It seems like Google will be making a new system when it comes to account creation via the Android application. Instead of using the traditional methods such as one-time passwords and email link, Google is looking at creating an application that uses the device method to authenticate the user. This change focuses on simplifying onboarding while maintaining security. If widely adopted, it could transform the way apps authenticate users and reduce the need to repeatedly switch apps during sign-up.
According to documentation on the Android Developers website, Google is introducing a Verified Email system through its Credential Manager. This feature allows apps to instantly confirm a user's email address using a secure credential stored on the device, eliminating the need for OTPs or email-based verification links.
Instead of requiring users to switch apps to receive a code, the Verified Email feature will display a native prompt on the screen. This prompt clearly indicates the information the app is requesting, such as a verified email address. Users can approve the request with a single tap and proceed without leaving the app.
Verified Email relies on a cryptographic credential that is already available on the device to accelerate the procedure while maintaining high levels of security. According to Google, applications cannot access any data without explicit user consent, and the notification displays all relevant information on data exchange prior to acceptance.
In addition to facilitating registration procedures, the Verified Email functionality allows simplifying other tasks that require high levels of security, such as account recovery. It also allows verifying users' identities rapidly upon account modifications or transaction verifications.
Google also advises developers to include fallback options, such as manual email entry or OTP-based verification, if the system can't retrieve the required credentials. It's recommended that users be encouraged to create passkeys after verification to make future sign-ins easier and more secure. Currently, this feature supports personal Google accounts and works on devices running Android 9 or later. Its widespread adoption will depend on how quickly developers integrate it into their apps.