30th Nov 2021

Block Store API

Mobile App

Written By, Savan Kashiyani

Overview

This blog post will help android developers to flawlessly re-authenticate users on a new device.

What is a Block Store?

Block Store API is a library run on Google Play Service. It allows developers to store app credentials on Google Play Service and pull back to re-authenticate when users do device-to-device restore on a new device.

How does it work?

  1. Once the user login to your application, you have to generate a byte array of the authentication token and store it to the Block Store API.
  2. It encrypts your token and stores it locally on your device.
  3. When a user goes through device-to-device restore on a new device that time it also transfers the stored token to the new device.
  4. Once a user opens your app on a new device, you can retrieve a token using Block Store API.

Easy implementation steps

Step 1: Add dependency

Step 2: Store credentials securely

Step 3: Retrieve stored credentials

Pros

  • Easy Implementation
    Above mentioned steps are enough to integrate Block Store API in the project. API has two main methods one for persistence and the second for retrieval of a token.
  • Built-in Security
    When you execute BlockStoreClient.storeBytes(), it encrypts and stores your token on a local device. A Stored token is end-to-end encrypted. Google Play Service plays a major role in device-to-device transfer, so the user’s identity and security are verified by Google itself.
  • Reduce the risk of app uninstall
    A good application demands a strong password which is hard to remember. For such applications, there is less probability of user retention because users may forget a password and are not likely to go through the account restore process.
    With Block Store API, this is not the case, the users no need to remember login credentials when they restore an app on a new device, the app can self-authenticate using stored credential/token.

Cons

  • Auto authentication on reinstall
    API(version 16.0.2) works as expected except that it persists credentials even after the app uninstalls. So when a user reinstalls the app then it automatically authenticates the user, which can be a serious security problem for the user. For instance, a user has uninstalled the app and then the device is lost/stolen, now if a thief or unknown person installs the app on the same device then one can access the app without authentication.
  • Testing
    Implementation takes only a few minutes but the testing is a very tedious process. For testing, you first need to integrate API into one device, and then on a new device, you have to go through a device-to-device restore process which takes a good amount of time.

Conclusion

Easy and favorable solution for restoring device data to the new device. This API increases the chance of user retention on the new device and reduces the hassle of restoring and creating a new account.

Written By,

Sr. Android Developer at Yudiz Solutions Pvt. Ltd