We are excited to announce that the public release of Credential Manager will be available starting on November 1st. Credential Manager brings the future of authentication to Android, simplifying how users sign in to their apps and websites, and at the same time, making it more secure.
Signing in can be challenging - passwords are widely used, and often forgotten. They are reused, phished, and washed, making them less secure. Furthermore, there is a proliferation of ways to log in to apps; passwords, email links, OTP, ‘Sign in with…’, and users carry the burden of remembering what to use where. And for developers, this adds complexity - they need to support multiple sign-in methods, increasing integration and maintenance costs.
To address this, Android is rolling out Credential Manager, which brings support for passkeys, a new passwordless authentication, together with traditional sign-in methods, such as passwords and federated identity, in a unified interface.
Let’s take a look at how it can help make users’ and developers’ lives easier.
1.Passkeys enable passwordless authentication
Passkeys are the future of online authentication - they are more secure and convenient than passwords. With a passkey, signing in is as simple as selecting the right account and confirming with a device face scan, fingerprint or PIN - that’s it. No need to manually type username or passwords, copy-paste a one-time code from SMS, or tap a link in an email inbox. This has resulted in apps reducing the sign-in time by 50% when they implemented passkeys. Logging in with passkeys is also more secure, as they provide phishing-resistant protection.
Several apps are already integrated with Credential Manager and support passkeys, including Uber and Whatsapp.
“Passkeys add an additional layer of security for WhatsApp users. Simplifying the way users can securely get into their account will help our users, which is why the Credential Manager API is so important.” – Nitin Gupta, Head of Engineering, WhatsApp
“At Uber, we are relentless in our push to create magical experiences without compromising user safety. Passkeys simplify the user experience and promote accessibility, while enhancing the security that comes from reducing the dependency on traditional passwords. Ultimately this is a win-win for Uber and Uber’s customers.
The Credential Manager offers a developer-friendly suite of APIs that enable seamless integration with our apps, eliminating concerns about device fragmentation. We’ve seen great results from launching passkeys across our apps and encourage all users to adopt passkeys.”– Ramsin Betyousef, Sr. Director of Engineering at Uber
2.All accounts available in a single tap, in a simplified interface
Users often end up with different sign-in methods for the same account - they may use a password on their phone, and a “Sign in with…” on a browser, and then be offered a passkey on their desktop. To simplify users’ lives, Credential Manager lets them choose the account they want, and use smart defaults to pick the best technology to do it (e.g. a passkey, password, or federated identity). That way, users don’t need to think whether they want to sign-in with a password or a passkey; they just choose the account, and they are in.
Let’s take a look at how it works. Imagine that Elisa has 2 accounts on the Shrine app
a personal account for which she had a password and just created a new passkey
a shared family account with just a password.
To facilitate her experience, Credential Manager shows her 2 accounts and that’s it. Credential Manager uses a password for her family account and a passkey for her personal account (because it’s simpler and safer). Elisa doesn’t need to think about it.
3.Open to the ecosystem
One of the reasons why users prefer Android is because they are able to customize their experience. In the case of authentication, some users prefer to use the password manager that’s shipped with their device, and others prefer to use a different one. Credential Manager gives users the ability to do so, by being open to any credential provider and allowing multiple enabled at the same time.
Several leading credential providers already integrated with Credential Manager.
"We're at an inflection point in the history of authentication as passkeys represent the perfect balance between ease and security. Since 1Password launched support for passkeys earlier this year, we’ve had over 230,000 passkeys created and see thousands added each day. The data indicates strong user demand but we must continue to prioritize support for apps and services, making it simpler for developers to integrate passkey authentication." – Anna Pobletts, Head of Passwordless at 1Password
“At Enpass, we quickly recognized the potential of passkeys. Thanks to the Android Credential Manager framework, Enpass is fully prepared to serve as a passkey provider for Android 14. This integration empowers our customers to embrace a secure alternative to traditional passwords wherever it's available.” – Vinod Kumar, Chief Technology Officer at Enpass.
How to integrate with Credential Manager?
