google smart lock app iconA new update to Google's Smart Lock iOS app lets users set up their iPhone or iPad as a security key for two-factor authentication when signing into native Google services via Chrome browser.

Once the feature is set up in the app, attempting to log in to a Google service via Chrome on another device such as a laptop results in a push notification being sent to their iOS device.

The user then has to unlock their ‌iPhone‌ or ‌iPad‌ using Face ID or Touch ID and confirm the log-in attempt via the Smart Lock app before it can complete on the other device.

After installing the update, users are asked to select a Google account to set up their phone's built-in security key. According to a Google cryptographer, the feature makes use of Apple's Secure Enclave hardware, which securely stores ‌Touch ID‌, ‌Face ID‌, and other cryptographic data on iOS devices.

The Smart Lock app requires that Bluetooth is enabled on both the ‌iPhone‌/‌iPad‌ and the other device for two-factor authentication to work, so they have to be in close proximity, but the advantage of the system is that it ensures the process is localized and can't be leaked onto the internet.

The Google Smart Lock app is a free download for ‌iPhone‌ and ‌iPad‌ on the App Store. [Direct Link]

(Via 9to5Google.com)

Tags: Google, Security

Top Rated Comments

TriBruin Avatar
TriBruin
59 months ago

Can someone explain the functional difference between the 'Google'-app I have on my iPhone, which prompts me to verify it's me whenever I login to any Google-services?
The way I am reading this, is that it eliminates the push from Google and handles everything locally. When you attempt to sign-in, Chrome will check for the presence of your trusted device (iPhone) via local Bluetooth and prompt you directly. This, in theory, eliminates any chance for a bad actor intercepting the internet based push notification.
Score: 3 Votes (Like | Disagree)
Westside guy Avatar
Westside guy
59 months ago
There are also standard ways to do two-factor auth, one of which is even implemented by Google through their Google Authenticator app (RFC 6238 time-based one-time passwords - I prefer the OTP Auth app for it) and can be implemented by any app developer for increased security without having to be beholden to Google or any other single entity. I realize some people will complain about having to copy 6 digits (oh the horror), but I prefer standard solutions like that to tying my security to Google - or, for that matter, to having all these vendor-specific two-factor approaches (Apple does it one way, Google does it another, etc.).
Score: 2 Votes (Like | Disagree)
1144557 Avatar
1144557
59 months ago

The way I am reading this, is that it eliminates the push from Google and handles everything locally. When you attempt to sign-in, Chrome will check for the presence of your trusted device (iPhone) via local Bluetooth and prompt you directly. This, in theory, eliminates any chance for a bad actor intercepting the internet based push notification.
You would think that is incredibly hard already to crack/spoof an Apple push notification from the Google app itself; far more than SMS. I dont know that this new way offers much more to the average person. In a very high security environment using Goole Apps (not sure why you would do that to begin with then, but ok) I guess.

Its also unclear how not needing an internet connection would help if you are logging into Google which requires internet. That argument doesnt make a ton of sense obviously.

Not knocking more options, its just a bit unclear the differences between this and using the Google app to authenticate 2FA.
Score: 1 Votes (Like | Disagree)
Vincent Verbist Avatar
Vincent Verbist
59 months ago

The way I am reading this, is that it eliminates the push from Google and handles everything locally. When you attempt to sign-in, Chrome will check for the presence of your trusted device (iPhone) via local Bluetooth and prompt you directly. This, in theory, eliminates any chance for a bad actor intercepting the internet based push notification.
Okay, that's something I can understand, but still strange that there is not a single reference to the current solution through the Google app...
Score: 1 Votes (Like | Disagree)
Vincent Verbist Avatar
Vincent Verbist
59 months ago
Can someone explain the functional difference between the 'Google'-app I have on my iPhone, which prompts me to verify it's me whenever I login to any Google-services?
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Rumored to Use Same Rear Chassis as iPhone 16

Friday July 19, 2024 7:16 am PDT by
Apple will adopt the same rear chassis manufacturing process for the iPhone SE 4 that it is using for the upcoming standard iPhone 16, claims a new rumor coming out of China. According to the Weibo-based leaker "Fixed Focus Digital," the backplate manufacturing process for the iPhone SE 4 is "exactly the same" as the standard model in Apple's upcoming iPhone 16 lineup, which is expected to...
Read Full Article134 comments
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Just Two Months Away: Everything We Know

Monday July 15, 2024 4:44 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Read Full Article129 comments
iphone 14 lineup

Cellebrite Unable to Unlock iPhones on iOS 17.4 or Later, Leak Reveals

Thursday July 18, 2024 4:18 am PDT by
Israel-based mobile forensics company Cellebrite is unable to unlock iPhones running iOS 17.4 or later, according to leaked documents verified by 404 Media. The documents provide a rare glimpse into the capabilities of the company's mobile forensics tools and highlight the ongoing security improvements in Apple's latest devices. The leaked "Cellebrite iOS Support Matrix" obtained by 404 Media...
Read Full Article66 comments
tinypod apple watch

TinyPod Turns Your Apple Watch Into an iPod

Wednesday July 17, 2024 3:18 pm PDT by
If you have an old Apple Watch and you're not sure what to do with it, a new product called TinyPod might be the answer. Priced at $79, the TinyPod is a silicone case with a built-in scroll wheel that houses the Apple Watch chassis. When an Apple Watch is placed inside the TinyPod, the click wheel on the case is able to be used to scroll through the Apple Watch interface. The feature works...
Read Full Article133 comments
bsod

Crowdstrike Says Global IT Outage Impacting Windows PCs, But Mac and Linux Hosts Not Affected

Friday July 19, 2024 3:12 am PDT by
A widespread system failure is currently affecting numerous Windows devices globally, causing critical boot failures across various industries, including banks, rail networks, airlines, retailers, broadcasters, healthcare, and many more sectors. The issue, manifesting as a Blue Screen of Death (BSOD), is preventing computers from starting up properly and forcing them into continuous recovery...
Read Full Article480 comments
Apple Watch Series 9

2024 Apple Watch Lineup: Key Changes We're Expecting

Tuesday July 16, 2024 7:59 am PDT by
Apple is seemingly planning a rework of the Apple Watch lineup for 2024, according to a range of reports from over the past year. Here's everything we know so far. Apple is expected to continue to offer three different Apple Watch models in five casing sizes, but the various display sizes will allegedly grow by up to 12% and the casings will get taller. Based on all of the latest rumors,...
Read Full Article38 comments