Future versions of the Android mobile operating system will support Electronic IDs, Google teased today at the Google I/O 2019 developer conference.
"Beyond Android Q, we are looking to add Electronic ID support for mobile apps, so that your phone can be used as an ID, such as a driver's license," said Rene Mayrhofer and Xiaowen Xin from Android Security & Privacy Team.
Not shipping in Android Q
The company has not provided any hard details about its plans going forward, but merely set a focus of future efforts. But what it is known is that Electronic IDs is not expected to land in Android Q.
Putting a timeline on this feature would be hard, as electronic IDs require top-notch cryptography, which, in turn, requires top-notch secure hardware.
"Apps such as these have a lot of security requirements and involves integration between the client application on the holder's mobile phone, a reader/verifier device, and issuing authority backend systems used for license issuance, updates, and revocation," Mayrhofer and Xin said.
"We will be providing APIs and a reference implementation of HALs for Android devices in order to ensure the platform provides the building blocks for similar security and privacy sensitive applications."
Google said it's still waiting on official "standardization from the ISO" before going forward.
Apple's iOS does not currently support an electronic ID system either.
China's already in front
China is leading the effort on this front. The Beijing government has been working with Alibaba and Tencent to test two different digital ID systems in various cities across the country --via the AliPay and WeChat apps.
The two apps allow users to tie real-life identities to their apps/smartphones and make purchases for which legal documents such as an ID card or driver's license would have been normally required.
The reason to add an Electronic ID system at the OS level in Android is to allow other app makers to support a similar "electronic identity" system within their apps --most of which don't have the budgets of AliPay and WeChat.
Most of the work Google engineers will be doing on this project will revolve around creating sound cryptographic algorithms that will prevent the forging of fake identities.
While the feature is being developed as a generic tool for app makers to verify and authenticate users, once in Android, it will also be available for governments that may be looking into creating and releasing mobile-based IDs.
Related cybersecurity coverage:
- A hacker is wiping Git repositories and asking for a ransom
- Microsoft recommends using a separate device for administrative tasks
- Chinese hackers were using NSA malware a year before Shadow Brokers leak
- New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web
- WordPress finally gets the security features a third of the Internet deserves
- In a first, Israel responds to Hamas hackers with an air strike
- The dark web is smaller, and may be less dangerous, than we think TechRepublic
- Game of Thrones has the most malware of any pirated TV show CNET