To get started, take a look at the resources below:
Posted by Kateryna Semenova, Developer Relations Engineer, Android
Introduction
KAYAK is one of the world's leading travel search engines that helps users find the best deals on flights, hotels, and rental cars. In 2023, KAYAK integrated passkeys - a new type of passwordless authentication - into its Android and web apps. As a result, KAYAK reduced the average time it takes their users to sign-up and sign-in by 50%, and also saw a decrease in support tickets.
This case study explains KAYAK's implementation on Android with Credential Manager API and RxJava. You can use this case study as a model for implementing Credential Manager to improve security and user experience in your own apps.
If you want a quick summary, check out the companion video on YouTube.
Problem
Like most businesses, KAYAK has relied on passwords in the past to authenticate users. Passwords are a liability for both users and businesses alike: they're often weak, reused, guessed, phished, leaked, or hacked.
“Offering password authentication comes with a lot of effort and risk for the business. Attackers are constantly trying to brute force accounts while not all users understand the need for strong passwords. However, even strong passwords are not fully secure and can still be phished.” – Matthias Keller, Chief Scientist and SVP, Technology at KAYAK
To make authentication more secure, KAYAK sent "magic links" via email. While helpful from a security standpoint, this extra step introduced more user friction by requiring users to switch to a different app to complete the login process. Additional measures needed to be introduced to mitigate the risk of phishing attacks.
Solution
KAYAK's Android app now uses passkeys for a more secure, user-friendly, and faster authentication experience. Passkeys are unique, secure tokens that are stored on the user's device and can be synchronized across multiple devices. Users can sign in to KAYAK with a passkey by simply using their existing device's screen lock, making it simpler and more secure than entering a password.
“We've added passkeys support to our Android app so that more users can use passkeys instead of passwords. Within that work, we also replaced our old Smartlock API implementation with the Sign in with Google supported by Credential Manager API. Now, users are able to sign up and sign in to KAYAK with passkeys twice as fast as with an email link, which also improves the completion rate" – Matthias Keller, Chief Scientist and SVP, Technology at KAYAK
Credential Manager API integration
To integrate passkeys on Android, KAYAK used the Credential Manager API. Credential Manager is a Jetpack library that unifies passkey support starting with Android 9 (API level 28) and support for traditional sign-in methods such as passwords and federated authentication into a single user interface and API.
Designing a robust authentication flow for apps is crucial to ensure security and a trustworthy user experience. The following diagram demonstrates how KAYAK integrated passkeys into their registration and authentication flows:
Figure 2:KAYAK's diagram showing their registration and authentication flows.
At registration time, users are given the opportunity to create a passkey. Once registered, users can sign in using their passkey, Sign in with Google, or password. Since Credential Manager launches the UI automatically, be careful not to introduce unexpected wait times, such as network calls. Always fetch a one-time challenge and other passkeys configuration (such as RP ID) at the beginning of any app session.
While the KAYAK team is now heavily invested in coroutines, their initial integration used RxJava to integrate with the Credential Manager API. They wrapped Credential Manager calls into RxJava as follows:
This example defines a Kotlin function called createCredential() that returns a credential from the user as an RxJava Single of type CreateCredentialResponse. The createCredential() function encapsulates the asynchronous process of credential registration in a reactive programming style using the RxJava Single class.
This example demonstrates the approach KAYAK used to register a new credential, here Credential Manager was wrapped in Rx primitives.
webAuthnRetrofitService.getClientParams(username = /** email address **/)
.flatMap { response->
// Produce a passkeys request from client params that include a one-time challengeCreatePublicKeyCredentialOption(/** produce JSON from response **/)
}
.subscribeOn(schedulers.io())
.flatMap { request->
// Call the earlier defined wrapper which calls the Credential Manager UI// to register a new passkey credentialcredentialManagerRepository.createCredential(
request = request,
activity = activity
)
}
.flatMap {
// send credential to the authentication server
}
.observeOn(schedulers.main())
.subscribe(
{ /** process successful login, update UI etc. **/ },
{ /** process error, send to logger **/ }
)
Rx allowed KAYAK to produce more complex pipelines that can involve multiple interactions with Credential Manager.
Existing user sign-in
KAYAK used the following steps to launch the sign-in flow. The process launches a bottom sheet UI element, allowing the user to log in using a Google ID and an existing passkey or saved password.
