Now that browser extensions are supported by 2 major vendors (Firefox & Microsoft Edge), a very nice improvement for mobile usage would be an integration between the extension & the native app. Instead of requiring you to open the extension popup to type in your password, ideally the native app would share vault unlock state with the extension, and if they are locked the extension should directly open the app to get it unlocked, then immediately switch back to the origin browser
Key Points:
- Ensure server-side (support self-hosted too) cryptographic verification of authentic, authorized/logged in Bitwarden clients (both the extension & the app) before initiating encrypted exchange of sensitive data through a local web server and/or WebSocket.
- Use the Android Intent system to open the native app when unlocking your vault from the browser (eg. When logging in to a site or saving a login have the injected button directly open the app if the vault is locked)
- Have the native app open the origin browser after the vault is successfully unlocked, securely communicate vault key with the extension over the local WS.