Older release note content is still available, but anything older than the last 10 updates is placed here.

Features

• AN-7631: UI Refresh (Phase 1 of complete user interface update)

• Note: Official "Dark Mode" is coming in an upcoming release.

Other Changes

• AN-7541: Removal of legacy "internal" Keeper web browser. Users can activate KeeperFill from the settings screen to enable autofill across any mobile app or web browser. See KeeperFill setup guide for Android.

• AN-7650: Update compilation to Android SDK 33

• AN-7952: Implemented Android 13 real-time requests for permissions based on user action, including:

  • POST_NOTIFICATIONS

  • READ_EXTERNAL_STORAGE

  • READ_MEDIA_IMAGES

  • READ_MEDIA_VIDEO

  • READ_MEDIA_AUDIO

Bug Fixes

• AN-7480: Onboarding a new Enterprise user on Android via Cloud SSO does not work properly

• AN-7791: If a user creates a v2 (general) record in vault, it will not be triggered in the Autofill UI automatically.

• AN-7713: Crash when switching accounts after a linked record is removed from shared folder.

• AN-7649: If a user deletes a Security Key, adds another Key, then plugs it in via USB on (one of) the first Google screen(s), Keeper crashes during setup.

• AN-7818: Stop making calls to update_security_data for records that are not owned. This includes all shared records in shared folder or directly shared.

• AN-7601: Creating a record in DuckDuckGo sets title to DuckDuckGo

• AN-7835: Minor recovery phrase bug fixes

Features

• AN-7744: Recovery Phrase. We have upgraded our account recovery process with a new and more secure 24-word “recovery phrase” feature. Read more on the Keeper Blog.

Bug Fixes

• AN-7787: Crash during device approval process when Chrome is uninstalled/disabled

• AN-7803: Error message when attempting to download a file from a record that was converted from "general" to another record type.

Improvements

• AN-7733: Increased default Master Password requirements to 12 chars

• AN-7743: Allow users to reset their Master Password using existing biometrics

• AN-7739: Migrate from RSA to Elliptic Curve transmission keys

Bug Fixes

• AN-7751: Better handling for access denied message when updating records

• AN-7772: Cybertest pen test finding related to local handling of image thumbnails which were stored on disk unencrypted in a temporary cached location. The temporary thumbnails are now deleted from disk.

• AN-7407: Support for Android 13 android.content.extra.IS_SENSITIVE setting for copying a password to the clipboard.

Bug Fixes

• AN-7645: KeeperFill keyboard mode is not logging out. Relates to Bugcrowd ticket 5157c781-23eb-4e7f-a93e-f2b281193c1b reported by DavidM338c.

• AN-7404: Folder colors not appearing when moving objects

• AN-7379: Account Recovery + 2FA + Record types - the types are not enabled after account recovery.

• AN-7516: Crash when launching a browser if there is no browser installed on the device.

• AN-7343: Record Type change not functioning if the Record Types filter is enabled

• AN-7181: No error and hanging happens upon upload of large file size

• AN-6735: Entering a blank 2FA code provides no user feedback or error message

• AN-7651: Shared Folder user lacks permission to create record even if they are part of a team that has permission

• AN-7698: Enabling a security key can sometimes cause a crash

• AN-6690: If a user's password gets changed on another client, after upgrading Android app- they will be prompted for the new password after login. After updating to the current password, user is not logged in automatically.

• AN-7636: When a user changes their email on another client, Android misbehaves in a few different ways.

Improvements

• AN-6170: Refactored the UI for the BreachWatch screen

• AN-6789: Clicking the "Dice" button to generate a password on an existing record will regenerate the password with at least the current strength setting.

Bug Fixes

• AN-6647, AN-7594, AN-7370: Various crashes

• AN-7484: Unable to login offline with Yubikey after app restart.

• AN-7488: Unable to download a file if it can't be opened by the operating system.

Bug Fixes

• AN-7576: Record detail stays on the screen when switching user accounts

• AN-7565: SSO users unable to login offline with biometrics and swipe-kill app

• AN-7448: Poor visibility of button colors with white text on yellow button

• AN-7537: Removing an account from the Autofill login screen causes bad state

• AN-6902: Incorrect screenshot showing in Autofill setup screens for Android 11+

• AN-7311: Crash launching Autofill settings from device settings

• AN-7495: Crash when user changes their email on another device while the Android app is in the foreground.

