Private surfing, sometimes known as incognito mode, is one of the most fundamental privacy protection features available in today’s online browsers. Incognito mode, which is commonly misunderstood for comprehensive privacy protection, simply ensures that you don’t leave any traces on the browser itself. However, if someone else has your phone and the browser is open, that protection is essentially useless. That’s why Google is working on a reauthentication mechanism for Incognito mode, which will be available soon on Android.
When you have physical access to a device, security mechanisms are nearly always rendered useless, especially if the phone is already unlocked. When the tabs are already open in the background, incognito mode is useless because all it takes is for an unauthorized user to switch back to it to see what you’ve been browsing in secret. If you have enabled PIN or biometric authentication on your phone, additional lock for incognito mode adds another layer of security.
According to Chrome Story, Chrome for Android’s development Canary version has a new flag that does just that. After you’ve activated the flag and restarted Chrome, you’ll see a new setting in the browser’s Privacy and Security settings that lets you turn reauthentication on or off. To access incognito tabs, you’ll need to enter your phone’s PIN or use face unlock or your fingerprint if it’s enabled.
This experiment was first launched by Google in Chrome for iOS. If you leave those incognito tabs for whatever reason, you’ll need to reauthenticate using your phone in order to see them again. It won’t be as automatic as unlocking your phone because you’ll have to tap the button first.
Unfortunately, that iOS implementation isn’t currently available to the general public, and its Android counterpart may still be a long way off. Meanwhile, users should keep in mind that Private Browsing mode isn’t impenetrable, and websites, carriers, and even Google may still see what they’re doing.