If you’ve signed up for any new web services in the past few years, you’ve probably encountered a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) or two. A CAPTCHA is a form that forces you to transcribe a blurry series of letters and digits. They’re challenge-response questions designed to prevent bots from hammering websites with nonsense data, and one of the most widely adopted — Google’s reCAPTCHA — displays as many as 100 million tests every day. And now, they’re coming to your smartphone.
On Thursday, Google announced the reCAPTCHA Android API, a CAPTCHA test adapted to smartphones. When it ships in the coming weeks as part of Google Play Services, the framework that updates and authenticates Google services, it will let app developers invoke the reCAPTCHA system in app sign-up forms, login pages, and more.
“With this API, reCAPTCHA can better tell human and bots apart to provide a streamlined user experience on mobile,” Google product manager Wie Liu wrote in a blog post. “It will use our newest […] reCAPTCHA technology, which runs risk analysis behind the scene and has enabled millions of human users to pass through with zero clicks everyday. Now mobile users can enjoy their apps without being interrupted, while still staying away from spam and abuse.”
The reCAPTCHA Android API builds on Google’s other recent improvements. In March, the search giant introduced “invisible reCAPTCHAs,” or CAPTCHAs that automatically disappear when a human user is detected. Form fillers that trip Google’s Advanced Risk Analysis algorithms will still have to solve the CAPTCHA test, but most users won’t see it at all.
That’s apparently thanks to “advanced analysis techniques” that consider a user’s “entire engagement” with CAPTCHA and “evaluate a broad range of cues.” It’s more than a one-time deal — Google says it “actively consider[s] a user’s engagement with the CAPTCHA — before, during, and after — to determine whether that user is a human.”
Google acquired reCAPTCHA from a team at Carnegie Mellon University’s main Pittsburgh, Pennsylvania campus, and made it free to use. That helped it grow into one of the largest CAPTCHA providers in the world — and the anti-spam test of choice for Facebook, TicketMaster, Twitter, 4chan, CNN.com, StumbleUpon, Craigslist, and tens of thousands of others.
In 2014, Google began to replace the reCAPTCHA system with a simpler alternative called No CAPTCHA ReCAPTCHA: A checkbox saying “I’m not a robot.” Using a system of clues such as cookies (small pieces of data sent from a website and stored on a user’s computer by the user’s web browser) and mouse movements, the improved reCAPTCHA was able to distinguish non-human users from bots almost instantaneously.
The reCAPTCHA Android API for Android is included with Google SafetyNet, which provides services like device attestation and safe browsing. It complements efforts like Google Play Protect, which monitors Android devices for potentially harmful applications, device encryption, and regular security updates.