Easy account restoration for Android apps

Posted by Neelansh Sahai – Developer Relations Engineer

Do you know that, on common, 40% of the individuals within the US reset or substitute their smartphones yearly? This frequent system turnover presents a problem – and a possibility – for sustaining robust person relationships. When customers get a brand new cellphone, the friction of re-entering login credentials can result in frustration, app abandonment, and churn.

To handle this challenge, we’re introducing Restore Credentials, a brand new function of Android’s Credential Supervisor API. With Restore Credentials, apps can seamlessly onboard customers to their accounts on a brand new system after they restore their apps and information from their earlier system. This makes the transition to a brand new system easy and fosters loyalty and long run relationships.

On high of all this, there is no developer effort required for the switch of a restore key from one system to the opposite, as this course of is tied along with the android system’s backup and restore mechanism. Nevertheless, if you wish to login your customers silently as quickly because the restore is accomplished, you may wish to implement BackupAgent and add your logic within the onRestore callback. The expertise is pleasant – customers will proceed being signed in as they have been on their earlier system, and they’ll have the ability to get notifications to simply entry their content material with out even needing to open the app on the brand new system.

Among the advantages of the Restore Credentials function embody:

• Seamless person expertise: Customers can simply transition to a brand new Android system.
• Rapid engagement: Interact customers with notifications or different prompts as quickly as they begin utilizing their new system.
• Silent login with backup agent integration: In case you’re utilizing a backup agent, customers could be routinely logged again in after information restoration is full.
• Restore key checks with out backup agent integration: If a backup agent is not getting used, the app can verify for a restore key upon first launch after which log the person in routinely.

How does Restore Credentials work?

The Restore Credentials function allows seamless person account restoration on a brand new system. This course of happens routinely within the background throughout system setup when a person restores apps and information from a earlier system. By restoring app credentials, the function permits the app to signal the person again in with out requiring any further interplay.

The credential sort that’s supported for this function known as restore key, which is a public key suitable with passkey / FIDO2 backends.

Consumer move

On the previous system:

1. If the present signed-in person is trusted, you’ll be able to generate a restore key at any level after they’ve authenticated in your app. As an example, this may very well be instantly after login or throughout a routine verify for an present restore key.
2. The restore key’s saved regionally and backed as much as the cloud. Apps can opt-out of backing it as much as the cloud.

On the brand new system:

1. When organising a brand new system, the person can choose one of many two choices to revive information. Both they will restore information from a cloud backup, or can regionally switch the information. If the person transfers regionally, the restore key’s transferred regionally from the previous to the brand new system. In any other case, if the person restores utilizing the cloud backup, the restore key will get downloaded together with the app information from cloud backup to the brand new system.
2. As soon as this restore key’s obtainable on the brand new system, the app can use it to log within the person on the brand new system silently within the background.

Be aware: It is best to delete the restore key as quickly because the person indicators out. You don’t need your person to get caught in a cycle of signing out deliberately after which routinely getting logged again in.

Methods to implement Restore Credentials

Utilizing the Jetpack Credential Supervisor allow you to create, get, and clear the related Restore Credentials:

• Create a Restore Credential: When the person indicators in to your app, create a Restore Credential related to their account. This credential is saved regionally and synced to the cloud if the person has enabled Google Backup and finish to finish encryption is accessible. Apps can decide out of syncing to the cloud.
• Get the Restore Credential: When the person units up a brand new system, your app requests the Restore Credential from Credential Supervisor. This permits your person to register routinely.
• Clear the Restore Credential: When the person indicators out of your app, delete the related Restore Credential.

Restore Credentials is accessible by the Credential Supervisor Jetpack library. The minimal model of the Jetpack Library is 1.5.0-beta01, and the minimal GMS model is 242200000. For extra on this, confer with the Restore Credentials DAC web page. To get began, observe these steps:

// construct.gradle.kts
implementation("androidx.credentials:credentials:1.5.0-beta01")

// Fetch Registration JSON from server
// Similar because the registrationJson created on the time of making a Passkey
// See documentation for more information
val registrationJson = ... 

// Create the CreateRestoreCredentialRequest object
// Move within the registrationJSON 
val createRequest = CreateRestoreCredentialRequest(
  registrationJson,
  /* isCloudBackupEnabled = */ true
)

NOTE: Set the isCloudBackupEnabled flag to false in order for you the restoreKey to be saved regionally and never within the cloud. It’s set as true by default

val credentialManager = CredentialManager.create(context)

// On a profitable authentication create a Restore Key
// Move within the context and CreateRestoreCredentialRequest object
val response = credentialManager.createCredential(
    context,
    createRestoreRequest
)

4. When the person units up a brand new system, name the getCredential() technique on the CredentialManager object.

// Fetch the Authentication JSON from server
val authenticationJson = ...

// Create the GetRestoreCredentialRequest object
val choices = GetRestoreCredentialOption(authenticationJson)
val getRequest = GetCredentialRequest(Immutablelist.of(choices))

// The restore key could be fetched in two eventualities to 
// 1. On the primary launch of app on the system, fetch the Restore Key
// 2. Within the onRestore callback (if the app implements the Backup Agent)
val response = credentialManager.getCredential(context, getRequest)

In case you’re utilizing a backup agent, carry out the getCredential half inside the onRestore callback. This ensures that the app’s credentials are restored instantly after the app information is restored.

5. When the person indicators out of your app, name the clearCredentialState() technique on the CredentialManager object.

// Create a ClearCredentialStateRequest object
val clearRequest = ClearCredentialStateRequest(/* requestType = */ 1)

// On person log-out, clear the restore key
val response = credentialManager.clearCredentialState(clearRequest)

Conclusion

The Restore Credentials function gives important advantages, guaranteeing customers expertise a easy transition between units, and permitting them to log in rapidly and simply by backup brokers or restore key checks. For builders, the function is easy to combine and leverages present passkey server-side infrastructure. General, Restore Credentials is a priceless device that delivers a sensible and user-friendly authentication resolution.