Google Wallet for Android Now Supports Digital IDs (arstechnica.com) 31
Google Wallet on Android is finally getting ready for your digital driver's license and other US state IDs. Google says the feature is rolling out this month, and it will slowly start bringing states online this year. From a report: Of course, your state has to be one of the few that actually supports digital IDs. Google says Maryland residents can use the feature right now and that "in the coming months, residents of Arizona, Colorado and Georgia will join them." The road to digital driver's license support has been a long one, with the "Identity Credential API" landing in Android 11 back in 2020. Since then it has technically been possible for states to make their own ID app.
Now Google Wallet, Google's re-re-reboot of its payment app, is providing a first-party way to store an ID on your phone. Some parts of the Identity Credential API landed in Google Play Services (Google's version-agnostic brick of APIs), so Wallet supports digital IDs going back to Android 8.0, which covers about 90 percent of Android devices. Maryland has supported Digital IDs on iOS for a while, which gives us an idea of how this will work. An NFC transfer is enough to beam your credentials to someone, where you can just tap against a special NFC ID terminal and confirm the transfer with your fingerprint. Wallet has an NFC option, along with a "Show code" option that will show the traditional driver's license barcode.
Now Google Wallet, Google's re-re-reboot of its payment app, is providing a first-party way to store an ID on your phone. Some parts of the Identity Credential API landed in Google Play Services (Google's version-agnostic brick of APIs), so Wallet supports digital IDs going back to Android 8.0, which covers about 90 percent of Android devices. Maryland has supported Digital IDs on iOS for a while, which gives us an idea of how this will work. An NFC transfer is enough to beam your credentials to someone, where you can just tap against a special NFC ID terminal and confirm the transfer with your fingerprint. Wallet has an NFC option, along with a "Show code" option that will show the traditional driver's license barcode.
Re: (Score:2)
1: the norvegian state are draging their feet when i comes to digiral ids because bankid already works and allmost evryone i
Neat (Score:2)
Handing over your phone (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
That's not how it works. It's done just like touch-to-pay. You tap their reader and you never give them your actual phone.
Re: (Score:1)
Re: (Score:3)
He's literally talking about not handing them any more data than the standard license already gives them. Do you always laugh when you say something stupid?
Re: (Score:2)
Re: (Score:2)
That's not how it works. They have a reader they bring to you, you scan and it gives them the license info. You maintain possession of your phone the entire time. It's no different than using touch-to-pay with a credit card on your phone.
Comment removed (Score:3)
Re: (Score:3)
Maybe you're just bad at identifying the product.
In this case, Google wants people to use Android phones, so this is a feature available that might convince people. They likely wouldn't make money off this particular feature, but they would make money off many of the other services like Google Play, Google Ads, and even selling the physical phones.
This is just basically a method for storing a key and then sharing a public key for others to authenticate.
Re: (Score:2)
Maybe you're just bad at identifying the product.
In this case, Google wants people to use Android phones, so this is a feature available that might convince people. They likely wouldn't make money off this particular feature, but they would make money off many of the other services like Google Play, Google Ads, and even selling the physical phones.
Exactly right. It's about making Android phones generally useful, not about making money from identity data. Which, honestly, if Google were able to scrape all the data from Android phones, is already on the devices. Among much, much more.
This is just basically a method for storing a key and then sharing a public key for others to authenticate.
A bit more than a key.
The ISO 18013-5 mDL standard works offline, communicating directly between phone and reader, so all of the data has to be stored on the device. There are some keys involved, though.
The data elements are all signed by the issuer (the DMV, basically
Re: (Score:2)
I'm sure they'll keep that information to themselves. After all, they make their money off of selling prod... er, or right, YOU are the product.
The system is designed so Google has no access to any of the identity information. It passes through Google servers, yes, but it's end-to-end encrypted between the issuer and the device, so the Google servers only see an opaque stream.
How do I know? I wrote the Android Identity Credential API mentioned in the summary. I no longer lead the IC effort, but I'm still lightly involved and the team consults me on all major technical decisions.
You would be foolish to use this (Score:2)
Re: (Score:1)
Re: (Score:2)
Supposedly it's contactless, and the cop never holds your phone, but I personally have doubts that American cops won't find a way to abuse this.
When the Utah state legislature passed a law requiring the Utah Department of Public Safety to implement a mobile driving license program, one of the first things they did was to poll police organizations around the state. The response was unanimous: Cops do not want to touch your $1000 phone. Way too much liability.
Of course, they were talking to police brass, so street cops might take a different view. I also chatted about this with some local cops I know, though, and they immediately expressed the same
Re: (Score:3)
What happens if they terminate your Google account or lock you out of device? What happens if LEO asks to see your ID and uses that to search your phone?
You know adding a card to your Google account doesn't erase the physical thing from existence right? Oh no you're locked out of your Google account, open your desk draw and get our your license, stick it in your wallet. Your life is literally no worse off than if Google wallet didn't exist in the first place.
Also you don't hand anyone your phone. There's a reason this only works for digital licenses. The cop scans your screen and gets all the relevant information on his device.
Re: (Score:2)
There's a reason this only works for digital licenses. The cop scans your screen and gets all the relevant information on his device.
To be clear, the information isn't displayed on your screen.
There are two "device engagement" approaches, one via QR code, the other via NFC tap. Both of them only include information that is used to establish a secure wireless connection, via BLE, Wifi or NFC, depending on the device capabilities. The mDL device gets to choose; the reader is required to support all mechanisms.
Once the mutually-authenticated, encrypted wireless channel is established, the reader sends a request for the type of document
Retail Won't Accept Them (Score:2)
We've already been told by our state that we cannot under any circumstances accept a digital ID for age-restricted purchases. Even when they decide to support this, age restricted purchases will 100% require a physical ID.
Re: (Score:2)
Re: (Score:2)
Lol. Here are a few of the things you'll get carded for where I live:
grocery stores sell beer and wine...so...yeah.
our borders are lined with tobacco stores
lighter fluid (at the grocery store or anywhere)
spray paint (at any hardware store)
lighters/matches
energy drinks (yes. they card for energy drinks)
I have to show my ID for a lot more than beer, cigarettes, and pot. Every trip to Home Depot will include getting carded over something.
Re: (Score:1)
Re: (Score:2)
Data unencrypted (Score:2)
I remember an article published last year, that somewhere issuing digital licenses made their 'verification' applet save the identity data, unencrypted: Thus, a rooted device could change the data and offine verify any details.
CA... (Score:2)
... is slow. :P