google smart lock app iconA new update to Google's Smart Lock iOS app lets users set up their iPhone or iPad as a security key for two-factor authentication when signing into native Google services via Chrome browser.

Once the feature is set up in the app, attempting to log in to a Google service via Chrome on another device such as a laptop results in a push notification being sent to their iOS device.

The user then has to unlock their ‌iPhone‌ or ‌iPad‌ using Face ID or Touch ID and confirm the log-in attempt via the Smart Lock app before it can complete on the other device.

After installing the update, users are asked to select a Google account to set up their phone's built-in security key. According to a Google cryptographer, the feature makes use of Apple's Secure Enclave hardware, which securely stores ‌Touch ID‌, ‌Face ID‌, and other cryptographic data on iOS devices.

The Smart Lock app requires that Bluetooth is enabled on both the ‌iPhone‌/‌iPad‌ and the other device for two-factor authentication to work, so they have to be in close proximity, but the advantage of the system is that it ensures the process is localized and can't be leaked onto the internet.

The Google Smart Lock app is a free download for ‌iPhone‌ and ‌iPad‌ on the App Store. [Direct Link]

(Via 9to5Google.com)

Tags: Google, Security

Top Rated Comments

TriBruin Avatar
TriBruin
56 months ago

Can someone explain the functional difference between the 'Google'-app I have on my iPhone, which prompts me to verify it's me whenever I login to any Google-services?
The way I am reading this, is that it eliminates the push from Google and handles everything locally. When you attempt to sign-in, Chrome will check for the presence of your trusted device (iPhone) via local Bluetooth and prompt you directly. This, in theory, eliminates any chance for a bad actor intercepting the internet based push notification.
Score: 3 Votes (Like | Disagree)
Westside guy Avatar
Westside guy
56 months ago
There are also standard ways to do two-factor auth, one of which is even implemented by Google through their Google Authenticator app (RFC 6238 time-based one-time passwords - I prefer the OTP Auth app for it) and can be implemented by any app developer for increased security without having to be beholden to Google or any other single entity. I realize some people will complain about having to copy 6 digits (oh the horror), but I prefer standard solutions like that to tying my security to Google - or, for that matter, to having all these vendor-specific two-factor approaches (Apple does it one way, Google does it another, etc.).
Score: 2 Votes (Like | Disagree)
1144557 Avatar
1144557
56 months ago

The way I am reading this, is that it eliminates the push from Google and handles everything locally. When you attempt to sign-in, Chrome will check for the presence of your trusted device (iPhone) via local Bluetooth and prompt you directly. This, in theory, eliminates any chance for a bad actor intercepting the internet based push notification.
You would think that is incredibly hard already to crack/spoof an Apple push notification from the Google app itself; far more than SMS. I dont know that this new way offers much more to the average person. In a very high security environment using Goole Apps (not sure why you would do that to begin with then, but ok) I guess.

Its also unclear how not needing an internet connection would help if you are logging into Google which requires internet. That argument doesnt make a ton of sense obviously.

Not knocking more options, its just a bit unclear the differences between this and using the Google app to authenticate 2FA.
Score: 1 Votes (Like | Disagree)
Vincent Verbist Avatar
Vincent Verbist
56 months ago

The way I am reading this, is that it eliminates the push from Google and handles everything locally. When you attempt to sign-in, Chrome will check for the presence of your trusted device (iPhone) via local Bluetooth and prompt you directly. This, in theory, eliminates any chance for a bad actor intercepting the internet based push notification.
Okay, that's something I can understand, but still strange that there is not a single reference to the current solution through the Google app...
Score: 1 Votes (Like | Disagree)
Vincent Verbist Avatar
Vincent Verbist
56 months ago
Can someone explain the functional difference between the 'Google'-app I have on my iPhone, which prompts me to verify it's me whenever I login to any Google-services?
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone 15 Pro FineWoven

Apple Reportedly Stops Production of FineWoven Accessories

Sunday April 21, 2024 6:03 am PDT by
Apple has stopped production of FineWoven accessories, according to the Apple leaker and prototype collector known as "Kosutami." In a post on X (formerly Twitter), Kosutami explained that Apple has stopped production of FineWoven accessories due to its poor durability. The company may move to another non-leather material for its premium accessories in the future. Kosutami has revealed...
Read Full Article418 comments
Provenance Emulator

PlayStation and SEGA Emulator for iPhone and Apple TV Coming to App Store [Updated]

Friday April 19, 2024 8:29 am PDT by
The lead developer of the multi-emulator app Provenance has told iMore that his team is working towards releasing the app on the App Store, but he did not provide a timeframe. Provenance is a frontend for many existing emulators, and it would allow iPhone and Apple TV users to emulate games released for a wide variety of classic game consoles, including the original PlayStation, GameCube, Wii,...
Read Full Article177 comments
iOS 17 All New Features Thumb

iOS 17.5 Will Add These New Features to Your iPhone

Sunday April 21, 2024 3:00 am PDT by
The upcoming iOS 17.5 update for the iPhone includes only a few new user-facing features, but hidden code changes reveal some additional possibilities. Below, we have recapped everything new in the iOS 17.5 and iPadOS 17.5 beta so far. Web Distribution Starting with the second beta of iOS 17.5, eligible developers are able to distribute their iOS apps to iPhone users located in the EU...
Read Full Article
apple vision pro orange

Apple Vision Pro Customer Interest Dying Down at Some Retail Stores

Monday April 22, 2024 2:12 am PDT by
Apple Vision Pro, Apple's $3,500 spatial computing device, appears to be following a pattern familiar to the AR/VR headset industry – initial enthusiasm giving way to a significant dip in sustained interest and usage. Since its debut in the U.S. in February 2024, excitement for the Apple Vision Pro has noticeably cooled, according to Bloomberg's Mark Gurman. Writing in his latest Power On...
Read Full Article273 comments
top stories 20apr2024

Top Stories: Nintendo Emulators on App Store, Two New iOS 17 Features, and More

Saturday April 20, 2024 6:00 am PDT by
It was a big week for retro gaming fans, as iPhone users are starting to reap the rewards of Apple's recent change to allow retro game emulators on the App Store. This week also saw a new iOS 17.5 beta that will support web-based app distribution in the EU, the debut of the first hotels to allow for direct AirPlay streaming to room TVs, a fresh rumor about the impending iPad Air update, and...
Read Full Article9 comments