Google is Finally Breaking the Passkey Lock-In on Android Devices

The inability to transfer passkeys on Android has long been a major frustration for users trying to switch security apps. That ecosystem lock-in is finally breaking, as Google is actively testing a new interface that allows seamless credential migration to and from the Google Password Manager. Discovered through a recent APK teardown, this hidden functionality indicates that native support for third-party password managers is imminent.

While passkeys offer significantly better security than traditional passwords, their portability has been a glaring weakness. Apple recently solved this by introducing a migration mechanism in iOS 26 and macOS 26, but Android users were left waiting. Now, Google is catching up by integrating the Credential Exchange Protocol (CXP), a standard backed by industry giants like Apple, Samsung, and Bitwarden.

Once Google officially activates the feature, users will notice a distinct change in the Google Password Manager interface. The legacy options will be replaced to explicitly include passkeys alongside traditional credentials.

• Navigate to the Google Password Manager settings.
• Tap the newly updated Import passwords & passkeys or Export passwords & passkeys options.
• Select your current third-party provider (such as Bitwarden) from the supported list.
• Authenticate within the chosen app to securely transfer your stored credentials.

For exporting, the system will prompt you to initiate the transfer directly from your new password manager app. Alongside this credential update, Google and Apple are also collaborating on a wireless transfer tool to move files, apps, and home screen setups from iPhone to Android, though it remains unconfirmed if passkeys will be included in that specific wireless bridge.

By fully embracing the Credential Exchange Protocol, Google is removing the single biggest barrier to passkey adoption: the fear of being trapped in one ecosystem. When users know they can freely export their passkeys to Bitwarden or Samsung Pass, they are far more likely to abandon traditional passwords entirely.

This shift fundamentally changes the competitive landscape for security apps. Password managers will no longer be able to rely on the friction of credential migration to retain their user base. Instead, they will be forced to compete purely on the quality of their interface, cross-platform syncing capabilities, and advanced security features.