Yubico releases Android SDK to improve mobile app security

Calling all enterprise developers and technology partners! Today, Yubico’s Android SDK is made generally available to equip you with the tools you need to quickly and efficiently build YubiKey support into your mobile apps. Together with the Yubico iOS SDK, you can now provide a seamless and consistent login experience for your customers and employees, regardless of their mobile device.

With the launch of our Android SDK, we are now making it easier for apps to add YubiKey support using the YubiOTP, OATH (TOTP and HOTP), and PIV authentication protocols over both USB and NFC connections. Not all applications rely on modern authentication protocols like FIDO — particularly in the enterprise — and our new SDK delivers a uniform integration experience for all developers regardless of the authentication flow they choose.

Fortunately, customers who are building apps with FIDO authentication can continue to use the native Android platform support.

3 benefits of YubiKey authentication on mobile devices

When it comes to mobile authentication, there are some key benefits of using a portable hardware-backed authenticator like the YubiKey in comparison to other mobile-dependent solutions like SMS or Google Authenticator.

    1. Mobile phones are not purpose-built for security. They are multi-purpose computing devices that, by nature, have a larger attack surface. An external, single-purpose authentication device like the YubiKey significantly minimizes the level of risk exposure to malware or phishing attacks.
    2. YubiKey authentication is up to four times faster than copying and pasting one-time codes. Not only is this a more preferred and enjoyable user experience, but it has also been shown to reduce support costs within an enterprise by up to 92%.
    3. In some cases, app developers may want to require step-up authentication to complete a high-risk action, such as transferring a large sum of money or updating an address. As a general rule of thumb, an additional form of user verification — one that is not tied to a user’s device, which can be stolen or compromised — delivers the best level of security.

Achieving mobile security with the YubiKey in healthcare and beyond

Allscripts, a leader in healthcare information technology solutions, is one of the first companies actively working with the Yubico Android SDK to make YubiKey support available in the upcoming releases of Allscripts Sunrise™ Mobile and Allscripts Professional™ EHR Mobile and Desktop.

Due to the complex compliance requirements and fast-moving nature of hospitals or other healthcare environments, it’s important that doctors, nurses, and medical staff have quick, yet secure, access to critical systems and information.

“By integrating directly with the Yubico SDK, Allscripts is improving the multi-factor authentication (MFA) experience that is needed to comply with the electronic prescription of a controlled substance (EPCS),” said Steve Pascht, Allscripts Senior Solutions Manager. “It’s easier for providers to use hard tokens on mobile and desktop platforms by simply plugging in — and eventually tapping — the YubiKey without having to read, remember, re-type, or copy and paste OTP codes when prescribing controlled substances.”

In addition to healthcare, the advantages of YubiKey mobile authentication spans many industries including financial services, manufacturing, retail, and technology, many of which have already integrated our iOS SDK into their apps.

Get started with building YubiKey support into your mobile app

At Yubico, we strongly believe in the power of the ecosystem and community development. Developers and partners building enterprise and consumer apps are key to how Yubico architects products and we are committed to enhancing our software portfolio to enable all use cases across all platforms.

If you’re interested in building a YubiKey-enabled mobile app or you would like to explore the latest Android SDK, check out our Github repo or developer guides.

Talk to our teamTalk to our team

Share this article:


  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST
  • 2025 Global State of Authentication survey: A world of difference in cybersecurity habitsIn a world that’s more connected than ever, the landscape of cybersecurity threats is constantly evolving. Bad actors, now supercharged with artificial intelligence (AI), are becoming increasingly adept at exploiting human error through sophisticated phishing and social engineering attacks. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises. […]Read moreGlobal State of Authenticationsurvey
  • Making digital security a right: Inside Yubico’s Secure it Forward programTechnology can be a great equalizer — but only if the strongest protection is within reach. Since 2022, Yubico has donated more than 65,000 YubiKeys to hundreds of organizations worldwide — a retail value of over $3.3 million. Each key helps strengthen digital protection for those doing vital work in their communities. This isn’t just […]Read more
  • Unlocking trust in enterprise security: Yubico and Okta empowering businesses togetherCollaboration with ecosystem partners is critical for providing our customers with the best cybersecurity solutions. Together, Yubico and Okta have achieved remarkable milestones over the years, including launching innovative solutions and aligning our go-to-market efforts – all aimed at delivering the most impactful cybersecurity solutions and user experience for our customers and partners. At the heart […]Read moreOktaOktane