Overview
This blog post will help android developers to flawlessly re-authenticate users on a new device.
What is a Block Store?
Block Store API is a library run on Google Play Service. It allows developers to store app credentials on Google Play Service and pull back to re-authenticate when users do device-to-device restore on a new device.
How does it work?
- Once the user login to your application, you have to generate a byte array of the authentication token and store it to the Block Store API.
- It encrypts your token and stores it locally on your device.
- When a user goes through device-to-device restore on a new device that time it also transfers the stored token to the new device.
- Once a user opens your app on a new device, you can retrieve a token using Block Store API.
Easy implementation steps
Step 1: Add dependency
dependencies {
implementation 'com.google.android.gms:play-services-auth-blockstore:16.0.2'
}Step 2: Store credentials securely
val client = Blockstore.getClient(this)
val data = StoreBytesData.Builder()
.setBytes(/* AUTH TOKEN BYTE ARRAY */)
.build()
client.storeBytes(data)
.addOnSuccessListener{ result ->
Log.d(TAG, "Stored: ${result.getBytesStored()}")
}Step 3: Retrieve stored credentials
val client = Blockstore.getClient(this)
client.retrieveBytes()
.addOnSuccessListener { result ->
Log.d(TAG, "Retrieved: ${String(result)}")
}Pros
- Easy Implementation
Above mentioned steps are enough to integrate Block Store API in the project. API has two main methods one for persistence and the second for retrieval of a token.
- Built-in Security
When you execute BlockStoreClient.storeBytes(), it encrypts and stores your token on a local device. A Stored token is end-to-end encrypted. Google Play Service plays a major role in device-to-device transfer, so the user’s identity and security are verified by Google itself.
- Reduce the risk of app uninstall
A good application demands a strong password which is hard to remember. For such applications, there is less probability of user retention because users may forget a password and are not likely to go through the account restore process.
With Block Store API, this is not the case, the users no need to remember login credentials when they restore an app on a new device, the app can self-authenticate using stored credential/token.
Cons
- Auto authentication on reinstall
API(version 16.0.2) works as expected except that it persists credentials even after the app uninstalls. So when a user reinstalls the app then it automatically authenticates the user, which can be a serious security problem for the user. For instance, a user has uninstalled the app and then the device is lost/stolen, now if a thief or unknown person installs the app on the same device then one can access the app without authentication.
- Testing
Implementation takes only a few minutes but the testing is a very tedious process. For testing, you first need to integrate API into one device, and then on a new device, you have to go through a device-to-device restore process which takes a good amount of time.
Conclusion
Easy and favorable solution for restoring device data to the new device. This API increases the chance of user retention on the new device and reduces the hassle of restoring and creating a new account.
You may also like
Integrating AI in Your eCommerce App for Personalization
In the ever-evolving digital landscape with the changing preferences, of modern consumers there come...
Gamification in Healthcare: Benefits, Trends & Examples
Gamification in healthcare apps reveals a new possibility in transforming the patient's journey.
Gamification in Education: The Winning Trio of AR, VR & AI
Relying on conventional techniques for modern-day challenges...
