Chrome will soon block password autofill on stolen devices

Google is doing its best to make Android OS more secure for users. More recently, Android 15 brought a new theft detection feature to prevent data theft when someone robs or steals your unlocked device. But, what if the thief knows your lock screen’s PIN, password, or pattern? Yes, we know that sounds concerning, but it’s still possible. It seems Google is aware of such circumstances. That’s why it is working on a new feature that would enable Chrome to block password autofill in the event of device theft.

Google Chrome will soon block password autofill to safeguard your data in the event of device theft

The Google Chrome feature we are talking about here is Identity Check. When enabled, this feature forces the user to use their biometrics to unlock apps. Interestingly, apps that use simple lock features like PIN, pattern, or password would also require biometric authentication.

In a part of the announcement post of the theft detection feature, Google talks about the feature. It mentions “Later this year, we’ll launch Identity Check, an opt-in feature that will add an extra layer of protection by requiring biometric authentication when accessing critical Google account and device settings, like changing your PIN, disabling theft protection, or accessing Passkeys from an untrusted location. This helps prevent unauthorized access even if your device PIN is compromised.”

To catch you up, popular Chrome tipster Leopeva64 previously found some code changes in the Chromium Gerrit. Those codes reportedly pointed towards this exact feature. One such code change had a new Chrome flag that “enables Android identity check for eligible features.”

That’s not all, the description of the Chrome flag explains the feature too. It reads “The feature makes biometric reauthentication mandatory before passwords filling or before other actions that are or should be protected by biometric checks.”

The feature could roll out as part of the Android 15 QPR1

Mishaal Rahman (for Android Authority) further investigated if these Chrome changes were related to the Android Identity Check feature. Today, he reported that the changes made by the Google Chrome team were indeed related to the Identity Check feature. Rahman found out that one of the code changes includes a new GetBiometricAvailabilityStatus method.

That method reportedly returns “kRequired,” “kAvailable,” “kAvailableLSKF,” and “kUnavailable” when biometric authentication is mandatory (or enabled), available but optional, isn’t available, and unavailable, respectively. Rahman also mentions that the Google Chrome team is adding this method to code related to “password autofill, payment methods, sync settings, and incognito mode.”

The Android reporter further figured out that the new Chrome feature will only be available on devices running Android 15 QPR1. All that said, Google hasn’t confirmed when the Identity Check feature will be available in the previous announcement. It’s also unclear how the feature would work.

That said, Google might bring the mandatory biometric setting with a server-side update for the Google Play Services apps. Time will tell when the actual rollout happens. But one thing is sure, Google is quite serious about users’ data and safety, which is a good sign.