Avatar
sommerfeld 1y ago

PSA: do not install the latest bitwarden apk, there's a signature mismatch. Could be nothing but better safe than sorry.

https://github.com/bitwarden/mobile/issues/3062

Reply to this note

Please Login to reply.

Discussion

Avatar
Sovereign Being 1y ago

Consider vaultwarden instead.

https://github.com/dani-garcia/vaultwarden

Avatar
sommerfeld 1y ago

Vaultwarden is just the serverside. You still need the client app from bitwarden.

Avatar
Sovereign Being 1y ago

Ah, you are of course correct.

Avatar
Islamic Audiobooks Central 1y ago

I think i've seen a 3rd party client called Goldwarden on #Flathub though

Avatar
sommerfeld 1y ago

No android client though

Avatar
Yaël 1y ago

good catch

ff
hundehausen 1y ago

Obtainium rejected to install the update 🤩

Avatar
sommerfeld 1y ago

Updates are always protected at the OS level which trusts keys on first install and autorejects updates with key mismatches.

The ones vulnerable to attack are first-time installers...

ff
hundehausen 1y ago

Oh wow lots of information I didn't know. So it wasn't Obtainium who checked the signature, it was Android.

Avatar
sommerfeld 1y ago

Correct.

12
deleted 1y ago

thank you very much

Avatar
Islamic Audiobooks Central 1y ago

Not on the F-droid repo apparently or else it's not picking up that apk...

12
deleted 1y ago

i saw,this ticket got closed, but wasnt abke to determine the solution in git. care to break it down? thanks friend 🤙

Avatar
sommerfeld 1y ago

It got closed because they already fixed their build pipeline. They still haven't released a version with a fixed signature so we are all gonna have to wait.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

lol, bitwarden... more uberghey pseudo security