Chrome’s incognito mode on Android could soon be locked for more privacy
Private browsing or incognito mode is one of the most basic privacy protection mechanisms offered by web browsers today. While sometimes mistaken for full privacy protection, incognito mode just makes sure you don’t leave traces on the browser itself. This protection, however, is pretty much useless if someone else already has your phone and the browser is open. This is why Google has been working on a reauthentication mechanism for Incognito mode which will soon arrive on Android.
Physical access to a device almost always renders security features irrelevant, especially when the phone is already unlocked. Incognito mode is also useless when tabs are already open in the background, and the unauthorized user only needs to come back to it to see what you’ve been browsing in secret. Another lock for incognito mode adds another layer of security, assuming you’ve enabled PIN or biometric authentication on your phone.
Chrome Story Reports a new flag in the development Canary version of Chrome for Android that adds exactly that. Once the flag is enabled and Chrome has restarted, a new setting in the browser’s privacy and security settings will allow you to enable or disable reauthentication. If this option is enabled, you will need to enter your phone’s PIN or use Face Unlock or your fingerprint to access the private browsing tabs.
Google actually brought this experience to Chrome for iOS. When you move away from these private browsing tabs for any reason, you will need to re-authenticate on your phone to see them again. You’ll need to press the button first, so it won’t be as automatic as unlocking your phone.
This iOS implementation is unfortunately not yet available to the general public, and its Android counterpart may still be a long way off at this point. In the meantime, users should remember that incognito mode is not bulletproof, and websites, operators, and even Google may still notice your activity.