Figure 3:Bottom sheet for passkey authentication.
Developers should follow these steps when setting up a sign-in flow:
Since the bottom sheet is launched automatically, be careful not to introduce unexpected wait times in the UI, such as network calls. Always fetch a one-time challenge and other passkeys configuration (such as RP ID) at the beginning of any app session.
When offering Google sign-in via Credential Manager API, your code should initially look for Google accounts that have already been used with the app. To handle this, call the API with the setFilterByAuthorizedAccounts parameter set to true.
If the result returns a list of available credentials, the app shows the bottom sheet authentication UI to the user.
If a NoCredentialException appears, no credentials were found: No Google accounts, no passkeys, and no saved passwords. At this point, your app should call the API again and set setFilterByAuthorizedAccounts to false to initiate the Sign up with Google flow.
Process the credential returned from Credential Manager.
Single.fromSupplier<GetPublicKeyCredentialOption> {
GetPublicKeyCredentialOption(/** Insert challenge and RP ID that was fetched earlier **/)
}
.flatMap { response ->// Produce a passkeys requestGetPublicKeyCredentialOption(response.toGetPublicKeyCredentialOptionRequest())
}
.subscribeOn(schedulers.io())
.map { publicKeyCredentialOption ->// Merge passkeys request together with other desired options,// such as Google sign-in and saved passwords.
}
.flatMap { request ->// Trigger Credential Manager system UI
credentialManagerRepository.getCredential(
request = request,
activity = activity
)
}
.onErrorResumeNext { throwable ->// When offering Google sign-in, it is recommended to first only look for Google accounts// that have already been used with our app. If there are no such Google accounts, no passkeys,// and no saved passwords, we try looking for any Google sign-in one more time.if (throwable is NoCredentialException) {
return@onErrorResumeNext credentialManagerRepository.getCredential(
request = GetCredentialRequest(/* Google ID with filterByAuthorizedOnly = false */),
activity = activity
)
}
Single.error(throwable)
}
.flatMapCompletable {
// Step 1: Use Retrofit service to send the credential to the server for validation. Waiting// for the server is handled on a IO thread using subscribeOn(schedulers.io()).// Step 2: Show the result in the UI. This includes changes such as loading the profile// picture, updating to the personalized greeting, making member-only areas active,// hiding the sign-in dialog, etc. The activities of step 2 are executed on the main thread.
}
.observeOn(schedulers.main())
.subscribe(
// Handle errors, e.g. send to log ingestion service. // A subset of exceptions shown to the user can also be helpful,// such as user setup problems. // Check out more info in Troubleshoot common errors at// https://developer.android.com/training/sign-in/passkeys#troubleshoot
)
“Once the Credential Manager API is generally implemented, it is very easy to add other authentication methods. Adding Google One-Tap Sign In was almost zero work after adding passkeys.” – Matthias Keller
Some of the major user experience considerations KAYAK faced when switching to passkeys included whether users should be able to delete passkeys or create more than one passkey.
Our UX guide for passkeys recommends that you have an option to revoke a passkey, and that you ensure that the user does not create duplicate passkeys for the same username in the same password manager.
Figure 4:KAYAK's UI for passkey management.
To prevent registration of multiple credentials for the same account, KAYAK used the excludeCredentials property that lists credentials already registered for the user. The following example demonstrates how to create new credentials on Android without creating duplicates:
fun WebAuthnClientParamsResponse.toCreateCredentialRequest(): String {
val credentialRequest = WebAuthnCreateCredentialRequest(
challenge = this.challenge!!.asSafeBase64,
relayingParty = this.relayingParty!!,
pubKeyCredParams = this.pubKeyCredParams!!,
userEntity = WebAuthnUserEntity(
id = this.userEntity!!.id.asSafeBase64,
name = this.userEntity.name,
displayName = this.userEntity.displayName
),
authenticatorSelection = WebAuthnAuthenticatorSelection(
authenticatorAttachment = "platform",
residentKey = "preferred"
),
// Setting already existing credentials here prevents// creating multiple passkeys on the same keychain/password manager
excludeCredentials = this.allowedCredentials!!.map { it.copy(id = it.id.asSafeBase64) },
)
return GsonBuilder().disableHtmlEscaping().create().toJson(credentialRequest)
}
And this is how KAYAK implemented excludeCredentials functionality for their Web implementation.
