivityAndCollapseWithIntent(intent, isMutable: false);
+            StartActivityAndCollapse(intent);
         }
     }
 }

src/App/Platforms/Android/Tiles/MyVaultTileService.cs

@@ -1,8 +1,15 @@
-using Android.App;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+
+using Android.App;
 using Android.Content;
+using Android.OS;
 using Android.Runtime;
 using Android.Service.QuickSettings;
-using Bit.App.Droid.Utilities;
+using Android.Views;
+using Android.Widget;
 using Java.Lang;
 
 namespace Bit.Droid.Tile
@@ -56,7 +63,7 @@ namespace Bit.Droid.Tile
             var intent = new Intent(this, typeof(MainActivity));
             intent.SetFlags(ActivityFlags.NewTask | ActivityFlags.SingleTop | ActivityFlags.ClearTop);
             intent.PutExtra("myVaultTile", true);
-            this.StartActivityAndCollapseWithIntent(intent, isMutable: false);
+            StartActivityAndCollapse(intent);
         }
     }
 }

src/App/Platforms/Android/Utilities/AndroidHelpers.cs

@@ -2,7 +2,6 @@
 using Android.Content;
 using Android.OS;
 using Android.Provider;
-using Android.Service.QuickSettings;
 using Bit.App.Utilities;
 
 namespace Bit.App.Droid.Utilities
@@ -65,26 +64,5 @@ namespace Bit.App.Droid.Utilities
 
             return pendingIntentFlags;
         }
-
-        public static void StartActivityAndCollapseWithIntent(this TileService service, Intent intent, bool isMutable)
-        {
-            //For Android 14+ We need to use PendingIntent instead of Intent directly. Older versions still need to use Intent.
-            if (Build.VERSION.SdkInt < BuildVersionCodes.UpsideDownCake)
-            {
-                service.StartActivityAndCollapse(intent);
-                return;
-            }
-            var pendingIntent = PendingIntent.GetActivity(
-                service.ApplicationContext,
-                0,
-                intent,
-                AddPendingIntentMutabilityFlag(PendingIntentFlags.UpdateCurrent, isMutable)
-            );
-            if (pendingIntent == null) 
-            { 
-                return; 
-            }
-            service.StartActivityAndCollapse(pendingIntent);
-        }
     }
 }

src/App/Platforms/iOS/AppDelegate.cs

@@ -88,7 +88,7 @@ namespace Bit.iOS
                                 Core.Constants.AutofillNeedsIdentityReplacementKey);
                             if (needsAutofillReplacement.GetValueOrDefault())
                             {
-                                await ASHelpers.ReplaceAllIdentities();
+                                await ASHelpers.ReplaceAllIdentitiesAsync();
                             }
                         }
                         else if (message.Command == "showAppExtension")
@@ -102,7 +102,7 @@ namespace Bit.iOS
                                 var success = value as bool?;
                                 if (success.GetValueOrDefault() && _deviceActionService.SystemMajorVersion() >= 12)
                                 {
-                                    await ASHelpers.ReplaceAllIdentities();
+                                    await ASHelpers.ReplaceAllIdentitiesAsync();
                                 }
                             }
                         }
@@ -114,22 +114,21 @@ namespace Bit.iOS
                                 return;
                             }
 
-                            if (await ASHelpers.IdentitiesCanIncremental())
+                            if (await ASHelpers.IdentitiesSupportIncrementalAsync())
                             {
                                 var cipherId = message.Data as string;
                                 if (message.Command == "addedCipher" && !string.IsNullOrWhiteSpace(cipherId))
                                 {
-                                    var identity = await ASHelpers.GetCipherIdentityAsync(cipherId);
+                                    var identity = await ASHelpers.GetCipherPasswordIdentityAsync(cipherId);
                                     if (identity == null)
                                     {
                                         return;
                                     }
-                                    await ASCredentialIdentityStore.SharedStore?.SaveCredentialIdentitiesAsync(
-                                        new ASPasswordCredentialIdentity[] { identity });
+                                    await ASCredentialIdentityStoreExtensions.SaveCredentialIdentitiesAsync(identity);
                                     return;
                                 }
                             }
-                            await ASHelpers.ReplaceAllIdentities();
+                            await ASHelpers.ReplaceAllIdentitiesAsync();
                         }
                         else if (message.Command == "deletedCipher" || message.Command == "softDeletedCipher")
                         {
@@ -138,28 +137,27 @@ namespace Bit.iOS
                                 return;
                             }
 
-                            if (await ASHelpers.IdentitiesCanIncremental())
+                            if (await ASHelpers.IdentitiesSupportIncrementalAsync())
                             {
-                                var identity = ASHelpers.ToCredentialIdentity(
+                                var identity = ASHelpers.ToPasswordCredentialIdentity(
                                     message.Data as Bit.Core.Models.View.CipherView);
                                 if (identity == null)
                                 {
                                     return;
                                 }
-                                await ASCredentialIdentityStore.SharedStore?.RemoveCredentialIdentitiesAsync(
-                                    new ASPasswordCredentialIdentity[] { identity });
+                                await ASCredentialIdentityStoreExtensions.RemoveCredentialIdentitiesAsync(identity);
                                 return;
                             }
-                            await ASHelpers.ReplaceAllIdentities();
+                            await ASHelpers.ReplaceAllIdentitiesAsync();
                         }
                         else if (message.Command == "logout" && UIDevice.CurrentDevice.CheckSystemVersion(12, 0))
                         {
-                            await ASCredentialIdentityStore.SharedStore?.RemoveAllCredentialIdentitiesAsync();
+                            await ASCredentialIdentityStore.SharedStore.RemoveAllCredentialIdentitiesAsync();
                         }
                         else if ((message.Command == "softDeletedCipher" || message.Command == "restoredCipher")
                             && UIDevice.CurrentDevice.CheckSystemVersion(12, 0))
                         {
-                            await ASHelpers.ReplaceAllIdentities();
+                            await ASHelpers.ReplaceAllIdentitiesAsync();
                         }
                         else if (message.Command == AppHelpers.VAULT_TIMEOUT_ACTION_CHANGED_MESSAGE_COMMAND)
                         {
@@ -168,12 +166,12 @@ namespace Bit.iOS
                             {
                                 if (UIDevice.CurrentDevice.CheckSystemVersion(12, 0))
                                 {
-                                    await ASCredentialIdentityStore.SharedStore?.RemoveAllCredentialIdentitiesAsync();
+                                    await ASCredentialIdentityStore.SharedStore.RemoveAllCredentialIdentitiesAsync();
                                 }
                             }
                             else
                             {
-                                await ASHelpers.ReplaceAllIdentities();
+                                await ASHelpers.ReplaceAllIdentitiesAsync();
                             }
                         }
                     }

src/App/Platforms/iOS/Info.plist

@@ -11,7 +11,7 @@
 	<key>CFBundleIdentifier</key>
 	<string>com.8bit.bitwarden</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2024.4.0</string>
+	<string>2024.2.2</string>
 	<key>CFBundleVersion</key>
 	<string>1</string>
 	<key>CFBundleIconName</key>

src/Core/Abstractions/IApiService.cs

@@ -46,7 +46,6 @@ namespace Bit.Core.Abstractions
         Task<CipherResponse> PutShareCipherAsync(string id, CipherShareRequest request);
         Task PutDeleteCipherAsync(string id);
         Task<CipherResponse> PutRestoreCipherAsync(string id);
-        Task<bool> HasUnassignedCiphersAsync();
         Task RefreshIdentityTokenAsync();
         Task<SsoPrevalidateResponse> PreValidateSsoAsync(string identifier);
         Task<TResponse> SendAsync<TRequest, TResponse>(HttpMethod method, string path,

src/Core/Abstractions/IAutofillHandler.cs

@@ -4,6 +4,7 @@ namespace Bit.Core.Abstractions
 {
     public interface IAutofillHandler
     {
+        bool CredentialProviderServiceEnabled();
         bool AutofillServicesEnabled();
         bool SupportsAutofillService();
         void Autofill(CipherView cipher);
@@ -11,6 +12,7 @@ namespace Bit.Core.Abstractions
         bool AutofillAccessibilityServiceRunning();
         bool AutofillAccessibilityOverlayPermitted();
         bool AutofillServiceEnabled();
+        void DisableCredentialProviderService();
         void DisableAutofillService();
     }
 }

src/Core/Abstractions/ICipherService.cs

@@ -1,7 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Bit.Core.Enums;
+using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Domain;
 using Bit.Core.Models.View;
@@ -37,6 +34,6 @@ namespace Bit.Core.Abstractions
         Task<byte[]> DownloadAndDecryptAttachmentAsync(string cipherId, AttachmentView attachment, string organizationId);
         Task SoftDeleteWithServerAsync(string id);
         Task RestoreWithServerAsync(string id);
-        Task<bool> VerifyOrganizationHasUnassignedItemsAsync();
+        Task<string> CreateNewLoginForPasskeyAsync(string rpId);
     }
 }

src/Core/Abstractions/IConditionedAwaiterManager.cs

@@ -5,8 +5,7 @@ namespace Bit.Core.Abstractions
 {
     public enum AwaiterPrecondition
     {
-        EnvironmentUrlsInited,
-        AndroidWindowCreated
+        EnvironmentUrlsInited
     }
 
     public interface IConditionedAwaiterManager

src/Core/Abstractions/ICryptoFunctionService.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Threading.Tasks;
 using Bit.Core.Enums;
+using Bit.Core.Models.Domain;
 
 namespace Bit.Core.Abstractions
 {

src/Core/Abstractions/IDeviceActionService.cs

@@ -28,6 +28,7 @@ namespace Bit.App.Abstractions
         bool SupportsNfc();
         bool SupportsCamera();
         bool SupportsFido2();
+        bool SupportsCredentialProviderService();
         bool SupportsAutofillServices();
         bool SupportsInlineAutofill();
         bool SupportsDrawOver();
@@ -36,6 +37,7 @@ namespace Bit.App.Abstractions
         void RateApp();
         void OpenAccessibilitySettings();
         void OpenAccessibilityOverlayPermissionSettings();
+        void OpenCredentialProviderSettings();
         void OpenAutofillSettings();
         long GetActiveTime();
         void CloseMainApp();

src/Core/Abstractions/IFido2AuthenticationService.cs

@@ -0,0 +1,9 @@
+using Bit.Core.Utilities.Fido2;
+
+namespace Bit.Core.Abstractions
+{
+    public interface IFido2AuthenticationService
+    {
+        Task<Fido2AuthenticatorGetAssertionResult> GetAssertionAsync(Fido2AuthenticatorGetAssertionParams assertionParams);
+    }
+}

src/Core/Abstractions/IFido2AuthenticatorService.cs

@@ -0,0 +1,13 @@
+using Bit.Core.Utilities.Fido2;
+
+namespace Bit.Core.Abstractions
+{
+    public interface IFido2AuthenticatorService
+    {
+        void Init(IFido2UserInterface userInterface);
+        Task<Fido2AuthenticatorMakeCredentialResult> MakeCredentialAsync(Fido2AuthenticatorMakeCredentialParams makeCredentialParams);
+        Task<Fido2AuthenticatorGetAssertionResult> GetAssertionAsync(Fido2AuthenticatorGetAssertionParams assertionParams);
+        // TODO: Should this return a List? Or maybe IEnumerable?
+        Task<Fido2AuthenticatorDiscoverableCredentialMetadata[]> SilentCredentialDiscoveryAsync(string rpId);
+    }
+}

