Back to Blogs

How is Block Store Redefining User App Security?

Mobile App Development
Article
Google Play Services’ Block Store is eliminating security risks and complexities associated with manually saving user passwords. But, how is it doing it?

Smartphones and computing devices have never been this important. An essential aspect of using these devices is to sign in to your apps and websites. Users’ sense of security on the Internet is based on passwords and their usage. However, this dependency on passwords also brings up the issue of user authentication.

User authentication is the process by which an application verifies users’ identity. This involves two steps wherein first, the authentication confirms if an account exists for the user, and secondly, if they have permission to access the application. Hence, user authentication plays a significant role in boosting the security of an application. 

When you are using a new Android device, there are numerous apps that you have to sign in to use. In such cases, most users opt to manage their credentials. The combination of these two aspects can be a frustrating experience for users. This is because they have to remember different credentials for each app. This friction can result in numerous users not reengaging with specific apps on their new devices. 

Key Challenges Faced by Developers for User Credentials 

  • Doubts regarding what to implement.
  • Requiring to implement multiple solutions simultaneously and ensuring they work together seamlessly.
  • Confusion about which solutions to prioritize and integrate.

Key Challenges Faced by Users

  • Most users don’t save their existing credentials.
  • Federated identity and password managers are great tools to use, but unfortunately, most users don’t opt for them. This is because the users do not trust or understand these solutions. Furthermore, these users end up using the same or insecure passwords across multiple applications.

The answer to the challenges above is simple — Block Store. So, let’s take a look at what Block Store exactly is?

What is Block Store?

As mentioned, most users manage login credentials themselves when using a new Android device. Unfortunately, this process can be painstaking and often leads to a subpar user experience. Here is where Block Store enters the frame. It is a library supported by Google Play Services that aims to provide applications with a new method of saving user credentials without the security risk associated with saving user passwords. 

Essentially, Block Store is an application programming interface (API) that allows applications to record and store user credentials. Block Store enables these applications to re-authenticate users seamlessly when they sign in through a new device.

What are the Benefits of Using Block Store?

  • Developers have access to end-to-end encrypted credential solutions when possible.
  • Reduces risks associated with saving and managing complex passwords by allowing users to save encrypted tokens.
  • Eliminates friction from sign-in flows by leveraging users’ backup and restore preferences.
  • Users can sign in using various methods — Google account, username and password, or any federated identity provider.

Let’s See Block Store in Action

Configure Your App

  1. In your project-level build.gradle  file, include Google's Maven repository in both your buildscript and  allprojects  sections
  1. Add the dependencies for the Block Store API to your module's app-level Gradle file, which is usually app/build.gradle:

Note: For the latest Google Play Services dependencies, please check Google Play Services dependencies

How it Works?

When a user signs into your application, Block Store allows you to generate and save an authentication token for that user. This is done with the help of calling setBytes() using StoreBytesData.Builder

This allows the application to store user credentials to the source device. Once the token is saved with Block Store, it can be encrypted and stored locally on the device. Users can also store this end-to-end encrypted token on Google Cloud

The following code snippet shows how to save the authentication token:

Take a look at the following code snippet to understand how to save the authentication token:

When the user returns to your application on a new device, Google Play Services verifies the user and retrieves the Block Store data. No additional permission is required since the user has already agreed to restore app data as part of the restore flow. 

The token retrieval from the Block Store can be requested through retrieveBytes(). After the token is retrieved, it can keep the user signed in on the new device. If no token exists for the application, it will return empty bytes in onSuccessListener(). In this case, the application can redirect the user for authentication flow and call setBytes() to save the token post authentication.

Take a look at the following code snippet to understand how to retrieve the authentication token:

If you have any questions about Block Store, you can take a look at this documentation. Hoping you have enough insights to get started. 

App Development with Mutual Mobile


It can be challenging to develop applications, especially with the added concern of app security, authentication, user experience, etc. Hence, it is an excellent idea to rope in experts to handle that aspect of your business.

Mutual Mobile has been in the development business for over 12 years and has launched over 700 projects. App development is one of our primary services, and our performance speaks for itself. So, reach out to us for app development, sit back, and allow us to chart a growth towards success.

Dive Into App Development

Subir Chakraborty

Subir Chakraborty works at Mutual Mobile as a Senior Engineer I.

More by this author