Android frontend for Cloud-based password managers
This app makes use of the Android Pie (API 28) biometric login. This API is newer, but supports more types of biometric authentication. When you enroll into using biometric authentication, an AES256 key is randomly generated and stored onto your device's trusted storage. That key is used to encrypt your username and password. That encrypted data is stored in the app's private area on your device.
An encrypted copy of your passwords can be stored on your device. This cache is stored in the app's private area. It is encrypted using an AES256 key that is generated using your username/password. The Scrypt KDF is used to generate the key. Offline mode is opt-in, not opt-out.
The app can save your password to make it easier to log in. The password gets encrypted with a random AES256 key. The key gets stored in the app's preferences. Please note that Android may not encrypt the app's preferences. If you have Android Jelly Bean or later (API 16), then the option will exist to only save the password if the device is locked with a passcode. Devices that are locked with a passcode are more likely to encrypt the app's preferences. For the most secure experience, you should leave this feature disabled. The Save Password feature is disabled by default. You must opt into the feature.
Save Password Options:
Normally, clients trust SSL/TLS certificates by walking up the certificate chain until you find a CA that the client will trust. There is an alternative method for authenticating SSL certificates called Certificate Pinning. When you pin a certificate, you safe a copy of that certificate for the future. The client will only trust that certificate. It won't even trust a certificate issued by a valid CA. Users can opt into pinning the certificate of their Cloud-based password manager for a higher level of security. Some advantages are:
Alpha release can be found in the Google Play store https://play.google.com/apps/testing/com.intirix.cloudpasswordmanager