Harsh Shandilya

Android developer, Kotlin fanatic and wannabe Rustacean

Android Password Store September release

Posted at — Sep 21, 2020

Continuing with this new-ish tradition we have going, here are the detailed release notes for the v1.12.0 release.

Multiple important announcements at the end of the page, make sure to read the whole thing!

New features

Extend Autofill support to more browsers

Devin J. Pohly and Rounak Dutta collectively contributed support for 3 new Chromium-based browsers: Bromite, Ungoogled Chromium and Kiwi.

Allow sorting by recently used

This feature was requested a while ago and was implemented by Alex Molinares early in the cycle. The database that keeps track of the recently used passwords is always active, so if and when you switch to this sorting mode you’ll see everything already sorted based on your old usage patterns. Neat!

Add ability to view Git commit log

Another, even older feature request has finally been addressed. This too, came from an external contributor and was one of the best pull requests I have ever seen. It’s a great feature, and I thoroughly enjoyed the entire process of its inclusion.

SSH key generation and handling improvements

The old SSH key generation has been scrapped and rewritten to use a set of safer cryptographic curve options that span the distance between widely supported and very secure. The wiki page has been updated for these changes with information on how we’re securing access to the actual SSH keys, like storing the key file in the Android Keystore and requiring screen lock authentication before the key can be used.

Fallback authentication for SSH

SSH servers are often configured to have multiple authentication methods, where you first attempt to authenticate with private keys and if that fails, fall back to passwords. This wasn’t previously supported in APS, which would quit after the first failure. We’ve changed that to now offer the option of entering a password if the server is configured to fall back to it.

Rewritten and redesigned onboarding flow

In a multi-step refactoring process, the initial flow of setting up the app has been completely revamped. The internals were completely overhauled to improve stability, weed out some gnarly hacks, and make the whole thing easier to test and understand. Maintainer Aditya Wasan did a fabulous job giving the UI a facelift. It’s real pretty now ✨

Show hidden folders now also shows hidden directories

Our old ‘Show hidden folders’ feature has now been simplified to show all hidden files and folders in the repository. It is intended to make it easier to perform trivial maintenance tasks that would normally require access to a PC.

Bugfixes

SSH connection problems with Bitbucket

In our last major release, we included a change to re-use SSH connections to speed up Git operations. This had an unfortunate side effect: Bitbucket users were unable to use SSH to connect to their repositories. Atlassian has been aware of this problem for quite some time now and did nothing about it, so we now include a helpful message and an internal workaround when this particular type of error is encountered.

While still potentially finicky, we’re now confident that this is ready to be shipped to all users without the risk of crashes.

Assorted UX improvements

As always, there are a handful of Quality of Life changes to make the app more enjoyable to use:

There’s definitely more fixes here, but we ended up rewriting, breaking and fixing so many things for this release that it’s hard to tell what was actually broken in the previous release and what is just us fixing regressions during refactoring. We’ve been busy :)

Important announcements

Autofill parser is now a standalone library!

Our excellent Autofill capabilities are now bundled as a separate Android library and can be used by other password managers to improve their Autofill experiences. Detailed documentation will be coming over the next few days, keep an eye out here if it’s something you’re interested in.

RFC for removal of Git support in external repos

Based on the issues raised in the repository and the support emails I’ve received, the maintainers have come to the conclusion that nearly all users who choose to store their pass repositories in their device storage or external SD card as opposed to the app’s private, hidden directory are not users of Git and rely on solutions like Syncthing and Nextcloud to keep the repository in sync with their other devices.

As such, we are now in the process of removing Git support from these repositories. We’ve carefully evaluated how we want to do this, and have started with removing the ability to clone repositories to public storage in this release. If this doesn’t blow up in our faces, we will be completing the transition in v1.13.0. If you believe the change adversely affects your usage of the app, we wanna know! Drop a comment on GitHub and we will do our best to either propose an alternative for your use case or entirely scrap our plans if we discover that our initial inferences were misguided.