The server-side part is an essential component of an authentication solution. KAYAK added passkey capabilities to their existing authentication backend by utilizing WebAuthn4J, an open source Java library.
KAYAK broke down the server-side process into the following steps:
The client requests parameters needed to create or use a passkey from the server. This includes the challenge, the supported encryption algorithm, the relying party ID, and related items. If the client already has a user email address, the parameters will include the user object for registration, and a list of passkeys if any exist.
The client runs browser or app flows to start passkey registration or sign-in.
The client sends retrieved credential information to the server. This includes client ID, authenticator data, client data, and other related items. This information is needed to create an account or verify a sign-in.
When KAYAK worked on this project, no third-party products supported passkeys. However, many resources are now available for creating a passkey server, including documentation and library examples.
Results
Since integrating passkeys, KAYAK has seen a significant increase in user satisfaction. Users have reported that they find passkeys to be much easier to use than passwords, as they do not require users to remember or type in a long, complex string of characters. KAYAK reduced the average time it takes their users to sign-up and sign-in by 50%, have seen a decrease in support tickets related to forgotten passwords, and have made their system more secure by reducing their exposure to password-based attacks. Thanks to these improvements, KAYAK plans to eliminate password-based authentication in their app by the end of 2023.
“Passkeys make creating an account lightning fast by removing the need for password creation or navigating to a separate app to get a link or code. As a bonus, implementing the new Credential Manager library also reduced technical debt in our code base by putting passkeys, passwords and Google sign-in all into one new modern UI. Indeed, users are able to sign up and sign in to KAYAK with passkeys twice as fast as with an email link, which also improves the completion rate." – Matthias Keller
Conclusion
Passkeys are a new and innovative authentication solution that offers significant benefits over traditional passwords. KAYAK is a great example of how an organization can improve the security and usability of its authentication process by integrating passkeys. If you are looking for a more secure and user-friendly authentication experience, we encourage you to consider using passkeys with Android's Credential Manager API.
Dashlane is a password management tool that provides a secure way to manage user credentials, access control, and authentication across multiple systems and applications. Dashlane has over 18 million users and 20,000 businesses in 180 countries. It’s available on Android, iOS, macOS, Windows, and as a web app with an extension for Chrome, Firefox, Edge, and Safari.
The opportunity
Many users choose password managers because of the pain and frustration of dealing with passwords. While password managers help here, the fact remains that one of the biggest issues with passwords are security breaches. Passkeys on the other hand bring passwordless authentication with major advancements in security.
Passkeys are a simple and secure authentication technology that enables signing in to online accounts without entering a password. They cannot be reused, don't leak in server breaches of relying parties, and protect users from phishing attacks. Passkeys are built on open standards and work on all major platforms and browsers.
As an authentication tool, Dashlane’s primary goal is to ensure customers’ credentials are kept safe. They realized how significant the impact of passkeys could be to the security of their users and adapted their applications to support passkeys across devices, browsers, and platforms. With passkey support they provide users a secure and convenient access with a phishing-resistant authentication method.
Implementation
Passkeys as a replacement for passwords is a relatively new concept and to address the challenge of going from a familiar to an unfamiliar way of logging in, the Dashlane team considered various solutions.
On the desktop web they implemented conditional UI support through a browser extension to help users gracefully navigate the choice between using a password and a passkey to log into websites that support both login methods. As soon as the user taps on the username input field, an autofill suggestion dialog pops up with the stored passkeys and password autofill suggestions. The user can then choose an account and use the device screen lock to sign in.
On Android, they used the Credential Manager API which supports multiple sign-in methods, such as username and password, passkeys, and federated sign-in solutions (such as Sign-in with Google) in a single API. The Credential Manager simplifies the development process and it has enabled Dashlane to implement passkeys support on Android in 8 weeks with a team of one engineer.
Data shows that users are more satisfied with the passkey flows than the existing password flows.
