Chrome 84 entered beta just a few weeks ago, but it's already rolling out on the stable channel across all platforms. This is one of the most significant Chrome updates we've seen in a while, with a few removed features and new functionality for both regular people and developers. Let's dive right in!
RIP Chrome Duet
There have been variants of a bottom bar interface being tested in Chrome for Android for several years at this point. First was 'Chrome Home,' which moved the entire address bar to the bottom of the screen, which was later revamped into 'Duplex,' then renamed to 'Duet' to avoid confusion with the Google Assistant feature of the same name. Now it appears the long-running interface experiment is gone for good.
Chrome Duet on Chrome 83
Chrome 84 has removed the two feature flags for Duet, #enable-duet-tabstrip-integration and #enable-chrome-duet. They can still be seen on the flags list in Chrome 84 if you enable #temporary-unexpire-flags-m82 and #temporary-unexpire-flags-m83, but even after that, the Duet flags don't seem to be functional. The unexpire flags also have a description that reads, "These flags will be removed soon," indicating that Duet is probably gone for good.
While it does look like the Chrome Home/Duplex/Duet saga has finally come to an end, Google might have other ideas for what could go on the bottom of the screen... like a tab switcher?
Conditional Tab Strip
One possible replacement for Chrome Duet could be the 'Conditional Tab Strip,' which first appeared as part of Chrome's tab group feature (which has yet to fully roll out on Android). Google is de-coupling the tab strip from the tab group feature, so it can work whether or not tab groups are being used. Just head to chrome://flags#enable-conditional-tabstrip and set it to 'Enabled.'
The "conditional" part of the name seems to come from the fact that it doesn't always appear, even when the flag is enabled. The flag doesn't work for me, but our own Rita El Khoury got it working on her phone, as did some Android Police readers who sent us tips about the feature.
Native applications on Android have been able to set shortcuts, the quick actions that appear when you hold down on an app icon, since Android 7.1. Starting with Chrome 84, web applications added to the home screen can also have shortcuts. Just like with native apps, you can hold down on a shortcut to give it its own icon.
Example of a PWA (PhotoStack.app) with app shortcuts
It's not much work for developers to add shortcut support to their web apps — Twiter has already done so, and I added them to my own PhotoStack application in about 30 minutes (most of that time was generating the icons).
Even though Google says app shortcuts should be available for everyone in Chrome 84, and they were functional for me on the beta release, I can't seem to get shortcuts to appear by default in the stable release. Perhaps it's tied to a server-side rollout, or it's a bit buggy.
Web OTP API
There are many services that use phone numbers for verification or two-factor authentication, but that usually requires leaving the current app and reading a message from your SMS app. Google introduced a way for native Android apps to automatically read verification texts in 2017, and now the company is bringing the same feature to web apps.
Here's how it works: when a website sends you a verification text, it can add a string of characters to the end of the message that tells the browser which site/app it is intended for. Android then displays a prompt asking if Chrome should be allowed to read the message and pass it to the site. If you accept, Chrome will automatically fill it in — no need to switch to your messaging app.
The catch is that, just like with native Android apps that use this functionality, websites have to be updated to take advantage of the new autofill API. I expect my bank will add support for it shortly before the heat death of the universe.
Blocking some notification requests
Chrome has already taken steps to prevent every site under the sun from creating notification popups, as you usually have to interact with the site for a while before it can show the browser-level prompt, but now the browser is going a bit further.
Google is now cracking down on websites that block parts (or all of) the page until you allow notifications. "Abusive notification prompts are one of the top user complaints we receive about Chrome," the company wrote in a blog post. "A large percentage of notification requests and notifications come from a small number of abusive sites."
Google will notify websites through Search Console if the company detects abusive notification experiences, at which point the site will have 30 days to remove the behavior or the quieter interface will kick in.
Transport Layer Security, or TLS for short, is the technology used by HTTPS sites to ensure all data is transferred over a secure connection. TLS 1.0 and 1.1 are fairly old at this point — they were released in 1999 and 2006, respectively. TLS 1.0 is vulnerable to multiple types of attacks, including POODLE, while TLS 1.1 supports weak cryptography.
Chrome deprecated support for TLS 1.0 and 1.1 back in early 2019, with the release of V72, but Chrome 84 adds an additional full-page warning to sites that don't support TLS 1.2 or later. You can still visit pages by pressing 'Advanced' and following the site link, but the browser warns that the workaround will be "disabled in the future."
On a related note, Google has started to test blocking HTTP downloads from HTTPS websites. This was originally slated to begin in Chrome 81, but was delayed to V84. However, Chrome on Android won't begin blocking these downloads until Chrome 85.
As always, this update includes changes for both users and developers. Here are some smaller changes included in Chrome 84:
- Origin Trial: The new Cookie Store API allows Service Workers to use HTTP cookies.
- Spacing between items in CSS Flexboxes can now be created using 'gutters'.
- Origin Trial: The new Idle Detection API allows pages to accurately tell when the user is idle (mouse isn't moving, no key presses, etc.).
- Origin Trial: Websites can now opt into stronger isolation with the new Origin Isolation API.
- The Web Authenticator API can be used from cross-origin frames if enabled by a feature policy. Google said, "there is interest in banks using this to comply with PSD2 regulations in the EU where they have to authenticate their users inside the context of a 3rd-party service-provider's site. Secondly, some sites wish to outsource their authentication to 3rd-party providers."
- The Screen Wake Lock API is enabled by default, and allows sites to keep your screen on in certain situations.
- Chrome 84 includes a new flag for the Media Feeds API, which appears to be a content recommendation interface for websites to use, according to now-removed documentation. The feature doesn't seem to be functional yet.
- There's a new Raw Clipboard Access API hidden behind a flag, which allows web apps to copy/paste images and other raw data, instead of only text.
The APK is signed by Google and upgrades your existing app. The cryptographic signature guarantees that the file is safe to install and was not tampered with in any way. Rather than wait for Google to push this download to your devices, which can take days, download and install it just like any other APK.