Streamline user journeys with verified emails through Credential Manager

In the modern digital landscape, a user’s first encounter with an app is often the most important. Yet, for decades, this initial conversation has been hampered by conflicts with traditional verification methods. Today, we are excited to announce a New verified email credential released by GoogleWhich developers can now get directly from Android’s Credential Manager Digital Credential API.

Problem: Authentication Friction in the Modern Age

The “current era” of authentication is defined by the trade-off between security and convenience. To ensure that the user is the owner of the email address they provided, you typically rely on a one-time password (OTP) or “magic link” sent by email or SMS.

While effective, these traditional steps present significant barriers:

• Context switching: Users must leave the app, open their inbox or messaging app, find the code, and return, a process where many potential users simply give up.
• Delivery Issues: While emails are free, they may be delayed or sent to spam folders.
• Onboarding Friction: Every additional second spent in the “verification loop” is a second where user interest may decrease, which has a direct impact on conversion rates.

Solution: seamless, verified email

Google now issues cryptographically verified email credentials directly to Android devices. It is delivered via verified email credentials Credential Manager APIwhich is the implementation of android W3C’s Digital Credential API Standard.

For users, this completely removes the need to manually verify their emails through external channels. For developers, the API securely delivers these verified user claims for any scenario, whether you’re building an account creation flow, recovery process, or high-risk step-up authentication.

While this specific verified email address is obtained securely from their Google account on the user’s device, the underlying digital credential API is issuer-agnostic. This fosters an open ecosystem, allowing any digital credential holder to offer that verification on your app with an email claim.

user experience

The beauty of this API lies in its simplicity for the end user. Instead of having to look for an OTP code, the experience is integrated directly into the Android OS:

• Initiation: The process begins when a user focuses on the email input field or taps the “Sign Up” or “Recover Account” button. You can start the process even when the page is loading.
• Transparency: A basic Android bottom sheet appears, clearly explaining what data is actually being requested (for example, the user’s verified email address).
• One-Tap Consent: The user simply taps “Agree and Continue” to share the data.
• Immediate Progress: Once consent is granted, the app receives the data immediately. For sign-up or account recovery flows, you can seamlessly transition users to passkey creation, ensuring:
  • Users do not have to manually enter any user information compared to traditional username/password registration.
  • Their next login is even faster and more secure.

Use Case 1. Sign up

Speed ​​up onboarding by receiving a verified email as soon as the user taps “Sign Up.” We strongly recommend that you combine verified email retrieval with passkey creation, which is also part of the Credential Manager API:

Note: You may also find other unverified fields such as user’s given name, family name, first name, profile picture, and the hosted domain associated with the verified email.

Use case 2. Account Recovery

Eliminate the frustration of users looking for recovery codes in their spam folders by allowing them to recover their account using verified emails stored securely on their device.

Use case 3. Re-authentication for sensitive tasks

Protect sensitive user actions, such as changing settings or updating profile details, by requiring a quick re-authentication step. Instead of OTP, you can provide low-friction verification using the device’s verified email.

important ideas

When you design your authentication architecture around the Digital Credential API, keep the following details in mind:

• Account Support: For specific email credentials issued by Google, only regular consumer Google accounts are supported (Workspace and Supervised accounts are not currently supported). Keep in mind that the Credential Manager API itself is issuer-agnostic, meaning that other identity providers can issue credentials with their own account support policies.
• Other user data: In addition to email, you can request the user’s given name, family name, full name, and profile picture. However, note that only email is verified by Google.
• Auto-verify your @gmail accounts: The API provides verified email for all consumer Google accounts. We recommend setting up auto-verification for @gmail.com users and routing the custom domain to your existing verification flow – for example, an OTP flow. This ensures that you maintain long-term access to external domains that are not directly managed by Google.
• Supplements for signing in with Google: While the new verified email credentials and Sign in with Google APIs both provide a verified email, the choice depends on the desired user experience:
  • Use Sign in with Google when your users want to create a federated login session.
  • Use Verified Email when your users want to sign in traditionally with a username/password or passkey, but want to automatically verify the email address without the manual work of an OTP.

Conclusion and next steps

by integrating New verified email via Credential Manager APIYou can significantly reduce onboarding friction and provide users with a more streamlined, secure authentication journey. This represents a shift toward a future where “verification” is no longer a manual task for the user, but a seamless, integrated part of the core mobile experience.

Ready to see how this fits into your own app? To get started, update your project to the latest Credential Manager API and learn about our integration guide. We encourage you to explore how this streamlined verification can simplify your critical user journeys, from optimizing account creation to enhancing re-authentication flows.