Smartphones already store tons of privileged information from credit cards and boarding passes, but they may soon replace our driver's licenses, our passports, and maybe even our keyfobs, too. We got a hint of this with the reveal of a new support library back in March, now, Google has laid out a roadmap for Android devices to store identity credentials in a future version of the OS. That roadmap, however, is highly dependent on how the International Organization for Standardization (ISO) will implement its standards on electronic IDs.
Talking with VentureBeat, Android Platform Security chief Rene Mayrhofer confirmed a lot of what was already discovered about the IdentityCredential API. It would allow a secure enclave to store personal information, then link that component directly to NFC so that the data can be authenticated even when the phone's CPUs aren't powered. But the work will be immense: Google is working on new Jetpack libraries and supplemental APIs to make the hardware abstraction layers feasible for OEMs to make the feature compatible with their own secure enclaves — this likely means that Pixel phones will get the first crack at IdentityCredential.
Android is attempting to get ahead of the ISO's official recommendations on mobile driving licenses — ISO/IEC CD 18013-5 has been in the works for almost 3 years with Google being a party to the committee. Alas, the standard has yet to firm up to a point where Google feels confident integrating its electronic ID libraries into Android Q or the AOSP master, but the hope is the framework will be ready and adaptable to the ISO standard by the time it is published.
Mayrhofer says that the ISO will then be able to focus its attention on other credentials as well.
“As far as I can see the ISO discussions going, the future passports discussions will probably wait for [mobile driving licenses] to first finish, and then adopt quite a bit of data," Mayrhofer said. "This is exactly why we want to make sure that the API that we drop into the Android framework is spot on to implement all of what mobile driving license needs, plus more generic behavior to be open to other types of ID.”