Improvements

• AN-7429, AN-7519: Performance improvements

• AN-7464: Autofill settings gets a Help button

Improvements

• AN-7459: Autofill support for Vivaldi Web Browser

• AN-7461: Autofill support for Brave browser

Bug Fixes

• AN-7114: Password not filling for Instagram App

• AN-6685: Card field not triggering Autofill in Doordash App

• AN-6682: Autofill showing in "To" and "Search" fields in Samsung Mail App

• AN-6246: Autofill unable to create records in landscape mode

• AN-6691: Crash when clicking "Send New Code" in account recovery

• AN-7438: Crash when the website favicon is too large

• AN-7474: Autofill issues with DSW App

• AN-7560: SSO user unable to complete account recovery

• AN-7561: App hanging after submitting a capital letter security answer

• AN-7579: App failure when attempting to purchase consumer add-on products

Features

• AN-7449: Launch of Keeper One-Time Share for Android.

See the user guide for more info: https://docs.keeper.io/user-guides/one-time-share

Bug Fixes

• AN-7392: Camera icon in Identity & Payments needs update

• AN-7389: Bugs with profile photos

• AN-7388: Country dropdown list not in alphabetical order

• AN-7354: Date picker causes keyboard to appear briefly

• AN-7332: Crash when backgrounding the app in Identity & Payments section

• AN-7358: Custom record template fields not masked properly

• AN-6979: Crash on Samsung Galaxy Fold device

• AN-6950: Account screen showing negative value for "Referral invites" on consumer

• AN-7160: Autofill on US Bank App fills fields incorrectly

• Several other crashes reported in the Google Play store resolved

Bug Fixes

• AN-7368: Crash when searching record types

• AN-7364: Crash during account signup when sending app to background

• Various other small bug fixes reported by customers

Improvements

• Color coding enhancements for folders and subfolders

Bug Fixes

• AN-6978: Support for Android 12 which includes showing the number of passwords from the Android "Passwords & Accounts" screen.

• Many UI fixes related to Record Types

Bug Fixes

• AN-6677: Crash during SSO registration flow

• AN-7282: Missing record type icons in list view

• AN-7155: Unable to login to SSO account hosted in AU region

• AN-7258: Crash when saving a custom record type

• AN-6821: Remove URL validation rules that prevented saving URLs such as https://localhost:8080/

• AN-7265: Crash when clearing out an invited user field in shared folder

• AN-7318: Crash when a payment card has a null card number

• AN-7153: File upload disappears from record when the notification tray is open

• AN-7081: Crash when removing linked record types at certain timing

• AN-6683: Custom logout timer causing login hang and value not being saved

• AN-7252: Save button missing in Arabic/Hebrew language modes

• AN-6746: Generated password complexity still enforced after user removed from role

• AN-7183: Unable to purchase storage from new Record Type record

• AN-7143: Fallback to CBC decryption mode for legacy records

• AN-6956: Government access notice not triggered during SSO login flow

• AN-7268: Eyeball icon not changing when toggling field mask on record types

• AN-6811: Expired storage plan is not reflected correctly

• AN-7308: Ensure record in shared folders can fallback to CBC encryption mode when necessary

• AN-7346: Saving record edits causes duplicate fields if editing a record, backing out, editing again

New Features

Keeper for Android now supports FIDO2 WebAuthn for two-factor authentication using NFC and plug-in devices, such as the Yubikey NFC device. We also introduce website icons within the vault records.

• AN-5412: FIDO2 WebAuthn

• AN-6983: Display of Website Icons

Bug Fixes

• AN-7094, AN-7097: Record deletion bugs

• AN-7109: Record Type icons showing "general" icon in security audit screen

• AN-7091: No ability to edit the label of a multi-line custom field

• AN-6907: Password Change / Zoom feature added back for Typed Records

• AN-7110: Record Type values appear in record when blank

• AN-7125: No error dialog when trying to share with already shared user

• AN-7121: Wrong font displayed on Changed Password dialog

• AN-7098: TOTP field countdown animation stops running after switching apps

• AN-7082: 2FA on/off switch shows the wrong value for a second

• AN-7149, AN-7166, AN-7122, AN-7164, AN-7192, AN-7185, AN-7184: Various small Record Types bugs