The conversion rate is 92% on passkey authentication opportunities on the web (when Dashlane suggests a saved passkey for the user to sign in), compared to a 54% conversion rate on opportunities to automatically sign in with passwords. That’s a 70% increase in conversion rate compared to passwords–a great sign for passkey adoption.
Password sign-in prompt.
Passkey sign-in prompt.
The conversion rate here refers to user actions when they visit websites that support passkeys. If a user attempts to register or use a passkey they will see a Dashlane dialog appear on Chrome on desktop. If they proceed and create new or use an existing passkey it is considered a success. If they dismiss the dialog or cancel passkey creation, it’s considered a failure. The same user experience flow applies to passwords.
Dashlane also saw a 63% conversion rate on passkey registration opportunities (when Dashlane offers to save a newly created passkey to the user’s vault) compared to only around 25% conversion rate on suggestions to save new passwords. This indicates that Dashlane’s suggestions to save passkeys are more relevant and precise than the suggestions to save passwords.
Save passkey prompt.
Save password prompt.
Dashlane observed an acceleration of passkey usage with 6.8% average weekly growth of passkeys saved and used on the web.
Save password prompt.
Takeaways
While passkeys are a new technology that users are just starting to get familiar with, the adoption rate and positive engagement rates show that Dashlane users are more satisfied with passkey flows than the existing password flows.
“Staying up to date on developments in the market landscape and industry, anticipating the potential impact to your customers’ experience, and being ready to meet their needs can pay off. Thanks in part to our rapid implementation of the Credential Manager API, customers can rest assured that they can continue to rely on Dashlane to store and help them access services, no matter how authentication methods evolve.“ –Rew Islam, Director of Product Engineering and Innovation at Dashlane
Dashlane tracks and investigates all passkey errors and says that there haven’t been many. They also receive few questions from customers around how to use or manage their passkeys. This can be a sign of an intuitive user experience, clear help center documentation, a tendency of passkey users today already being knowledgeable about passkeys, or some combination of these factors.
Passkeys are an easier and more secure alternative to passwords. They let users sign-in simply with a fingerprint, face scan, PIN or a pattern. This week we are sharing resources to help you understand passkeys and upgrade authentication on your sites and apps.
Every day from 23-27 October on @ChromiumDev and @AndroidDev we’ll share new materials, including blog posts, case studies, and a Q&A session. Use #PasskeysWeek to participate in the conversation and spread the word about your sites and apps that support passkeys.
Join our live Q&A
On 25 October at 10 AM PDT, we’ll host a live Q&A session on Google for Developers YouTube channel where you’ll be able to ask questions in the live chat and get answers from passkeys engineers from Google. To send us your questions ahead of time through social media channels tag @ChromiumDev and @AndroidDev and use #PasskeysWeek.
Bookmark this link or click "Notify me" to get alerted when the livestream is about to start:
The recording will also be available on the channel after the event. Save the date and learn more about passkeys.
Where are passkeys today
Google Accounts have supported passkeys since May this year and on 10 October, 2023 have made passkeys the default sign in method for all devices that support it. If you haven’t created a passkey for your Google account yet, head over to g.co/passkeys.
Google is also partnering with brands to enable passkeys across Chrome and Android platforms. Partners across the ecommerce, financial tech, and travel industries—along with other software providers—already support passkeys creating easier, secure sign-ins for their users.
When the travel company KAYAK integrated passkeys into its Android and web apps, they reduced the time it takes their users to sign up and sign in by 50%.
Password manager Dashlane can also manage passkeys across its Android, iOS, macOS, and Windows apps, as well as on the web with an extension for Chrome, Firefox, Edge, and Safari. Since introducing passkeys, Dashlane has seen a 70% increase in conversion rate for signing in with passkeys compared to passwords.
To learn more about these success stories keep an eye on #PasskeysWeek on @ChromiumDev and @AndroidDev, where we'll share full case studies in the next couple of days.
Learn how to implement passkeys and earn a badge
Are you a web developer? Are you ready to learn how to implement passkeys in a web app?
FIDO Alliance is an open industry association with a mission to develop and standardize technical specifications that reduce the reliance on passwords to authenticate users.
