Chrome for Android Tests Digital Credential API for Secure Online Identity Verification
Share
Introduction
Imagine a future where you can securely verify your identity online using your driver’s license or passport stored in your mobile wallet. This is exactly what Google is exploring with the new Digital Credential API in Chrome for Android. This API acts as a bridge between websites and the secure credential storage system (CredMan) on your Android device.
Currently, many websites require users to upload scans of their identification documents, a process that can be inconvenient and raise security concerns. The Digital Credential API offers a more streamlined and secure solution. When a website needs to verify your identity, it sends a request through Chrome. You’ll then see a prompt on your phone, clearly outlining the information being requested. With your approval, Android securely transmits the necessary details from your mobile wallet to the website, ensuring only the essential information is shared.
“Government-recognized documents…play a big and constructive role in society,” explains Google’s explainer on the new feature, highlighting the importance of secure online identity verification for services like online banking or age verification.
This approach offers several benefits for both users and website owners. Users gain a more convenient and secure way to verify their identity online, eliminating the need to manually upload documents or worry about data breaches. Websites benefit from a faster and more reliable verification process, potentially reducing fraud and improving user experience.
The Digital Credential API is built on the foundation of Android’s IdentityCredential system, which supports various types of digital credentials like driver’s licenses and passports. Google emphasizes that the API is extensible, meaning it can accommodate future credential formats and integrate with multiple wallet apps. Additionally, safeguards will be implemented to minimize the risk of misuse, as Google noted in a support document: “Websites can and do get credentials from mobile wallet apps through a variety of mechanisms today… Mechanisms will be added to help reduce the risk of ecosystem-scale abuse of real-world identity.”
While the exact release date remains undisclosed, Google’s experimentation with the Digital Credential API signifies a positive step towards a more secure and user-friendly online identity verification landscape. This API holds promise for both individuals interested in safeguarding their digital identities and developers seeking to integrate secure verification measures into their websites.