Yubico releases Android SDK to improve mobile app security

Calling all enterprise developers and technology partners! Today, Yubico’s Android SDK is made generally available to equip you with the tools you need to quickly and efficiently build YubiKey support into your mobile apps. Together with the Yubico iOS SDK, you can now provide a seamless and consistent login experience for your customers and employees, regardless of their mobile device.

With the launch of our Android SDK, we are now making it easier for apps to add YubiKey support using the YubiOTP, OATH (TOTP and HOTP), and PIV authentication protocols over both USB and NFC connections. Not all applications rely on modern authentication protocols like FIDO — particularly in the enterprise — and our new SDK delivers a uniform integration experience for all developers regardless of the authentication flow they choose.

Fortunately, customers who are building apps with FIDO authentication can continue to use the native Android platform support.

3 benefits of YubiKey authentication on mobile devices

When it comes to mobile authentication, there are some key benefits of using a portable hardware-backed authenticator like the YubiKey in comparison to other mobile-dependent solutions like SMS or Google Authenticator.

    1. Mobile phones are not purpose-built for security. They are multi-purpose computing devices that, by nature, have a larger attack surface. An external, single-purpose authentication device like the YubiKey significantly minimizes the level of risk exposure to malware or phishing attacks.
    2. YubiKey authentication is up to four times faster than copying and pasting one-time codes. Not only is this a more preferred and enjoyable user experience, but it has also been shown to reduce support costs within an enterprise by up to 92%.
    3. In some cases, app developers may want to require step-up authentication to complete a high-risk action, such as transferring a large sum of money or updating an address. As a general rule of thumb, an additional form of user verification — one that is not tied to a user’s device, which can be stolen or compromised — delivers the best level of security.

Achieving mobile security with the YubiKey in healthcare and beyond

Allscripts, a leader in healthcare information technology solutions, is one of the first companies actively working with the Yubico Android SDK to make YubiKey support available in the upcoming releases of Allscripts Sunrise™ Mobile and Allscripts Professional™ EHR Mobile and Desktop.

Due to the complex compliance requirements and fast-moving nature of hospitals or other healthcare environments, it’s important that doctors, nurses, and medical staff have quick, yet secure, access to critical systems and information.

“By integrating directly with the Yubico SDK, Allscripts is improving the multi-factor authentication (MFA) experience that is needed to comply with the electronic prescription of a controlled substance (EPCS),” said Steve Pascht, Allscripts Senior Solutions Manager. “It’s easier for providers to use hard tokens on mobile and desktop platforms by simply plugging in — and eventually tapping — the YubiKey without having to read, remember, re-type, or copy and paste OTP codes when prescribing controlled substances.”

In addition to healthcare, the advantages of YubiKey mobile authentication spans many industries including financial services, manufacturing, retail, and technology, many of which have already integrated our iOS SDK into their apps.

Get started with building YubiKey support into your mobile app

At Yubico, we strongly believe in the power of the ecosystem and community development. Developers and partners building enterprise and consumer apps are key to how Yubico architects products and we are committed to enhancing our software portfolio to enable all use cases across all platforms.

If you’re interested in building a YubiKey-enabled mobile app or you would like to explore the latest Android SDK, check out our Github repo or developer guides.

Talk to our teamTalk to our team

Share this article:


  • Works with YubiKey Spotlight: Passkeys are here – are you ready?With 2025 at its midpoint, enterprises worldwide are grappling with how to protect their users and data against emerging challenges around user security. Since 2022, generative AI has fueled a 4,000% surge in phishing – exploiting human vulnerability in 68% of breaches. It’s no longer a question – the world has a password problem that […]Read morepartnerspasskeysWorks with YubiKeywwyk
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless