Assuming my Bitwarden vault is locked until I unlock it via fingerprint, how does Safari on iOS (iPad) know I have saved passwords for sites I visit? How is that information available to Safari before my vault is unlocked / un-encrypted? I tried looking for documentation about how it works, but didn’t find anything. I’m happy to read the docs if anyone has a link to an explanation.
Hi @ryanjaeb, welcome to Community and what a great question to start with!
I spoke with one of our engineers and here is what they shared:
We use ASCredentialIndentityStore to add identities based on the ciphers the user has in its local vault. The
username,uriandCipher idare the things that get added to that store which then iOS uses to fill the QuickType bar on Safari.
I hope this helps, but please let me know if you’d like more information!
Thank you very much for the info @sj-bitwarden. I was able to see how that info is stored from you link. Following through to the doc about the identity store being used on iOS gives me the tidbit of information that is most important to me.
Further, the system doesn’t include the shared store in a device backup so the data never leaves the device. Also, the system clears the shared store if the user disables the extension in Settings.
Thanks again for the answer. Have a great week!
1 Like