Android

Overview #

The platform authenticator in Android 9+ has the following capabilities:

• creating and using passkeys that are backed up to Google Password Manager
• using a passkey from the local Android device to sign into services on another device (such as a laptop or desktop), using FIDO Cross-Device Authentication

Android 14 adds the following capabilities:

• creating and using passkeys in a third-party passkey provider

Cross-Device Authentication #

Android devices can be an authenticator for FIDO Cross-Device Authentication (CDA).

Android devices can be persistently linked to the browsers/platforms below:

• Chrome OS
• Windows 11 23H2
• Chrome & Edge on Windows 11 <23H2
• Chrome & Edge on Windows 10
• Chrome on macOS
• Edge on macOS
• Chrome on Ubuntu
• Edge on Ubuntu

macOS (Safari and native apps), iOS (global), and iPadOS (global) do not support persistent linking.

When an authenticator is not persistently linked, a QR code must be scanned on every use.

Platform Notes #

• Credential Manager is a new Android Jetpack API that supports multiple sign-in methods, including passkeys, in a single API, thus simplifying the integration for developers.
  
  Credential Manager API
  
  FIDO2 API to Credential Manager Migration

Resources #

Docs #

• Adding passkeys support to native Android apps: User authentication with passkeys
• Security of Passkeys in the Google Password Manager

Videos #

• Passkeys: a simpler and safer sign-in (Google I/O 2023)
• Reduce reliance on passwords in Android apps with passkey support (Google I/O 2023)
• Learn how to implement passkeys with form autofill in a web app(Google I/O 2023)

Sample Code #

• Credential Manager Sample app

Community Resources #

• Sample native app with passkey support from Dashlane