src/Core/Abstractions/IFido2ClientService.cs

@@ -0,0 +1,35 @@
+using Bit.Core.Utilities.Fido2;
+
+namespace Bit.Core.Abstractions
+{
+    /// <summary>
+    /// This class represents an abstraction of the WebAuthn Client as described by W3C:
+    /// https://www.w3.org/TR/webauthn-3/#webauthn-client
+    ///
+    /// The WebAuthn Client is an intermediary entity typically implemented in the user agent
+    /// (in whole, or in part). Conceptually, it underlies the Web Authentication API and embodies
+    /// the implementation of the Web Authentication API's operations.
+    ///
+    /// It is responsible for both marshalling the inputs for the underlying authenticator operations,
+    /// and for returning the results of the latter operations to the Web Authentication API's callers.
+    /// </summary>
+    public interface IFido2ClientService
+    {
+        /// <summary>
+        /// Allows WebAuthn Relying Party scripts to request the creation of a new public key credential source.
+        /// For more information please see: https://www.w3.org/TR/webauthn-3/#sctn-createCredential
+        /// </summary>
+        /// <param name="createCredentialParams">The parameters for the credential creation operation</param>
+        /// <returns>The new credential</returns>
+        Task<Fido2ClientCreateCredentialResult> CreateCredentialAsync(Fido2ClientCreateCredentialParams createCredentialParams);
+
+        /// <summary>
+        /// Allows WebAuthn Relying Party scripts to discover and use an existing public key credential, with the user’s consent.
+        /// Relying Party script can optionally specify some criteria to indicate what credential sources are acceptable to it.
+        /// For more information please see: https://www.w3.org/TR/webauthn-3/#sctn-getAssertion
+        /// </summary>
+        /// <param name="assertCredentialParams">The parameters for the credential assertion operation</param>
+        /// <returns>The asserted credential</returns>
+        Task<Fido2ClientAssertCredentialResult> AssertCredentialAsync(Fido2ClientAssertCredentialParams assertCredentialParams);
+    }
+}

src/Core/Abstractions/IFido2UserInterface.cs

@@ -0,0 +1,100 @@
+using Bit.Core.Utilities.Fido2;
+
+namespace Bit.Core.Abstractions
+{
+    /// <summary>
+    /// Parameters used to ask the user to pick a credential from a list of existing credentials.
+    /// </summary>
+    public struct Fido2PickCredentialParams
+    {
+        /// <summary>
+        /// The IDs of the credentials that the user can pick from.
+        /// </summary>
+        public string[] CipherIds { get; set; }
+
+        /// <summary>
+        /// Whether or not the user must be verified before completing the operation.
+        /// </summary>
+        public bool UserVerification { get; set; }
+    }
+
+    /// <summary>
+    /// The result of asking the user to pick a credential from a list of existing credentials.
+    /// </summary>
+    public struct Fido2PickCredentialResult
+    {
+        /// <summary>
+        /// The ID of the cipher that contains the credentials the user picked.
+        /// </summary>
+        public string CipherId { get; set; }
+
+        /// <summary>
+        /// Whether or not the user was verified before completing the operation.
+        /// </summary>
+        public bool UserVerified { get; set; }
+    }
+
+    public struct Fido2ConfirmNewCredentialParams
+    {
+        ///<summary>
+        /// The name of the credential.
+        ///</summary>
+        public string CredentialName { get; set; }
+
+        ///<summary>
+        /// The name of the user.
+        ///</summary>
+        public string UserName { get; set; }
+
+        /// <summary>
+        /// Whether or not the user must be verified before completing the operation.
+        /// </summary>
+        public bool UserVerification { get; set; }
+
+        public string RpId { get; set; }
+    }
+
+    public struct Fido2ConfirmNewCredentialResult
+    {
+        /// <summary>
+        /// The name of the user.
+        /// </summary>
+        public string CipherId { get; set; }
+
+        /// <summary>
+        /// Whether or not the user was verified.
+        /// </summary>
+        public bool UserVerified { get; set; }
+    }
+
+    public interface IFido2UserInterface
+    {
+        /// <summary>
+        /// Ask the user to pick a credential from a list of existing credentials.
+        /// </summary>
+        /// <param name="pickCredentialParams">The parameters to use when asking the user to pick a credential.</param>
+        /// <returns>The ID of the cipher that contains the credentials the user picked.</returns>
+        Task<Fido2PickCredentialResult> PickCredentialAsync(Fido2PickCredentialParams pickCredentialParams);
+
+        /// <summary>
+        /// Inform the user that the operation was cancelled because their vault contains excluded credentials.
+        /// </summary>
+        /// <param name="existingCipherIds">The IDs of the excluded credentials.</param>
+        /// <returns>When user has confirmed the message</returns>
+        Task InformExcludedCredential(string[] existingCipherIds);
+
+        /// <summary>
+        /// Ask the user to confirm the creation of a new credential.
+        /// </summary>
+        /// <param name="confirmNewCredentialParams">The parameters to use when asking the user to confirm the creation of a new credential.</param>
+        /// <returns>The ID of the cipher where the new credential should be saved.</returns>
+        Task<Fido2ConfirmNewCredentialResult> ConfirmNewCredentialAsync(Fido2ConfirmNewCredentialParams confirmNewCredentialParams);
+
+        /// <summary>
+        /// Make sure that the vault is unlocked.
+        /// This should open a window and ask the user to login or unlock the vault if necessary.
+        /// </summary>
+        /// <returns>When vault has been unlocked.</returns>
+        Task EnsureUnlockedVaultAsync();
+    }
+}

src/Core/Abstractions/IStateService.cs

@@ -186,8 +186,6 @@ namespace Bit.Core.Abstractions
         Task<BwRegion?> GetActiveUserRegionAsync();
         Task<BwRegion?> GetPreAuthRegionAsync();
         Task SetPreAuthRegionAsync(BwRegion value);
-        Task<bool> GetShouldCheckOrganizationUnassignedItemsAsync(string userId = null);
-        Task SetShouldCheckOrganizationUnassignedItemsAsync(bool shouldCheck, string userId = null);
         [Obsolete("Use GetPinKeyEncryptedUserKeyAsync instead, left for migration purposes")]
         Task<string> GetPinProtectedAsync(string userId = null);
         [Obsolete("Use SetPinKeyEncryptedUserKeyAsync instead, left for migration purposes")]

src/Core/App.xaml.cs

@@ -9,7 +9,6 @@ using Bit.Core;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
-using Bit.Core.Models.Domain;
 using Bit.Core.Models.Response;
 using Bit.Core.Pages;
 using Bit.Core.Services;
@@ -47,6 +46,7 @@ namespace Bit.App
         // This queue keeps those actions so that when the app has resumed they can still be executed.
         // Links: https://github.com/dotnet/maui/issues/11501 and https://bitwarden.atlassian.net/wiki/spaces/NMME/pages/664862722/MainPage+Assignments+not+working+on+Android+on+Background+or+App+resume
         private readonly Queue<Action> _onResumeActions = new Queue<Action>();
+        private bool _hasNavigatedToAutofillWindow;
 
 #if ANDROID
 
@@ -120,8 +120,41 @@ namespace Bit.App
                 return new Window(new NavigationPage()); //No actual page needed. Only used for auto-filling the fields directly (externally)
             }
 
-            _isResumed = true;
-            return new ResumeWindow(new NavigationPage(new AndroidNavigationRedirectPage(Options)));
+            //"Internal" Autofill and Uri/Otp/CreateSend. This is where we create the autofill specific Window
+            if (Options != null && (Options.FromAutofillFramework || Options.Uri != null || Options.OtpData != null || Options.CreateSend != null))
+            {
+                _isResumed = true; //Specifically for the Autofill scenario we need to manually set the _isResumed here
+                _hasNavigatedToAutofillWindow = true;
+                return new AutoFillWindow(new NavigationPage(new AndroidNavigationRedirectPage()));
+            }
+
+            var homePage = new HomePage(Options);
+            // WORKAROUND: If the user autofills with Accessibility Services enabled and goes back to the application then there is currently an issue
+            // where this method is called again
+            // thus it goes through here and the user goes to HomePage as we see here.
+            // So to solve this, the next flag check has been added which then turns on a flag on the home page
+            // that will trigger a navigation on the accounts manager when it loads; workarounding this behavior and navigating the user
+            // to the proper page depending on its state.
+            // WARNING: this doens't navigate the user to where they were but it acts as if the user had changed their account.
+            if(_hasNavigatedToAutofillWindow)
+            {
+                homePage.PerformNavigationOnAccountChangedOnLoad = true;
+                // this is needed because when coming back from AutofillWindow OnResume won't be called and we need this flag
+                // so that void Navigate(NavigationTarget navTarget, INavigationParams navParams) doesn't enqueue the navigation
+                // and it performs it directly.
+                _isResumed = true; 
+                _hasNavigatedToAutofillWindow = false;
+            }
+
+            //If we have an existing MainAppWindow we can use that one
+            var mainAppWindow = Windows.OfType<MainAppWindow>().FirstOrDefault();
+            if (mainAppWindow != null)
+            {
+                mainAppWindow.PendingPage = new NavigationPage(homePage);
+            }
+
+            //Create new main window
+            return new MainAppWindow(new NavigationPage(homePage));
         }
 #else
         //iOS doesn't use the CreateWindow override used in Android so we just set the Application.Current.MainPage directly
@@ -138,7 +171,7 @@ namespace Bit.App
                     Application.Current.MainPage = value;
                 }
             }
-        }
+        }   
 #endif
 
         public App() : this(null)
@@ -168,153 +201,132 @@ namespace Bit.App
 
             _accountsManager.Init(() => Options, this);
 
