Private browsing or incognito mode is one of the most basic privacy protection mechanisms web browsers offer today. Although sometimes mistaken for total privacy protection, incognito mode simply makes sure you don’t leave traces on the browser itself. That protection, however, is pretty much pointless if someone else already holds your phone and the browser is open. That’s why Google has been working on a reauthentication mechanism for Incognito mode that’s coming to Android soon.
Physical access to a device almost always makes security features moot, especially when the phone is already unlocked. Incognito mode is also useless when the tabs are already open in the background, and all it takes is for the unauthorized user to switch back to it to see what you’ve been browsing in secret. Another lock for incognito mode adds another layer of security, presuming you have enabled PIN or biometric authentication on your phone.
Chrome Story reports a new flag in Chrome for Android’s development Canary version that adds exactly that. Once the flag has been enabled and Chrome has been restarted, a new setting in the browser’s Privacy and Security settings will let you switch reauthentication on or off. If enabled, you will be required to enter your phone’s PIN or use face unlock or your fingerprint to access incognito tabs.
Google actually introduced this experiment to Chrome for iOS. When you navigate away from those incognito tabs for whatever reason, you’ll need to reauthenticate to your phone to see them again. You’ll have to tap on the button first, though, so it won’t be as automatic as unlocking your phone.
That iOS implementation sadly isn’t yet available for the general public, and its Android counterpart might still be far away at this point. In the meantime, users should remember that Private Browsing mode isn’t bulletproof, and websites, carriers, and even Google can still notice your activity.