Michael Michael - 15 days ago 5
Android Question

Where do Smart Lock for Passwords sign-in hints come from and how to customize them?

In Google Play Services v8.3 Google added a way to provide the user with account "hint" for logging in - A UI to select previously used emails to sign up to an app.

enter image description here

See here for more info.

I was wondering where does Google take the emails shown in that screen, testing it on my device I see some really old / unused emails that I probably previously signed in with.

Is there a way to customize it so that only emails that are set up on the device will show up in the hint screen ?

Answer

Great question, I'm the product manager for Smart Lock at Google, here are the answers:

Where do the email addresses shown in the "hints" dialog come from?

  • The items shown at the top of the list correspond to the email addresses for the Google Account(s) on the device, and any other email addresses from the Android Account Manager (e.g. IMAP email addresses, email address registered by Facebook app, etc.)

  • Other email addresses saved with any of the Google accounts on the device are shown next, sorted by most frequent occurrence. These were either saved to Smart Lock elsewhere (e.g. in other apps) or for websites via the Chrome password manager. These entries should correspond to what's visible at passwords.google.com or chrome://settings/passwords in Chrome for the Google Accounts on the device.

  • As noted, the "hint" dialog is intended to allow the user to supply an email address (as well as name or photo URL if available) with one tap to the developer's app to help sign in or sign up, allowing pre-filling of fields in sign-in or sign-up forms, or by skipping sign-in UI completely by providing the app an ID token which can be used for backend authentication.

  • Note that this dialog is displayed by Play Services and its contents cannot be read by the calling app and are private to the user; only information from an entry which is selected by the user is provided to the developer's app. This also means that the dialog text can't be customized, other than switching between Sign in and Sign up, see this question for details.

  • We've considered adding UI for the user to customize what's shown on the list, but in our UX testing, such a feature is rarely used and added visual complexity and opportunity for error. In practice, most users only have a few entries and since the most the common addresses are at the top, users just pick the one they want and ignore the rest. The other entries don't really cause harm, so we've opted not to make this customizable by the user for now.

That said, can the developer customize what's shown in the dialog?

  • Yes, developer could modify the HintRequest to .setPhoneNumberIdentifierSupported(true) and .setEmailAddressIdentifierSupported(false), which will cause phone numbers to be shown instead, from similar sources above (from device or associated with Google Account).

  • Similarly the HintRequest builder can be configured to show a "Sign up with" or "Sign in with" prompt rather than the default "Continue with".

Regarding only showing the email addresses on the device: if the app's authentication system is based on email address, I'd recommend keeping the complete list of email address (not just the ones on the device), since often the user's intended email address is not a Google account (e.g. a work, school, Yahoo/Hotmail, or regional email provider). As noted above, in practice, the presence of other email addresses usually helps and does not detract from task completion (user either sees the email address they are looking for, ignores the rest, or taps "None of the above" to enter something manually), and less-used email addresses work their way to the bottom over time. (experience for developers with lots of test email addresses is a bit different than end users, who typically have a short list of email addresses)

Hope that helps! Please leave a comment with any questions or feedback.