-            _broadcasterService.Subscribe(nameof(App), BroadcastServiceMessageCallbackAsync);
-
             Bootstrap();
-        }
-
-        private async void BroadcastServiceMessageCallbackAsync(Message message)
-        {
-           try
-           {
-                ArgumentNullException.ThrowIfNull(message);
-                if (message.Command == "showDialog")
+            _broadcasterService.Subscribe(nameof(App), async (message) =>
+            {
+                try
                 {
-                    var details = message.Data as DialogDetails;
-                    ArgumentNullException.ThrowIfNull(details);
-                    ArgumentNullException.ThrowIfNull(MainPage);
-                    
-                    var confirmed = true;
-                    var confirmText = string.IsNullOrWhiteSpace(details.ConfirmText) ?
-                        AppResources.Ok : details.ConfirmText;
-                    await MainThread.InvokeOnMainThreadAsync(ShowDialogAction);
-                    async Task ShowDialogAction()
+                    if (message.Command == "showDialog")
                     {
-                        if (!string.IsNullOrWhiteSpace(details.CancelText))
+                        var details = message.Data as DialogDetails;
+                        var confirmed = true;
+                        var confirmText = string.IsNullOrWhiteSpace(details.ConfirmText) ?
+                            AppResources.Ok : details.ConfirmText;
+                        await MainThread.InvokeOnMainThreadAsync(async () =>
                         {
-                            confirmed = await MainPage.DisplayAlert(details.Title, details.Text, confirmText,
-                                details.CancelText);
-                        }
-                        else
-                        {
-                            await MainPage.DisplayAlert(details.Title, details.Text, confirmText);
-                        }
-                        _messagingService.Send("showDialogResolve", new Tuple<int, bool>(details.DialogId, confirmed));
+                            if (!string.IsNullOrWhiteSpace(details.CancelText))
+                            {
+                                confirmed = await MainPage.DisplayAlert(details.Title, details.Text, confirmText,
+                                    details.CancelText);
+                            }
+                            else
+                            {
+                                await MainPage.DisplayAlert(details.Title, details.Text, confirmText);
+                            }
+                            _messagingService.Send("showDialogResolve", new Tuple<int, bool>(details.DialogId, confirmed));
+                        });
                     }
-                }
 #if IOS
-                else if (message.Command == AppHelpers.RESUMED_MESSAGE_COMMAND)
-                {
-                    ResumedAsync().FireAndForget();
-                }
-                else if (message.Command == "slept")
-                {
-                    await SleptAsync();
-                }
-#endif
-                else if (message.Command == "migrated")
-                {
-                    await Task.Delay(1000);
-                    await _accountsManager.NavigateOnAccountChangeAsync();
-                }
-                else if (message.Command == POP_ALL_AND_GO_TO_TAB_GENERATOR_MESSAGE ||
-                    message.Command == POP_ALL_AND_GO_TO_TAB_MYVAULT_MESSAGE ||
-                    message.Command == POP_ALL_AND_GO_TO_TAB_SEND_MESSAGE ||
-                    message.Command == POP_ALL_AND_GO_TO_AUTOFILL_CIPHERS_MESSAGE ||
-                    message.Command == DeepLinkContext.NEW_OTP_MESSAGE)
-                {
-                    if (message.Command == DeepLinkContext.NEW_OTP_MESSAGE)
+                    else if (message.Command == AppHelpers.RESUMED_MESSAGE_COMMAND)
                     {
-                        Options.OtpData = new OtpData((string)message.Data);
+                        ResumedAsync().FireAndForget();
                     }
-
-                    await MainThread.InvokeOnMainThreadAsync(ExecuteNavigationAction); 
-                    async Task ExecuteNavigationAction()
+                    else if (message.Command == "slept")
                     {
-                        if (MainPage is TabsPage tabsPage)
+                        await SleptAsync();
+                    }
+#endif
+                    else if (message.Command == "migrated")
+                    {
+                        await Task.Delay(1000);
+                        await _accountsManager.NavigateOnAccountChangeAsync();
+                    }
+                    else if (message.Command == POP_ALL_AND_GO_TO_TAB_GENERATOR_MESSAGE ||
+                        message.Command == POP_ALL_AND_GO_TO_TAB_MYVAULT_MESSAGE ||
+                        message.Command == POP_ALL_AND_GO_TO_TAB_SEND_MESSAGE ||
+                        message.Command == POP_ALL_AND_GO_TO_AUTOFILL_CIPHERS_MESSAGE ||
+                        message.Command == DeepLinkContext.NEW_OTP_MESSAGE)
+                    {
+                        if (message.Command == DeepLinkContext.NEW_OTP_MESSAGE)
                         {
-                            ArgumentNullException.ThrowIfNull(tabsPage.Navigation);
-                            ArgumentNullException.ThrowIfNull(tabsPage.Navigation.ModalStack);
-                            while (tabsPage.Navigation.ModalStack.Count > 0)
+                            Options.OtpData = new OtpData((string)message.Data);
+                        }
+
+                        await MainThread.InvokeOnMainThreadAsync(async () =>
+                        {
+                            if (MainPage is TabsPage tabsPage)
                             {
-                                await tabsPage.Navigation.PopModalAsync(false);
-                            }
-                            if (message.Command == POP_ALL_AND_GO_TO_AUTOFILL_CIPHERS_MESSAGE)
-                            {
-                                MainPage = new NavigationPage(new CipherSelectionPage(Options));
-                            }
-                            else if (message.Command == POP_ALL_AND_GO_TO_TAB_MYVAULT_MESSAGE)
-                            {
-                                Options.MyVaultTile = false;
-                                tabsPage.ResetToVaultPage();
-                            }
-                            else if (message.Command == POP_ALL_AND_GO_TO_TAB_GENERATOR_MESSAGE)
-                            {
-                                Options.GeneratorTile = false;
-                                tabsPage.ResetToGeneratorPage();
-                            }
-                            else if (message.Command == POP_ALL_AND_GO_TO_TAB_SEND_MESSAGE)
-                            {
-                                tabsPage.ResetToSendPage();
-                            }
-                            else if (message.Command == DeepLinkContext.NEW_OTP_MESSAGE)
-                            {
-                                tabsPage.ResetToVaultPage();
-                                ArgumentNullException.ThrowIfNull(tabsPage.Navigation);
-                                await tabsPage.Navigation.PushModalAsync(new NavigationPage(new CipherSelectionPage(Options)));
+                                while (tabsPage.Navigation.ModalStack.Count > 0)
+                                {
+                                    await tabsPage.Navigation.PopModalAsync(false);
+                                }
+                                if (message.Command == POP_ALL_AND_GO_TO_AUTOFILL_CIPHERS_MESSAGE)
+                                {
+                                    MainPage = new NavigationPage(new CipherSelectionPage(Options));
+                                }
+                                else if (message.Command == POP_ALL_AND_GO_TO_TAB_MYVAULT_MESSAGE)
+                                {
+                                    Options.MyVaultTile = false;
+                                    tabsPage.ResetToVaultPage();
+                                }
+                                else if (message.Command == POP_ALL_AND_GO_TO_TAB_GENERATOR_MESSAGE)
+                                {
+                                    Options.GeneratorTile = false;
+                                    tabsPage.ResetToGeneratorPage();
+                                }
+                                else if (message.Command == POP_ALL_AND_GO_TO_TAB_SEND_MESSAGE)
+                                {
+                                    tabsPage.ResetToSendPage();
+                                }
+                                else if (message.Command == DeepLinkContext.NEW_OTP_MESSAGE)
+                                {
+                                    tabsPage.ResetToVaultPage();
+                                    await tabsPage.Navigation.PushModalAsync(new NavigationPage(new CipherSelectionPage(Options)));
+                                }
                             }
+                        });
+                    }
+                    else if (message.Command == "convertAccountToKeyConnector")
+                    {
+                        await MainThread.InvokeOnMainThreadAsync(async () =>
+                        {
+                            await MainPage.Navigation.PushModalAsync(
+                                new NavigationPage(new RemoveMasterPasswordPage()));
+                        });
+                    }
+                    else if (message.Command == Constants.ForceUpdatePassword)
+                    {
+                        await MainThread.InvokeOnMainThreadAsync(async () =>
+                        {
+                            await MainPage.Navigation.PushModalAsync(
+                                new NavigationPage(new UpdateTempPasswordPage()));
+                        });
+                    }
+                    else if (message.Command == Constants.ForceSetPassword)
+                    {
+                        await MainThread.InvokeOnMainThreadAsync(() => MainPage.Navigation.PushModalAsync(
+                                new NavigationPage(new SetPasswordPage(orgIdentifier: (string)message.Data))));
+                    }
+                    else if (message.Command == "syncCompleted")
+                    {
+                        await _configService.GetAsync(true);
+                    }
+                    else if (message.Command == Constants.PasswordlessLoginRequestKey
+                        || message.Command == "unlocked"
+                        || message.Command == AccountsManagerMessageCommands.ACCOUNT_SWITCH_COMPLETED)
+                    {
+                        lock (_processingLoginRequestLock)
+                        {
+                            // lock doesn't allow for async execution
+                            CheckPasswordlessLoginRequestsAsync().Wait();
                         }
                     }
                 }
-                else if (message.Command == "convertAccountToKeyConnector")
+                catch (Exception ex)
                 {
-                    ArgumentNullException.ThrowIfNull(MainPage);
-                    await MainThread.InvokeOnMainThreadAsync(NavigateToRemoveMasterPasswordPageAction);
-                    async Task NavigateToRemoveMasterPasswordPageAction()
-                    {
-                        await MainPage.Navigation.PushModalAsync(
-                            new NavigationPage(new RemoveMasterPasswordPage()));
-                    }
+                    LoggerHelper.LogEvenIfCantBeResolved(ex);
                 }
-                else if (message.Command == Constants.ForceUpdatePassword)
-                {
-                    ArgumentNullException.ThrowIfNull(MainPage);
-                    await MainThread.InvokeOnMainThreadAsync(NavigateToUpdateTempPasswordPageAction);
-                    async Task NavigateToUpdateTempPasswordPageAction()
-                    {
-                        await MainPage.Navigation.PushModalAsync(
-                            new NavigationPage(new UpdateTempPasswordPage()));
-                    }
-                }
-                else if (message.Command == Constants.ForceSetPassword)
-                {
-                    ArgumentNullException.ThrowIfNull(MainPage);
-                    await MainThread.InvokeOnMainThreadAsync(NavigateToSetPasswordPageAction);
-                    void NavigateToSetPasswordPageAction()
-                    {
-                        MainPage.Navigation.PushModalAsync(
-                            new NavigationPage(new SetPasswordPage(orgIdentifier: (string)message.Data)));
-                    }
-                }
-                else if (message.Command == "syncCompleted")
-                {
-                    await _configService.GetAsync(true);
-                }
-                else if (message.Command == Constants.PasswordlessLoginRequestKey
-                    || message.Command == "unlocked"
-                    || message.Command == AccountsManagerMessageCommands.ACCOUNT_SWITCH_COMPLETED)
-                {
-                    lock (_processingLoginRequestLock)
-                    {
-                        // lock doesn't allow for async execution
-                        CheckPasswordlessLoginRequestsAsync().Wait();
-                    }
-                }
-           }
-           catch (Exception ex)
-           {
-               LoggerHelper.LogEvenIfCantBeResolved(ex);
-           }
+            });
         }
 
         private async Task CheckPasswordlessLoginRequestsAsync()
@@ -329,6 +341,7 @@ namespace Bit.App
             {
                 return;
             }
+
             var notification = await _stateService.GetPasswordlessLoginNotificationAsync();
             if (notification == null)
             {

src/Core/Constants.cs

@@ -46,9 +46,7 @@ namespace Bit.Core
         public const string PreLoginEmailKey = "preLoginEmailKey";
         public const string ConfigsKey = "configsKey";
         public const string DisplayEuEnvironmentFlag = "display-eu-environment";
-        public const string UnassignedItemsBannerFlag = "unassigned-items-banner";
         public const string RegionEnvironment = "regionEnvironment";
-        public const string DuoCallback = "bitwarden://duo-callback";
 
