Let's start with the bottom line: App Clips can be used to create a web-like experience to do NFC-based identity verification on iPhones, removing the need to install a native app. We’ve made our ReadID SDKs able to do this.
Why app based and not web based?
A basic choice any service provider makes is: will we have a web app or a native app experience? Both have benefits and disadvantages, but specifically for identity verification, what is important is that a native app gives more control over the camera, thus it is easier to guide the user in taking a good photo from an identity document and a good selfie. This translates into higher conversion. Although we believe that for identity verification, you have to assume an app is compromised, detecting injection attacks (deepfakes, replays) is easier in native apps than for web apps [Enisa’s Remote ID Proofing Good Practice, section 4.1]. Thus, a native app is better for conversion and security than a web app. Adding to this is that NFC is simply not possible in a web app. This is because web browsers in iOS and Android do not provide the required access to NFC to read the chip of an identity document. Please be aware that on Android certain browsers do have a form of NFC access, but not the fully fledged NFC access ReadID needs.
Downside of native apps
That identity verification in general, and NFC in particular, needs a native app is fine for customers that are app-oriented to begin with, like most banks. But customers that are web-based now need an often one-time use identity verification app. This creates friction for users, as they now have to install a native app and switch to it while in the middle of a web experience. We believe the above-explained higher conversion makes up for this and we have a ready-to-use native app for these types of customers called ReadID Ready. But at least on iPhones, we can even take away the friction of installing this one-time use app.
Here come App Clips
An App Clip is like a small native app for iOS that users can launch with a single tap without having to install it. App clips appear from the bottom of the screen, also called a toast. Users thus do not have to go to the App Store, find the app, and authorise the download & install. This provides a near seamless bridge between the mobile website and the app clip.
If you want to try this, we’ve implemented our ReadID Me app as an App Clip:
- If you’re reading this on an iPhone, click here
- If you’re reading this on another device, e.g. your laptop, then scan this QR code with an iPhone:
How do App Clips work?
At its core, an App Clip is a small native app that users can launch from a mobile website, and then appears as a so-called toast in the bottom of the screen. Users can also use their camera app to scan a QR code displayed on a desktop website, in an email, or even on paper. Again, it is only one tap to start the App Clip.
App Clips have been around quite a while, since iOS 14, and thus since September 2020. A major, if not the main, limitation of an App Clip is that it can be max 15 MB (since iOS 16, before that even max 10 MB). For those not into app sizes: this is challenging if not impossible for most apps. But since for SDKs smaller is better, we shrunk our already small ReadID SDK even more, thereby making sure we also leave room for a (not-too-big) facial verification SDK that is typically part of an identity verification app. Don’t take our word for it, just compare the size of our ReadID Me or ReadID Ready app size to other identity verification apps in the App Store. Of course, customers not using App Clips also profit from this smaller SDK.
Second App Clip benefit: session linking
Next to removing the need to install an app, there is a second benefit of App Clips, which is coupling the web session to the app session. A typical UX flow is that a user in a web interface already provides some information, answers qualifying questions et cetera, and then has to go through an identity verification journey, including an NFC-based identity document verification.
This means passing some form of session identifier from the web page to the app. But reliably passing an identifier to a not-yet installed app is not really possible, not even in a mobile web case. This can cause significant user friction, and thus loss of conversion. But that changed with App Clips: when starting an App Clip the website can pass a session ID, thereby linking the web and native app parts of the UX journey. This is also what we’re doing with our ready-to-use app ReadID Ready, that is available as an App Clip as well. More on ReadID Ready as an App Clip will be explained in a follow-up blog post.
What about Android?
The big remaining question is of course: what about Android? Well, Android has a concept that is somewhat similar to App Clips, called Instant Apps. Instant Apps have been around already since 2016 but are unfortunately too limited to be actually useful. Instant Apps have no access to NFC and no access to the graphic processor (needed for taking and analyzing a photo of an identity document). Last but not least, Instant Apps are disabled by default and require the user to dive deep into their Android settings to enable them
For the session linking in Android we do have a solution, that we implemented in ReadID Ready, also with more information on this in a follow-up blog post.
Questions?
If you are considering using ReadID in an App Clip, we are more than happy to provide more information and best practices on how (not) to use App Clips, including some of the unhappy flows on older iOS versions. As for many things in life, the devil is in the details. For customers and partners, we recorded a webinar that is available in the ReadID Documentation portal.
