Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Saved Passwords Disappear After App Close/Reopen #1735

Open
4 tasks done
superjet1268 opened this issue Jan 13, 2025 · 8 comments
Open
4 tasks done

Saved Passwords Disappear After App Close/Reopen #1735

superjet1268 opened this issue Jan 13, 2025 · 8 comments
Labels
bug Something isn't working workaround There is a workaround

Comments

@superjet1268
Copy link

superjet1268 commented Jan 13, 2025
edited by uazo
Loading

Preliminary checklist

  • I have read the README.
  • I have searched the existing issues for my problem. This is a new ticket, NOT a duplicate or related to another open issue.
  • I have updated Cromite to the latest version. The bug is reproducible on this latest version.
  • This is a bug report about the Cromite browser; not the website nor F-Droid nor anything else.

Can the bug be reproduced with corresponding Chromium version?

Yes

Are you sure?

Yes

Cromite version

version 132.0.6834.83

Device architecture

arm

Platform version

Android 13

Android Device model

Realme Gt Master edition

Is the device rooted?

No

Changed flags

No flags changed

Is this bug happening ONLY in an incognito tab?

No

Is this bug caused by the adblocker?

No

Is this bug a crash?

No

Describe the bug

Saved Passwords Disappear After App Close/Reopen
(Old saved passwords also missing)

Steps to reproduce the bug

Save new password/close the app and try to open the app. There won't be any password saved on password manager

Expected behavior

All saved passwords would be missing

Screenshots

Details

IMG_20250113_114039
@t-m-w
Copy link

t-m-w commented Jan 13, 2025

Can confirm that loss of saved passwords is a potential issue for 132.

@uazo
Copy link
Owner

uazo commented Jan 14, 2025

The legacy password store backend is supported on android but usually disabled
in favor of a downstream implementation. Important: the support for this flag
is planned to be removed in November 2024.

as mentioned in https://source.chromium.org/chromium/chromium/src/+/main:components/password_manager/core/browser/buildflags.gni google has decided to remove the internal chromium store of passwords in android.
This is a decision I support, since passwords are saved unencrypted in android.
I just didn't think they would remove it without an official announcement (which I never read).
my advice is to use software like keepassdx
in the meantime I will check why it does not work

@uazo uazo added the bug Something isn't working label Jan 14, 2025
@t-m-w
Copy link

t-m-w commented Jan 14, 2025

This looks related?: 6157381: [UPM] Check USE_LOGIN_DATABASE_AS_BACKEND before removing the db

with use_login_database_as_backend being a new build arg.

I haven't had a chance to try yet but plan to later today.

@uazo
Copy link
Owner

uazo commented Jan 14, 2025

@t-m-w

thank you, I will check.
it is really absurd that an opensource project has so many closed bugids.

already pointed out but they don't care.
I have an idea how to get around it, but I don't have time to implement it. do you have any?

@t-m-w
Copy link

t-m-w commented Jan 14, 2025
edited
Loading

@uazo

I have an idea how to get around it, but I don't have time to implement it. do you have any?

To stop saved passwords from disappearing? Yes, I think so. I just got a chance to try, and it looks like something worked, so now I need to narrow that down. I think it was the related patch I linked + the build arg.

Edit: But then I guess this would still be storing them unencrypted, you're saying? It is in the app's internal data, so not the worst, but...? I haven't dug into resolving that part yet.

t-m-w added a commit to t-m-w/cromite that referenced this issue Jan 14, 2025
@t-m-w
Include upstream Chromium fix for saved passwords
4a51e61 
M132 changed the way the built-in login database is handled and
included an unfortunate oversight that caused logins to be cleared,
even with use_login_database_as_backend=true (already set via
Restore-chrome-password-store.patch). This has been fixed upstream.
That fix is included here manually for now.

Issue: calyxos#2935
Issue: uazo#1735
Change-Id: I52b5d454a06659593471cbdbddcb11fd259fec78
@t-m-w t-m-w mentioned this issue Jan 14, 2025
Closed
6 tasks
@chirayudesai
Copy link

: But then I guess this would still be storing them unencrypted, you're saying? It is in the app's internal data, so not the worst

I'll add to this, that on modern Android devices, user data is always encrypted, and due to application sandboxing - other apps wouldn't be able to access cromite's internal data.

So while it's still not ideal in some ways, it's definitely a lot better than doing the same on other platforms.

calyxos-gerrit pushed a commit to CalyxOS/platform_external_calyx_chromium that referenced this issue Jan 14, 2025
@t-m-w
Include upstream Chromium fix for saved passwords
56a2aea 
M132 changed the way the built-in login database is handled and
included an unfortunate oversight that caused logins to be cleared,
even with use_login_database_as_backend=true (already set via
Restore-chrome-password-store.patch). This has been fixed upstream.
That fix is included here manually for now.

Issue: calyxos#2935
Issue: uazo/cromite#1735
Change-Id: I52b5d454a06659593471cbdbddcb11fd259fec78
@uazo
Copy link
Owner

uazo commented Jan 15, 2025

user data is always encrypted, and due to application sandboxing - other apps wouldn't be able to access cromite's internal data.

sure, but:

  • the user has no possibility of modifying the filesystem encryption key
  • applications with root access can access the fs sandbox without the user noticing it

therefore I consider it a mitigation

@uazo
Copy link
Owner

uazo commented Jan 15, 2025

I was finally able to check: the behaviour is due to the kClearLoginDatabaseForAllMigratedUPMUsers flag being active by default.
@superjet1268 as a temporary workaround you can deactivate it in chrome://flags/#clear-login-database-for-all-migrated-upm-users

@t-m-w thanks for pointing that out to me.

@uazo uazo added the workaround There is a workaround label Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working workaround There is a workaround
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@chirayudesai @t-m-w @uazo @superjet1268