         /// <summary>
         /// This key is used to store the value of "ShouldConnectToWatch" of the last user that had logged in
@@ -137,7 +135,6 @@ namespace Bit.Core
         public static string ShouldConnectToWatchKey(string userId) => $"shouldConnectToWatch_{userId}";
         public static string ScreenCaptureAllowedKey(string userId) => $"screenCaptureAllowed_{userId}";
         public static string PendingAdminAuthRequest(string userId) => $"pendingAdminAuthRequest_{userId}";
-        public static string ShouldCheckOrganizationUnassignedItemsKey(string userId) => $"shouldCheckOrganizationUnassignedItems_{userId}";
         [Obsolete]
         public static string KeyKey(string userId) => $"key_{userId}";
         [Obsolete]

src/Core/Controls/CipherViewCell/BaseCipherViewCell.cs

@@ -53,13 +53,12 @@ namespace Bit.App.Controls
             if (BindingContext is CipherItemViewModel cipherItemVM)
             {
                 cipherItemVM.IconImageSuccesfullyLoaded = true;
-
-                MainThread.BeginInvokeOnMainThread(() =>
-                {
-                    Icon.IsVisible = cipherItemVM.ShowIconImage;
-                    IconPlaceholder.IsVisible = !cipherItemVM.ShowIconImage;
-                });
             }
+            MainThread.BeginInvokeOnMainThread(() =>
+            {
+                Icon.IsVisible = true;
+                IconPlaceholder.IsVisible = false;
+            });
         }
 
         public void Icon_Error(object sender, FFImageLoading.Maui.CachedImageEvents.ErrorEventArgs e)

src/Core/Core.csproj

@@ -34,6 +34,7 @@
 	  <PackageReference Include="CsvHelper" Version="30.0.1" />
 	  <PackageReference Include="LiteDB" Version="5.0.17" />
 	  <PackageReference Include="PCLCrypto" Version="2.1.40-alpha" />
+	  <PackageReference Include="System.Formats.Cbor" Version="8.0.0" />
 	  <PackageReference Include="zxcvbn-core" Version="7.0.92" />
 	  <PackageReference Include="MessagePack.MSBuild.Tasks" Version="2.5.124">
 	    <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
@@ -52,6 +53,7 @@
 	<ItemGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'android'">
 	  <PackageReference Include="Xamarin.AndroidX.AutoFill" Version="1.1.0.18" />
 	  <PackageReference Include="Xamarin.AndroidX.Activity.Ktx" Version="1.7.2.1" />
+      <PackageReference Include="Xamarin.AndroidX.Credentials" Version="1.0.0" />
 	</ItemGroup>
 	<ItemGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'android' AND !$(DefineConstants.Contains(FDROID))">
 	  <PackageReference Include="Xamarin.GooglePlayServices.SafetyNet" Version="118.0.1.5" />
@@ -75,9 +77,9 @@
     <Folder Include="Utilities\Automation\" />
     <Folder Include="Utilities\Prompts\" />
     <Folder Include="Resources\Localization\" />
+    <Folder Include="Utilities\Fido2\" />
     <Folder Include="Controls\Picker\" />
     <Folder Include="Controls\Avatar\" />
-    <Folder Include="Utilities\WebAuthenticatorMAUI\" />
   </ItemGroup>
 	<ItemGroup>
 	  <MauiImage Include="Resources\Images\dotnet_bot.svg">
@@ -106,8 +108,8 @@
 	  </MauiXaml>
 	</ItemGroup>
 	<ItemGroup>
+	  <None Remove="Utilities\Fido2\" />
 	  <None Remove="Controls\Picker\" />
 	  <None Remove="Controls\Avatar\" />
-	  <None Remove="Utilities\WebAuthenticatorMAUI\" />
 	</ItemGroup>
 </Project>

src/Core/Models/Api/Fido2CredentialApi.cs

@@ -1,5 +1,4 @@
-using System;
-using Bit.Core.Models.Domain;
+using Bit.Core.Models.Domain;
 
 namespace Bit.Core.Models.Api
 {
@@ -21,6 +20,7 @@ namespace Bit.Core.Models.Api
             RpName = fido2Key.RpName?.EncryptedString;
             UserHandle = fido2Key.UserHandle?.EncryptedString;
             UserName = fido2Key.UserName?.EncryptedString;
+            UserDisplayName = fido2Key.UserDisplayName?.EncryptedString;
             Counter = fido2Key.Counter?.EncryptedString;
             CreationDate = fido2Key.CreationDate;
         }
@@ -35,6 +35,7 @@ namespace Bit.Core.Models.Api
         public string RpName { get; set; }
         public string UserHandle { get; set; }
         public string UserName { get; set; }
+        public string UserDisplayName { get; set; }
         public string Counter { get; set; }
         public DateTime CreationDate { get; set; }
     }

src/Core/Models/AppOptions.cs

@@ -25,7 +25,6 @@ namespace Bit.App.Models
         public bool CopyInsteadOfShareAfterSaving { get; set; }
         public bool HideAccountSwitcher { get; set; }
         public OtpData? OtpData { get; set; }
-        public bool HasJustLoggedInOrUnlocked { get; set; }
 
         public void SetAllFrom(AppOptions o)
         {

src/Core/Models/Data/Fido2CredentialData.cs

@@ -19,6 +19,7 @@ namespace Bit.Core.Models.Data
             RpName = apiData.RpName;
             UserHandle = apiData.UserHandle;
             UserName = apiData.UserName;
+            UserDisplayName = apiData.UserDisplayName;
             Counter = apiData.Counter;
             CreationDate = apiData.CreationDate;
         }
@@ -33,6 +34,7 @@ namespace Bit.Core.Models.Data
         public string RpName { get; set; }
         public string UserHandle { get; set; }
         public string UserName { get; set; }
+        public string UserDisplayName { get; set; }
         public string Counter { get; set; }
         public DateTime CreationDate { get; set; }
     }

src/Core/Models/Domain/Fido2Credential.cs

@@ -1,8 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
-using Bit.Core.Models.Data;
+using Bit.Core.Models.Data;
 using Bit.Core.Models.View;
 
 namespace Bit.Core.Models.Domain
@@ -21,6 +17,7 @@ namespace Bit.Core.Models.Domain
             nameof(RpName),
             nameof(UserHandle),
             nameof(UserName),
+            nameof(UserDisplayName),
             nameof(Counter)
         };
 
@@ -48,6 +45,7 @@ namespace Bit.Core.Models.Domain
         public EncString RpName { get; set; }
         public EncString UserHandle { get; set; }
         public EncString UserName { get; set; }
+        public EncString UserDisplayName { get; set; }
         public EncString Counter { get; set; }
         public DateTime CreationDate { get; set; }
 

src/Core/Models/View/CipherView.cs

@@ -1,7 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using Bit.Core.Enums;
+using Bit.Core.Enums;
 using Bit.Core.Models.Domain;
 
 namespace Bit.Core.Models.View

src/Core/Models/View/Fido2CredentialView.cs

@@ -1,7 +1,7 @@
-using System;
-using System.Collections.Generic;
+using System.Text.Json.Serialization;
 using Bit.Core.Enums;
 using Bit.Core.Models.Domain;
+using Bit.Core.Utilities;
 
 namespace Bit.Core.Models.View
 {
@@ -26,13 +26,40 @@ namespace Bit.Core.Models.View
         public string RpName { get; set; }
         public string UserHandle { get; set; }
         public string UserName { get; set; }
+        public string UserDisplayName { get; set; }
         public string Counter { get; set; }
         public DateTime CreationDate { get; set; }
 
+        [JsonIgnore]
+        public int CounterValue {
+            get => int.TryParse(Counter, out var counter) ? counter : 0;
+            set => Counter = value.ToString();
+        }
+
+        [JsonIgnore]
+        public byte[] UserHandleValue {
+            get => UserHandle == null ? null : CoreHelpers.Base64UrlDecode(UserHandle);
+            set => UserHandle = value == null ? null : CoreHelpers.Base64UrlEncode(value);
+        }
+
+        [JsonIgnore]
+        public byte[] KeyBytes {
+            get => KeyValue == null ? null : CoreHelpers.Base64UrlDecode(KeyValue);
+            set => KeyValue = value == null ? null : CoreHelpers.Base64UrlEncode(value);
+        }
+
+        [JsonIgnore]
+        public bool DiscoverableValue {
+            get => bool.TryParse(Discoverable, out var discoverable) && discoverable;
+            set => Discoverable = value.ToString().ToLower(); // must be lowercase so it can be parsed in the current version of clients
+        }
+
+        [JsonIgnore]
         public override string SubTitle => UserName;
         public override List<KeyValuePair<string, LinkedIdType>> LinkedFieldOptions => new List<KeyValuePair<string, LinkedIdType>>();
-        public bool IsDiscoverable => !string.IsNullOrWhiteSpace(Discoverable);
+        [JsonIgnore]
         public bool CanLaunch => !string.IsNullOrEmpty(RpId);
+        [JsonIgnore]
         public string LaunchUri => $"https://{RpId}";
 
         public bool IsUniqueAgainst(Fido2CredentialView fido2View) => fido2View?.RpId != RpId || fido2View?.UserName != UserName;

src/Core/Pages/Accounts/EnvironmentPage.xaml

@@ -21,6 +21,10 @@
     <ScrollView>
         <StackLayout Spacing="20">
             <StackLayout StyleClass="box">
+                <StackLayout StyleClass="box-row-header">
+                    <Label Text="MAUI APP"
+                           StyleClass="box-header, box-header-platform" />
+                </StackLayout>
                 <StackLayout StyleClass="box-row-header">
                     <Label Text="{u:I18n SelfHostedEnvironment, Header=True}"
                            StyleClass="box-header, box-header-platform" />

src/Core/Pages/Accounts/EnvironmentPage.xaml.cs

@@ -1,7 +1,6 @@
 using Bit.Core.Abstractions;
 using Bit.Core.Resources.Localization;
 using Bit.Core.Utilities;
-using Microsoft.Maui.Platform;
 
 namespace Bit.App.Pages
 {
@@ -27,7 +26,7 @@ namespace Bit.App.Pages
             _apiEntry.ReturnCommand = new Command(() => _identityEntry.Focus());
             _identityEntry.ReturnType = ReturnType.Next;
             _identityEntry.ReturnCommand = new Command(() => _iconsEntry.Focus());
-            _vm.SubmitSuccessTask = () => MainThread.InvokeOnMainThreadAsync(SubmitSuccessAsync);
+            _vm.SubmitSuccessAction = () => MainThread.BeginInvokeOnMainThread(async () => await SubmitSuccessAsync());
             _vm.CloseAction = async () =>
             {
                 await Navigation.PopModalAsync();
@@ -38,12 +37,6 @@ namespace Bit.App.Pages
         {
             _platformUtilsService.ShowToast("success", null, AppResources.EnvironmentSaved);
             await Navigation.PopModalAsync();
-#if ANDROID
-            if (Platform.CurrentActivity.CurrentFocus != null)
-            {
-                Platform.CurrentActivity.HideKeyboard(Platform.CurrentActivity.CurrentFocus);
-            }
-#endif
         }
 
         private void Close_Clicked(object sender, EventArgs e)

src/Core/Pages/Accounts/EnvironmentPageViewModel.cs

@@ -44,7 +44,7 @@ namespace Bit.App.Pages
         public string WebVaultUrl { get; set; }
         public string IconsUrl { get; set; }
         public string NotificationsUrls { get; set; }
-        public Func<Task> SubmitSuccessTask { get; set; }
+        public Action SubmitSuccessAction { get; set; }
         public Action CloseAction { get; set; }
 
         public async Task SubmitAsync()
@@ -73,10 +73,7 @@ namespace Bit.App.Pages
             IconsUrl = resUrls.Icons;
             NotificationsUrls = resUrls.Notifications;
 
