Chrome OS is already one of the most secure operating systems in use today – light-years beyond MacOS and Windows in many ways however it is far from perfect. Here is my security wish-list for features I would love to see in future Chrome OS devices. Note, this page is just for security related changes, there are plenty of non-security feature I would like to see as well.
Factory Reset Protection (FRP)
Factory reset protection is a feature found in many Android phones and tablets – in fact Google actually requires it for Google Play Certification. This feature is designed to lock dock down a device to the GMail account originally used to activate it unless reset from the settings application.
Currently there is nothing preventing a thief from snagging your Chromebook from you while at a coffee shop and making it theirs with a simple factory reset from the boot menu. Factory Reset Protection would require you to log in with the same GMail account used to setup the Chromebook unless the reset was directly triggered via the “Powerwash” option in the Chrome OS settings screen.
This feature is made even more important with the fact that we are able to give a lot more trust to select Chrome OS devices such as the Pixelbook’s U2F Key.
Android Device Manager/Find My Chromebook
If you are an Android user, you are able to visit the “Find My Android” page and track, ring, lock your Phone/Tablet and even Factory Reset a device from a web page. I would love to see this functionality come to Chrome OS. This would also be a huge benefit to “Always Online” devices with built in LTE.
SD Card Encryption
While many ChromeOS devices have MicroSD card support (regardless of the fact that ChromeOS really does not make good use of them), it would be nice to see the option of encrypting our storage. It is possible on many devices to move the default locations of your Downloads directory to the SD card – aside from cat pictures and memes, your Downloads directory can be a hotbed of sensitive data for potential thieves as travel plans, receipts, invoices and more are common. It is best to encrypt this storage as you do with the internal storage.
Allow Flashing Unlock Equivalent/Lock Bootloader
Chrome OS devices are remarkably open and developer friendly, often requiring a few simple keystrokes at the boot menu to accomplish. Chrome OS does protect the data of its users by immediately destroying all user data stored on the main memory once a user chooses the option to enable “Developer Mode”. With developer mode active, a user could replace the operating system and more with ease. All a malicious user would need is physical access to the Chromebook to pull this off.
I would love to see a flag in the chrome://flags that would would need to be enabled before the Chrome OS device would allow the user to enable developer mode.
Smart Lock Support
Here is yet another feature proudly ripped from Android – I would love to see Chrome OS get Google Smart Lock support which allows you to add Trusted Faces, Trusted Voice, Trusted Locations and Trusted Devices to Chrome OS. With Trusted Devices, you could setup Chrome OS to automatically unlock when a specific Bluetooth device is in range such as your favorite Bluetooth headphones or game control. Currently the only “Trusted Device” that is supported in your phone.
Is there anything else I am missing? Feel free to add them to the comments below.