Android Developers Blog
The latest Android and Google Play news for app and game developers.
🔍
Platform Android Studio Google Play Jetpack Kotlin Docs News

11 9月 2024

Streamlining Android authentication: Credential Manager replaces legacy APIs


Link copied to clipboard
Posted by Diego Zavala and Jason Lucibello – Product Managers

In 2023, we introduced Credential Manager for Android. Credential Manager creates a unified experience for passkeys, Sign in with Google, and passwords, allowing seamless sign-in and eliminating the need for users to type in usernames or passwords.

ALT TEXT
Fig 1. Sample app showing Credential Manager dialog in a sign-in flow with a passkey, a password, and a Sign in with Google options

To bring Credential Manager’s benefits to more Android users and simplify developers’ integration efforts, APIs that were previously deprecated will continue their phased removals and shutdowns. These APIs include:

Developers with apps that still use these APIs should migrate to Credential Manager as soon as possible. Credential Manager supports all authentication features included in these legacy APIs, as well as streamlined journeys for users and modernizes the experience with passkey support and streamlined user journeys. Developers looking to implement authorization functionality for Google Accounts, such as scoped access to a service like Google Drive, should continue to use the AuthorizationClient API.

Current status of APIs as of September 2024, update plans, and recommended migration guides.

Status: Removed
Next Update: Fully shut down in Q1 2025

Status: Deprecated
Next Update: Removed in H1 2025

Status: Deprecated
Next Update: Removed in H1 2025

Status: Deprecated
Next Update: Removed in H2 2025

Status: Deprecated
Next Update: Removed in H2 2025

What does each status mean?

    • Deprecated: API is still in the SDK and functional, but will be removed and fully shut down in the future. Developers are recommended to migrate to Credential Manager at this time.
    • Removed: API is still functional for users, but is no longer included in the SDK. New app versions compiled with the most recent SDK would fail in the build process if your code still utilizes the removed API. If your app still relies on any of these APIs, you should migrate to Credential Manager as soon as possible.
    • Fully shut down: API is no longer functional, and it will fail when a request is sent by an app.

Credential Manager offers streamlined, more secure auth journeys

Credential Manager delivers multiple advantages to users and developers over the deprecated APIs:

      1. Easier, more secure sign-ins with passkeys: Passkeys are an alternative to passwords that provide an easier and more secure authentication experience, based on industry standards. Credential Manager brings support for passkeys to Android apps.

      2. Frictionless, one-tap sign-in: Users select their preferred saved credential from the options offered, without needing to remember or type username or passwords.

      3. Unified UI across all credentials: Credential Manager’s one-tap sign-in works with passkeys, Sign in with Google, and passwords. It deduplicates methods for the same account, so users no longer need to remember which method they last used, or which one is the “right” method.

      4. Extended support for password managers: Users benefit from using the credentials stored in their preferred password manager on Credential Manager flows, and can even enable multiple password managers at the same time! Passwords managers not only protect users’ credentials, but they also provide additional action and protections to keep users safe, such as upgrading passwords to passkeys, alerting users to password reuse, and containing usage to affiliated apps and domains.

      5. Simplified development: Developers can consolidate their sign-in logic into a single, modern API, reducing development overhead and maintenance efforts. New authentication functionality will be released through Credential Manager going forward.

Adopting Credential Manager is an intuitive upgrade for developers

For developers previously using our deprecated APIs, the transition to Credential Manager is smooth and intuitive. Developers like X (formerly known as Twitter), Pinterest have already experienced the benefits of the upgrade. X shared with us that Credential Manager’s unified approach made migration and maintenance effortless, while Pinterest expressed a smooth process for both users and engineers with Credential Manager.

Quote text reads: 'The Credential Manager library allowed us to unify Smart Lock, Sign in with Google, and passkeys under one cohesive umbrella, significantly reducing the amount of code required. The unified process made migration and maintenance effortless, empowering us to enhance security and user experience with ease' Saurabh Arora, Staff SoftwareEngineer, X (formerly Twitter)

Quote text reads: 'Migrartingo ur codebase to Credential Manager on Android was a smooth process for users and engineers, which aallowed us to have more cohesive and simplified process to support and maintain authentication at Pinterest. Our Android users have benfitted from frictionless sign-in and sign-up using Google, currently accounting for over 75% of user authentications.' - Jorge Garmendia Identity Product safety and Compliance Client Engineering Lead, Pinterest

Developers can use the following guides to make adopting Credential Manager even easier:

Share your feedback

Your input is very valuable to us as we continue to refine and improve our authentication services. Please keep providing us feedback on the issue tracker and share your experience integrating Credential Manager!