• AN-7201: Cannot save some Record Types with just a title

• Various crashes

Features

• AN-6212: Support for Keeper Record Types (Enterprise customers only)

  A Keeper Record Type is a structured template that can contain any type of information such as logins, payment cards, bank accounts, and many more. There are several out-of-the-box record types available, and Admins can create custom types that fit the needs of your organization. Custom types can be created for all users, or users within specific roles. Learn more about Keeper Record Types below:

  https://docs.keeper.io/enterprise-guide/record-types

• AN-6823: Support for Compliance Reports (Enterprise customers only)

  Compliance Reports provide on-demand visibility to access permissions on records and credentials in your enterprise. These reports simplify the compliance auditing process for Sarbanes Oxley (SOX) and other regulations requiring periodic access control auditing. These Keeper Administrator-defined Compliance Reports run on-demand and can be forwarded to automated compliance systems or sent directly to external auditors. Since the reports contain some non-credential encrypted record data, an administrator must have permission to run and view these reports. The encrypted record data is included in the report and can also be used as report filters.

  More information can be found here:

  https://docs.keeper.io/enterprise-guide/compliance-reports

Bug Fixes

• AN-6916: Site auto-suggestion on GovCloud environment not working

• AN-6889: Deleting file before save can cause it to re-appear

• AN-6893: Referral button showing on Enterprise users

• AN-6621: Autofill triggering on Signal App group chat

• AN-6699: Email validation to include .cpa TLD

• AN-6938: Blank screen showing on some purchase flows

Features

• 🇱🇷 Support for the Amazon AWS GovCloud environment. Keeper is currently FedRAMP in-process and public sector entities can now establish their Keeper tenant in the GovCloud environment. Contact the public sector sales team at govsales@keepersecurity.com for more information.

• Increased the number of special characters to this set:

  !@#$%()+;<>=?[]{}^.,

Bug Fixes

• AN-6676: Auto-logout enforcement policy doesn't reset after being removed by Admin

Other

• Updated to Google Play Billing Library v3

Features & Improvements

This version includes several UI improvements surrounding the main search bar, filtering and sorting. We also added Password Zoom (press-and-hold the password field) with additional colors for clarity.

Bug Fixes

• AN-6798: Security updates regarding implicit notifications

• AN-6615: Biometrics become disabled if 2FA is enforced but not set.

• AN-6396: Unable to set default payment card if many are saved.

• AN-6345: Autofill appears on the Calculator app 😂

• AN-5838: User locked out when account transfer acceptance is blocked.

• AN-6805: Unable to login to SSO when Chrome is not the default browser.

• AN-6804: More than 29 accounts on the same domain don't show any autofill results.

• AN-6767: Android sending BreachWatch request to server that generates an error.

• AN-6377: Unable to scroll long security answers in the Account Recovery flow

• AN-6739: Share dialog appears twice after record shared

• AN-6835: Crash on long click within Deleted Records screen

• AN-6836: Tell a Friend screen replaced with new referral screen

Other Improvements

• AN-6723: Completely removed Firebase Analytics which shows as a "tracker"

• AN-6838: Added colors in the password viewer

New Features & Improvements

• Expansion to AU Data Center - Keeper now supports an AU data center. Users have the option to select "AUS" from the region selector at login.

New Features & Improvements

• Keeper Autofill Keyboard Integration for Android 11 - With the release of Android version 11, KeeperFill login prompts and fill results may be fully integrated into your device's keyboard. This autofill integration is only supported by certain keyboards such as, Google's "Gboard" Keyboard version 10.3 and Samsung's keyboard version 5.2.00.87.

Bug Fixes

• AN-6751: KeeperFill's password generator display's incorrect minimum/maximum character requirements.

Improvements

• AN-638: The password zoom feature allows users to pinch/long press on a password within a record to enlarge it for improved visibility

Bug Fixes

• AN-6671: Crash occurs during token verification

• AN-6432: Logout timer forces logout if the user selects an unsupported value

• AN-6489: A user is prompted twice for a Security Question/Answer if logout timer expires during creation

• AN-6500: 2FA screen is not dismissed after user sets up Duo

• AN-6505: SSO users are not logged out of the IdP on first logout attempt

• AN-6540: Duo is not pre-selected as 2FA method after user completes enrollment

• AN-6501: Changing Duo Voice from "Require code every login" to a different duration fails to save

• AN-6190: "X" button to dismiss BreachWatch popup is not functional on some Pixel devices

• AN-6097: Users added to an Enterprise Team don't automatically see Team folders when there are multiple accounts

• AN-6376: "Invalid Client Version" error does not appear when multiple accounts are setup and the client is blocked by Keeper

• AN-6230: Wildcard for generated password complexity enforcement should apply to empty URL

• AN-6072: Master Password complexity enforcements are not narrowed down as the user meets requirements

• AN-6050: Restoring a record's history does not bring the user back to record detail view

• AN-6652: An error message is needed when a client key is not valid during Master Password update

• AN-6457: Attempting to delete "https://" from a custom field fails to save

• AN-6288: Users are prompted for 2FA method twice after Admin adds 2FA enforcement

• AN-6712: A crash occurs when records are encrypted with the data key

• AN-6547: Password generator doesn't generate passwords beyond 51 characters for users in a role with a password complexity enforcement requiring more than 51 characters

• AN-6726: Share notifications do not appear when a share relationship exists

Bug Fixes

• AN-6034: New Enterprise users experience enforcement policies prior to accepting invite

• AN-6662: Incorrect password enforcements are applied to new users registering with enterprise domains

Bug Fixes

• AN-6658: DUO push fails after opening main DUO app

• AN-6654: Crash occurs during account registration

Release Features

• AN-6347: Login V3 General Availability (GA) More information available here: https://docs.keeper.io/enterprise-guide/login-api-v3

Improvements

• AN-6481: Users are now able to back out of the security question/answer creation screen

Bug Fixes

• AN-6476: Logging in with incorrect password triggers "Password Update" prompt

• AN-6487: A crash occurs when the logout timer expires and the user attempts to switch between apps or log in with Biometrics

• AN-6516: User is not alerted on Android when their email address is changed on another client

• AN-6538: A crash occurs when a user logs in with Biometrics when a password expiration prompt should appear

• AN-6296: For accounts with a password complexity enforcement enabled, the password generator will not create passwords greater then 51 characters

• AN-6555: Biometric login lost after first login

• AN-6556: Logout from Settings menu fails on first attempt

• AN6470: KeeperFill fails in various cases

• AN-6471: A blank dialogue appears during new password creation flow when incorrect current password is submitted

• AN-6482: "Connect" button fails for SSO users (EU)

• AN-6478: User is prompted to login after updating new password

• AN-6395: An error is generated when updating an expired password for a specific user type

• AN-6492: Various issues with offline mode causing crashes, etc.

• AN-6477: Session timer times user out during registration; unable to click "Next" to move forward

• AN-6491: Biometrics button disappears after unsuccessful Master Password submission

• AN-6497: Failed launch or crash occurs if the logout timer expires while Keeper is backgrounded

• AN-6506: Backing out of IDP login and using Biometrics causes a hang on login

• AN-6526: Admin approval hangs after session times out (SSO)

• AN-6532: User is not brought back to original screen after 2FA session timeout occurs

• AN-6573: Enterprise invite sends new user in loop

Bug Fixes

• Fixed: Various issues with SSO login flow, preventing users from advancing past various screens.

• Fixed: KeeperFill unresponsive to fill password request in Instacart application.

Bug Fixes

• Fixed: Various German and Italian translation errors on Keeper Unlimited and Keeper Secure File Storage purchase screens.

Bug Fixes

• Fixed: Upon upgrading their IPs, users are being prompted for IP verification at login.

Benefits & Enhancements

• Referral Program - The rollout of Keeper's new referral program thanks our consumer customers for sharing Keeper with their friends, family members and colleagues by offering our current customers a $15.00 Amazon gift card for each purchase made. Using their unique referral link, users can easily share Keeper through text, email and other platforms (e.g. Facebook, Twitter, etc.) by tapping the referral icon located in their Keeper vault.

Bug Fixes

• Fixed: The new user intro video experiences a brief resize when first launched.

• Fixed: Various crash scenarios related to links to the Google Play Store.

• Fixed: The Identity & Payments country code drop-down menu appears in alphanumeric order rather than listed alphabetically.

• Fixed: Issue preventing some users from sharing within a group when the "Prevent sharing outside of group" enforcement is enabled.

Benefits & Enhancements

• Single Tap to Open Record URL - A single tap of a record's URL will open a dialog allowing the user to choose whether to open the site with a browser (e.g. Firefox, Chrome), with Keeper, or copy the URL to the clipboard.

• Updated Privacy Policy - By clicking on a URL from the Help or Registration screens, users are directed to view our updated privacy on the Keeper website.

Bug Fixes

• Fixed: Autofill is not working correctly for TOTP and phone number fields on both the LinkedIn and Twitter applications.

• Fixed: A crash occurs when a user attempts to take a photo for their Keeper profile.

• Fixed: A white field blocks the users ability to view the KeeperFill keyboard on Huawei devices.

• Fixed: A blank pop-up appears when a EU account shares a record with a US account.

• Fixed: Various scenarios related to KeeperFill cause a crash to occur on Huawei devices.

• Fixed: Users aren't prompted to select a duration upon enabling KeeperDNA as their Two-Factor Authentication method.

Bug Fixes

• Fixed: The autofill feature fails to fill the password field of the Instagram application at login.

Benefits & Enhancements

• User Confirmation for Biometric Login - To prevent a user from unintentionally logging into their Vault upon face detection, a prompt requiring the user to confirm the biometric login action has been implemented. This will allow users the option to cancel the login and/or switch accounts.

• Master Password & Security Answer Character Length Enforcement - For added security purposes, the minimum character length for users' Master Password has increased to 10, while the minimum character length for a Security Answer has increased to 8.

• Two-Factor Code Duration Timer Update - New two-factor code timer functionality provides users with additional timer options to select from (require code every 24 hours, 1 week, 2 weeks).

• Duo Two-Factor Authentication Policies - Enterprise administrators now have the ability to enable a policy in Duo that gives them the ability to eliminate and control the different types of two-factor authentication capabilities that are available to the user (e.g. sms, phone).

Bug Fixes

• Fixed: Entering any capitalized letters at the registration screen causes a "bad_request" pop-up notification to appear. Capital letters should automatically be converted since login characters are not case-sensitive.

• Fixed: An error message alerting the user that a shared folder requires an administrator fails to appear when a user attempts to delete all users, including the administrator.

• Fixed: Some folders are not appearing or syncing correctly in the user's Vault when multiple Keeper accounts are set-up on a single device.

Benefits & Enhancements

• Privacy Notice Update - Our privacy notice and certification status, including a TRUSTe seal (Privacy Shield Verification Program) have been updated within the Registration and Help screens.

Bug Fixes

• Fixed: Upon clicking the link to "Learn More" at "https://keepersecurity.com/security" from the Reset Security Question screen, user is logged out of their Vault.

• Fixed: Offline changes made to the Identity & Payments section are overwritten and do not appear again at next sync.

• Fixed: Inconsistency between password strength indicators in Vault and Console.

• Fixed: Invalid error message received when user shares a folder with another user (Enterprise) if the "Prevent record sharing to users outside of Keeper Enterprise" enforcement is turned on.

• Fixed: Various crash scenarios.

Features and Benefits:

• Protect a Friend: New icon in the top left section of the Vault screen is now available to make it easier to send invites to friends, family and colleagues. In addition, Protect a Friend option was added to the "+" button in order to make the function more easily accessible.

• Password Generator: Default length is now going to be 20 characters

• Font and Themes: New Overpass font is applied across the app and a new Dark Blue theme is available in Settings

• Two-Factor Authentication: Descriptions and labels that previously referred to KeeperDNA are now transitioned to Two-Factor authentication, reserving the trademarked KeeperDNA for watch and other wearable methods

• TOTP (Time-based One-Time Password): TOTP code is now available from the dropdown when the Keeper Web Browser is used to access sites requiring codes for login authentication such as Amazon, DropBox, GitHub, Twitter and others.

Bugs & Fixes:

• Fixed: Users unable to delete files on HTC-08 in some cases.

• Fixed: Enterprise users unable to sign-in in offline mode when 2FA is enabled in some cases.

• Fixed: Inconsistent overflow menu options based on the filter users used to get to a record. Options such as "Move To" and "Create Shortcut" would not appear for some users.

• Fixed: Logout Timer was not functioning correctly for some users.

Features & Benefits:

• TOTP (Time-based one-time password): 2FA (Two-Factor Authentication) tokens were added within records to support TOTP for new and existing records

• BreachWatch for Business: Ability to track and scan master password for vulnerabilities

• Password Complexity Improvements: Added record creation, multiple role and other enforcement capabilities

Bug Fixes:

• Fixed: An issue with Samsung devices causing biometric login to be restricted

• Fixed: An issue causing a crash while user device goes to sleep while inactive

• Fixed: An issue causing a crash when creating a record with a password complexity enforcement

• Fixed: Removed a second, broken menu appearing when user taps the 3-dot menu while viewing a record

• Fixed: An issue with an unknown device appearing after a user registers using their G-Suite SSO login credentials

• Fixed: An issue causing a crash when a user taps the info button in the BreachWatch screen

• Fixed: An issue with the Password Complexity Enforcement Slider only allowing 43 characters; now supports up to 51 characters

Features and Benefits:

• Storage Add-on: Updated Storage Upsell Flow supporting multiple scenarios of users with expired subscriptions trying to attach files to records

Features & Benefits

• Support for Android Q biometric login. We are excited to be adopting the new BiometricPrompt API introduced for Android P. This new capability allows you to log in to Keeper with all forms of biometric methods such as iris scanning, fingerprint, facial recognition, and others.

• Support for Iris/face recognition on Samsung devices

• Improved tablet support

Bug Fixes

• Fixed: Decryption errors on certain user accounts

• Fixed: Crash logging into Android 5.x

• Fixed: Account Recovery - with 2FA causes Biometrics and Self Destruct to appear when they shouldn't

• Fixed: "none.com" appearing in some vault records.

• Fixed: Password complexity enforcement for master password.

This is a major bug fix release which was fully rolled out by Aug 16, 2019.

Features & Benefits

• Initial support for Android Q

Bug Fixes

• Enterprise invite acceptance dialog not displayed on first login. Fixed.

• Records restored from record preview screen not showing until next sync. Fixed.

• Crash on BreachWatch purchase screen. Fixed.

• Moving user into SSO node doesn't allow login until app reset

• Keeper not appearing in Amazon Fire store. Fixed compatibility.

• Autofill doesn't work properly when login and registration on same page. Fixed.

• Can't sign into SSO with apostrophe in email. Fixed.

• Autofill on Wallmart and eBay native apps fixed.

• Password strength meter showed nothing when only 1 character entered.

• Error during registration (attempt to invoke virtual method) fixed.

• Autofill on Ameritrade app fixed.

• Payment card autofill fixed on Walmart.com site.

• Password masking enforcement policy not working with Autofill screens. Fixed.

• Moving a record outside of a shared folder not reflected by other users. Fixed.

• Sony experia device unable to download file attachments. Fixed.

• Autofill with Firefox Focus visual issues - Fixed.

Features & Benefits

• New Keeper logo

Features & Benefits

• Support for BreachWatch Business customers

• App Launcher Shortcuts

• Android Q Autofill Night Mode support

Security Update

This update addresses a potential security vulnerability on the Android application related to installation of a malicious 3rd party Android application. For the exploit to be realized, a sequence of conditions would be required which in turn, would impact the Keeper Android application. No customer reported being affected by this issue.

Reporting Sequence

The security researcher’s findings were reported via Keeper's Bugcrowd Public Vulnerability Disclosure Program on May 18, 2019. The issue disclosed in the report was accepted and validated on May 20, 2019. The fixes were completed and submitted for publication to the Google Play app store on June 21, 2019 in version 14.3.0.

Summarized Findings in the Security Researcher’s Report

A rogue 3rd party malicious application installed on the user's device could monitor events on the Keeper application and wait for certain conditions to capture a user's record login and password, when the user uses the "Copy to clipboard" feature. The researcher pointed out that while Keeper had FLAG_SECURE enabled at the application level, this flag must be enabled on all app fragments to address this potential vulnerability.

Keeper’s Security Team’s Response

In order for this potential vulnerability to result in an exploit of the user’s password for a website, the following conditions would need to exist:

1. User installs malicious 3rd party Android application 2. User opens Keeper app and opens password record 3. User taps on "eyeball" to display the plain text password 4. User taps on password field to copy to clipboard Result: The "Toast" message containing the password could be read by the malicious application.

