Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
Attestation format change for the Android FIDO2 API
156 views
Skip to first unread message
Kosuke Koiwai
Mar 26, 2025, 10:09:48 AMMar 26
to FIDO Dev (fido-dev)
Hi,
It has been announced that the attestation format for Android Web will
change starting Early April:
https://android-developers.googleblog.com/2024/09/attestation-format-change-for-android-fido2-api.html
Does this mean that from April onwards, the android-key attestation
will be returned even without setting the Origin Trial Header or the
attestationFormats parameter?
Additionally, what is the specific date or Chrome version when this
change to android-key will take effect?
Is it synchronized with the attestationFormats feature and applied
starting from Chrome 136?
https://chromestatus.com/feature/5121935290400768
Also, what will happen to older devices that cannot produce
android-key attestations? Will users get errors, or will RPs get no
attestation?
I believe Android 7 supports the FIDO2 API, but TEE was not a
requirement at that time.
Thanks,
Kosuke
It has been announced that the attestation format for Android Web will
change starting Early April:
https://android-developers.googleblog.com/2024/09/attestation-format-change-for-android-fido2-api.html
Does this mean that from April onwards, the android-key attestation
will be returned even without setting the Origin Trial Header or the
attestationFormats parameter?
Additionally, what is the specific date or Chrome version when this
change to android-key will take effect?
Is it synchronized with the attestationFormats feature and applied
starting from Chrome 136?
https://chromestatus.com/feature/5121935290400768
Also, what will happen to older devices that cannot produce
android-key attestations? Will users get errors, or will RPs get no
attestation?
I believe Android 7 supports the FIDO2 API, but TEE was not a
requirement at that time.
Thanks,
Kosuke
Kosuke Koiwai
Apr 17, 2025, 5:16:10 AMApr 17
to FIDO Dev (fido-dev)
I have observed that android-key attestations have started being sent
to a website from some devices. The website does not set the origin
header or the attestationFormats parameter.
to a website from some devices. The website does not set the origin
header or the attestationFormats parameter.
Reply all
Reply to author
Forward
0 new messages