Disable saving PIN to password manager.

We haven't found a reliable way to make the auto-fill framework differentiate between the PIN and backup key, so we are disabling prompts to save Signal PINs to password managers to avoid accidentally overwriting a saved backup key with a PIN value. Co-authored-by: Michelle Tang <mtang@signal.org>
2026-04-22 01:40:07 +01:00 · 2025-09-04 16:21:56 -04:00
parent 217a6187c2
commit b1f067536b
16 changed files with 33 additions and 123 deletions
--- a/app/src/main/java/org/thoughtcrime/securesms/components/settings/app/account/AccountSettingsFragment.kt
+++ b/app/src/main/java/org/thoughtcrime/securesms/components/settings/app/account/AccountSettingsFragment.kt
@@ -4,6 +4,7 @@ import android.content.Context
 import android.content.Intent
 import android.graphics.Typeface
 import android.text.InputType
+import android.text.method.PasswordTransformationMethod
 import android.util.DisplayMetrics
 import android.view.ViewGroup
 import android.widget.EditText
@@ -13,7 +14,6 @@ import androidx.annotation.ColorRes
 import androidx.annotation.StringRes
 import androidx.annotation.VisibleForTesting
 import androidx.appcompat.app.AlertDialog
-import androidx.autofill.HintConstants
 import androidx.compose.foundation.layout.padding
 import androidx.compose.foundation.lazy.LazyColumn
 import androidx.compose.material3.MaterialTheme
@@ -31,7 +31,6 @@ import androidx.compose.ui.res.colorResource
 import androidx.compose.ui.res.stringResource
 import androidx.compose.ui.res.vectorResource
 import androidx.core.app.DialogCompat
-import androidx.core.view.ViewCompat
 import androidx.fragment.app.viewModels
 import androidx.lifecycle.compose.collectAsStateWithLifecycle
 import androidx.navigation.fragment.findNavController
@@ -117,10 +116,10 @@ class AccountSettingsFragment : ComposeFragment() {

      changeKeyboard.setOnClickListener {
        if (pinEditText.inputType and InputType.TYPE_CLASS_NUMBER == 0) {
-          pinEditText.inputType = InputType.TYPE_CLASS_NUMBER or InputType.TYPE_NUMBER_VARIATION_PASSWORD
+          pinEditText.inputType = InputType.TYPE_CLASS_NUMBER
          changeKeyboard.setIconResource(PinKeyboardType.ALPHA_NUMERIC.iconResource)
        } else {
-          pinEditText.inputType = InputType.TYPE_CLASS_TEXT or InputType.TYPE_TEXT_VARIATION_PASSWORD
+          pinEditText.inputType = InputType.TYPE_CLASS_TEXT
          changeKeyboard.setIconResource(PinKeyboardType.NUMERIC.iconResource)
        }
        pinEditText.typeface = Typeface.DEFAULT
@@ -130,20 +129,19 @@ class AccountSettingsFragment : ComposeFragment() {
        ViewUtil.focusAndShowKeyboard(pinEditText)
      }

-      ViewCompat.setAutofillHints(pinEditText, HintConstants.AUTOFILL_HINT_PASSWORD)
-
      when (SignalStore.pin.keyboardType) {
        PinKeyboardType.NUMERIC -> {
-          pinEditText.inputType = InputType.TYPE_CLASS_NUMBER or InputType.TYPE_NUMBER_VARIATION_PASSWORD
+          pinEditText.inputType = InputType.TYPE_CLASS_NUMBER
          changeKeyboard.setIconResource(PinKeyboardType.ALPHA_NUMERIC.iconResource)
        }

        PinKeyboardType.ALPHA_NUMERIC -> {
-          pinEditText.inputType = InputType.TYPE_CLASS_TEXT or InputType.TYPE_TEXT_VARIATION_PASSWORD
+          pinEditText.inputType = InputType.TYPE_CLASS_TEXT
          changeKeyboard.setIconResource(PinKeyboardType.NUMERIC.iconResource)
        }
      }

+      pinEditText.transformationMethod = PasswordTransformationMethod.getInstance()
      pinEditText.addTextChangedListener(object : SimpleTextWatcher() {
        override fun onTextChanged(text: String) {
          turnOffButton.isEnabled = text.length >= SvrConstants.MINIMUM_PIN_LENGTH
--- a/app/src/main/java/org/thoughtcrime/securesms/components/settings/app/changenumber/ChangeNumberRegistrationLockFragment.kt
+++ b/app/src/main/java/org/thoughtcrime/securesms/components/settings/app/changenumber/ChangeNumberRegistrationLockFragment.kt
@@ -7,6 +7,7 @@ package org.thoughtcrime.securesms.components.settings.app.changenumber

 import android.os.Bundle
 import android.text.InputType
+import android.text.method.PasswordTransformationMethod
 import android.view.KeyEvent
 import android.view.View
 import android.view.inputmethod.EditorInfo
@@ -287,11 +288,12 @@ class ChangeNumberRegistrationLockFragment : LoggingFragment(R.layout.fragment_c
    val isAlphaNumeric = keyboard == PinKeyboardType.ALPHA_NUMERIC

    binding.kbsLockPinInput.setInputType(
-      if (isAlphaNumeric) InputType.TYPE_CLASS_TEXT or InputType.TYPE_TEXT_VARIATION_PASSWORD
-      else InputType.TYPE_CLASS_NUMBER or InputType.TYPE_NUMBER_VARIATION_PASSWORD
+      if (isAlphaNumeric) InputType.TYPE_CLASS_TEXT
+      else InputType.TYPE_CLASS_NUMBER
    )

    binding.kbsLockPinInput.getText().clear()
+    binding.kbsLockPinInput.transformationMethod = PasswordTransformationMethod.getInstance()
  }

  private fun navigateToAccountLocked() {