[PM-29960] HyperOS 3 CredentialSelectorActivity crashes with ClassCastException (Long to Integer)

[bbxblue]

Origin

Native Application (non-browser app)

Web URL or App name

webauthn.io

Passkey Action

• Creating new passkey (Registration)
• Signing in (Authentication)

Build Information

2025.12.0

Additional Information

1. Description:
On Xiaomi 15 (HyperOS 3 CN, Android 16), Bitwarden is unable to complete the Passkey authentication or registration flow when system biometrics (Fingerprint/Face) are enabled. The system's com.android.credentialmanager component crashes immediately upon trying to show the selector UI.

2. Steps to Reproduce:

1. Use Xiaomi 15 with Fingerprint/Face unlock enabled.
2. Set Bitwarden as the primary Credential Provider.
3. Attempt to log in to a website/app using a Passkey stored in Bitwarden.
4. The system "CredentialSelectorActivity" fails to pop up, and Bitwarden receives a TYPE_NO_CREDENTIAL or cancellation error.

3. Expected Behavior:
The system credential selector should appear, allowing the user to select the Bitwarden credential and authenticate via biometrics.

4. Actual Behavior:
The system component com.android.credentialmanager crashes due to a ClassCastException.

5. Root Cause Analysis (from Logcat):
The crash occurs in the system's biometric pre-validation logic. Android 15 has updated certain SliceItem fields to Long, but Xiaomi's CredentialSelectorActivity implementation still calls getInt(), causing a type mismatch.

6. Supporting Logcat Trace:

E CredentialSelectorActivity: java.lang.ClassCastException: java.lang.Long cannot be cast to java.lang.Integer
E CredentialSelectorActivity:    at android.app.slice.SliceItem.getInt(SliceItem.java:238)
E CredentialSelectorActivity:    at com.android.credentialmanager.ktx.CredentialKtxKt.predetermineAndValidateBiometricFlow(CredentialKtx.kt:98)
E CredentialSelectorActivity:    at com.android.credentialmanager.ktx.CredentialKtxKt.getCredentialOptionInfoList(CredentialKtx.kt:307)
E CredentialSelectorActivity:    at com.android.credentialmanager.ktx.CredentialKtxKt.toProviderList(CredentialKtx.kt:122)
E CredentialSelectorActivity:    at com.android.credentialmanager.CredentialSelectorActivity.onCreate(CredentialSelectorActivity.kt:91)

7. Critical Finding:
Disabling all system biometrics (removing fingerprints/face data) resolves the crash, and the Bitwarden selector UI appears correctly.

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[bitwarden-bot]

Thank you for your report! We've added this to our internal board for review.
ID: PM-29960

[Adedamola-Aina]

Hello @bbxblue

I am unable to reproduce this issue, it has been escalated for further investigation. If you have more information that can help us, We use GitHub issues as a place to track bugs and other development related issues. If your issue persists, please write us back using our “Contact support” form located on our Help Center (https://bitwarden.com/help/).
You can include a link to this issue in the message content.
Alternatively, you can also search for an answer in our help documentation or get help from other Bitwarden users on our community forums (https://community.bitwarden.com/c/support/).

[Gavin-Guiii]

Hello @bbxblue

I am unable to reproduce this issue, it has been escalated for further investigation. If you have more information that can help us, We use GitHub issues as a place to track bugs and other development related issues. If your issue persists, please write us back using our “Contact support” form located on our Help Center (https://bitwarden.com/help/). You can include a link to this issue in the message content. Alternatively, you can also search for an answer in our help documentation or get help from other Bitwarden users on our community forums (https://community.bitwarden.com/c/support/).

It happens on all Xiaomi phones running Chinese HyperOS.

Xiaomi changed AOSP's credential manager implementation and isn't fully compatible with Bitwarden. I can save passkey to Bitwarden but not retrieve passkey.

However, I noticed that Proton Pass works fine.