Local Authenticator

(create and use passkeys from the local device)

External Authenticator

(create and use passkeys from another device)



The platform authenticator in Android 9+ has the following capabilities:

  • creating and using passkeys that are backed up to Google Password Manager
  • using a passkey from the local Android device to sign into services on another device (such as a laptop or desktop), using FIDO Cross-Device Authentication

Cross-Device Authentication

Android devices can be an authenticator for FIDO Cross-Device Authentication (CDA).

Android devices can be persistently linked to the browsers/platforms below:

  • Chrome OS
  • Chrome on Windows 10 & 11
  • Edge on Windows 10 & 11
  • Chrome on macOS
  • Edge on macOS
  • Chrome on Ubuntu
  • Edge on Ubuntu

macOS (Safari and native apps), iOS (global), and iPadOS (global) do not support persistent linking.

When an authenticator is not persistently linked, a QR code must be scanned on every use.

Platform Notes

  • Credential Manager is a new Android Jetpack API that supports multiple sign-in methods, including passkeys, in a single API, thus simplifying the integration for developers.

  • The Device Public Key (DPK) extension is supported in beta, but is currently gated behind a flag in Chrome. Developers can enable chrome://flags/#enable-experimental-web-platform-features to experiment with DPK on Android, or on desktop Chrome when using Cross-Device Authentication with an Android device.




Sample Code

Community Resources

Last Updated: May 11, 2023