Can a web app use the Secure Element (or Enclave) through a mobile browser?

Native mobile apps can use the Secure Element (or Enclave), e.g. to generate and use private keys for encrypting and signing data. These private keys are stored in the hardware of the mobile device, inaccessible to even the phone manufacturer, giving them extremely strong security properties.

I’d like to have the same functionality in a web app (which would be more widely usable since it requires no installation). Is this possible?

I’ve scoured the web but haven’t found any good information on this. In principle, it seems that mobile browsers (because they’re native apps themselves) could use the Secure Element just like any other app. In fact, as one example, I’m pretty sure they’re using it to enable authentication through WebAuthn, which uses key pairs with the private key stored on the device. But… as far as I know the browsers don’t expose access to web apps.

Any information on this would be much appreciated! Thanks

Source: Android Questions

LEAVE A COMMENT