Resolution

Added FLAG_SECURE to all app fragments to prevent 3rd party malicious application from monitoring clipboard events when the user taps "eyeball" to show password and taps password field to copy to clipboard.

Special thanks to phosphore Bugcrowd researcher for the detailed report and validation of the fix.

Bug Fixes & Improvements

• Removed KitKat support

• Improved user account switching between KeeperChat and Keeper

• Crash when clicking "Protect your business" promotion

Features & Benefits

• Migrated from Google Cloud Messaging to Firebase (no affect on end-user)

• Fixed URL hyperlink to Business trial version

• User registration on EU data center automatically redirects user to US if necessary

• Added Autofill support for Firefox Fenix

• Improved Autofill support for several websites and services

Bug Fixes

• Resolved "Unauthorized Device" popup error message

• Resolved theme not changing when switching user vaults

• Fixed crash when switching accounts and using the wrong password

• Fixed opening of attachments on Chromebook devices

• Swipe-kill now logs the user out when performed

• Setting a theme no longer sets it for all vaults on the device

• Fixed issue related to using multiple Android devices, adding a file on one device not appearing on the other

• Improved error messages instead of showing confusing error codes

• Fixed invalid prompt related to editing a record, discarding changes without making any edits

• Resolved Autofill on Amtrak app

• Some weak passwords were not showing BreachWatch alerts. This is fixed.

• Resolved ability to create http:// URLs in the record.

• Resolved various app crashes

• Resolved US Bank Autofill

This is a bug fix release focused on customer reported issues.

Bug Fixes

• Removing the "Google Login" feature which has confused many customers (Thanks Google for the confusing UI)

• Fixed several crashes in legacy KeeperFill reported by customers

• Fixed crash when adding non-Keeper accounts to shared folder

• Improved real-time syncing of shared folder changes between devices

• Unable to delete shared folders with long-click

Enhancements & Benefits

• ​Event data support for Advanced Reporting and Alert Module (Enterprise Only)

• New users can pre-fill the Email Address field using your Google account

• Autofill speed improvements

• Reduction of binary size by over 50% (only 10MB binary size)

Bug Fixes

• ​KeeperFill search stays on Home screen

• Crash on KitKat devices

• Dolphin browser crash

• Account Recovery - Old folder structure appears (no sub folders)

• SSO - Password complexity rules being prompted on Android login (Enterprise)

Enhancements & Benefits

• ​Improved AutoFill performance

Known Limitations

• ​All events in the new Advanced Auto & Reporting module analytics system are not fully supported.

Bug Fixes

• ​KeeperFill on Android Pie crashes

• Crash changing accounts, enterprise login and transferring ownership

• Missing localizations

• Sometimes a blank screen is shown when opening the app

Coming Soon

Version 14.2.0 will contain support for all Advanced Auto & Reporting module events

Enhancements & Benefits

• ​Support for Dolphin web browser in KeeperFill

• Improved handling of password masking enforcement policy

• Upgrade to latest SQLite 3.26.0.

Known Limitations

• ​Enforcement policies for Admin Console v13.1 are not yet fully supported.

Bug Fixes

• ​Ensure that masked passwords can only be filled into password fields

• "Object does not exist" error message with deleted records that don't sync

• Small UI design fixes on Version History screen

Coming Soon

• Android Release 14.1.3 is a bug fix release

• Android Release 14.2.0 is a feature release with Admin Console v13.1 enforcement support

Enhancements & Benefits

• ​Over 25 bug fixes addressed

• Improvements to AutoFill, KeeperFill, BreachWatch and Translations

• Addition of Clipboard Expiration timeout enforcement policy

Known Limitations

• ​Enforcement policies for Admin Console v13.1 are not yet fully supported.

Bug Fixes

• ​BreachWatch "Add to Scan" fixed

• Google Play store crash

• Crash on logout screen when backing out of Enterprise SSO Login

• Fingerprint login issues

• AutoFill on Twitch, Apple Music, Cigna, Capital One apps

• Identity & Payment bug fixes and crashes

• Unable to delete shared folders in certain scenarios

• In-app browser not loading Chase.com sign-in screen

• Android Wear unable to use "Verify" button

Coming Soon

• ​Android Release 14.1.2 is a bug fix release

• Android Release 14.1.3 is a bug fix release

• Android Release 14.2.0 is a feature release with Admin Console v13.1 enforcement support