Google has introduced a new feature called Recover credentials to help users safely regain access to their third-party app accounts after switching to a new Android device.
Part of Android Credential Manager APIthis feature aims to reduce the hassle of re-entering login credentials for each app when switching phones.
“With Restore Credentials, apps can seamlessly connect users to their accounts on a new device after they restore their apps and data from their previous device,” Neelansh Sahai of Google said.
The tech giant said the process happens automatically in the background when a user restores apps and data from a previous device, allowing apps to sign users back into their respective apps without the need for additional interaction.
This is achieved using a so-called recovery key, which is actually a public key compatible with FIDO2 standards such as access keys.
Therefore, when a user logs into an app that supports this feature, their recovery key is stored in Credential Manager locally on the device and in an encrypted format. If desired, the encrypted recovery key can also be stored in the cloud if cloud backup is enabled.
When they switch to a new phone and restore their apps, the process asks for recovery keys, allowing them to automatically sign in to their account without having to re-enter their login information.
“If the currently logged-in user is a trusted user, you can generate a recovery key at any time after they authenticate to your app,” Google instructs app developers. “For example, this could be immediately after logging in or during a routine check for an existing recovery key.”
Application developers are also advised to delete the associated recovery key as soon as the user logs out, so as not to be stuck in an endless cycle of intentionally logging out and automatically logging back in again.
It’s worth noting that Apple already has a similar feature in iOS that uses an attribute called kSecAttrAccessible to control an app’s access to certain credentials stored in iCloud Keychain.
“The kSecAttrAccessible attribute lets you control the accessibility of elements relative to the device’s lock state,” Apple notes in its documentation.
“It also allows you to determine eligibility for a new device recovery. If the attribute ends with the string ThisDeviceOnly, the item can be restored to the same device it was backed up on, but it is not carried over when restoring the backup data to another device. “
Development is going like Google sent the first Android 16 developer preview with the latest version Privacy Sandbox on Android and improved Privacy control panel which adds the ability to view which apps have accessed sensitive permissions over a seven-day period.
It also follows from liberation the updated Android Security Paper, which addresses the set of built-in security capabilities of the operating system, including features such as theft protection, private space, disinfectantsand Lock Mode, which aims to restrict access to the device by disabling Smart Lock, biometric unlocking, and lock screen notifications.
