Recently, we received a warning email from Google with the subject marked “[Action Required]”.
In the email, Google pointed out that we are currently using the Google Sign-in Platform Library, and starting from June 30, 2025, Google will require the use of the FedCM API. The email provided us with three options:
Option 1: Migrate to the Google Identity Services library, using the instructions for migrating from Google Sign-in.
Option 2: Conduct an impact assessment and update your web application, if necessary.
Option 3: If no action is taken, your application will automatically switch to FedCM APIs when mandatory adoption occurs.
We have reviewed the “Migrate from Google Sign-in” instructions (Option 1) and the guidance on conducting an impact assessment (Option 2): https://developers.google.com/identity/gsi/web/guides/migration https://developers.google.com/identity/sign-in/web/gsi-with-fedcm#conduct_an_impact_assessment
After evaluation, we believe that the applications requiring adjustment are those using the Google Sign-in JavaScript library, which are typically web applications. However, our application’s Google login integration does not use the JavaScript library; instead, it utilizes the Android Credential Manager Jetpack library, and our application is categorized as a device application, not a web application.
Therefore, we have the following questions:
In this situation, will our application be affected by the mandatory adoption of FedCM API in the Google Sign-in Platform Library? Do we need to make adjustments according to the options provided by Google?
Also, the email listed two affected applications. We can confirm that both of these belong to our account, but all our other applications under this account use the same Google Sign-in integration. Why are only these two applications listed as affected, but the others are not?
We would greatly appreciate it if anyone could help clarify these questions.
No, your Android native application will not be affected. The changes described in the email apply only to Web apps, Android has a separate SDK for user sign-in. No changes necessary.
A cached version of your sign-in library that itself depends upon and uses the older, deprecated JS library, or an installed build still in use by older devices which have not updated recently perhaps? Internal test tools that have not been updated, developers testing on their own machines, or sign-in using WebView may also be areas to consider. If possible, instrumenting the places which load api.js/client.js to count the frequency of use may give you hints on whether this is a few internal folks testing or working with older packages, or more seriously a widely deployed production app.
