Dashlane and Google want to simplify security and authentication on Android devices and have an API to do it. App developers can use the new Open YOLO API to access the credentials stored in password managers to log users into apps and services. The idea here is to improve security and remove barriers that might prevent people from signing into apps.
Password managers are a necessary tool for many. Given the vast number of apps, sites, and services that require usernames and passwords, it's no wonder people have turned to these password apps to help remember and manage them all. Password managers help protect users' personal data and also facilitate quick and secure logins across devices.
Big Web companies, including Google and Facebook, have for years offered a solution to end users by allowing them to use their account credentials to login to other apps/sites. The Open YOLO (You Only Login Once) API takes things a step further by allowing third-party apps to rely directly on the password manager for those credentials -- bypassing the need for end users to sign-in in the first place.
"On Android, if an app requires a credential, it will be able to query any password manager or app which is using this API on the device for a credential," explained Stanojko Markovikjm, Android Engineering Lead at Dashlane, in an email to ProgrammableWeb. "Users should be able to support bypassing the login screen if the app and the password manager support it. If the user has more than one provider which can provide the required credential [e.g., Google or Facebook], then we would have a small UI element which will offer the user a choice on which source to use."
Dashlane has been working on this project for a while and Google has decided to step in to help. The API is meant to be seamless and universally acceptable for Android app authentication. The company is working with other "top password management companies" that are expected to contribute their own security expertise to improve the API. Dashlane believes open sourcing the API will lead to stronger security in the long run.
Though it made no announcement of its own, Google appears to have corroborated Dashlane's claim of the sponsorship. "Google is excited to support the launch of this project with Dashlane and help create a new open standard for app authentication,” said Google’s Iain McGinniss in a statement provided to TechCrunch. "This project is part of our longstanding support of open technology standards that provide great, secure user experience to end users."
The endgame, according to Markovikjm, is that the Open YOLO API should allow apps and Web sites to access password managers regardless of the platform. The API is already platform agnostic, so Apple could use it for iOS, macOS, tvOS, and watchOS; however, Google is behind the open protocol and thus it is being adopted by Android to start.
For now, the companies have only announced the project. Google and Dashlane continue to work with their peers on the project. Dashlane said it expects Google's Android team to approve the API by September.