-            if (SubmitSuccessTask != null)
-            {
-                await SubmitSuccessTask();
-            }
+            SubmitSuccessAction?.Invoke();
         }
 
         public bool ValidateUrls()

src/Core/Pages/Accounts/HomePage.xaml.cs

@@ -12,14 +12,12 @@ namespace Bit.App.Pages
         private readonly HomeViewModel _vm;
         private readonly AppOptions _appOptions;
         private IBroadcasterService _broadcasterService;
-        private IConditionedAwaiterManager _conditionedAwaiterManager;
 
         readonly LazyResolve<ILogger> _logger = new LazyResolve<ILogger>();
 
         public HomePage(AppOptions appOptions = null)
         {
             _broadcasterService = ServiceContainer.Resolve<IBroadcasterService>();
-            _conditionedAwaiterManager = ServiceContainer.Resolve<IConditionedAwaiterManager>();
             _appOptions = appOptions;
             InitializeComponent();
             _vm = BindingContext as HomeViewModel;
@@ -58,8 +56,6 @@ namespace Bit.App.Pages
                 PerformNavigationOnAccountChangedOnLoad = false;
                 accountsManager.NavigateOnAccountChangeAsync().FireAndForget();
             }
-
-            _conditionedAwaiterManager.SetAsCompleted(AwaiterPrecondition.AndroidWindowCreated);
 #endif
         }
 

src/Core/Pages/Accounts/LockPage.xaml.cs

@@ -233,7 +233,6 @@ namespace Bit.App.Pages
             }
             var previousPage = await AppHelpers.ClearPreviousPage();
 
-            _appOptions.HasJustLoggedInOrUnlocked = true;
             App.MainPage = new TabsPage(_appOptions, previousPage);
         }
     }

src/Core/Pages/Accounts/LoginApproveDevicePage.xaml.cs

@@ -35,8 +35,6 @@ namespace Bit.App.Pages
             {
                 return;
             }
-            
-            _appOptions.HasJustLoggedInOrUnlocked = true;
             var previousPage = await AppHelpers.ClearPreviousPage();
             App.MainPage = new TabsPage(_appOptions, previousPage);
         }

src/Core/Pages/Accounts/LoginPage.xaml.cs

@@ -195,8 +195,6 @@ namespace Bit.App.Pages
                 {
                     return;
                 }
-                
-                _appOptions.HasJustLoggedInOrUnlocked = true;
                 var previousPage = await AppHelpers.ClearPreviousPage();
                 App.MainPage = new TabsPage(_appOptions, previousPage);
             }

src/Core/Pages/Accounts/LoginPasswordlessPage.xaml

@@ -39,7 +39,7 @@
                     FontSize="Small"
                     FontAttributes="Bold"/>
                 <controls:MonoLabel
-                    Text="{Binding LoginRequest.FingerprintPhrase}"
+                    FormattedText="{Binding LoginRequest.FingerprintPhrase}"
                     FontSize="Medium"
                     TextColor="{DynamicResource FingerprintPhrase}"
                     Margin="0,0,0,27"
@@ -85,6 +85,7 @@
         <Button
                 Text="{u:I18n DenyLogIn}"
                 Command="{Binding RejectRequestCommand}"
+                StyleClass="btn-secundary"
                 AutomationId="DenyLoginButton" />
 
     </StackLayout>

src/Core/Pages/Accounts/LoginPasswordlessRequestPage.xaml

@@ -41,7 +41,7 @@
                 FontSize="Small"
                 FontAttributes="Bold" />
             <controls:MonoLabel
-                Text="{Binding FingerprintPhrase}"
+                FormattedText="{Binding FingerprintPhrase}"
                 FontSize="Small"
                 TextColor="{DynamicResource FingerprintPhrase}"
                 AutomationId="FingerprintPhraseValue" />

src/Core/Pages/Accounts/LoginPasswordlessRequestPage.xaml.cs

@@ -55,8 +55,6 @@ namespace Bit.App.Pages
                 {
                     return;
                 }
-                
-                _appOptions.HasJustLoggedInOrUnlocked = true;
                 var previousPage = await AppHelpers.ClearPreviousPage();
                 App.MainPage = new TabsPage(_appOptions, previousPage);
             }

src/Core/Pages/Accounts/LoginSsoPage.xaml.cs

@@ -21,7 +21,6 @@ namespace Bit.App.Pages
             InitializeComponent();
             _vm = BindingContext as LoginSsoPageViewModel;
             _vm.Page = this;
-            _vm.FromIosExtension = _appOptions?.IosExtension ?? false;
             _vm.StartTwoFactorAction = () => MainThread.BeginInvokeOnMainThread(async () => await StartTwoFactorAsync());
             _vm.StartSetPasswordAction = () =>
                 MainThread.BeginInvokeOnMainThread(async () => await StartSetPasswordAsync());

src/Core/Pages/Accounts/LoginSsoPageViewModel.cs

@@ -15,16 +15,6 @@ using Bit.Core.Utilities;
 using Microsoft.Maui.Authentication;
 using Microsoft.Maui.Networking;
 using NetworkAccess = Microsoft.Maui.Networking.NetworkAccess;
-using Org.BouncyCastle.Asn1.Ocsp;
-
-#if IOS
-using AuthenticationServices;
-using Foundation;
-using UIKit;
-using WebAuthenticator = Bit.Core.Utilities.MAUI.WebAuthenticator;
-using WebAuthenticatorResult = Bit.Core.Utilities.MAUI.WebAuthenticatorResult;
-using WebAuthenticatorOptions = Bit.Core.Utilities.MAUI.WebAuthenticatorOptions;
-#endif
 
 namespace Bit.App.Pages
 {
@@ -74,8 +64,6 @@ namespace Bit.App.Pages
             set => SetProperty(ref _orgIdentifier, value);
         }
 
-        public bool FromIosExtension { get; set; }
-
         public ICommand LogInCommand { get; }
         public Action StartTwoFactorAction { get; set; }
         public Action StartSetPasswordAction { get; set; }
@@ -165,9 +153,6 @@ namespace Bit.App.Pages
                     CallbackUrl = new Uri(REDIRECT_URI),
                     Url = new Uri(url),
                     PrefersEphemeralWebBrowserSession = _useEphemeralWebBrowserSession,
-#if IOS
-                    ShouldUseSharedApplicationKeyWindow = FromIosExtension
-#endif
                 });
 
                 var code = GetResultCode(authResult, state);

src/Core/Pages/Accounts/SetPasswordPage.xaml.cs

@@ -71,8 +71,6 @@ namespace Bit.App.Pages
                 {
                     return;
                 }
-                
-                _appOptions.HasJustLoggedInOrUnlocked = true;
                 var previousPage = await AppHelpers.ClearPreviousPage();
                 App.MainPage = new TabsPage(_appOptions, previousPage);
             }

src/Core/Pages/Accounts/TwoFactorPage.xaml

@@ -132,26 +132,14 @@
                     </StackLayout>
                 </StackLayout>
             </StackLayout>
-            <StackLayout
-                Spacing="0"
-                Padding="0"
-                IsVisible="{Binding DuoMethod, Mode=OneWay}"
-                VerticalOptions="FillAndExpand">
-                <Label
-                    StyleClass="box"
-                    Text="{Binding DuoFramelessLabel}"
-                    HorizontalOptions="StartAndExpand" 
-                    Margin="10,21"
-                    IsVisible="{Binding IsDuoFrameless}"/>
+            <StackLayout Spacing="0" Padding="0" IsVisible="{Binding DuoMethod, Mode=OneWay}"
+                         VerticalOptions="StartAndExpand">
                 <controls:HybridWebView
                     x:Name="_duoWebView"
                     HorizontalOptions="FillAndExpand"
                     VerticalOptions="FillAndExpand"
-                    HeightRequest="{Binding DuoWebViewHeight, Mode=OneWay}"
-                    IsVisible="{Binding IsDuoFrameless, Converter={StaticResource inverseBool}}"/>
-                <StackLayout
-                    StyleClass="box"
-                    VerticalOptions="End">
+                    HeightRequest="{Binding DuoWebViewHeight, Mode=OneWay}" />
+                <StackLayout StyleClass="box" VerticalOptions="End">
                     <StackLayout StyleClass="box-row, box-row-switch">
                         <Label
                             Text="{u:I18n RememberMe}"
@@ -163,12 +151,6 @@
                             HorizontalOptions="End" />
                     </StackLayout>
                 </StackLayout>
-                <Button Text="{u:I18n LaunchDuo}"
-                    Margin="10,21"
-                    StyleClass="btn-primary"
-                    Command="{Binding AuthenticateWithDuoFramelessCommand}"
-                    AutomationId="DuoFramelessButton"
-                    IsVisible="{Binding IsDuoFrameless}"/>
             </StackLayout>
             <StackLayout
                 Spacing="0"

src/Core/Pages/Accounts/TwoFactorPage.xaml.cs

@@ -206,8 +206,6 @@ namespace Bit.App.Pages
             {
                 return;
             }
-
-            _appOptions.HasJustLoggedInOrUnlocked = true;
             var previousPage = await AppHelpers.ClearPreviousPage();
             App.MainPage = new TabsPage(_appOptions, previousPage);
         }

src/Core/Pages/Accounts/TwoFactorPageViewModel.cs

@@ -2,7 +2,6 @@
 using System.Windows.Input;
 using Bit.App.Abstractions;
 using Bit.App.Utilities;
-using Bit.Core;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
@@ -35,7 +34,6 @@ namespace Bit.App.Pages
         private string _webVaultUrl = "https://vault.bitwarden.com";
         private bool _enableContinue = false;
         private bool _showContinue = true;
-        private bool _isDuoFrameless = false;
         private double _duoWebViewHeight;
 
         public TwoFactorPageViewModel()
@@ -58,7 +56,6 @@ namespace Bit.App.Pages
             PageTitle = AppResources.TwoStepLogin;
             SubmitCommand = CreateDefaultAsyncRelayCommand(() => MainThread.InvokeOnMainThreadAsync(async () => await SubmitAsync()), allowsMultipleExecutions: false);
             MoreCommand = CreateDefaultAsyncRelayCommand(MoreAsync, onException: _logger.Exception, allowsMultipleExecutions: false);
-            AuthenticateWithDuoFramelessCommand = CreateDefaultAsyncRelayCommand(DuoFramelessAuthenticateAsync, allowsMultipleExecutions: false);
         }
 
         public string TotpInstruction
@@ -106,16 +103,6 @@ namespace Bit.App.Pages
             set => SetProperty(ref _enableContinue, value);
         }
 
