Overview
- Google introduced a cryptographically verified email that apps can request with one tap through Android’s Credential Manager, removing the need for OTP codes or magic links during sign-up, account recovery, and re-authentication.
- The verified address comes from the Google Account on the device and is delivered via Android’s implementation of the W3C Digital Credential API, which is built to work with other issuers too.
- A native consent sheet explains what data is requested, and the app only receives the email after the user taps Agree and continue.
- The feature supports personal Google Accounts but not Workspace or supervised accounts, and Google advises auto-verifying @gmail.com addresses while keeping existing OTP checks for custom domains.
- Google recommends pairing the verified email step with passkey creation to speed future logins, and third-party apps must update to the latest API to make the flow available to users.