EN DE
VeilVault Logo

Documentation

Autofill

← Back to Docs Back to VeilVault →

Autofill

Autofill allows VeilVault to provide credentials directly to supported apps and browsers on the user’s device.

VeilVault is a security-first, offline-only password vault developed by CodeVeil.

Autofill is designed to reduce manual password handling while preserving explicit user control.

Purpose

Autofill exists to:

  • Reduce password reuse caused by convenience shortcuts
  • Minimize clipboard exposure
  • Improve day-to-day usability without weakening security boundaries

Autofill is optional and must be explicitly enabled by the user.

How Autofill Works (High-Level)

When enabled:

  • VeilVault registers as an Android Autofill Service
  • Supported apps and browsers can request credentials
  • The user must authenticate before any data is provided
  • Autofill data is supplied locally, directly to the requesting app

No credentials are transmitted off-device.

User Control & Consent

Autofill actions are never silent.

  • Users must explicitly unlock the vault before autofill
  • Saving new credentials requires confirmation
  • Autofill can be disabled at any time in system settings

VeilVault does not automatically inject credentials without user involvement.

Autosave Behavior

When supported by the platform and app:

  • VeilVault may offer to save newly entered credentials
  • Saving is gated behind user authentication

Autofill never bypasses the master password or biometric gating.

Browser Compatibility

VeilVault supports autofill in a range of modern browsers and apps that implement Android’s autofill framework.

Compatibility depends on:

  • App implementation
  • Android version
  • System autofill behavior

VeilVault does not modify or hook into other apps.

Security Boundaries

Autofill operates within strict limits:

  • Credentials are provided only after authentication
  • Data is scoped to the requesting app or domain where possible
  • Autofill does not grant VeilVault visibility into unrelated app content

VeilVault relies on Android’s autofill framework for request validation.

What Autofill Does Not Do

Autofill does not:

  • Bypass the vault lock
  • Persist credentials outside the vault
  • Capture arbitrary form data
  • Monitor keystrokes
  • Inject data into unsupported apps

Autofill is not a keylogger or accessibility service.

Limitations

Autofill effectiveness depends on external factors.

  • Some apps do not support autofill correctly
  • Browser behavior varies between vendors
  • Compromised devices invalidate application-level guarantees

VeilVault cannot override platform limitations.

Privacy Considerations

  • Autofill data is processed locally
  • No autofill requests are logged remotely
  • No behavioral analytics are collected

Autofill does not change VeilVault’s offline-only privacy model.

Summary

  • Autofill is optional and user-controlled
  • Authentication is always required
  • Credentials never leave the device
  • Platform limitations apply

Autofill in VeilVault prioritizes explicit consent and predictable behavior over silent convenience.

← Back to Docs