Extremely slow performance on Android

andspcas · January 28, 2026, 1:33pm

Checklist ok

Passbolt 5.8.0 and 5.90
Ubuntu server 24.04
Nginx/1.24.0 (Ubuntu)
mysql Ver 8.0.44
PHP 8.3.6

Android-App: 2.6.0
Android-OS: 15 (OnePlus Nord CE 3 Lite 5G) and 16 (NothingPhone 3A)

Hi all,

I’m testing passbolt on a non-docker enviroment, with standard setup on Ubuntu 24.04.

Everything works fine, browser page, plugins, windows app, ios app. Tested directly and also behind NPM proxy.

Only on Android devices (connected on the same lan or via wan, same performance), the login and refresh rate is extremely slow and stuck.

I tried with the Performance Tweaks, but without success.

The problem seems the same of this old post.

Thanks for suggestions.

A.

mmichalek · January 29, 2026, 8:52am

Hello @andspcas

thanks for reaching out. The root cause for slow data refresh from the old post should be resolved by now, se we need to understand more to help. Could you send the Android application log file to help diagnose? (On the authentication screen please click “question mark” icon - enable logs, then reproduce the slow login and refresh, then click “access logs” [from app settings or the same “question mark” icon] and share the file),

Edit: also if login is slow it reminded me of a issue we’ve seen a couple of times.

Thanks

andspcas · January 29, 2026, 9:43am

Thanks @mmichalek ,
here the log.

My connection is via local wifi, and the firewal resolves local dns name.

10:34:06 Checking biometry state
10:34:06 Biometry ready
10:34:58 [Session] Passphrase cache cleared
10:34:58 [Session] Passphrase cached
10:34:58 Getting server pgp and rsa keys
10:34:58 → GET https://{passbolt}/auth/verify.json http/1.1
10:34:58 ← 200 OK https://{passbolt}/auth/verify.json (57ms, unknown-length body)
10:34:59 → GET https://{passbolt}/auth/jwt/rsa.json http/1.1
10:34:59 ← 200 OK https://{passbolt}/auth/jwt/rsa.json (56ms, unknown-length body)
10:34:59 Getting server pgp and rsa keys succeeded
10:34:59 Checking if time adjustment is needed
10:34:59 Local time sync needed. Adjusted: 0
10:34:59 Verifying server fingerprint
10:34:59 Server key fingerprint is valid
10:34:59 Preparing sign in challenge
10:35:00 Prepared sign in challenge
10:35:00 Signing in
10:35:01 → POST https://{passbolt}/auth/jwt/login.json http/1.1 (1265-byte body)
10:35:01 ← 200 OK https://{passbolt}/auth/jwt/login.json (153ms, unknown-length body)
10:35:01 Sign in success
10:35:01 Decrypting challenge.
10:35:02 Challenge decrypted successfully
10:35:02 Verifying challenge
10:35:02 Challenge verified with success
10:35:02 Checking MFA status
10:35:02 MFA not required
10:35:02 Authentication success
10:35:02 Increasing sign in count
10:35:04 Fetching feature flags
10:35:04 → GET https://{passbolt}/settings.json http/1.1
10:35:05 ← 200 OK https://{passbolt}/settings.json (50ms, unknown-length body)
10:35:05 Feature flags fetched
10:35:05 RBAC available, fetching RBAC
10:35:05 Password expiry available, fetching expiry settings
10:35:05 Password policies available, fetching password policies settings
10:35:05 V5 metadata available, fetching v5 metadata types and keys settings
10:35:07 → GET https://{passbolt}/metadata/keys/settings.json http/1.1
10:35:07 ← 200 OK https://{passbolt}/metadata/keys/settings.json (44ms, unknown-length body)
10:35:07 → GET https://{passbolt}/rbacs/me.json http/1.1
10:35:07 ← 200 OK https://{passbolt}/rbacs/me.json (37ms, unknown-length body)
10:35:08 → GET https://{passbolt}/password-policies/settings.json http/1.1
10:35:08 ← 200 OK https://{passbolt}/password-policies/settings.json (30ms, unknown-length body)
10:35:09 → GET https://{passbolt}/metadata/types/settings.json http/1.1
10:35:09 ← 200 OK https://{passbolt}/metadata/types/settings.json (31ms, unknown-length body)
10:35:10 → GET https://{passbolt}/password-expiry/settings.json http/1.1
10:35:10 ← 200 OK https://{passbolt}/password-expiry/settings.json (44ms, unknown-length body)
10:35:12 V5 metadata types and keys settings fetched
10:35:12 Fetching user profile
10:35:13 → GET https://{passbolt}/users/me.json http/1.1
10:35:13 ← 200 OK https://{passbolt}/users/me.json (47ms, unknown-length body)
10:35:14 User profile updated successfully
10:35:15 Checking in app review show parameters. Show mode is: ConsecutiveShow. Show interval start date: 2026-01-28. Sign in count is: 6. Should show review: false
10:35:18 [Session] Received authentication intent [Launched]
10:35:18 [Session] Listening for new session events in HomeViewModel
10:35:19 Full data refresh initiated
10:35:20 [Session] Session is valid for request
10:35:20 [Session] Passphrase session is valid for request
10:35:20 [Session] Running operation
10:35:24 → GET https://{passbolt}/metadata/keys.json?contain%5Bmetadata_private_keys%5D=1 http/1.1
10:35:24 ← HTTP FAILED: java.io.IOException: unexpected end of stream on https://{passbolt}/… https://{passbolt}/metadata/keys.json?contain%5Bmetadata_private_keys%5D=1 (1ms)
10:35:24 → GET https://{passbolt}/metadata/keys.json?contain%5Bmetadata_private_keys%5D=1 http/1.1
10:35:24 ← 200 OK https://{passbolt}/metadata/keys.json?contain%5Bmetadata_private_keys%5D=1 (34ms, unknown-length body)
10:35:27 → GET https://{passbolt}/metadata/session-keys.json http/1.1
10:35:27 ← 200 OK https://{passbolt}/metadata/session-keys.json (41ms, unknown-length body)
10:35:27 Building session keys cache; Bundles count: 1
10:35:28 Decrypted session keys bundle
10:35:28 Merging session keys cache
10:35:28 Session keys cache loaded
10:35:29 → GET https://{passbolt}/resource-types.json http/1.1
10:35:29 ← 200 OK https://{passbolt}/resource-types.json (44ms, unknown-length body)
10:35:30 → GET https://{passbolt}/users.json http/1.1
10:35:31 ← 200 OK https://{passbolt}/users.json (47ms, unknown-length body)
10:35:32 → GET https://{passbolt}/groups.json?contain%5Buser%5D=1 http/1.1
10:35:32 ← 200 OK https://{passbolt}/groups.json?contain%5Buser%5D=1 (45ms, unknown-length body)
10:35:35 → GET https://{passbolt}/folders.json?contain%5Bpermission%5D=1&contain%5Bpermissions.group%5D=1 http/1.1
10:35:35 ← 200 OK https://{passbolt}/folders.json?contain%5Bpermission%5D=1&contain%5Bpermissions.group%5D=1 (49ms, unknown-length body)
10:35:40 → GET https://{passbolt}/resources.json?contain%5Bpermission%5D=1&contain%5Bfavorite%5D=1&contain%5Btag%5D=1&contain%5Bpermissions.group%5D=1&limit=2000&page=1&sort=Resources.modified&direction=desc http/1.1
10:35:40 ← HTTP FAILED: java.io.IOException: unexpected end of stream on https://{passbolt}/… https://{passbolt}/resources.json?contain%5Bpermission%5D=1&contain%5Bfavorite%5D=1&contain%5Btag%5D=1&contain%5Bpermissions.group%5D=1&limit=2000&page=1&sort=Resources.modified&direction=desc (2ms)
10:35:40 → GET https://{passbolt}/resources.json?contain%5Bpermission%5D=1&contain%5Bfavorite%5D=1&contain%5Btag%5D=1&contain%5Bpermissions.group%5D=1&limit=2000&page=1&sort=Resources.modified&direction=desc http/1.1
10:35:40 ← 200 OK https://{passbolt}/resources.json?contain%5Bpermission%5D=1&contain%5Bfavorite%5D=1&contain%5Btag%5D=1&contain%5Bpermissions.group%5D=1&limit=2000&page=1&sort=Resources.modified&direction=desc (39ms, unknown-length body)
10:35:41 Started resource list deserialization
10:35:41 Finished resource list deserialization
10:35:44 Saving session keys cache
10:35:45 Encrypted session keys cache
10:35:45 Skipping session keys update - no local modifications
10:35:52 [Session] Received authentication intent [Disposed]
10:35:52 [Session] Stopping authentication flow in HomeViewModel
10:35:56 [Session] App went background
10:35:56 [Session] Scheduling passphrase cache clear
10:35:56 [Session] Passphrase cache cleared

Thanks for the help

A.

andspcas · February 4, 2026, 8:19am

@mmichalek maybe I can do other types of tests?

Thx

A.

humble-b · February 5, 2026, 9:19am

I share the same issue, after opening and login into the app it takes a long time before the passwords start to show. I find it rather unusable as a replacement for the default android password manager however never thought of making an issue here.

I experience the following:

open the app
app asks for password or in my case thinger print
after this, it takes time to show the password list but after this it takes a longer time to refresh, i also see after opening an refresh icon and can’t do anything until the refresh is ready

If you need something from my side please let me know

maybe offtopic but it is also a pain in the ass if i need a login name and password, everytime i switch over the app requesting the login details i also need to re-login into the password app.

so app asks login name, i open passbolt
enter my finger print
lookup needed password and login credentials
copy login name and switch over to app
paste login name, after this the app asks password
switch over to passbolt
re-enter my finger print
re-lookup needed password
than i can copy the password

this is to much time and therefore i don’t use it anymore on the mobile devices

humble-b · February 5, 2026, 9:30am

my log

Device: OPPO CPH2689
Android 16 (36)
Passbolt 2.6.0-46

10:22:33 [Session] App went background
10:22:33 [Session] Scheduling passphrase cache clear
10:22:33 [Session] Passphrase cache cleared
10:24:33 Checking biometry state
10:24:33 Biometry ready
10:24:39 [Session] Passphrase cache cleared
10:24:39 [Session] Passphrase cached
10:24:43 → POST https://{passbolt}/auth/jwt/refresh.json h2 (105-byte body)
10:24:43 ← 200 https://{passbolt}/auth/jwt/refresh.json (191ms, unknown-length body)
10:24:56 [Session] App went background
10:24:56 [Session] Scheduling passphrase cache clear
10:24:56 [Session] Passphrase cache cleared
10:25:17 Checking biometry state
10:25:17 Biometry ready
10:25:19 [Session] Passphrase cache cleared
10:25:19 [Session] Passphrase cached
10:25:21 → POST https://{passbolt}/auth/jwt/refresh.json h2 (105-byte body)
10:25:21 ← 200 https://{passbolt}/auth/jwt/refresh.json (104ms, unknown-length body)
10:25:59 [Session] App went background
10:25:59 [Session] Scheduling passphrase cache clear
10:25:59 [Session] Passphrase cache cleared
10:28:26 Checking biometry state
10:28:26 Biometry ready
10:28:29 [Session] Passphrase cache cleared
10:28:29 [Session] Passphrase cached
10:28:30 → POST https://{passbolt}/auth/jwt/refresh.json h2 (105-byte body)
10:28:30 ← 200 https://{passbolt}/auth/jwt/refresh.json (113ms, unknown-length body)
10:28:57 [Session] Received authentication intent [Launched]
10:28:57 [Session] Listening for new session events in HomeViewModel
10:29:06 File logging tree planted
10:29:07 Checking biometry state
10:29:07 Biometry ready
10:29:09 [Session] Passphrase cache cleared
10:29:09 [Session] Passphrase cached
10:29:09 Getting server pgp and rsa keys
10:29:10 → GET https://{passbolt}/auth/verify.json h2
10:29:10 ← 200 https://{passbolt}/auth/verify.json (110ms, unknown-length body)
10:29:10 → GET https://{passbolt}/auth/jwt/rsa.json h2
10:29:10 ← 200 https://{passbolt}/auth/jwt/rsa.json (157ms, unknown-length body)
10:29:11 Getting server pgp and rsa keys succeeded
10:29:11 Checking if time adjustment is needed
10:29:11 Local time sync needed. Adjusted: -2
10:29:11 Verifying server fingerprint
10:29:11 Server key fingerprint is valid
10:29:11 Preparing sign in challenge
10:29:11 Prepared sign in challenge
10:29:11 Signing in
10:29:12 → POST https://{passbolt}/auth/jwt/login.json h2 (1681-byte body)
10:29:12 ← 200 https://{passbolt}/auth/jwt/login.json (346ms, unknown-length body)
10:29:12 Sign in success
10:29:12 Decrypting challenge.
10:29:12 Challenge decrypted successfully
10:29:12 Verifying challenge
10:29:12 Challenge verified with success
10:29:12 Checking MFA status
10:29:12 MFA not required
10:29:12 Authentication success
10:29:13 Increasing sign in count
10:29:13 Fetching feature flags
10:29:14 → GET https://{passbolt}/settings.json h2
10:29:14 ← 200 https://{passbolt}/settings.json (90ms, unknown-length body)
10:29:14 Feature flags fetched
10:29:14 RBAC available, fetching RBAC
10:29:14 Password expiry available, fetching expiry settings
10:29:14 Password policies available, fetching password policies settings
10:29:14 V5 metadata available, fetching v5 metadata types and keys settings
10:29:15 → GET https://{passbolt}/rbacs/me.json h2
10:29:15 ← 200 https://{passbolt}/rbacs/me.json (58ms, unknown-length body)
10:29:15 → GET https://{passbolt}/metadata/types/settings.json h2
10:29:15 ← 200 https://{passbolt}/metadata/types/settings.json (98ms, unknown-length body)
10:29:15 → GET https://{passbolt}/password-expiry/settings.json h2
10:29:15 ← 200 https://{passbolt}/password-expiry/settings.json (66ms, unknown-length body)
10:29:15 → GET https://{passbolt}/metadata/keys/settings.json h2
10:29:16 ← 200 https://{passbolt}/metadata/keys/settings.json (112ms, unknown-length body)
10:29:16 → GET https://{passbolt}/password-policies/settings.json h2
10:29:16 ← 200 https://{passbolt}/password-policies/settings.json (75ms, unknown-length body)
10:29:17 V5 metadata types and keys settings fetched
10:29:17 Fetching user profile
10:29:17 → GET https://{passbolt}/users/me.json h2
10:29:17 ← 200 https://{passbolt}/users/me.json (188ms, unknown-length body)
10:29:17 User profile updated successfully
10:29:18 Checking in app review show parameters. Show mode is: ConsecutiveShow. Show interval start date: 2025-08-04. Sign in count is: 7. Should show review: false
10:29:18 [Session] Received authentication intent [Launched]
10:29:18 [Session] Listening for new session events in HomeViewModel
10:29:18 Full data refresh initiated
10:29:18 [Session] Session is valid for request
10:29:18 [Session] Passphrase session is valid for request
10:29:18 [Session] Running operation
10:29:19 → GET https://{passbolt}/metadata/keys.json?contain%5Bmetadata_private_keys%5D=1 h2
10:29:19 ← 200 https://{passbolt}/metadata/keys.json?contain%5Bmetadata_private_keys%5D=1 (65ms, unknown-length body)
10:29:20 → GET https://{passbolt}/metadata/session-keys.json h2
10:29:20 ← 200 https://{passbolt}/metadata/session-keys.json (116ms, unknown-length body)
10:29:20 Building session keys cache; Bundles count: 1
10:29:20 Decrypted session keys bundle
10:29:21 Merging session keys cache
10:29:21 Session keys cache loaded
10:29:21 → GET https://{passbolt}/resource-types.json h2
10:29:21 ← 200 https://{passbolt}/resource-types.json (70ms, unknown-length body)
10:29:22 → GET https://{passbolt}/users.json h2
10:29:22 ← 200 https://{passbolt}/users.json (71ms, unknown-length body)
10:29:22 → GET https://{passbolt}/groups.json?contain%5Buser%5D=1 h2
10:29:22 ← 200 https://{passbolt}/groups.json?contain%5Buser%5D=1 (66ms, unknown-length body)
10:29:23 → GET https://{passbolt}/folders.json?contain%5Bpermission%5D=1&contain%5Bpermissions.group%5D=1 h2
10:29:23 [Session] Received authentication intent [Disposed]
10:29:23 [Session] Stopping authentication flow in HomeViewModel
10:29:23 ← 200 https://{passbolt}/folders.json?contain%5Bpermission%5D=1&contain%5Bpermissions.group%5D=1 (91ms, unknown-length body)
10:29:24 → GET https://{passbolt}/resources.json?contain%5Bpermission%5D=1&contain%5Bfavorite%5D=1&contain%5Btag%5D=1&contain%5Bpermissions.group%5D=1&limit=2000&page=1&sort=Resources.modified&direction=desc h2
10:29:25 ← 200 https://{passbolt}/resources.json?contain%5Bpermission%5D=1&contain%5Bfavorite%5D=1&contain%5Btag%5D=1&contain%5Bpermissions.group%5D=1&limit=2000&page=1&sort=Resources.modified&direction=desc (454ms, unknown-length body)
10:29:26 Started resource list deserialization
10:29:26 Finished resource list deserialization
10:29:27 Saving session keys cache
10:29:28 Encrypted session keys cache
10:29:28 Skipping session keys update - no local modifications
10:29:31 [Session] App went background
10:29:31 [Session] Scheduling passphrase cache clear
10:29:31 [Session] Passphrase cache cleared