Greetings,
I managed to accidentally type my password into the email field on the landing page of the Android application (from Google Play) and clicking the Login button.
I was worried that I may have leaked my password to the BitWarden server, so I did some digging in the code and found this in mobile/src/App/Pages/Accounts/HomePageViewModel.cs
:
if (!Email.Contains("@"))
{
await _platformUtilsService.ShowDialogAsync(AppResources.InvalidEmail, AppResources.AnErrorHasOccurred,
AppResources.Ok);
return;
}
Am I correct in these three assumptions?
-
So long as my password did no contain the
@
symbol the BitWarden application would have given me the invalid email account message before submitting my request to the server. -
Neither Firebase Analytics nor Microsoft Visual Studio crash reporting would have sent the email/password unless there was an application crash.
-
Even if one of the two analytics platforms had sent a crash report, the report would not have contained the email/password.
Thank you for your time.
P.S. This question is similar to this question ( Accidentally typed Master Password into email field on bitwarden app - problem? ); however, my question regards the Android app, telemetry, and passwords that do no contain @
.