Hidden Passkey Import and Export Options Surface on Android
Google Password Manager on Android is quietly preparing a major upgrade: native support for passkey import and export. Investigators have enabled a still-hidden interface that replaces the existing “Import passwords” and “Export passwords” options with new entries labelled “Import passwords & passkeys” and “Export passwords & passkeys.” These updated Google Password Manager features already work in test form, even though Google has not yet rolled them out to the public. The implementation is more nuanced than a simple file-based passkey export Android users might expect. Instead of a visible “export to app X” button, Google appears to rely on context prompts: when you open another compatible password manager, you are prompted to transfer passkeys out of Google’s vault. This approach enables passkey import export flows between apps while keeping the sensitive key material within a tightly controlled system interface.
How Passkey Migration Works Behind the Scenes
Under the hood, Google is leaning on the Credential Exchange Protocol (CXP), an emerging industry standard backed by the FIDO Alliance, to power passkey migration. With CXP, a passkey’s private key can be securely transferred between trusted apps or devices without exposing it to attackers or requiring users to regenerate keys and re-enroll services. On Android, CXP relies heavily on Google Play Services and Google Password Manager to shuttle credentials between providers. Once the feature goes live, users should see passkey migration options not only in Google’s own tools, but also in third-party managers that implement CXP, such as Bitwarden or potentially Samsung’s password manager. This architecture turns Android itself into a kind of broker for password manager portability, coordinating safe passkey import export operations instead of forcing each app to invent its own transfer mechanism.
Aligning with Apple and the Broader Passkey Ecosystem
Google’s shift toward passkey export Android support brings its platform closer in line with competitors that already offer robust portability. Devices running recent versions of iOS and macOS have implemented passkey migration via CXP, allowing users to move credentials into third-party password managers like Bitwarden and 1Password. Until now, Android lagged behind despite Google being an early backer of the same protocol. The new Android interface suggests that groundwork is finally nearing completion, with Google Password Manager features catching up to the broader ecosystem. This is especially timely as tech companies collaborate on smoother device-to-device transitions, including tools to move apps, files, and even home screen setups between platforms. While Google has explicitly mentioned making password copying easier, the emerging CXP-based flow hints that passkeys may also benefit from these streamlined migration experiences.
Why Passkey Portability Matters for Users
Passkeys promise strong, phishing-resistant authentication by pairing a locally stored private key with a public key held by services. Users authenticate using biometrics or device unlock methods, avoiding password reuse and weak credentials. However, this model created a practical problem: if your phone breaks or you switch apps, moving those keys was often cumbersome or impossible. That friction effectively locked many people into a single provider. By enabling secure passkey import export on Android, Google reduces this vendor lock-in and gives users more meaningful control over their digital identities. It becomes easier to adopt passkeys, knowing that switching to another password manager later will not strand your credentials. As passkeys evolve toward being an industry standard, improving password manager portability is a crucial step in making them a realistic replacement for traditional passwords, not just a theoretical upgrade.