Many of Google's apps are in extremely active development, some are even on weekly update schedules, but there are others that seem practically abandoned until they get that one random update every 6 months or so. With an average of about once per year (so far), Authenticator is easily one of the best examples of the latter group. Given the infrequency of new versions, it's a little disheartening to see that there are no discernable new features in the latest release; but it's actually worse than that, one was even taken away. But don't let this get you down, it looks like this little app may be due for some new tricks soon as it may be entering wireless territory.
I doubt anybody will care about this change, so I'm keeping this part short. Back in the days when Authenticator looked ugly even by Holo standards, the process for setting up an account brought users to a page with options for scanning a barcode or entering a key manually. It also listed accounts logged in on a device and allowed for a bit of a shortcut while setting up 2-factor authentication. This wasn't a very necessary feature, but it was there. Keyword: Was.
Left: Previous version. Right: Latest version.
The latest update does away with the account list in the account setup screen. Since it wasn't that useful, and recently stopped working properly (at least for my account), this probably won't be missed.
NFC and BLE Support
The use of time-generated numbers for 2-factor authentication is, by all objective measures, a very cheap and effective way to enhance security. The only real catch to it is that it's not always that convenient to set up or use in every situation. While we may need to have a device with us to use 2FA, that doesn't mean everything has to be done manually. The latest update gives a hint that we can look forward to going wireless and removing some of the laborious steps in the process.
<string name="nfc_enabled_preference_title">Enable NFC</string>
<string name="ble_enabled_preference_title">Enable BLE</string>
Two new settings have been added to the app, though they don't seem to be visible yet. Each is a checkbox that simply enables or disables NFC and BLE (a.k.a. Near-Field Communication and Bluetooth Low Energy).
The obvious first question, which isn't answered in the text, is whether or not NFC and BLE will be used to add accounts to a device or used to unlock other devices. Assuming it won't be both, my bet is on the latter, mostly because it would be considerably more useful. This would immediately simplify signing into a new phone or tablet by quickly tapping two devices to dismiss the 2FA prompt. At least that's the most obvious example, but it could also be used for signing into various apps and services, or even used to open an electronically locked door.
<CheckBoxPreference android:persistent="true" android:title="@string/nfc_enabled_preference_title" android:key="@string/nfc_enabled_preference" android:defaultValue="true" />
<CheckBoxPreference android:persistent="true" android:title="@string/ble_enabled_preference_title" android:key="@string/ble_enabled_preference" android:defaultValue="false" />
One interesting thing to note is that the current settings call for only NFC to be enabled by default, meaning BLE would have to be manually turned on in the app to use it. This makes plenty of sense because NFC has such a short range that it's nearly impossible to snoop. Bluetooth is comparatively noisy and could be picked up by somebody from across a room or on the other side of a wall. The likelihood of these scenarios is relatively low, but it's plausible.
Wireless delivery of 2FA codes would be an interesting feature, and it would certainly set Google Authenticator apart from apps like Authy and LastPass Authenticator for a time, but would it actually become useful? Apps and devices would have to be updated to accept codes via NFC or BLE. It's not that this would be difficult for developers, but whether or not it caught on would be an entirely different issue. There are already relatively few services that offer 2FA, and it's unclear how many of them would be motivated, or even aware that wireless delivery was an option.
The APK is signed by Google and upgrades your existing app. The cryptographic signature guarantees that the file is safe to install and was not tampered with in any way. Rather than wait for Google to push this download to your devices, which can take days, download and install it just like any other APK.