Yubico releases Android SDK to improve mobile app security

Calling all enterprise developers and technology partners! Today, Yubico’s Android SDK is made generally available to equip you with the tools you need to quickly and efficiently build YubiKey support into your mobile apps. Together with the Yubico iOS SDK, you can now provide a seamless and consistent login experience for your customers and employees, regardless of their mobile device.

With the launch of our Android SDK, we are now making it easier for apps to add YubiKey support using the YubiOTP, OATH (TOTP and HOTP), and PIV authentication protocols over both USB and NFC connections. Not all applications rely on modern authentication protocols like FIDO — particularly in the enterprise — and our new SDK delivers a uniform integration experience for all developers regardless of the authentication flow they choose.

Fortunately, customers who are building apps with FIDO authentication can continue to use the native Android platform support.

3 benefits of YubiKey authentication on mobile devices

When it comes to mobile authentication, there are some key benefits of using a portable hardware-backed authenticator like the YubiKey in comparison to other mobile-dependent solutions like SMS or Google Authenticator.

    1. Mobile phones are not purpose-built for security. They are multi-purpose computing devices that, by nature, have a larger attack surface. An external, single-purpose authentication device like the YubiKey significantly minimizes the level of risk exposure to malware or phishing attacks.
    2. YubiKey authentication is up to four times faster than copying and pasting one-time codes. Not only is this a more preferred and enjoyable user experience, but it has also been shown to reduce support costs within an enterprise by up to 92%.
    3. In some cases, app developers may want to require step-up authentication to complete a high-risk action, such as transferring a large sum of money or updating an address. As a general rule of thumb, an additional form of user verification — one that is not tied to a user’s device, which can be stolen or compromised — delivers the best level of security.

Achieving mobile security with the YubiKey in healthcare and beyond

Allscripts, a leader in healthcare information technology solutions, is one of the first companies actively working with the Yubico Android SDK to make YubiKey support available in the upcoming releases of Allscripts Sunrise™ Mobile and Allscripts Professional™ EHR Mobile and Desktop.

Due to the complex compliance requirements and fast-moving nature of hospitals or other healthcare environments, it’s important that doctors, nurses, and medical staff have quick, yet secure, access to critical systems and information.

“By integrating directly with the Yubico SDK, Allscripts is improving the multi-factor authentication (MFA) experience that is needed to comply with the electronic prescription of a controlled substance (EPCS),” said Steve Pascht, Allscripts Senior Solutions Manager. “It’s easier for providers to use hard tokens on mobile and desktop platforms by simply plugging in — and eventually tapping — the YubiKey without having to read, remember, re-type, or copy and paste OTP codes when prescribing controlled substances.”

In addition to healthcare, the advantages of YubiKey mobile authentication spans many industries including financial services, manufacturing, retail, and technology, many of which have already integrated our iOS SDK into their apps.

Get started with building YubiKey support into your mobile app

At Yubico, we strongly believe in the power of the ecosystem and community development. Developers and partners building enterprise and consumer apps are key to how Yubico architects products and we are committed to enhancing our software portfolio to enable all use cases across all platforms.

If you’re interested in building a YubiKey-enabled mobile app or you would like to explore the latest Android SDK, check out our Github repo or developer guides.

Talk to our teamTalk to our team

Share this article:


  • CEO Corner: Maintaining stable growth while navigating global uncertaintyAs we officially close out the first quarter of 2025,  I am pleased we saw a quarter with solid growth and profitability along with ongoing demand for phishing-resistant authentication. We continue to see new types of high-profile cyber attacks appearing regularly, and a major reason for the success of phishing attacks is stolen credentials. As […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Introducing the Yubico Academy: Enabling partners for a phishing-resistant futureAt Yubico, strong partnerships are fundamental to a more secure digital world. Our commitment goes beyond providing leading security keys; it’s about actively fostering the growth of our valued partners through impactful enablement programs. A cornerstone is the Yubico Academy, featuring our comprehensive certification program.  This program enables our partners’ teams to become Yubico experts, […]Read more
  • AI is booming — but proving you’re human matters more than everIf you walked the show floor at the RSA Conference this year, you probably noticed the same thing I did: Artificial Intelligence (AI) is everywhere. Agentic AI. AI in threat detection. AI in firewalls. AI in identity management. AI-generated demos. AI everything. The energy around AI was undeniable, and we’re seeing real innovation, efficiency gains […]Read moreAIArtificial IntelligencephishingRSAC
  • Ditching passwords for good: Celebrating the inaugural World Passkey DayHave you ever been stuck in a relationship with someone who constantly lets you down, exposes your secrets, and leaves you vulnerable? Odds are you cut your losses, packed up your things and moved on. Today is the day to do the same with your passwords: say goodbye forever! The reality is a majority of […]Read morepasskeyspasswordlessWorld Passkey Day