Forum Discussion
Android 15 - Cannot set default password app
We use Microsoft Intune to manage devices. For the devices which have upgraded to Android 15, the end users can no longer select Microsoft Authenticator as their default application for auto filling ...
So I've received a note that Google Workspace has an internal feature request (381410766) to create a policy setting for the credentialProviderPolicy field. This field was optional in A14 but became mandatory in A15. Apparently, this policy change has caught Workspace completely flat footed, as the timeline for the feature request was said to be "...a few months" from now (even though I raised it when A15 was released). Apparently, we'll all be on A16 by the time Google Workspace realizes that there's been a security change in the Android requirements.
The answer that I was given by Google was to turn off passkey usage and simply use 2SV. I assume that Google also recommends us using simple, memorable passwords since we can't use the high-entropy passwords that password managers allow us to use. I'm going to use "hunter2" since I seem to remember it really easily.
I do have a suggestion for the developers: there's this really cool new AI coding tool called "Gemini" by a company, I can't remember who it is but I'm sure they have the highest security standards. Maybe ask it, something like: "Provide me with the necessary code to enable changing the credentialProviderPolicy under the Android Management API". A few questions later, and you'll probably have everything you need.
It caught half of the ecosystem off guard. 100%
I don't mind giving InTune a pass, since after all Microsoft may not necessarily know what changes Android is making to the Android Management API in advance. Although the current 6-month window for betas of new releases might be enough to at least give them a hint.
Google, on the other hand, probably should have some sort of corporate policy of letting Workspace know when Android is changing the management API that links the two of them together, especially if it's so subtle that the same ridiculously-long beta doesn't turn it up. Maybe the workspace team are all on IOS.
All of this, of course, assumes that the Android team didn't mention this change from "optional" to "mandatory" at all, which frankly I struggle to believe. Maybe they need the Chrome team's view of changes being dogfooded through 8 separate versions' flags. Either way, the whole thing is just ridiculous to me. Especially the part where I was told to just stop using passkeys on my Google Workspace account for a few more months in favour of SMS OTPs. Hence the sarcasm.
