Public Wi-Fi login pages may soon get an upgrade with this change
Public Wi-Fi networks are becoming increasingly common, but logging into them can sometimes be a hassle. Captive portals, the web pages that pop up when you connect to public Wi-Fi, often require you to manually enter your login credentials or personal information. This is because captive portals are typically opened in the Android System WebView app, which doesn't have access to your autofill data. However, Google is working on a change that could make this process much smoother.
The Android System WebView is a system component that allows apps to display web-based content without leaving the app. Although it's based on the same open-source code as Google Chrome, it doesn't share any autofill or session data with it. As a result, when a captive portal asks you to sign in to a social media account or input your personal data, you have to fill in all the details manually.
Google is now preparing to have Android open these captive portal pages in an Android Custom Tab instead of a WebView. Custom Tabs are simply instances of the default web browser and have access to your browsing session, saved passwords, payment methods, and addresses. This would allow captive portals to access your autofill data, making it much faster and easier to log in to public Wi-Fi networks.
Example of an Android Custom Tab powered by Google Chrome | Image credit — Android Authority
This change is being implemented through Project Mainline, which allows Google to push out updates to system components through Play System Updates. The latest release of the Captive Portal Login app already contains the code for this feature, but it's currently disabled by default. It's unclear when Google plans to enable this feature, but it's expected to roll out in the near future.
While this change is likely to improve the convenience of accessing public Wi-Fi, it's not expected to have a significant impact on security. Evil twin attacks, where attackers set up fake public Wi-Fi access points with malicious captive portals, will likely still be effective. However, the increased convenience of using Android Custom Tabs for captive portals is a welcome change that should make logging into public Wi-Fi networks a bit less painful.
Personally, I think this is a great move by Google. I often find myself having to manually enter my login credentials when connecting to public Wi-Fi at airports, which can be quite annoying. The ability to use autofill data with captive portals will definitely make my life a bit easier as a traveler.
Things that are NOT allowed: