1.4. How credentials are requested and authorized

The request from the browser extension is transmitted to the phone and undergoes a series of operations: the phone app “authorizes” the request, verifies that the request comes from a trusted device that has been previously paired, asks the user to approve (if the requested site has been configured with Touch ID or Pin Code), encrypts the required information, and only then sends it back to the extension.