Android Credential Manager API Gets Verified Email Feature
Google has updated the Android Credential Manager API with a Verified Email feature, allowing users to sign up for apps without manually retrieving a magic link or one-time PIN from their email. Instead, the app uses a cryptographically verified email credential from the user's Google account stored on the device. Developers can subsequently prompt users to create a passkey.
Instead of retrieving a magic link or OTP, the app uses a cryptographically verified email credential from the user's Google account.
The Verified Email feature can also be used for account recovery and re-authentication for sensitive actions.
Important Caveats
- Account restrictions: The feature is currently restricted to consumer Google accounts only, not Workspace or managed accounts.
- Non-Gmail addresses: For Google accounts created with non-@gmail.com addresses, Google recommends developers consider an additional verification step, such as sending an OTP, because the ownership of the email address may change over time.
- Device requirements: The feature supports devices running Android 9 or newer and Google Play Services 25.49.xx or newer.