I recently installed the “Cync” app for GE smart lights, which has the
com.ge.cbyge. When I went to log in, I was alarmed to see
Bitwarden suggest autofilling credentials for half a dozen unrelated
domains. These included:
as well as others.
All the suggested domains did have the substring
ge somewhere… but
that’s quite a common substring. They did not all have
default URI match detection is “Base domain”, and none of these
credentials have overrides. This doesn’t make sense to me with my
understanding of the documentation for base domain detection:
This concerned me because with one mis-tap I could have given the
credentials for my insurance or for my rent payment portal to an
I can reproduce this issue. Why is it happening, and is there something
that I can do to prevent these dangerous suggestions?