-        public bool IsDuoFrameless
-        {
-            get => _isDuoFrameless;
-            set => SetProperty(ref _isDuoFrameless, value, additionalPropertyNames: new string[] { nameof(DuoFramelessLabel) });
-        }
-
-        public string DuoFramelessLabel => SelectedProviderType == TwoFactorProviderType.OrganizationDuo ?
-            $"{AppResources.DuoTwoStepLoginIsRequiredForYourAccount} {AppResources.FollowTheStepsFromDuoToFinishLoggingIn}" :
-            AppResources.FollowTheStepsFromDuoToFinishLoggingIn;
-
 #if IOS
         public string YubikeyInstruction => AppResources.YubiKeyInstructionIos;
 #else
@@ -138,7 +125,6 @@ namespace Bit.App.Pages
         }
         public ICommand SubmitCommand { get; }
         public ICommand MoreCommand { get; }
-        public ICommand AuthenticateWithDuoFramelessCommand { get; }
         public Action TwoFactorAuthSuccessAction { get; set; }
         public Action LockAction { get; set; }
         public Action StartDeviceApprovalOptionsAction { get; set; }
@@ -193,29 +179,15 @@ namespace Bit.App.Pages
                     break;
                 case TwoFactorProviderType.Duo:
                 case TwoFactorProviderType.OrganizationDuo:
-                    IsDuoFrameless = providerData.ContainsKey("AuthUrl");
-                    if (!IsDuoFrameless)
+                    SetDuoWebViewHeight();
+                    var host = WebUtility.UrlEncode(providerData["Host"] as string);
+                    var req = WebUtility.UrlEncode(providerData["Signature"] as string);
+                    page.DuoWebView.Uri = $"{_webVaultUrl}/duo-connector.html?host={host}&request={req}";
+                    page.DuoWebView.RegisterAction(sig =>
                     {
-                        SetDuoWebViewHeight();
-                        var host = WebUtility.UrlEncode(providerData["Host"] as string);
-                        var req = WebUtility.UrlEncode(providerData["Signature"] as string);
-                        page.DuoWebView.Uri = $"{_webVaultUrl}/duo-connector.html?host={host}&request={req}";
-                        page.DuoWebView.RegisterAction(sig =>
-                        {
-                            Token = sig;
-                            MainThread.BeginInvokeOnMainThread(async () =>
-                            {
-                                try
-                                {
-                                    await SubmitAsync();
-                                }
-                                catch (Exception ex)
-                                {
-                                    HandleException(ex);
-                                }
-                            });
-                        });
-                    }
+                        Token = sig;
+                        SubmitCommand.Execute(null);
+                    });
                     break;
                 case TwoFactorProviderType.Email:
                     TotpInstruction = string.Format(AppResources.EnterVerificationCodeEmail,
@@ -239,77 +211,6 @@ namespace Bit.App.Pages
             ShowContinue = !(SelectedProviderType == null || DuoMethod || Fido2Method);
         }
 
-        private async Task DuoFramelessAuthenticateAsync()
-        {
-            await _deviceActionService.ShowLoadingAsync(AppResources.Validating);
-
-            if (!_authService.TwoFactorProvidersData.TryGetValue(SelectedProviderType.Value, out var providerData) ||
-                !providerData.TryGetValue("AuthUrl", out var urlObject))
-            {
-                throw new InvalidOperationException("Duo authentication error: Could not get ProviderData or AuthUrl");
-            }
-
-            var url = urlObject as string;
-            if (string.IsNullOrWhiteSpace(url))
-            {
-                throw new ArgumentNullException("Duo authentication error: Could not get valid auth url");
-            }
-
-            WebAuthenticatorResult authResult;
-            try
-            {
-                authResult = await WebAuthenticator.AuthenticateAsync(new WebAuthenticatorOptions
-                {
-                    Url = new Uri(url),
-                    CallbackUrl = new Uri(Constants.DuoCallback)
-                });
-            }
-            catch (TaskCanceledException)
-            {
-                // user canceled
-                await _deviceActionService.HideLoadingAsync();
-                return;
-            }
-
-            await _deviceActionService.HideLoadingAsync();
-            if (authResult == null || authResult.Properties == null)
-            {
-                throw new InvalidOperationException("Duo authentication error: Could not get result from authentication");
-            }
-
-            if (authResult.Properties.TryGetValue("error", out var resultError))
-            {
-                _logger.Error(resultError);
-                await _platformUtilsService.ShowDialogAsync(AppResources.AnErrorHasOccurred, AppResources.Ok);
-                return;
-            }
-
-            string code = null;
-            if (authResult.Properties.TryGetValue("code", out var resultCodeData))
-            {
-                code = Uri.UnescapeDataString(resultCodeData);
-            }
-
-            if (string.IsNullOrWhiteSpace(code))
-            {
-                throw new ArgumentException("Duo authentication error: response code is null or empty/whitespace");
-            }
-
-            string state = null;
-            if (authResult.Properties.TryGetValue("state", out var resultStateData))
-            {
-                state = Uri.UnescapeDataString(resultStateData);
-            }
-
-            if (string.IsNullOrWhiteSpace(state))
-            {
-                throw new ArgumentException("Duo authentication error: response state is null or empty/whitespace");
-            }
-
-            Token = $"{code}|{state}";
-            await SubmitAsync(true);
-        }
-        
         public void SetDuoWebViewHeight()
         {
             var screenHeight = DeviceDisplay.MainDisplayInfo.Height / DeviceDisplay.MainDisplayInfo.Density;

src/Core/Pages/AndroidNavigationRedirectPage.xaml.cs

@@ -1,40 +1,20 @@
 using Bit.App.Abstractions;
-using Bit.App.Models;
-using Bit.App.Pages;
-using Bit.Core.Abstractions;
-using Bit.Core.Services;
 using Bit.Core.Utilities;
 
 namespace Bit.Core.Pages;
 
 public partial class AndroidNavigationRedirectPage : ContentPage
 {
-    private AppOptions _options;
-	public AndroidNavigationRedirectPage(AppOptions options)
-    {
-        _options = options ?? new AppOptions();
+    private readonly IAccountsManager _accountsManager;
 
+	public AndroidNavigationRedirectPage()
+    {
+        _accountsManager = ServiceContainer.Resolve<IAccountsManager>("accountsManager");
 		InitializeComponent();
 	}
 
     private void AndroidNavigationRedirectPage_OnLoaded(object sender, EventArgs e)
     {
-        if (ServiceContainer.TryResolve<IAccountsManager>(out var accountsManager))
-        {
-            accountsManager.NavigateOnAccountChangeAsync().FireAndForget();
-        }
-        else
-        {
-            Bit.App.App.MainPage = new NavigationPage(new HomePage(_options)); //Fallback scenario to load HomePage just in case something goes wrong when resolving IAccountsManager
-        }
-
-        if (ServiceContainer.TryResolve<IConditionedAwaiterManager>(out var conditionedAwaiterManager))
-        {
-            conditionedAwaiterManager?.SetAsCompleted(AwaiterPrecondition.AndroidWindowCreated);
-        }
-        else
-        {
-            LoggerHelper.LogEvenIfCantBeResolved(new InvalidOperationException("ConditionedAwaiterManager can't be resolved on Android Navigation redirection"));
-        }
+        _accountsManager.NavigateOnAccountChangeAsync().FireAndForget();
     }
 }

src/Core/Pages/Send/SendAddEditPage.xaml

@@ -266,8 +266,6 @@
                                 AutomationId="SendShowHideOptionsButton" />
                             <controls:IconButton
                                 x:Name="_btnOptionsUp"
-                                InputTransparent="True"
-                                MinimumWidthRequest="25"
                                 Text="{Binding Source={x:Static core:BitwardenIcons.ChevronUp}}"
                                 StyleClass="box-row-button"
                                 TextColor="{DynamicResource PrimaryColor}"
@@ -276,8 +274,6 @@
                                 AutomationId="SendOptionsDisplayed" />
                             <controls:IconButton
                                 x:Name="_btnOptionsDown"
-                                InputTransparent="True"
-                                MinimumWidthRequest="25"
                                 Text="{Binding Source={x:Static core:BitwardenIcons.AngleDown}}"
                                 StyleClass="box-row-button"
                                 TextColor="{DynamicResource PrimaryColor}"

src/Core/Pages/Send/SendGroupingsPage/SendGroupingsPage.xaml

@@ -50,7 +50,6 @@
                           x:DataType="pages:SendGroupingsPageListItem">
                 <controls:ExtendedStackLayout Orientation="Horizontal" 
                                               StyleClass="list-row, list-row-platform"
-                                              Spacing="6"
                                               AutomationId="{Binding AutomationId}">
                     <controls:IconLabel Text="{Binding Icon, Mode=OneWay}"
                                       HorizontalOptions="Start"

src/Core/Pages/Settings/AboutSettingsPageViewModel.cs

@@ -68,7 +68,8 @@ namespace Bit.App.Pages
         {
             get
             {
-                var appInfo = string.Format("{0}: {1} ({2})",
+                // TODO: REMOVE WHEN MERGED INTO MAIN BRANCH
+                var appInfo = string.Format("MAUI {0}: {1} ({2})",
                     AppResources.Version,
                     _platformUtilsService.GetApplicationVersion(),
                     _deviceActionService.GetBuildNumber());

src/Core/Pages/Settings/AutofillSettingsPage.xaml

@@ -19,6 +19,15 @@
                 Text="{u:I18n Autofill}"
                 StyleClass="settings-header" />
 
+            <controls:SwitchItemView
+                Title="{u:I18n CredentialProviderService}"
+                Subtitle="{u:I18n CredentialProviderServiceExplanationLong}"
+                IsVisible="{Binding SupportsCredentialProviderService}"
+                IsToggled="{Binding UseCredentialProviderService}"
+                AutomationId="CredentialProviderServiceSwitch"
+                StyleClass="settings-item-view"
+                HorizontalOptions="FillAndExpand" />
+
             <controls:SwitchItemView
                 Title="{u:I18n AutofillServices}"
                 Subtitle="{u:I18n AutofillServicesExplanationLong}"

src/Core/Pages/Settings/AutofillSettingsPageViewModel.android.cs

@@ -6,12 +6,27 @@ namespace Bit.App.Pages
 {
     public partial class AutofillSettingsPageViewModel
     {
+        private bool _useCredentialProviderService;
         private bool _useAutofillServices;
         private bool _useInlineAutofill;
         private bool _useAccessibility;
         private bool _useDrawOver;
         private bool _askToAddLogin;
 
+        public bool SupportsCredentialProviderService => DeviceInfo.Platform == DevicePlatform.Android && _deviceActionService.SupportsCredentialProviderService();
+
+        public bool UseCredentialProviderService
+        {
+            get => _useCredentialProviderService;
+            set
+            {
+                if (SetProperty(ref _useCredentialProviderService, value))
+                {
+                    ((ICommand)ToggleUseCredentialProviderServiceCommand).Execute(null);
+                }
+            }
+        }
+
         public bool SupportsAndroidAutofillServices => DeviceInfo.Platform == DevicePlatform.Android && _deviceActionService.SupportsAutofillServices();
 
         public bool UseAutofillServices
@@ -84,6 +99,7 @@ namespace Bit.App.Pages
             }
         }
 
+        public AsyncRelayCommand ToggleUseCredentialProviderServiceCommand { get; private set; }
         public AsyncRelayCommand ToggleUseAutofillServicesCommand { get; private set; }
         public AsyncRelayCommand ToggleUseInlineAutofillCommand { get; private set; }
         public AsyncRelayCommand ToggleUseAccessibilityCommand { get; private set; }
@@ -93,6 +109,7 @@ namespace Bit.App.Pages
 
         private void InitAndroidCommands()
         {
+            ToggleUseCredentialProviderServiceCommand = CreateDefaultAsyncRelayCommand(() => MainThread.InvokeOnMainThreadAsync(() => ToggleUseCredentialProviderService()), () => _inited, allowsMultipleExecutions: false);
             ToggleUseAutofillServicesCommand = CreateDefaultAsyncRelayCommand(() => MainThread.InvokeOnMainThreadAsync(() => ToggleUseAutofillServices()), () => _inited, allowsMultipleExecutions: false);
             ToggleUseInlineAutofillCommand = CreateDefaultAsyncRelayCommand(() => MainThread.InvokeOnMainThreadAsync(() => ToggleUseInlineAutofillEnabledAsync()), () => _inited, allowsMultipleExecutions: false);
             ToggleUseAccessibilityCommand = CreateDefaultAsyncRelayCommand(ToggleUseAccessibilityAsync, () => _inited, allowsMultipleExecutions: false);
@@ -115,6 +132,9 @@ namespace Bit.App.Pages
 
         private async Task UpdateAndroidAutofillSettingsAsync()
         {
+            // TODO - uncomment once _autofillHandler.CredentialProviderServiceEnabled() returns a real value
+            // _useCredentialProviderService = 
+            //     SupportsCredentialProviderService && _autofillHandler.CredentialProviderServiceEnabled();
             _useAutofillServices =
                 _autofillHandler.SupportsAutofillService() && _autofillHandler.AutofillServiceEnabled();
             _useAccessibility = _autofillHandler.AutofillAccessibilityServiceRunning();
@@ -123,6 +143,7 @@ namespace Bit.App.Pages
 
             await MainThread.InvokeOnMainThreadAsync(() =>
             {
+                TriggerPropertyChanged(nameof(UseCredentialProviderService));
                 TriggerPropertyChanged(nameof(UseAutofillServices));
                 TriggerPropertyChanged(nameof(UseAccessibility));
                 TriggerPropertyChanged(nameof(UseDrawOver));
@@ -130,6 +151,18 @@ namespace Bit.App.Pages
             });
         }
 
