Android phone as security key for Google Sign-In

Android Phones can be now used as physical security key over any platform available, and now that includes iOS devices too. The current 2-Step Verification process usually requires the SMS service, however newer method provides a way to sign-in with Android phone as security key.

To use the feature, your Android Phone must be running version 7 or higher, and PC/Laptops with Operating Systems – Windows 10, macOS, or Chrome OS with Google Chrome 72 or later. The latest upgrade by Google also lets you sign-in on iOS as well.

This feature uses Bluetooth as underlying technology using FIDO’s CTAP2 protocol. In platforms except iOS, Google Chrome can communicate with android phone over Bluetooth and verify, but with iOS, Google’s Smart Lock app is used to confirm sign-in, which in turn also communicates over Bluetooth.

Why Smart Lock app in iOS ?

Google Chrome in iOS is based on Apple’s WebKit rendering engine, as Apple in it’s app store guidelines states to only use Webkit framework and Webkit Javascript, Google Chrome can not use its own Blink framework in iOS.

FIDO and Bluetooth connectivity are both implemented in Google Chrome. One can easily view Bluetooth connected devices by opening :

chrome://bluetooth-internals/

in chrome browser, where current state of adapter as well as devices can be seen.

FIDO source code can be found in Google Chrome’s open-source project Chromium, the present implementation use USB and Bluetooth Low Energy (BLE) both.