Android 15 will introduce a new "Remote Authentication" feature

Google introduces new Mainline modules with each Android release, and of course Android 15 "Vanilla Ice Cream" will be no different. The company is working on a new Mainline module called "RemoteAuth[entication]", but it's unclear exactly what it will be used for. Here's what I know so far.

A couple of code changes related to RemoteAuth have recently appeared in the AOSP Gerrit (sometimes tagged "d2da" for what I presume is "device-to-device authentication"). These code changes don't contain many details about the project, as the real work is likely being done internally, but they do reveal a few details.

First, the new Mainline module won't be delivered as part of its own APK or APEX file. Instead, it'll be contained within the existing "Tethering"/Connectivity module, which houses other projects like Nearby in AOSP. Second, the RemoteAuth APIs will only be available on API 35+, ie. Android 15.

Third, there will be some kind of Settings integration for the feature. Code for the feature will be found under the com.android.settings.remoteauth package. Originally, it was going to be under the com.android.settings.biometrics package since "activeunlock" (the development name for the API powering the Pixel Watch's yet-to-be-released "Watch Unlock" feature) is "also under biometrics", but it was changed to be "a peer" with all other packages under com.android.settings.

Fourth, there will be APIs to start discovery (scanning for nearby devices that are capable of acting as remote authenticators) and initiate connections with peer devices. The DiscoveryFilter class checks if the device type in the Bluetooth scan is a watch, suggesting this feature has some relevance for Wear OS.

Fifth, RemoteAuth will only be supported on devices that support ultra-wideband (UWB), which is determined through the feature declaration "android.hardware.uwb".

Putting this all together, my guess is that this feature will let you use a UWB-powered device running Android 15 (like the Pixel 6 Pro, Pixel 7 Pro, etc.) to connect to a UWB-powered Wear OS smartwatch (like the upcoming Pixel Watch 2) and have the watch act as an authenticator for apps. I believe this is something you can do with an Apple Watch and macOS, but on the Android + Wear OS side of things, the best you can do is to keep your phone unlocked while the watch is on your wrist (Extend Unlock) or unlock it (Watch Unlock, which has yet to be released). However, it's unclear if the peer device itself (in this scenario, the Pixel Watch 2) needs to be running Android 15 to act as a remote authenticator, in which case we could be looking at this feature coming in Wear OS 5. 

Or I could be wrong with my assumption on what this feature is for! Let me know what you think in the comments here or on Discord.

(While I was digging into Android 14, I also noticed two new "feature flags" under Settings > System > Developer options > Feature flags called "settings_enable_lockscreen_transfer_api" and "settings_remote_device_credential_validation." These could be related, but I can't confirm.)