Google has given Android an OpenID upgrade to make handling digital credentials like virtual driving licences much easier and more secure.
With native support for OpenID standards, Android apps and services can talk the same language when it comes to verifying who you are digitally.
This update uses Android’s existing Credential Manager system (specifically, the DigitalCredential API) to bring in support for OpenID4VP (for showing your credentials) and OpenID4VCI (for getting new ones issued).
It’s all part of Android’s push towards using open standards to ensure you’re not locked into one company’s way of doing things for your digital identity.
OpenID digital credentials: More than just ID
OpenID digital credentials are basically secure, virtual documents that can be checked electronically to prove they’re legit. The most obvious use people are talking about is digital identity documents like driving licences, passports, or national ID cards.
But the potential goes way further. Google expects developers to get creative, using this tech for all sorts of things you might need to prove digitally. We’re talking education certificates, insurance details, gym memberships, event tickets, work permits – you name it.
And it’s not just about official ‘wallet’ apps like Google Wallet or Samsung Wallet holding these credentials. Any app can potentially become a “credential holder.”
“Other apps not necessarily thought of as ‘wallets’ may also have a use for exposing a digital credential. For example, an airline app might want to offer their users’ air miles reward program membership as a digital credential to be presented to other apps or websites,” explained Rohey Livne, Group Product Manager, Android at Google.
Your credentials, your control
When a website or another app needs you to prove something (the “verifier”), they’ll send a request using this OpenID digital credentials standard. Android’s Credential Manager will then step in. Instead of making you hunt through different wallet apps, it intelligently looks across all the compatible apps on your phone and finds all the credentials you have that could fulfil the request.
You then see a simple list showing the relevant credentials. You choose the specific credential you want to share, not the app storing it, which puts you firmly in the driving seat.
Once you’ve picked, say, your digital driving licence, Android securely passes the request over to the wallet app that holds that specific licence. That app finishes the process, showing the credential to the verifier. This method also gives the wallet app a chance to “perform any additional due-diligence steps it needs to perform prior to releasing the credential to the verifier,” adding an extra layer of checks if needed.
Need to show a credential to someone on another device? Android can handle that too, using the same secure, encrypted methods that make things like passkeys work between devices.
Getting new OpenID digital credentials easily
Receiving and storing new digital credentials is also getting standardised using the OpenID4VCI protocol. When someone needs to issue you a digital credential – maybe your university sending a digital degree certificate, or your employer issuing a digital access card – they can use this standard.
You’ll get a prompt asking which compatible wallet app on your phone you’d like to save the new credential to. This gives you the freedom to organise your credentials in the wallet you prefer, or even use multiple apps. Some apps might even issue credentials automatically if they’re linked to your account, without you needing to do much at all.
As you collect more credentials over time from different places, they can live happily across various wallet apps. To make sure Android knows what’s where when it’s time to show a credential, wallet apps need to tell the Credential Manager a bit about the credentials they hold. This info helps Android quickly find the right options for you when a request comes in.
Who’s using this already?
This isn’t just theory; it’s starting to roll out in the real world.
“As Google Wallet announced yesterday, soon users will be able to use digital credentials to recover Amazon accounts, access online health services with CVS and MyChart by Epic, and verify profiles or identity on platforms like Uber and Bumble,” says Livne.
These uses show how versatile digital credentials are becoming – helping with account recovery, accessing sensitive health info securely, and proving who you are on platforms where trust matters. Crucially, these features will work with credentials stored in any compatible wallet app on your phone.
And speaking of other wallets, Google confirmed this isn’t just a Google show.
“To that end, we’re also happy to share that both Samsung Wallet and 1Password will hold users’ digital credentials as digital wallets and support OpenID standards via Android’s Credential Manager API,” Livne stated.
Having major players like Samsung and 1Password on board is great news, showing wider industry buy-in and giving users more choice.
This update opens doors for Android app developers too. Any app can now potentially build in the ability to verify users’ digital credentials. Or, developers could make their own app capable of securely holding specific credentials (like that airline points example) for users to present elsewhere.
By building support for these OpenID standards right into the core of Android, Google is paving the way for a smoother, more secure, and far more user-friendly way to manage our digital identities across the apps and services we use every day.
See also: Google found guilty of ad tech monopoly in antitrust case
Looking to revamp your digital transformation strategy? Learn more about Digital Transformation Week taking place in Amsterdam, California, and London. The comprehensive event is co-located with IoT Tech Expo, AI & Big Data Expo, Cyber Security & Cloud Expo, and other leading events.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
