Posted by Wojtek Kalicinski, Android Developer Advocate, Akshay Kannan,
Product Manager for Android Authentication, and Felipe Leme, Software Engineer on Android Frameworks
Starting in Oreo, Autofill makes it easy for users to provide credit cards,
logins, addresses, and other information to apps. Forms in your apps can now be
filled automatically, and your users no longer have to remember complicated
passwords or type the same bits of information more than once.
Users can choose from multiple Autofill services (similar to keyboards today).
By default, we include Autofill with Google, but users can also select any third
party Autofill app of their choice. Users can manage this from
Settings->System->Languages>Advanced->Autofill service.
What's available today
Today, Autofill with Google supports filing credit cards, addresses, logins,
names, and phone numbers. When logging in or creating an account for the first
time, Autofill also allows users to save the new credentials to their account.
If you use WebViews in your app, which many apps do for logins and other
screens, your users can now also benefit from Autofill support, as long as they
have Chrome 61 or later installed.
The Autofill API is open for any developer to implement a service. We are actively
working with
and
to help them with their implementations and will be working with other password managers shortly.
We are also creating a new curated collection on the Play Store, which the "Add service" button in Settings will link to. If you
are a password manager developer and would like us to review your app, please
in touch.
What you need to do as a developer
As an app developer, there are a few simple things you can do to take advantage
of this new functionality and make sure that it works in your apps:
Test your app and annotate your views if needed
In many cases, Autofill may work in your app without any effort. But to ensure
consistent behavior, we recommend providing explicit hints to tell the framework
about the contents of your field. You can do this using either the
attribute or the
method.
Similarly, with WebViews in your apps, you can use HTML
Attributes to provide hints about fields. Autofill will work in WebViews as
long as you have Chrome 61 or later installed on your device. Even if your app
is using custom views, you can also
the metadata that allows autofill to work.
For views where Autofill does not make sense, such as a Captcha or a message
compose box, you can explicitly mark the view as
(or
in the root of a view hierarchy). Use this field responsibly, and remember that
users can always bypass this by long pressing an EditText and selecting
"Autofill" in the overflow menu.
Affiliate your website and mobile app
Autofill with Google can seamlessly share logins across websites and mobile apps
‒ passwords saved through Chrome can also be provided to native apps. But in
order for this to work, as an app developer, you must explicitly declare the
association between your website with your mobile app. This involves 2 steps:
Step 1: Host a JSON file at
yourdomain.com/.well-known/assetlinks.json
If you've used technologies like App Links or Google Smart Lock before, you
might have heard about the Digital Asset Links (DAL) file. It's a JSON file
placed under a well known location in your website that lets you make public,
verifiable statements about other apps or websites.
You should follow the
Lock for Passwords guide for information about how to create and host the
DAL file correctly on your server. Even though Smart Lock is a more advanced way
of signing users into your app, our Autofill service uses the same
infrastructure to verify app-website associations. What's more, because DAL
files are public, third-party Autofill service developers can also use the
association information to secure their implementations.
Step 2: Update your App's Manifest with the same
information
Once again, follow the
Lock for Passwords guide to do this, under "Declare the association in the
Android app."
You'll need to update your app's manifest file with an asset_statements
resource, which links to the URL where your assetlinks.json file is hosted. Once
that's done, you'll need to submit your updated app to the Play Store, and fill
out the
Submission Form for the association to go live.
When using Android Studio 3.0, the App Links Assistant can generate all of this
for you. When you open the DAL generator tool (Tools -> App Links Assistant ->
Open Digital Asset Links File Generator), simply make sure you enable the new
checkbox labeled "Support sharing credentials between the app and website".
Then, click on "Generate Digital Asset Links file", and copy the preview content
to the DAL file hosted on your server and in your app. Please remember to verify
that the selected domain names and certificates are correct.
Future work
It's still very early days for Autofill in Android. We are continuing to make
some major investments going forward to improve the experience, whether you use
Autofill with Google or a third party password manager.
Some of our key areas of investment include:
- Autofill with Google: We want to provide a great experience
out of the box, so we include Autofill with Google with all Oreo devices. We're
constantly improving our field detection and data quality, as well as expanding
our support for saving more types of data. - WebView support: We introduced initial support for filling
WebViews in Chrome 61, and we'll be continuing to test, harden, and make
improvements to this integration over time, so if your app uses WebViews you'll
still be able to benefit from this functionality. - Third party app support: We are working with the ecosystem
to make sure that apps work as intended with the Autofill framework. We urge you
as developers to give your app a spin on Android Oreo and make sure that things
work as expected with Autofill enabled. For more info, see our full
documentation on the
Framework.
If you encounter any issues or have any suggestions for how we can make this
better for you, please
us feedback.
0 comments