Importing & migrating passwords
How do I import Samsung Pass passwords into Google Password Manager?
Export from Samsung Pass (⚙️ Settings → Export passwords) to get a
.spass file. Open SPASS Converter, select the file, enter your Samsung Pass password, tap Convert. Save the CSV. Then go to passwords.google.com → ⚙️ Settings → Import passwords → choose your CSV. Full step-by-step guide →How do I import Samsung Pass passwords into Chrome?
Convert with SPASS Converter first. Then in Chrome on desktop: Settings → Autofill and passwords → Google Password Manager → ⚙️ Settings → Import passwords. Upload the CSV. Your passwords will sync across all Chrome devices automatically.
Can I import into Bitwarden instead of Google?
Yes. In the Bitwarden web vault: Tools → Import data → Google Chrome (CSV). The password column layout (
name, url, username, password, note) matches Bitwarden's Chrome import format exactly.Can I import into 1Password?
Yes. In 1Password use File → Import and select 1Password or Generic CSV format. You may need to map columns during import.
Can I import into KeePass or Dashlane?
Yes — both support generic CSV import. In KeePass: File → Import → Generic CSV. In Dashlane: My Account → Import passwords → CSV. Map the columns as needed.
The .spass file format
What is a .spass file?
A
.spass file is an encrypted password export created by Samsung Pass on Samsung Galaxy devices. It contains your saved passwords, credit cards, addresses, and notes, encrypted with AES-256-CBC using a key derived from your Samsung Pass password. More about the .spass format →How do I open a .spass file?
You cannot open it with a text editor or spreadsheet app — it is AES-256 encrypted. SPASS Converter is built to decrypt it using your Samsung Pass password and export the contents as a standard CSV.
Can I open a .spass file on a PC?
Not directly. The
.spass format is proprietary to Samsung Pass on Android. Use SPASS Converter on your Android device to convert it first, then transfer the resulting CSV to your computer.Why does Samsung export as .spass instead of CSV?
Samsung encrypts the export to protect your credentials in case someone accesses your device storage. The encryption uses AES-256-CBC with PBKDF2-SHA256 key derivation (70,000 iterations, 256-bit key). It's strong encryption — only your Samsung Pass password can decrypt it.
Privacy & security
Does SPASS Converter upload my passwords to the internet?
No. SPASS Converter has absolutely no internet access.
INTERNET, ACCESS_NETWORK_STATE, BLUETOOTH, NFC, and all other network permissions are explicitly removed in the app manifest using tools:node="remove". This is verifiable in the open-source AndroidManifest.xml.What happens to my password and data after conversion?
Your Samsung Pass password, the raw file bytes, and the decrypted CSV are all zeroed from memory as soon as you leave the app. The app uses Android's
onUserLeaveHint lifecycle callback to detect when you navigate away and clears all sensitive state immediately.Does the app use analytics or crash reporting?
No. There are no analytics SDKs, crash reporting libraries, or any third-party code that could send data anywhere. The only dependencies are standard AndroidX / Jetpack Compose components from Google.
Is the source code auditable?
Yes — it's fully open source under the MIT License at github.com/stanley-projects/SpassConverter. The decryption code is in
SPassDecryptor.kt and you can verify every claim on this page yourself.Usage & troubleshooting
What password do I enter in the app?
Enter the password you use to unlock Samsung Pass itself — not your Samsung account password, not your phone PIN. It's the password you set when you first configured Samsung Pass, which Samsung Pass asks for when it can't use biometrics.
I get "Wrong password" — what should I do?
Make sure you're entering your Samsung Pass password, not your Samsung account password or phone lock PIN. If you've forgotten your Samsung Pass password, you'll need to recover it through Samsung's account recovery — SPASS Converter cannot bypass encryption.
Do app passwords (Instagram, WhatsApp, etc.) get correct URLs?
Yes for 100+ common apps. Samsung Pass stores app credentials with Android package names (e.g.
com.instagram.android) instead of URLs. SPASS Converter maps these to real website URLs automatically — Instagram, WhatsApp, Netflix, Spotify, Amazon, TikTok, Cash App, Signal, Robinhood, Discord, and many more. For unlisted apps, the raw package name is preserved.The CSV looks garbled in Excel — how do I fix it?
SPASS Converter adds a UTF-8 BOM (Byte Order Mark) to the CSV output, which tells Excel to read it as UTF-8. If you're still seeing issues, try opening the file via Excel's Data → From Text/CSV and selecting UTF-8 encoding manually.
What Android version do I need?
Android 8.0 (API 26) or higher — which covers all Samsung Galaxy devices that support Samsung Pass.
Is SPASS Converter on the Play Store?
Not yet — it's currently available as a direct APK download from GitHub Releases. F-Droid submission is also planned. Installing from GitHub requires enabling "Install unknown apps" once for your browser or file manager.