Google Password Manager on Android may be on the verge of supporting passkey import and export, a feature that would make switching devices significantly less disruptive for users who rely on passkey-based authentication. Passkeys have been gaining traction as a more secure and user-friendly alternative to traditional passwords, operating through a cryptographic system in which a private key is stored locally on the user’s device while a corresponding public key is shared with the websites, applications, or services the user wants to access. When logging in, users simply verify their identity through biometric methods such as facial recognition or a fingerprint, and the device confirms ownership of the matching public key, eliminating the need to type or remember passwords altogether.
The most pressing challenge with passkeys has always been portability. When a user upgrades to a new phone, loses a device, or deals with hardware failure, moving the private key stored on the old device to a new one has not been straightforward, and in many cases required users to re-enrol with every service from scratch. To address this, the technology industry developed the Credential Exchange Protocol, commonly referred to as CXP, a secure transfer standard currently being developed and backed by the FIDO Alliance that allows passkeys to migrate between devices and password managers without requiring users to reset their credentials across every platform they use. Apple has already incorporated CXP support into iOS 26 and macOS 26, and major third-party password managers including Bitwarden and 1Password have also added support for the standard, meaning users of those ecosystems can already benefit from secure passkey portability.
Google, however, has not yet officially brought CXP support to Google Password Manager or the Android platform more broadly, even as its competitors move ahead. That said, new findings suggest the groundwork may already be in place. A hidden interface discovered inside Google Password Manager already contains functionality for importing and exporting passkeys, a significant indicator that the technical infrastructure is further along than Google has publicly acknowledged. The discovery matters in particular because Android depends on Google Play Services and Google Password Manager to handle CXP-based transfers between different password managers on the platform. The presence of this concealed capability strongly suggests that official support for passkey migration on Android is closer than it might appear, and that when it does arrive, it could extend beyond Google’s own password manager to benefit other applications that handle credentials on Android, including Samsung Pass. For the hundreds of millions of Android users who have begun adopting passkeys, the prospect of being able to move their credentials as easily as their other data when switching devices would represent a meaningful improvement in how digital security works day to day.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
