mTLS provides advanced security by mutually authenticating client and server using certificates. This prevents unauthorized access and protects against identity theft, significantly enhancing data security. Integrating mTLS across Bitwarden platforms, including iOS App, Android App, and browser extensions, would provide a massive security benefit, establishing Bitwarden as a trusted tool for sensitive data across all devices and environments.
There is a answer from 2018 in this post.
I sawed this german articel about an new framework used for the app.
Bitwarden bekommt native Apps (stadt-bremerhaven.de)
Maybe this new framework implements mTLS?!
I also need thisâŠ
I have been trying waiting for this for years as well. I do not trust a service like this to be exposed directly due to the blast radius of a simple bug. Having only the surface area of a mtls forward proxy is a lot easier to mitigate from bugs, specially when you write your own, and formally prove it as safe.
This has been the major factor that prevents me from recommending Bitwarden more broadly. Please devs, this shouldnât be a huge change, and definitely makes a world of difference to many of us.
Here is an example integration for Xamarin:
And here is an example on how to retrieve from the Android KeyStore instead of an arbitrary file:
Ok so i did some further research.
I found this Pull Request with an working solution to the Problem.
The PR sadly got closed due trough this comment
Hi All, looks like lots of or community members were interested to see this feature being implemented, but we have some upcoming changes coming soon for our mobile app which is pretty significant, and unfortunately this contribution doesnât align with that direction, now. What we are working on could fix this, or we could possibly revisit this feature once that is done. Unfortunately this PR would have to be closed. Thank you!
As explained in this Reddit post from @kspearrin, Bitwarden is moving away from the Xamarin framework and rewriting the mobile apps using Swift (for iOS) and Kotlin (for Android).
âLogin and unlock vault with Passkeyâ behaves similarly to mTLS in terms of risk mitigation. Although I concur that mTLS seems more straightforward, I do believe that passkey will more quickly make it to production. Might be worth deciding if you consider the passkey approach a reasonable compromise.
My security concern is not encryption related, but the surface area exposed to attacks. By having a forward proxy and having it require mTLS authentication, I can prevent any bytes from reaching BitWardenâs server without authenticating there first. I then have to secure a single software stack (the forward proxy) than having to worry about multiple.
The typical approach to mitigating that concern seems to be to use a client-to-site VPN.
This FR is more about mTLS between the bitwarden client and the bitwarden server.
The typical approach, maybe⊠and thatâs what I already do.
I disagree about the focus of the FR though. If you see the linked topic on the original post, itâs referring to using a reverse proxy with mTLS. To a client, if either the reverse proxy or Bitwarden server is negotiating the TLS session, itâs indifferent how the client has to behave. So as long as client support passing a system wide cert to whoever is terminating the TLS session, Iâm good with that. 
Itâs worth mentioning the home assistant app written in swift for iOS and kotlin for Android supports MTLs and is open source which can potentially contain pointers on how to implement this in the new native bitwarden apps.
Android
iOS
I downloaded the Bitwarden ios Beta App 2024.8.0 (284) with the new Native UI
And its still not working
Thatâs because they still havenât added support for MTLS.
I provided some links above for devs to reference on how it can be done in native apps.
