Google Chrome for Android may require biometrics for sensitive settings in untrusted locations
Google Chrome for Android is working on adding support for an Identity Check feature that will force apps to use biometric authentication if your phone is outside of a trusted location.
Our smartphones nowadays contain loads of personal, medical, and financial data on them. This pretty much makes them an ideal target for thieves. Google has a plethora of theft protection features so thieves cannot keep your phone unlocked after stealing it.
And now, Google Chrome is working on adding an extra layer of security even if the thief has peeked over your shoulder before stealing your phone and knows your PIN.
Right now, if the thief has found out your lock screen PIN, pattern, or password, they are able to unlock your phone anytime and get access to your apps containing sensitive information.
And that's because, even though many of the apps ask you to authenticate yourself before accessing your data, they offer you the option to use your lock screen PIN, pattern, or password instead of using biometrics like your face or fingerprint.
Last week, Google announced Identity Check and said it would require the use of biometrics when "accessing critical Google account and device settings". Those include changing your PIN, disabling theft protection, or accessing Passkeys from an untrusted location.
Identity Check is reportedly going to secure some sensitive data in Google Chrome for Android too, but that will only work with the next release of Android 15. Hints about this have been noticed by Chrome tipster Leopeva64, where they discovered code changes tagged "idcheck". The changes add a Chrome flag that would enable Android identity check for eligible features of the browser.
Android Authority contributor and reverse engineer AssembleDebut tied this to the Android Identity Check feature we were talking about above. The feature may be added to payment methods, sync settings, and incognito mode, which suggests that accessing those would require biometrics if you're outside of a trusted location.
It seems the Identity Check for Chrome will be available on devices with Android 15 QPR1, which is the upcoming December 2024 release. This info is still not confirmed by Google at this point, and the company has not disclosed how this will work.
Google is reportedly going to roll out the "mandatory biometric" setting with a server-side update to Google Play Services before you will be able to use Identity Check on Google Chrome.
I'm a big fan of security features and adding more security features can never be wrong in my book, so kudos to Google for doing that!
Our smartphones nowadays contain loads of personal, medical, and financial data on them. This pretty much makes them an ideal target for thieves. Google has a plethora of theft protection features so thieves cannot keep your phone unlocked after stealing it.
Right now, if the thief has found out your lock screen PIN, pattern, or password, they are able to unlock your phone anytime and get access to your apps containing sensitive information.
And that's because, even though many of the apps ask you to authenticate yourself before accessing your data, they offer you the option to use your lock screen PIN, pattern, or password instead of using biometrics like your face or fingerprint.
Google's upcoming Identity Check feature is aimed at resolving this particular issue. Google Password Manager invoking Biometric Prompt with LSKF fallback Identity Check seems quite similar to Apple's Stolen Device Protection. When the Identity Check feature is enabled, it will force you to use biometrics to unlock apps.
Adding more security features to protect your sensitive data is always a good thing. | Image Credit - Unsplash
Last week, Google announced Identity Check and said it would require the use of biometrics when "accessing critical Google account and device settings". Those include changing your PIN, disabling theft protection, or accessing Passkeys from an untrusted location.
Identity Check is reportedly going to secure some sensitive data in Google Chrome for Android too, but that will only work with the next release of Android 15. Hints about this have been noticed by Chrome tipster Leopeva64, where they discovered code changes tagged "idcheck". The changes add a Chrome flag that would enable Android identity check for eligible features of the browser.
Android Authority contributor and reverse engineer AssembleDebut tied this to the Android Identity Check feature we were talking about above. The feature may be added to payment methods, sync settings, and incognito mode, which suggests that accessing those would require biometrics if you're outside of a trusted location.
Google is reportedly going to roll out the "mandatory biometric" setting with a server-side update to Google Play Services before you will be able to use Identity Check on Google Chrome.
I'm a big fan of security features and adding more security features can never be wrong in my book, so kudos to Google for doing that!
Things that are NOT allowed: