Google releases a new Autofill for Android phones and this Autofill with Google, starting in Oreo, can seamlessly share logins across all the websites and mobile apps.
Quite similar to the keyboards these days, users also might choose from multiple Autofill services. By default, Google includes Autofill but users might also get hold of any third party Autofill app of their choice Users might as well manage this Settings-> System-> Languages> Advanced-> Autofill service.
When logging in or creating an account for the first time, Autofill also enables the users to save the new credentials to their account. If WebViews are perceived in the app, which many apps do for logins and other screens, the users also might as well benefit from Autofill support, as long as they have Chrome 61 or later installed.
The Autofill API is open to anyone implementing a service. Google is actively working with 1Password, Dashlane, Keeper, and LastPass to help them with their implementations towards becoming certified on Android. Google will be certifying password managers and adding them to a curated section in the Play Store, which the “Add service” button in settings will link to. Thus, to all the password managers out there, they might as well get linked to Google.
For taking the advantage of this new functionality, app developers need to remember these few simple steps:
Testing the app and annotating the views if needed:
In certain cases, Autofill might work smoothly in the app. But even to ensure that kind of consistency, it is recommended for providing explicit hints to state the framework about the contents of the field. This can be done either by using either the android:autofillHints attribute or the setAutofillHints() method.
Similarly, with WebViews in the apps, an HTML Autocomplete Attributes can be used to provide hints about fields. Autofill will work in WebViews as long as the Chrome 61 is available or later installed on the device. Even if the app is using custom views, the metadata can e defined that allows autofill to work.
Affiliation of the Website and mobile app:
Autofill with Google can seamlessly share logins across websites and mobile apps and the passwords saved through Chrome can also be provided to native apps. But in order for this to work, an app developer must explicitly declare the association between the website with the mobile app. This involves 2 steps:
Step 1: Hosting a JSON file at mydomain.com/.well-known/assetlinks.json
If an app developer is already accustomed to technologies like App Links or Google Smart Lock before, then he/she might have heard about the Digital Asset Links (DAL) file. It’s a JSON file placed in a well-known location on the website that lets the user make public, verifiable statements about other apps or websites.
Also, the developer should follow the Smart Lock for Passwords guide for information about how to create and host the DAL file correctly on the server. Even though Smart Lock is a more advanced way of signing users into the app, the Autofill service uses the same infrastructure to verify app-website associations. What’s more, because DAL files are public, third-party Autofill service developers can also use the association information to secure their implementations.
Step 2: Update App’s Manifest with the same information:
The developer needs to update the app’s manifest file with an asset_statements resource, which links to the URL where the asset links.json file is hosted. Once that’s done, the developer needs to submit the updated app to the Play Store, and fill out the Affiliation Submission Form for the association to go live.
When using Android Studio 3.0, the App Links Assistant can generate all of this. When opening the DAL generator tool (Tools -> App Links Assistant -> Open Digital Asset Links File Generator), the developers just need to make sure that they have enabled the new checkbox labeled “Support sharing credentials between the app and website”.
Then, after a click on “Generate Digital Asset Links file”, and copying the preview content to the DAL file hosted on the server and in the app. But here it needs to be remembered to verify that the selected domain names and certificates are correct.
Lastly, Google urges the developers to give their app a spin on Android Oreo and make sure that things work as expected with Autofill enable