Chrome 84 went into beta just a few weeks ago, but it’s already rolling out to the stable channel on all platforms. This is one of the biggest Chrome updates we’ve seen in a long time, with some features removed and new functionality for both normal people and developers. Let’s dive in!
RIP Chrome Duet
Variants of a bottom bar interface have been tested in Chrome for Android for several years in this point. First it was ‘Chrome Home’, which moved the entire address bar to the bottom of the screen, which was later updated to ‘Duplex’, then renamed to ‘Duet’ to avoid confusion with the Google Assistant feature of it Name. Now it seems like the long running interface experiment is gone forever.
Chrome Duet in Chrome 83
Chrome 84 has removed the two feature flags for Duet, # enable-duet-tabstrip -integration and # enable-chrome-duet. They can still be seen in the flags list in Chrome 84 if you enable # temporaria-inexpire-flags-m82 and # temporaria-inexpire-flags-m83, but even after that, Duet flags don’t seem to be functional. The expiring flags also have a description that says, “These flags will be removed soon,” indicating that Duet was probably gone.
While it looks like the Chrome Home / Duplex / Duet saga has finally come to an end, Google might have other ideas for what might appear at the bottom of the screen … like a tab switch?
Conditional tab strip
A possible replacement for Chrome Duet could be the ‘Conditional Tab Strip’, which first appeared as part of Chrome’s tab group feature (which has not yet been fully implemented on Android). Google is decoupling the tab strip from the tab group feature, so it can work regardless of whether tab groups are used or not. Just go to chrome: // flags # enable-conditional-tabstrip and set it to ‘Enabled’.
The “conditional” part of the name seems to come from the fact that it doesn’t always appear, even when the flag is enabled. The flag doesn’t work for me, but our own Rita El Khoury made it work on her phone, as did some Android Police readers who sent us tips on the feature.
Application shortcuts
Native Android apps have been able to set shortcuts, the quick actions that appear when you hold down an app icon, since Android 7.1. Starting in Chrome 84, web apps added to the home screen may also have shortcuts. As with native apps, you can press and hold a shortcut to give it its own icon.
Example of a PWA (PhotoStack.app) with application shortcuts
It’s not a lot of work for developers to add shortcut support to their web apps: Twitter has already done this, and I added them to my own PhotoStack app in about 30 minutes (most of the time was generating the icons).
Although Google says that app shortcuts should be available to everyone in Chrome 84, and that they were functional to me in beta, I can’t seem to see the default shortcuts in stable version. Maybe it’s linked to a server-side deployment, or it’s a bit flawed.
OTP web API
There are many services that use phone numbers for two-factor verification or authentication, but that generally requires leaving the current app and reading a message from your SMS app. Google introduced a way for native Android apps to automatically read verification texts in 2017, and now the company is bringing the same feature to web apps.
Here’s how it works: When a website sends you verification text, you can add a string to the end of the message that tells the browser which site / app it’s for. Then Android displays a message asking if Chrome should be allowed to read the message and pass it to the site. If you agree, Chrome will complete it automatically, without the need to switch to your messaging app.
The problem is, as with native Android apps that use this functionality, websites need to be updated to take advantage of the new auto-complete API. I hope my bank will add support shortly before the heat death of the universe.
Block some notification requests
Chrome has already taken steps to prevent all sites under the sun from creating notification pop-ups, as it generally has to interact with the site for a while before it can display the browser level indicator, but now the browser goes a little further.
Google is now cracking down on websites that block parts (or all) of the page until it allows notifications. “Abusive notification notices are one of the top user complaints we get about Chrome,” the company wrote in a blog post. “A large percentage of notification requests and notifications come from a small number of abusive sites.”
Google will notify websites through Search Console if the company detects abusive notification experiences, at which point the site will have 30 days to remove the behavior or the quieter interface will be activated.
Security changes
Transport Layer Security, or TLS for short, is the technology used by HTTPS sites to ensure that all data is transferred over a secure connection. TLS 1.0 and 1.1 are quite old at the moment: They were released in 1999 and 2006 respectively. TLS 1.0 is vulnerable to multiple types of attacks, including POODLE, while TLS 1.1 supports weak crypto.
Chrome stopped supporting TLS 1.0 and 1.1 in early 2019, with the release of V72, but Chrome 84 adds an additional full-page warning to sites that don’t support TLS 1.2 or later. You can still visit the pages by pressing ‘Advanced’ and following the site link, but the browser warns that the solution will be “disabled in the future”.
On a related note, Google has started testing HTTP download blocking from HTTPS websites. Originally, it was scheduled to start in Chrome 81, but was delayed to V84. However, Chrome on Android will not start blocking these downloads until Chrome 85.
Other features
As always, this update includes changes for both users and developers. Here are some smaller changes included in Chrome 84:
- Proof of origin: The new Cookie Store API allows service workers to use HTTP cookies.
- The space between elements in CSS Flexboxes can now be created using ‘channels’.
- Proof of origin: The new Inactive Discovery API allows pages to accurately indicate when the user is inactive (mouse does not move, keystrokes are not pressed, etc.).
- Proof of origin: Websites can now opt for stronger isolation with the new Source Isolation API.
- The Web Authenticator API can be used from cross-origin frameworks if enabled by a feature policy. Google said: “There is interest in banks using this to comply with PSD2 regulations in the EU where they have to authenticate their users in the context of a third party service provider site. Secondly, some sites want to outsource your authentication to third parties -party providers “.
- The Screen Wake Lock API is enabled by default and allows sites to keep the screen on in certain situations.
- Chrome 84 includes a new flag for the Media Feeds API, which appears to be a content recommendation interface for websites to use, based on the now-removed documentation. The feature doesn’t seem to be functional yet.
- There is a new Plain Clipboard Access API hidden behind a banner, which allows web applications to copy / paste images and other raw data, rather than just text.
to download
The APK is signed by Google and updates your existing application. The cryptographic signature guarantees that the file is safe to install and that it has not been tampered with in any way. Instead of waiting for Google to send this download to your devices, which can take days, download and install it like any other APK.