Posted by Anirudh Dewani, Director of Android Developer Relations
One of our favorite things to do is connect with Android developers–like you–around the world, and it’s even more fun when we’re able to do so in person. Earlier this year, we had the opportunity to meet thousands of you at Google I/O and through global Google I/O Connect events in Miami, Amsterdam, Bengaluru and China, and we’re constantly inspired by your energy, your passion to build for Android, and your dedication to improve app quality.
But there are still more opportunity for us to connect at events unfolding later this year, as we bring the Android team and our Android Google Developer Expert friends to events around the world.
Here’s a snapshot:
droidcon London
Next week, on October 26 & 27, the Android team is bringing the excitement to droidcon London with tech talk topics including app performance, screenshot testing, Compose, and more. We’ll also have a full lineup of subject matter experts to host a fireside chat and office hours, happy to answer all your development and product questions. Learn more about the content and get your tickets on droidcon's website.
DevFest Season
DevFest 2023 has just kicked off, with nearly 500 DevFests already scheduled. DevFest is a community-led technology conference series, and is proud to embrace developers from all corners of the globe and diverse backgrounds. Conference agendas are tailored to suit the needs and interests of local developer communities and include talks, hands-on demos, workshops, and codelabs on the latest Google technologies.
This year, many Android GDE will be speaking at hundreds of DevFest events around the world, with special appearances from the Android team at DevFests in New York, the Bay Area, London, and Singapore among others.
Want to join us? Just navigate to any location on the interactive DevFest map and RSVP. It's that simple!
Stay in Touch
This was just a small peek of some of the events through the end of 2023. Don’t forget to check out our YouTube channel for all the latest news, technical talks, tutorials, tips and tricks, and follow and engage with us on X (formerly known as Twitter) and LinkedIn. We can’t wait to connect with thousands of you in person!
Posted by Maru Ahues Bouza, Director, Android Developer Relations
Zoom is an all-in-one collaboration platform. Whether supporting work streams through video, chat, or the platform’s smart recordings and whiteboard tools, the team at Zoom aims to simplify personal and professional communications.
For Zoom engineers, creating the best experience for users means meeting them where they are across a variety of devices with unique form factors. Currently, there are more than 270 million large screens and foldables in use across the Android ecosystem. With this in mind, the Zoom team saw an opportunity to boost the app’s support across the Android ecosystem, helping to ensure a seamless user experience on any supported device.
Zoom users spend more time on large screens
In the last few years, the Zoom team has seen increased tablet usage among its user base. The Zoom team has seen increased tablet usage among its user base, and people who use Zoom on both their phone and tablet spend about 62% more time on their tablet. In addition, Zoom tablet users engaged about 2X more via Zoom than phone users.
Zoom engineers wanted to give users on large screens the same experience on their preferred devices as those using the app on a smartphone or computer.
“We wanted to make sure large screen users have the best experience possible when using Zoom,” said Will Chan, a product manager at Zoom. “Ensuring we could scale our mobile UI to address our user needs — regardless of their device size — was important, whether it's phones, foldables, or tablets.”
Improving multi-window support on foldables
Zoom engineers started by using the Jetpack WindowManager library, which provides developers all the resources they need to start optimizing across form factors. Using the library, Zoom engineers made the app’s tabletop UI for foldables more efficient by placing videos on the top screen and moving any controls to the bottom screen. This gave users a more hands-free experience, making it easier for them to use the app with their foldable devices.
For foldables, Zoom engineers also optimized the app’s Team Chat. After overhauling this feature, Zoom’s Team Chat worked seamlessly in split-screen mode. When in portrait mode, the app would now show a chat preview on the left side of the screen and the chat details on the right. Small changes like this make better use of on-screen space so that users can more easily manage the tasks at hand.
Adding more features can lead to greater complexity. To avoid complicating the app’s UI on foldables, Zoom engineers used ConstraintLayouts. These help simplify the app’s interface, reducing a lot of the complexity that comes with creating multiple layouts on a device. As a bonus, ConstraintLayouts also improve the app’s performance while switching between layouts, improving useability overall for users.
Making the most of larger screens
Large screen devices give users considerably more onscreen real estate to work with. And with so much available space on these form factors, Zoom engineers wanted to up the app’s multi-window support by allowing users to go into picture-in-picture mode. Just as with optimizing for split-screen modes on foldables, picture-in-picture allows users to better multitask while they’re in meetings or taking a phone call.
