The Shortcomings of ChromeOS in 2023
Every few years, I try to take some time to write an article about the shortcomings of ChromeOS and offer advice to the developers on the ChromiumOS team to consider when implementing new features on ChromeOS. Admittedly, I fully intended this to be a yearly publication; however, I do tend to fall victim to procrastination. This article is not intended to demonstrate that ChromeOS is somehow a sub-par operating system that people should not use; it's quite the opposite, as I feel that if the ChromiumOS team were to adopt these features, it could compel more users to adopt ChromeOS as their primary operating system.
My last installment of this series was over 3 years ago, in 2020, and it's shocking how many of the shortcomings I pointed out in that article actually materialized. This includes:
- Deeper Integration With Android Phones
- App Streaming (limited to Pixel devices, but it technically exists)
- Actionable Notifications
- Multiple Containers (hidden behind some flags, but they technically exist)
There were, of course, several shortcomings that did not appear to meet the cut and are still missing from ChromeOS. As we close out 2023, let's look at some of the features that are either missing from ChromeOS or are being neglected.
External Storage Encryption
I mentioned this in 2017 and again in 2020, and I will continue to shout from my soapbox until this feature is implemented. ChromeOS is touted as one of the most secure operating systems on earth, and for several reasons, that statement is largely considered true by security experts. ChromeOS does numerous things to protect your data from attackers, but the one place where the security is lax is with external storage.
It is common for modern Chromebooks to be released with as little as 64 GB of built-in storage. This is anemic by most accounts, so many users of these lower end units will often resort to augmenting their built-in storage with a MicroSD card. It is also possible to mount your MicroSD card inside a Linux container to use for storage (with some limits). It is also common for people to change the location of their Downloads folder to their MicroSD card to maximize the amount of built-in storage. In all of these cases, it is realistic for confidential or sensitive data to exist on a MicroSD Card. Sadly, as ChromeOS does not support Encryption of external storage, a malicious user can simply eject your MicroSD card and read it on any other computer without any issue.
There would be one problem that the ChromeOS team would need to solve when it comes to encrypted external storage devices. Android devices are typically not shared between multiple users, so encryption is pretty standard as you do not need to have multiple keys for each user. On the contrary, one of the selling points of ChromeOS is that it works perfectly as a shared device, whether that is a shared family computer or a computer in a classroom/library shared between multiple users. In the multiple user scenario, there would need to be a way to prevent one user from accessing the encrypted content of another user on the external storage. This can best be done with encrypted volumes or partitions on the MicroSD card in which each user would only see their encrypted volume. On a shared family computer, parents should have the ability to control this if they want to keep an eye on what their children are doing.
This continued omission of the encryption of a MicroSD card is simply inexcusable and undermines the outstanding work that Google has done to secure the data on the Chromebook's local storage.
Steam Support (borealis)
First spotted in mid 2021 and later announced in April of 2022, Google has brought Steam support to ChromeOS on select supported devices. The list of supported devices for the initial test was limited to a small handful of devices with plans to roll it out to additional devices after the initial test. There are roughly 60 models that contain the flag "has-borealis" but the actual number of ChromeOS models that currently support this feature is far shorter. Although Google said it was targeting anything with a 9th generation intel i3 or higher (with 8 GB of RAM and 128 GB of Storage), they seem to have forgotten anything below an 11th generation processor.
Virtual Machine Support (bruschetta)
I am convinced that ChromeOS is one of the best platforms for developers. I have been personally using ChromeOS as my daily driver for years and have written thousands of lines of code on it. Many developers agree that using a GNU/Linux distribution for development is by far the best experience, and this is something ChromeOS does very well with its Linux Container Runtime (Crostini).... assuming you are not a iOS developer.
Linux Containers on ChromeOS work surprisingly well, all the tools that developers tend to use are well-supported and work out of the box. This includes things like python, nodejs, DotNet, AndroidStudio, VSCode and even Docker. It is not only possible to use all of these tools but even to set up a local development environment to allow you to test and run code before deploying it to production.
For 90% of developers, the ChromeOS Container implementation works very well and will suit their needs; however, there are several developers who demand more from their hardware, specifically the desire to run custom virtual machines. This would allow them to set up custom Linux environments (where they can modify low-level components such as the Kernel). These virtual machines would also allow the use of other operating systems, such as Windows or BSD-based operating systems.
This feature was teased to users via the "bruschetta" codename. This appeared in the ChromeOS flags and source code, but after close to a year, it was revealed to be an internal Google Development tool and not planned for release to the public.