+        private void ToggleUseCredentialProviderService()
+        {
+            if (UseCredentialProviderService)
+            {
+                _deviceActionService.OpenCredentialProviderSettings();
+            }
+            else
+            {
+                _autofillHandler.DisableCredentialProviderService();
+            }
+        }
+
         private void ToggleUseAutofillServices()
         {
             if (UseAutofillServices)

src/Core/Pages/Settings/LoginPasswordlessRequestsListPage.xaml

@@ -37,9 +37,10 @@
                         <Label
                             Text="{u:I18n FingerprintPhrase}"
                             FontSize="Small"
+                            Padding="0, 10, 0 ,0"
                             FontAttributes="Bold"/>
                         <controls:MonoLabel
-                            Text="{Binding FingerprintPhrase}"
+                            FormattedText="{Binding FingerprintPhrase}"
                             Grid.Row="1"
                             Grid.ColumnSpan="2"
                             FontSize="Small"
@@ -69,70 +70,64 @@
                             Grid.ColumnSpan="2"/>
                     </Grid>
 	        </DataTemplate>
+
+            <StackLayout
+                x:Key="mainLayout"
+                x:Name="_mainLayout"
+                Padding="0, 10">
+                <RefreshView
+                    IsRefreshing="{Binding IsRefreshing}"
+                    Command="{Binding RefreshCommand}"
+                    VerticalOptions="FillAndExpand"
+                    BackgroundColor="{DynamicResource BackgroundColor}">
+                    <StackLayout>
+                        <Image
+                            x:Name="_emptyPlaceholder"
+                            Source="empty_login_requests"
+                            HorizontalOptions="Center"
+                            WidthRequest="160"
+                            HeightRequest="160"
+                            Margin="0,70,0,0"
+                            IsVisible="{Binding HasLoginRequests, Converter={StaticResource inverseBool}}"
+                            SemanticProperties.Description="{u:I18n NoPendingRequests}" />
+                        <controls:CustomLabel
+                            StyleClass="box-label-regular"
+                            Text="{u:I18n NoPendingRequests}"
+                            IsVisible="{Binding HasLoginRequests, Converter={StaticResource inverseBool}}"
+                            FontAttributes="{OnPlatform iOS=Bold}"
+                            FontWeight="500"
+                            HorizontalTextAlignment="Center"
+                            Margin="14,10,14,0"/>
+                        <controls:ExtendedCollectionView
+                            ItemsSource="{Binding LoginRequests}"
+                            ItemTemplate="{StaticResource loginRequestTemplate}"
+                            SelectionMode="Single"
+                            IsVisible="{Binding HasLoginRequests}"
+                            ExtraDataForLogging="Login requests page" >
+                            <controls:ExtendedCollectionView.Behaviors>
+                                <xct:EventToCommandBehavior
+                                    EventName="SelectionChanged"
+                                    Command="{Binding AnswerRequestCommand}"
+                                    EventArgsConverter="{StaticResource SelectionChangedEventArgsConverter}" />
+                            </controls:ExtendedCollectionView.Behaviors>
+                        </controls:ExtendedCollectionView>
+                    </StackLayout>
+                </RefreshView>
+                <controls:IconLabelButton
+                        VerticalOptions="End"
+                        Margin="10,0"
+                        Icon="{Binding Source={x:Static core:BitwardenIcons.Trash}}"
+                        Label="{u:I18n DeclineAllRequests}"
+                        ButtonCommand="{Binding DeclineAllRequestsCommand}"
+                        IsVisible="{Binding HasLoginRequests}"
+                        AutomationId="DeleteAllRequestsButton" />
+            </StackLayout>
         </ResourceDictionary>
     </ContentPage.Resources>
 
-    <Grid
-        RowDefinitions="*, Auto"
-        Padding="0, 10">
-        <RefreshView
-            Grid.Row="0"
-            IsRefreshing="{Binding IsRefreshing}"
-            Command="{Binding RefreshCommand}"
-            VerticalOptions="Fill"
-            BackgroundColor="{DynamicResource BackgroundColor}">
-            <Grid RowDefinitions="Auto, *">
-                <VerticalStackLayout Grid.Row="0" 
-                                     HorizontalOptions="Center">
-                    <Image
-                        x:Name="_emptyPlaceholder"
-                        Source="empty_login_requests"
-                        WidthRequest="160"
-                        HeightRequest="160"
-                        Margin="0,70,0,0"
-                        IsVisible="{Binding HasLoginRequests, Converter={StaticResource inverseBool}}"
-                        SemanticProperties.Description="{u:I18n NoPendingRequests}" />
-                    <controls:CustomLabel
-                        StyleClass="box-label-regular"
-                        Text="{u:I18n NoPendingRequests}"
-                        IsVisible="{Binding HasLoginRequests, Converter={StaticResource inverseBool}}"
-                        FontAttributes="{OnPlatform iOS=Bold}"
-                        FontWeight="500"
-                        Margin="14,10,14,0"/>
-                </VerticalStackLayout>
-                <controls:ExtendedCollectionView
-                    Grid.Row="1"
-                    ItemsSource="{Binding LoginRequests}"
-                    ItemTemplate="{StaticResource loginRequestTemplate}"
-                    SelectionMode="Single"
-                    IsVisible="{Binding HasLoginRequests}"
-                    ExtraDataForLogging="Login requests page" >
-                    <controls:ExtendedCollectionView.Behaviors>
-                        <xct:EventToCommandBehavior
-                            EventName="SelectionChanged"
-                            Command="{Binding AnswerRequestCommand}"
-                            EventArgsConverter="{StaticResource SelectionChangedEventArgsConverter}" />
-                    </controls:ExtendedCollectionView.Behaviors>
-                </controls:ExtendedCollectionView>
-            </Grid>
-        </RefreshView>
-        
-        <controls:IconLabelButton
-            Grid.Row="1"
-            VerticalOptions="End"
-            Margin="10,0"
-            Icon="{Binding Source={x:Static core:BitwardenIcons.Trash}}"
-            Label="{u:I18n DeclineAllRequests}"
-            ButtonCommand="{Binding DeclineAllRequestsCommand}"
-            IsVisible="{Binding HasLoginRequests}"
-            AutomationId="DeleteAllRequestsButton" />
-
-        <Grid x:Name="_activityIndicatorGrid" Grid.Row="0" Grid.RowSpan="2" BackgroundColor="{DynamicResource BackgroundColor}">
-            <ActivityIndicator IsRunning="True"
-                               VerticalOptions="Center" 
-                               HorizontalOptions="Center" />
-        </Grid>
-    </Grid>
+    <ContentView 
+        x:Name="_mainContent">
+    </ContentView>
 
 </pages:BaseContentPage>
 

src/Core/Pages/Settings/LoginPasswordlessRequestsListPage.xaml.cs

@@ -5,7 +5,6 @@ using System.Threading.Tasks;
 using Bit.App.Utilities;
 using Bit.Core.Abstractions;
 using Bit.Core.Models.Response;
-using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Microsoft.Maui.ApplicationModel;
 using Microsoft.Maui.Controls;
@@ -20,6 +19,7 @@ namespace Bit.App.Pages
         public LoginPasswordlessRequestsListPage()
         {
             InitializeComponent();
+            SetActivityIndicator(_mainContent);
             _vm = BindingContext as LoginPasswordlessRequestsListViewModel;
             _vm.Page = this;
         }
@@ -27,21 +27,9 @@ namespace Bit.App.Pages
         protected override async void OnAppearing()
         {
             base.OnAppearing();
-            try
-            {
-                _activityIndicatorGrid.IsVisible = true;
+            await LoadOnAppearedAsync(_mainLayout, false, _vm.RefreshAsync, _mainContent);
 
-                await _vm.RefreshAsync();
-                UpdatePlaceholder();
-            }
-            catch (Exception ex)
-            {
-                LoggerHelper.LogEvenIfCantBeResolved(ex);
-            }
-            finally
-            {
-                _activityIndicatorGrid.IsVisible = false;
-            }
+            UpdatePlaceholder();
         }
 
         private async void Close_Clicked(object sender, System.EventArgs e)

src/Core/Pages/Settings/LoginPasswordlessRequestsListViewModel.cs

@@ -66,6 +66,7 @@ namespace Bit.App.Pages
         {
             try
             {
+                IsRefreshing = true;
                 LoginRequests.ReplaceRange(await _authService.GetActivePasswordlessLoginRequestsAsync());
             }
             catch (Exception ex)
@@ -107,7 +108,7 @@ namespace Bit.App.Pages
                 Origin = loginRequestData.Origin
             });
 
-            await MainThread.InvokeOnMainThreadAsync(() => Application.Current.MainPage.Navigation.PushModalAsync(new NavigationPage(page)));
+            await Device.InvokeOnMainThreadAsync(() => Application.Current.MainPage.Navigation.PushModalAsync(new NavigationPage(page)));
         }
 
         private async Task DeclineAllRequestsAsync()

src/Core/Pages/TabsPage.cs

@@ -33,7 +33,7 @@ namespace Bit.App.Pages
             _keyConnectorService = ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService");
             _stateService = ServiceContainer.Resolve<IStateService>();
 
-            _groupingsPage = new NavigationPage(new GroupingsPage(true, previousPage: previousPage, appOptions: appOptions))
+            _groupingsPage = new NavigationPage(new GroupingsPage(true, previousPage: previousPage))
             {
                 Title = AppResources.MyVault,
                 IconImageSource = "lock.png"
@@ -96,14 +96,6 @@ namespace Bit.App.Pages
                     if (message.Command == "syncCompleted")
                     {
                         MainThread.BeginInvokeOnMainThread(async () => await UpdateVaultButtonTitleAsync());
-                        try
-                        {
-                            await ForcePasswordResetIfNeededAsync();
-                        }
-                        catch (Exception ex)
-                        {
-                            _logger.Value.Exception(ex);
-                        }
                     }
                 });
                 await UpdateVaultButtonTitleAsync();

src/Core/Pages/Vault/GroupingsPage/GroupingsPage.xaml.cs

@@ -1,6 +1,5 @@
 using Bit.App.Abstractions;
 using Bit.App.Controls;
-using Bit.App.Models;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
@@ -28,7 +27,7 @@ namespace Bit.App.Pages
 
         public GroupingsPage(bool mainPage, CipherType? type = null, string folderId = null,
             string collectionId = null, string pageTitle = null, string vaultFilterSelection = null,
-            PreviousPageInfo previousPage = null, bool deleted = false, bool showTotp = false, AppOptions appOptions = null)
+            PreviousPageInfo previousPage = null, bool deleted = false, bool showTotp = false)
         {
             _pageName = string.Concat(nameof(GroupingsPage), "_", DateTime.UtcNow.Ticks);
             InitializeComponent();
@@ -51,7 +50,6 @@ namespace Bit.App.Pages
             _vm.CollectionId = collectionId;
             _vm.Deleted = deleted;
             _vm.ShowTotp = showTotp;
-            _vm.AppOptions = appOptions;
             _previousPage = previousPage;
             if (pageTitle != null)
             {
@@ -162,8 +160,6 @@ namespace Bit.App.Pages
                     return;
                 }
 
