Google has launched a brand new characteristic referred to as Restore Credentials to assist customers restore their account entry to third-party apps securely after migrating to a brand new Android machine.
A part of Android’s Credential Supervisor API, the characteristic goals to scale back the effort of re-entering the login credentials for each app throughout the handset alternative.
“With Restore Credentials, apps can seamlessly onboard users to their accounts on a new device after they restore their apps and data from their previous device,” Google’s Neelansh Sahai stated.
The tech large stated the method happens routinely within the background when a consumer restores apps and information from a earlier machine, enabling apps to signal customers again into the respective apps with out requiring any further interplay.
That is completed via what’s referred to as a restore key, which, in actuality, is a public key that is appropriate with FIDO2 requirements similar to passkeys.
Thus when a consumer indicators in to an app that helps this characteristic, their restore key’s saved to the Credential Supervisor domestically on machine and in encrypted format. Optionally, the encrypted restore key will also be saved to the cloud if cloud backup is enabled.
Ought to they transition to a brand new cellphone and restore their apps, the restore keys are requested as a part of the method, permitting them to routinely register to their account with out having to re-enter their login data.
“If the current signed-in user is trusted, you can generate a restore key at any point after they’ve authenticated in your app,” Google instructs app builders. “For instance, this could be immediately after login or during a routine check for an existing restore key.”
App builders are additionally really useful to delete the related restore key as quickly because the consumer indicators out to keep away from them getting caught in a unending loop of signing out deliberately and routinely getting logged again in.
It is price noting that Apple already has an analogous characteristic in iOS that leverages an attribute referred to as kSecAttrAccessible to regulate an app’s entry to a particular credential saved within the iCloud Keychain.
“The kSecAttrAccessible attribute enables you to control item availability relative to the lock state of the device,” Apple notes in its documentation.
“It also lets you specify eligibility for restoration to a new device. If the attribute ends with the string ThisDeviceOnly, the item can be restored to the same device that created a backup, but it isn’t migrated when restoring another device’s backup data.”
The event comes as Google shipped the primary Developer Preview of Android 16 with the most recent model of the Privateness Sandbox on Android and an improved Privateness Dashboard that provides the power to view which apps have accessed delicate permissions over a seven-day interval.
This additionally follows the launch of the up to date Android Safety Paper, which delves into the working system’s suite of built-in safety capabilities, together with options like theft safety, personal area, sanitizers, and lockdown mode, which goals to limit entry to a tool by turning off Good Lock, biometric unlocking, and notifications on the lock display.
