Back to Overview

Where Are Passkeys Stored on Android?

Blog-Post-Author

Vincent

Created: August 23, 2024

Updated: September 10, 2024

Where Are Passkeys Stored on Android?#

Passkeys on Android are primarily stored in the Google Password Manager, with the option to use third-party password managers like 1Password or Dashlane starting from Android 14. The private key associated with each passkey is securely stored in the device's Trusted Execution Environment (TEE), ensuring robust security and protection against unauthorized access.

  • Passkeys on Android are stored in Google Password Manager or third-party password managers.
  • The private key is always kept in the Trusted Execution Environment (TEE).
  • Android users automatically have a passkey that is created by default and cannot be deleted.
where passkeys stored android

Detailed Overview of Passkey Storage on Android#

Android's approach to passkey storage has evolved over time, enhancing both security and user flexibility. Here's a breakdown of how passkeys are stored on Android devices:

  • Until Android 13: All passkeys were exclusively stored and synced within the Google Password Manager. This was the sole option available to users for managing their passkeys on Android devices.

  • Android 14 and Beyond: With the introduction of Android 14, users gained the ability to store passkeys not only in Google Password Manager but also in third-party password managers like 1Password and Dashlane. This development provides users with greater flexibility in managing their authentication credentials across different platforms and services.

  • Trusted Execution Environment (TEE): Regardless of where the passkey is stored (Google Password Manager or a third-party password manager), the private key of the passkey is always stored within the device's Trusted Execution Environment (TEE). The TEE is a secure area of the main processor in Android devices that ensures the confidentiality and integrity of keys. This makes it extremely difficult for malicious software to access or tamper with the private keys.

  • Default Passkey: Every Android user is automatically assigned at least one passkey that cannot be deleted. This default passkey is essential for the Android security framework, providing a secure baseline for user authentication.

Subreddit Icon

Discuss passkeys news and questions in r/passkey.

Join Subreddit

Security Implications and Best Practices#

The storage of passkeys in a secure environment like the TEE ensures that even if the storage system (Google Password Manager or a third-party manager) is compromised, the private key remains protected.

By understanding where passkeys are stored and how they are protected, users can better appreciate the security features built into Android, providing peace of mind in their digital interactions.

Share this article

LinkedInTwitterFacebook

Enjoyed this read?

🤝 Join our Passkeys Community

Share passkeys implementation tips and get support to free the world from passwords.

Join for free

🚀 Subscribe to Substack

Get the latest news, strategies, and insights about passkeys sent straight to your inbox.

Subscribe for free

We provide UI components, SDKs and guides to help you add passkeys to your app in <1 hour

Start for free

Related FAQs

Related Terms

Related Articles

How to Enable Passkeys on Android
Passkeys User Tips

How to Enable Passkeys on Android

Janina - May 21, 2024

how-to-delete-passkey-apple-windows-android
Passkeys User Tips

How to Delete a Passkey on Apple, Windows and Android

Robert - December 9, 2022

passkeys-sharing
Passkeys Implementation

Passkey Sharing Example: Flutter (iOS/Android), Vue.js, Golang

Vincent - November 16, 2023

Enterprise Passkeys
Passkeys Strategy

Enterprise Passkeys: Apple, Google & Microsoft's Offerings

Lukas R. - November 9, 2023

Google Passkeys Identifier-First
Passkeys Reviews

Google Passkeys: Implement Passkeys Like Google

Vincent - May 9, 2023

How to enable passkeys ios
Passkeys User Tips

How to Enable Passkeys on iOS

Janina - May 21, 2024