The sad fact is that ChromeOS can indeed run Windows via Parallels Crossover, but this requires a Chromebook that is enrolled in an enterprise account and has some complicated setup instructions that are out of reach to most consumers. At the very least, Google should open up Parallels support to consumers who have supported hardware and allow them to purchase a personal license for Parallels directly.
Factory Reset Protection
Factory Reset Protection is a feature that has been standard on Android, iOS and even MacOS that renders a stolen device useless if the thieves try to wipe it and use it with their own account. Google even offers this on ChromeOS but its limited to enterprise and education-enrolled devices. This feature is completely missing from personal ChromeOS devices.
Factory Reset Protection is a double-edged sword; on the one hand, it does take money out of thieves' pockets, but it also contributes to more e-waste in landfills as these stolen devices will be discarded once they realize they are unusable. Even with this problem, I still feel it would be a win for consumers, as a thief would be less likely to "borrow a Chromebook without asking" if it was public knowledge that the owner could ensure the device could never be used by the thief.
Like most people, I have a lot of personal and sensitive files on my laptop, which happens to be a Chromebook in most cases. This includes personal records, tax documents, payroll documents, SSH keys, source code and other files I would prefer to keep confidential. My Chromebook is reasonably secure, with a strong password and other lockdowns to help prevent a thief from being able to access the contents.
While I am confident that the contents of my Chromebook would be safe, even if stolen, I would still rather have the option to remotely wipe the Chromebook if stolen or compromised. The feature is standard on Android, and I would really like to see something similar added to ChromeOS. Just for the added peace of mind.
Biometrics Support in Android Applications
It is a sad fact that the number of ChromeOS devices that support biometrics is a bit on the anemic side, one of the reasons for this might be that the few ChromeOS devices that have a fingerprint reader make poor use of it. I have been using the Samsung Galaxy Chromebook 1 as my daily driver for over a year and it is a fantastic device, given its faults, and it is one of the few devices with a built-in fingerprint reader.
For websites that use the WebAuthN standard, the fingerprint reader works beautifully for both passwordless logins and MFA logins. The only other use of the fingerprint reader is to unlock your Chromebook without having to enter your password. While it is difficult to find Linux applications that support fingerprint readers, Android applications are a different story, specifically banking and security applications. I use the Android version of Bitwarden on my Chromebook, so my workflow is to enter my long password on Bitwarden to unlock my password vault, find my password and MFA code for my banking application, and then proceed to log into my banking application. This could all be avoided with a simple touch of the fingerprint reader.
I do understand that having two operating systems (Android and ChromeOS) being able to interact with the fingerprint reader is incredibly difficult from a development and security standpoint. It is not as straightforward as other hardware, as most security devices (fingerprint readers, MFA tokens, etc) are typically isolated from the main operating system to ensure that rogue applications cannot extract sensitive information such as the private keys that all of these technologies are based on. With this said, Google does possess the know-how to do this securely, they just don't.
Many companies, including Google, are pushing the notion that passwords are inherently insecure and making a push to a "passwordless" future. There is some hope that they will address this huge flaw in the paradigm they are trying to promote. I hope that ChromeOS learns to make better use of biometric devices, this may be the spark needed to ensure hardware manufacturers make it a priority to implement fingerprint readers in future ChromeOS devices.
Android Application Streaming
Application Streaming is a game changer for Android devices. It was an idea that I first envisioned in 2020 as a solution to overcoming the limited storage options of many Chromebooks on the market at the time. This was a time when many new Chromebooks were being shipped with 32 or 64 GB of storage, and new phones were being shipped with 256 GB of storage as an option.
Almost three years later, in July 2023, this became a reality after Google finally implemented application streaming from a nearby Android Phone. The implementation was basic but worked; the biggest problem is that Google has limited support to a few Pixel phones instead of all modern Android phones. Google does tend to limit features to Pixel devices while they work out all the bugs, but development on app streaming has pretty much slowed, and there are no signs of it being released to other Non-Pixel phones in the near future.
The biggest insult to ChromeOS users is that Microsoft has already managed to accomplish what Google has failed to do with the Windows Phone Link. The Microsoft implementation is far more feature-rich and offers full app streaming on any phone that runs Android 13 and above. It supports audio-redirection, call management, photo management and notification mirroring. On select devices, it even offers the ability to stream multiple applications at the same time. My only complaint (which both app streaming solutions suffer from) is that you cannot expand the application out of the native phone form factor.
The Microsoft PhoneLink makes a compelling reason to purchase a cheap "throw-away" laptop to stream your phone applications from when traveling. It actually may be the only practical use for a budget laptop such as the sub $200 HP Stream Laptop.