Add a sign-in workflow to your Android app to protect user data and control
access to app features and data, helping to keep your app, your data, and your
users safe.

![Animation showing the Credential Manager authentication
flow](https://developer.android.com/static/training/sign-in/images/credman_shrine.gif "The Credential Manager authentication flow")

- **Protect user data**. Authentication protects your app's user data from unauthorized access. By requiring users to sign in, you can help ensure your users unlock only the information they're entitled to.
- **Help prevent fraud**. Authentication coupled with identity verification makes it more difficult for an attacker to create fraudulent accounts or gain unauthorized access to existing accounts.
- **Improve user experience**. A streamlined authentication workflow reduces complexity for your users to sign up and sign in to access their data and services.
- **Comply with regulations**. A sign-in workflow complies with regulations that require authentication to protect data.

## Authentication

To add authentication to your app, most Android projects should use [Credential
Manager](https://developer.android.com/training/sign-in/passkeys). Credential Manager is a modern Jetpack library that lets you
integrate most major authentication methods into your app, including passkeys,
passwords, and federated solutions like Sign in with Google. The benefits of
Credential Manager over legacy authentication APIs such as One Tap include:

- **Simpler integration**: Credential Manager lets you implement most major authentication options with a single, unified API.
- **Improved user experience**: Credential Manager's unified sign-in interface gives your users a clear, familiar, and consistent experience, reduces churn, and improves registration and sign-in speeds.
- **Single-tap Google sign in and sign up**: Credential Manager can be configured to prompt your users to create or sign in to a Google Account with a dialog that's inline with your app's content, so they're never taken out of context by a sign-up screen. Reduced sign-up or login friction improves success rates for your users as they register or log into your app.
- **Enhanced security** : Migrating from passwords to passwordless authentication helps reduce attack vectors, simplifies user onboarding, and enhances your app's security. Credential Manager enables support for passwordless authentication using [passkeys](https://developer.android.com/design/ui/mobile/guides/patterns/passkeys).
- **Improved flexibility**: Credential Manager integrates with existing authentication providers, or you can develop your own authentication process.

Credential Manager automatically displays a unified bottom sheet for modern
authentication methods, and is the modern replacement for existing
authentication implementations, including [Smart Lock for Passwords on
Android](https://developer.android.com/training/sign-in/smart-lock-migration), and [One Tap](https://developers.google.com/identity/one-tap/android/overview).

<br />

| <br />
|
| **Note:** Sign in with Google can be called as an option in the following
| ways:
|
| 1. As a Credential Manager bottom sheet that automatically appears when the sign-in screen loads,
| 2. As a distinct button that is selected by users on your sign-in screen should they actively choose to Sign in with Google.
|
| Don't call the Credential Manager
| bottom sheet from the Sign in with Google button. Read
| [Integrate Credential Manager with Sign in with Google](https://developer.android.com/training/sign-in/credential-manager) to learn more.
|
| <br />
|
<br />

Learn more about how to build authentication in your Android app with Credential
Manager:

- [Sign in your user with Credential Manager](https://developer.android.com/training/sign-in/passkeys)
- [User authentication with passkeys user experience guide](https://developer.android.com/design/ui/mobile/guides/patterns/passkeys)
- [Integrate Credential Manager with Sign in with Google](https://developer.android.com/training/sign-in/credential-manager)
- [Integrate Credential Manager with WebView](https://developer.android.com/training/sign-in/credential-manager-webview)
- [Passkeys on Android learning pathway](https://developer.android.com/courses/pathways/passkeys)

Learn how to migrate your current authentication flows to Credential Manager:

- [Upgrade from legacy Sign in with Google button flows](https://developer.android.com/training/sign-in/credential-manager#siwg-button)
- [Migrate from Smart Lock for Passwords to Credential Manager](https://developer.android.com/training/sign-in/smart-lock-migration)
- [Migrate from FIDO2 to Credential Manager](https://developer.android.com/training/sign-in/fido2-migration)

Learn how to streamline your existing identity and authentication APIs to
support passkeys and improved usability with the Credential Manager API:

- [Integrate Credential Manager with your credential provider solution](https://developer.android.com/training/sign-in/credential-provider)
- [Make Credential Manager calls on behalf of other parties for privileged
  apps](https://developer.android.com/training/sign-in/privileged-apps)

## Autofill

Some apps, such as password managers, fill out the views in other apps with
data provided by the user. Apps that fill out other apps' views are called
autofill services. The autofill framework manages the communication between an
app and an autofill service and helps improve the user experience by saving
time spent filling in fields and minimizing user input errors. Since autofill
supports password managers, users can be encouraged to select stronger
credentials such as passkeys or unique, machine-generated passwords that can be
stored and retrieved securely and with less friction.

Learn more about Android's autofill framework:

- [About autofill](https://developer.android.com/guide/topics/text/autofill)
- [Optimize your app for autofill](https://developer.android.com/guide/topics/text/autofill-optimize)
- [Build autofill services](https://developer.android.com/guide/topics/text/autofill-services)
- [Integrate autofill with keyboards](https://developer.android.com/guide/topics/text/ime-autofill)

## Biometrics

Integrate biometric authentication into your app to further strengthen security.
Biometric authentication, especially as part of multi-factor authentication
schemes, reduces fraud exposure by ensuring the credential is authentic and
verifiably belongs to the intended user. Biometric authentication can improve
the user experience in the following ways:

- Enables faster logins
- Provides opportunities for reduced-friction credential verification
- Reduces password usage
- Potentially aids with regulatory compliance.

Learn more about [how to implement biometric authentication](https://developer.android.com/training/sign-in/biometric-auth).