Android phishing apps

Is bitwarden vulnerable?

1 Like

I am really keen about the statement of @kspearrin
And I really hope that Bitwarden is not affected.

Keeper team have published a blog post
Response to Phishing Attacks on Android Password Managers

Password managers can be tricked into believing that malicious Android apps are legitimate

Yes, any app that uses package ids from the play store to suggest autofill items to the user would be vulnerable to this, including Bitwarden. There is no other way to properly identify android apps that I am aware of and removing such feature would make autofill features largely useless to legitimate use-cases. As mentioned in several of the linked articles, tricking a user requires several actions to be explicitly performed by the user and is not something an app can just do automatically in the background.