-                await _vm.CheckOrganizationUnassignedItemsAsync();
-
                 // Push registration
                 var lastPushRegistration = await _stateService.GetPushLastRegistrationDateAsync();
                 lastPushRegistration = lastPushRegistration.GetValueOrDefault(DateTime.MinValue);

src/Core/Pages/Vault/GroupingsPage/GroupingsPageViewModel.cs

@@ -1,7 +1,6 @@
 using System.Windows.Input;
 using Bit.App.Abstractions;
 using Bit.App.Controls;
-using Bit.App.Models;
 using Bit.App.Utilities;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
@@ -46,8 +45,6 @@ namespace Bit.App.Pages
         private readonly IPasswordRepromptService _passwordRepromptService;
         private readonly IOrganizationService _organizationService;
         private readonly IPolicyService _policyService;
-        private readonly IConfigService _configService;
-        private readonly IEnvironmentService _environmentService;
         private readonly ILogger _logger;
 
         public GroupingsPageViewModel()
@@ -64,8 +61,6 @@ namespace Bit.App.Pages
             _passwordRepromptService = ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService");
             _organizationService = ServiceContainer.Resolve<IOrganizationService>("organizationService");
             _policyService = ServiceContainer.Resolve<IPolicyService>("policyService");
-            _configService = ServiceContainer.Resolve<IConfigService>();
-            _environmentService = ServiceContainer.Resolve<IEnvironmentService>();
             _logger = ServiceContainer.Resolve<ILogger>("logger");
 
             Loading = true;
@@ -109,7 +104,6 @@ namespace Bit.App.Pages
         public List<Core.Models.View.CollectionView> Collections { get; set; }
         public List<TreeNode<Core.Models.View.CollectionView>> NestedCollections { get; set; }
 
-        public AppOptions AppOptions { get; internal set; }
         protected override ICipherService cipherService => _cipherService;
         protected override IPolicyService policyService => _policyService;
         protected override IOrganizationService organizationService => _organizationService;
@@ -705,59 +699,5 @@ namespace Bit.App.Pages
             var folders = decFolders.Where(f => _allCiphers.Any(c => c.FolderId == f.Id)).ToList();
             return folders.Any() ? folders : null;
         }
-
-        internal async Task CheckOrganizationUnassignedItemsAsync()
-        {
-            try
-            {
-                if (AppOptions?.HasJustLoggedInOrUnlocked != true)
-                {
-                    return;
-                }
-
-                AppOptions.HasJustLoggedInOrUnlocked = false;
-
-                if (!await _configService.GetFeatureFlagBoolAsync(Core.Constants.UnassignedItemsBannerFlag)
-                    ||
-                    !await _stateService.GetShouldCheckOrganizationUnassignedItemsAsync())
-                {
-                    return;
-                }
-
-                var waitSyncTask = Task.Run(async () =>
-                {
-                    while (_syncService.SyncInProgress)
-                    {
-                        await Task.Delay(100);
-                    }
-                });
-                await waitSyncTask.WaitAsync(TimeSpan.FromMinutes(5));
-
-                if (!await _cipherService.VerifyOrganizationHasUnassignedItemsAsync())
-                {
-                    return;
-                }
-
-                var message = _environmentService.SelectedRegion == Core.Enums.Region.SelfHosted
-                    ? AppResources.OrganizationUnassignedItemsMessageSelfHost041624DescriptionLong
-                    : AppResources.OrganizationUnassignedItemsMessageUSEUDescriptionLong;
-
-                var response = await _deviceActionService.DisplayAlertAsync(AppResources.Notice,
-                    message,
-                    null,
-                    AppResources.RemindMeLater,
-                    AppResources.Ok);
-
-                if (response == AppResources.Ok)
-                {
-                    await _stateService.SetShouldCheckOrganizationUnassignedItemsAsync(false);
-                }
-            }
-            catch (TimeoutException) { }
-            catch (Exception ex)
-            {
-                _logger.Exception(ex);
-            }
-        }
     }
 }

src/Core/Resources/Localization/AppResources.Designer.cs

@@ -1318,6 +1318,15 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to We were unable to automatically open the Android credential provider settings menu for you. You can navigate to the credential provider settings menu manually from Android Settings &gt; System &gt; Passwords &amp; accounts &gt; Passwords, passkeys and data services..
+        /// </summary>
+        public static string BitwardenCredentialProviderGoToSettings {
+            get {
+                return ResourceManager.GetString("BitwardenCredentialProviderGoToSettings", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Bitwarden Help Center.
         /// </summary>
@@ -1534,6 +1543,15 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Choose a login to save this passkey to.
+        /// </summary>
+        public static string ChooseALoginToSaveThisPasskeyTo {
+            get {
+                return ResourceManager.GetString("ChooseALoginToSaveThisPasskeyTo", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Choose file.
         /// </summary>
@@ -1894,6 +1912,24 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Credential Provider service.
+        /// </summary>
+        public static string CredentialProviderService {
+            get {
+                return ResourceManager.GetString("CredentialProviderService", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The Android Credential Provider is used for managing passkeys for use with websites and other apps on your device..
+        /// </summary>
+        public static string CredentialProviderServiceExplanationLong {
+            get {
+                return ResourceManager.GetString("CredentialProviderServiceExplanationLong", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Credits.
         /// </summary>
@@ -2335,15 +2371,6 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
-        /// <summary>
-        ///   Looks up a localized string similar to Duo two-step login is required for your account. .
-        /// </summary>
-        public static string DuoTwoStepLoginIsRequiredForYourAccount {
-            get {
-                return ResourceManager.GetString("DuoTwoStepLoginIsRequiredForYourAccount", resourceCulture);
-            }
-        }
-        
         /// <summary>
         ///   Looks up a localized string similar to Edit.
         /// </summary>
@@ -3208,15 +3235,6 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
-        /// <summary>
-        ///   Looks up a localized string similar to Follow the steps from Duo to finish logging in..
-        /// </summary>
-        public static string FollowTheStepsFromDuoToFinishLoggingIn {
-            get {
-                return ResourceManager.GetString("FollowTheStepsFromDuoToFinishLoggingIn", resourceCulture);
-            }
-        }
-        
         /// <summary>
         ///   Looks up a localized string similar to {0} is not correctly formatted..
         /// </summary>
@@ -3811,15 +3829,6 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
-        /// <summary>
-        ///   Looks up a localized string similar to Launch Duo.
-        /// </summary>
-        public static string LaunchDuo {
-            get {
-                return ResourceManager.GetString("LaunchDuo", resourceCulture);
-            }
-        }
-        
         /// <summary>
         ///   Looks up a localized string similar to Bitwarden allows you to share your vault items with others by using an organization. Learn more on the bitwarden.com website..
         /// </summary>
@@ -4866,15 +4875,6 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
-        /// <summary>
-        ///   Looks up a localized string similar to Notice.
-        /// </summary>
-        public static string Notice {
-            get {
-                return ResourceManager.GetString("Notice", resourceCulture);
-            }
-        }
-        
         /// <summary>
         ///   Looks up a localized string similar to This account has two-step login set up, however, none of the configured two-step providers are supported on this device. Please use a supported device and/or add additional providers that are better supported across devices (such as an authenticator app)..
         /// </summary>
@@ -5110,24 +5110,6 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
-        /// <summary>
-        ///   Looks up a localized string similar to On May 16, 2024, unassigned organization items will no longer be visible in the All Vaults view and only accessible via the Admin Console. Assign these items to a collection from the Admin Console to make them visible..
-        /// </summary>
-        public static string OrganizationUnassignedItemsMessageSelfHost041624DescriptionLong {
-            get {
-                return ResourceManager.GetString("OrganizationUnassignedItemsMessageSelfHost041624DescriptionLong", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to Unassigned organization items are no longer visible in the All Vaults view and only accessible via the Admin Console. Assign these items to a collection from the Admin Console to make them visible..
-        /// </summary>
-        public static string OrganizationUnassignedItemsMessageUSEUDescriptionLong {
-            get {
-                return ResourceManager.GetString("OrganizationUnassignedItemsMessageUSEUDescriptionLong", resourceCulture);
-            }
-        }
-        
         /// <summary>
         ///   Looks up a localized string similar to Organization identifier.
         /// </summary>
@@ -5155,6 +5137,15 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Overwrite passkey?.
+        /// </summary>
+        public static string OverwritePasskey {
+            get {
+                return ResourceManager.GetString("OverwritePasskey", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Ownership.
         /// </summary>
@@ -5182,6 +5173,15 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Passkeys for {0}.
+        /// </summary>
+        public static string PasskeysForX {
+            get {
+                return ResourceManager.GetString("PasskeysForX", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Passkey will not be copied.
         /// </summary>
@@ -5371,6 +5371,15 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Passwords for {0}.
+        /// </summary>
+        public static string PasswordsForX {
+            get {
+                return ResourceManager.GetString("PasswordsForX", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Password type.
         /// </summary>
@@ -5705,15 +5714,6 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
-        /// <summary>
-        ///   Looks up a localized string similar to Remind me later.
-        /// </summary>
-        public static string RemindMeLater {
-            get {
-                return ResourceManager.GetString("RemindMeLater", resourceCulture);
-            }
-        }
-        
         /// <summary>
         ///   Looks up a localized string similar to Remove.
         /// </summary>
@@ -5885,6 +5885,24 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Save passkey.
+        /// </summary>
+        public static string SavePasskey {
+            get {
+                return ResourceManager.GetString("SavePasskey", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Save passkey as new login.
+        /// </summary>
+        public static string SavePasskeyAsNewLogin {
+            get {
+                return ResourceManager.GetString("SavePasskeyAsNewLogin", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Saving....
         /// </summary>
@@ -6758,6 +6776,15 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to This item already contains a passkey. Are you sure you want to overwrite the current passkey?.
+        /// </summary>
+        public static string ThisItemAlreadyContainsAPasskeyAreYouSureYouWantToOverwriteTheCurrentPasskey {
+            get {
+                return ResourceManager.GetString("ThisItemAlreadyContainsAPasskeyAreYouSureYouWantToOverwriteTheCurrentPasskey", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to This request is no longer valid.
         /// </summary>

src/Core/Resources/Localization/AppResources.af.resx

@@ -2876,13 +2876,4 @@ Wil u na die rekening omskakel?</value>
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Set up an unlock option to change your vault timeout action.</value>
   </data>
-  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
-    <value>Duo two-step login is required for your account. </value>
-  </data>
-  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
-    <value>Follow the steps from Duo to finish logging in.</value>
-  </data>
-  <data name="LaunchDuo" xml:space="preserve">
-    <value>Launch Duo</value>
-  </data>
 </root>