Zoom engineers also tweaked the app’s UI to scale accordingly when large screen users resized their windows. To do this, the Zoom team used the resizeable emulator in Android studios. Together, these tools let the engineering team preview how the new experiences would look across many different devices, allowing developers to test their optimization before putting it into production.
“Resizable emulators and Android Studios made testing and developing a lot easier, ensuring the user experience is great on multiple large screen devices,” said Will.
Easy optimization across Android
The suite of tools and resources provided by Android made it easier than ever for Zoom engineers to improve its app across form factors. Considering there are so many users on large screens and foldable devices today, Zoom developers were glad that they could create a more cohesive UX without having to exhaust all their resources.
The Zoom team is excited by the global reach of the Android platform and looks forward to seeing what Android will add to its already-large pool of developer resources and tools.
“Our engineering team appreciates all the investments being made in the Jetpack libraries. It’s made their lives much easier while developing for Android,” said Will.
Passkeys are a safer and simpler alternative to passwords that works on all modern browsers and platforms. They enable signing into online accounts by using a device screen lock–with a fingerprint, facial recognition, PIN or a pattern.
More and more online services are adding passkey support every day. On 10 October, 2023, Google accounts made passkeys the default sign in method for all devices that support it.
To accelerate our way into a passwordless future, from 23-27 October we are hosting Passkeys Week–an online event where you can learn everything you need to know to successfully implement passkeys. Use #PasskeysWeek to participate in the conversation and spread the word about your products that support passkeys.
Keep an eye on @ChromiumDev and @AndroidDev, where we'll share new learning materials, including blog posts, case studies and pathways to earn passkeys badges on your Google Developer Profile.
On 25 October at 10 AM PDT, we’ll host a live Q&A session on Google for Developers YouTube channel where you can get all your questions about passkeys answered by passkeys engineers from Google. Bookmark this link or click "Notify me" to get alerted when the livestream is about to start:
The recording will also be available on the channel after the event — we hope you will tune in.
With over a billion downloads on Google Play, Google’s Contacts app is many Android users’ primary tool for viewing and organizing their personal contact information. Contacts developers aim to make the app an easy way for users to connect with the people who matter most to them. To make connecting even simpler, the Contacts engineering team built an entirely new widget from scratch using Jetpack Glance, Android’s latest framework for designing and developing widgets.
Contacts users enjoy connecting through widgets
Widgets make it easy for users to quickly access their favorite app features. Instead of having to navigate to and through an application, widgets can be added directly to a device’s home screen to create a shortcut to the information users need. With this in mind, Contacts engineers developed a new widget for users’ favorite contacts that allows them to reach friends and family faster.
“With the increasing popularity of home screen widgets,” said Phil Groman, product manager at Contacts, “we wanted to make our widget as useful as possible so that users can more easily connect with their most important contacts.”
A Google Opinion Rewards survey of Contacts widget users showed that about 80% of users with the Favorites widget on their home screen found it helpful for finding and connecting with their contacts. The survey used a 5-point scale, with 1 signifying “Not at all helpful” and 5 signifying “Extremely helpful.” Roughly 80% of the polled users selected options 4 or 5.
Faster development using Jetpack Glance
Previously, the Contacts team built the app’s widgets using RemoteViews, but the team switched to Jetpack Glance for its familiar APIs, concise Compose syntax, and out-of-the-box support of Material You dynamic theming. Jetpack Glance is also built on top of the Jetpack Compose Runtime, which makes development simple thanks to its modern declarative approach to UI and Kotlin APIs.
Contacts engineers also liked Jetpack Glance because the toolkit is backward compatible with RemoteViews code. Using Jetpack Glance, they could create the new Favorites widget with support as far back as API 23 of RemoteViews. Currently, the Favorites widget supports back to API 31. Jetpack Glance also offers a WorkManager-backed update mechanism, making it easier for developers to load a widget’s display data.
Android has additional documentation available on the Jetpack Glance landing page to help guide the development and implementation of widgets, which Contacts engineers used to build the Favorites widget. These resources helped Contacts engineers learn how to build responsive dynamic layouts for resizing, incorporate material themes, add UIs for empty and error states, and verify accessibility features like content descriptions.
After the Contacts team built the new Favorites widget, engineers estimated end-to-end development using Jetpack Glance to be 25% faster compared to another Contacts widget built using RemoteViews.
Doing more with Jetpack Glance
Thanks to Jetpack Glance, the Contacts team greatly reduced the time it took to produce a widget. Jetpack Glance’s Compose-based framework and intuitive Kotlin APIs made development easier, allowing engineers to quickly get a new widget off the ground and out to users.
“Jetpack Glance helped a lot during development,” said Zhen Fan, a software engineer at Contacts. “It increased development speed and made developers happier overall.”
Right now, the Contacts team is beginning to migrate another one of its widgets from RemoteViews to Jetpack Glance. The team hopes to incorporate more complex UI versions by making the switch, allowing engineers to develop richer features for users to enjoy.
Get started
Learn more about developing engaging widgets with Jetpack Glance.
Passkeys are a safer and simpler alternative to passwords that works on all modern browsers and platforms. They enable signing into online accounts by using a device screen lock–with a fingerprint, facial recognition, PIN or a pattern.
More and more online services are adding passkey support every day. On 10 October, 2023, Google accounts made passkeys the default sign in method for all devices that support it.
To accelerate our way into a passwordless future, from 23-27 October we are hosting Passkeys Week–an online event where you can learn everything you need to know to successfully implement passkeys. Use #PasskeysWeek to participate in the conversation and spread the word about your products that support passkeys.
Keep an eye on @ChromiumDev and @AndroidDev, where we'll share new learning materials, including blog posts, case studies and pathways to earn passkeys badges on your Google Developer Profile.
On 25 October at 10 AM PDT, we’ll host a live Q&A session on Google for Developers YouTube channel where you can get all your questions about passkeys answered by passkeys engineers from Google. Bookmark this link or click "Notify me" to get alerted when the livestream is about to start:
The recording will also be available on the channel after the event — we hope you will tune in.
This article was originally posted on the Firebase blog.
For the past six years, we have shared the latest and greatest updates to Firebase, Google’s app development platform, at our annual Firebase Summit – this year, we wanted to do something a little different for our community of developers. So, in addition to the Flutter Firebase festival that just wrapped up, and meeting you all over the world at DevFests, we’re thrilled to announce our very first Firebase Demo Day, happening on November 8, 2023!
What is Demo Day?
Demo Day will be a virtual experience where we'll unveil short demos (i.e. pre-recorded videos) that showcase what's new, what's possible, and how you can solve your biggest app development challenges with Firebase. You’ll hear directly from our team about what they’ve been working on in a format that will feel both refreshing but also familiar.
What will you learn?
You’ll learn how Firebase can help you build and run fullstack apps faster, harness the power of AI to build smart experiences, and use Google technology and tools together to be more productive. We’ve been working closely with our friends from Flutter, Google Cloud, and Project IDX to ensure the demos cover a variety of topics and feature integrated solutions from your favorite Google products.
How can you participate?
Since Demo Day is not your typical physical or virtual event, you don’t need to worry about registering, securing a ticket, or even traveling. This is one of the easiest ways to peek at the exciting future of Firebase! Simply bookmark the website (and add the event to your calendar), then check back on Wednesday, November 8, 2023 at 1:00 pm EST to watch the videos at your own pace and be inspired to make your app the best it can be for users and your business.
In the meantime, we encourage you to follow us on X (formerly Twitter) and LinkedIn and join the conversation using #FirebaseDemoDay. We’ll be sharing teasers and behind-the-scenes footage throughout October as we count down to Demo Day, so stay tuned!
Posted by Diego Zavala, Product Manager
Posted by Kateryna Semenova, Developer Relations Engineer, Android
Posted by Milica Mihajlija, Technical Writer
Posted by Milica Mihajlija, Technical Writer
Posted by Anirudh Dewani, Director of Android Developer Relations
Posted by Maru Ahues Bouza, Director, Android Developer Relations
Posted by Milica Mihajlija, Technical Writer
Posted by Andre Labonte, the Glance API.
Posted by Annum Munir, Product Marketing Manager
