Posted by Niharika Arora, Senior Developer Relations Engineer and Jean-Pierre Pralle, Product Manager, Credential Manager
In the modern digital landscape, the first encounter a user has with an app is often the most critical. Yet, for decades, this initial interaction has been hindered by the friction of traditional verification methods. Today, we’re excited to announce a new verified email credential issued by Google, which developers can now retrieve directly from Android’s Credential Manager Digital Credential API.
The Problem: Authentication Friction in the Modern Era
The “current era” of authentication is defined by a trade-off between security and convenience. To ensure that a user owns the email address they provide, you typically rely on One-Time Passwords (OTPs) or “magic links” sent by email or SMS.
While effective, these traditional steps introduce significant hurdles:
- Context switching: Users must leave the app, open their inbox or messaging app, find the code, and return, a process where many potential users simply drop off.
- Delivery issues: While Emails are free, they can be delayed or diverted to spam folders.
- Onboarding friction: Every extra second spent in the “verification loop” is a second where a user might lose interest, directly impacting conversion rates.
The Solution: Seamless, Verified Email
Google now issues a cryptographically verified email credential directly to Android devices. This verified email credential is delivered through the Credential Manager API, which is Android’s implementation of the W3C’s Digital Credential API standard.
For users, this completely removes the need to manually verify their email through external channels. For developers, the API securely delivers these verified user claims for any scenario whether you are building an account creation flow, a recovery process, or a high-risk step-up authentication.
While this specific verified email address is sourced securely from the user’s Google Account on their device, the underlying Digital Credentials API is issuer-agnostic. This fosters an open ecosystem, allowing any holder of a digital credential with an email claim to offer that verification to your app.
User Experience
The beauty of this API lies in its simplicity for the end user. Instead of hunting for OTP codes, the experience is integrated directly into the Android OS:
- Initiation: The process begins when a user focuses on an email input field or taps a “Sign up” or “Recover account” button. You can also initiate the process on page load.
- Transparency: A native Android bottom sheet appears, clearly detailing exactly what data is being requested (for example, user’s verified email address).
- One-tap consent: The user simply taps “Agree and continue” to share the data.
- Immediate progress: Once consent is given, the app receives the data instantly. For sign-up or account recovery flows, you can then seamlessly transition the user into passkey creation, ensuring:
- Users do not have to enter any user information manually, as compared to the traditional username/password registration.
- Their next login is even faster and more secure.
Use case 1. Sign up
Accelerate onboarding by fetching a verified email the moment the user taps “Sign up”. We strongly recommend you pair the verified email retrieval with passkey creation, also part of the Credential Manager API:
.png)
Note: You can also fetch other unverified fields such as a user’s given name, family name, name, profile picture and the hosted domain connected with the verified email.
Use case 2. Account recovery
Eliminate the frustration of users hunting for recovery codes in their spam folders by allowing them to recover their account using the verified email securely stored on their device.
.png)
Use case 3. Re-authentication for sensitive actions
Protect sensitive user actions, such as changing settings or updating profile details, by requiring a quick re-authentication step. Instead of an OTP, you can provide a low-friction verification using the device’s verified email.
.png)
Important Considerations
As you design your authentication architecture around the Digital Credentials API, keep the following details in mind:
- Account support: For the specific email credential issued by Google, only regular consumer Google Accounts are supported (Workspace and supervised accounts are currently not supported). Keep in mind that the Credential Manager API itself is issuer-agnostic, meaning other identity providers can issue credentials with their own account support policies.
- Other user data: Beyond email, you can request the user’s given name, family name, full name, and profile picture. However, note that only the email is verified by Google.
- Auto verify your @gmail accounts: The API provides verified emails for all consumer Google Accounts. We recommend auto-verifying @gmail.com users and routing custom domains to your existing verification flow – for example, an OTP flow. This ensures you maintain long-term access for external domains not directly managed by Google.
- Complementary to Sign in with Google: While both the new verified email credential & Sign in with Google API provides a verified email, the choice depends on the intended user experience:
- Use Sign in with Google when your users want to create a federated login session.
- Use Verified Email when your users want to sign in traditionally with a username/password or passkey but want to auto-verify the email address without the manual chore of an OTP.
Conclusion and Next steps
By integrating the new verified email via Credential Manager API, you can drastically reduce onboarding friction and provide users with a more streamlined, secure authentication journey. This represents a shift toward a future where “verification” is no longer a manual chore for the user, but a seamless, integrated part of the native mobile experience.
Ready to see how this fits into your own app? To get started, update your project to the latest Credential Manager API and explore our Integration Guide. We encourage you to explore how this streamlined verification can simplify your critical user journeys from optimizing account creation, to enhancing re-authentication flows.
