When you sign in to a site, Chrome may give you a warning if the username/password have been exposed as a result of a data breach on some website or app. The feature is available on all platforms but only to the users signed in with a Google account. On Android the feature is only available if sync is also enabled, due to the way the accounts are managed by the OS. Being signed in to a Google account is a technical requirement that prevents abuse of the API. When you sign in to a website, Chrome will send a hashed copy of your username and password to Google encrypted with a secret key only known to Chrome.
No one, including Google, is able to derive your username or password from this encrypted copy. From the response, Chrome can tell if the submitted username and password appear in the database of leaked credentials. The final resolution is done locally; Google doesn't know whether or not the credential is present in the database.
The feature can be disabled in settings under Sync and Google services. On desktop and Android versions of Chrome, this feature is not available if Safe Browsing is turned off. Synced data can include bookmarks, saved passwords, open tabs, browsing history, extensions, addresses, phone numbers, payment methods, and more. In advanced sync settings, you can choose which types of data to synchronize with this device. You can turn sync on or off in the "You and Google" section of Chrome settings.
You can manage and delete your saved credentials in the "Forms and passwords" section of Chrome's settings. If you enable password management, the same kind of data about forms as described above is sent to Google to interpret password forms correctly. To enable Chrome to offer password generation that meets site-specific requirements, Chrome uploads a randomized vote on a specific password characteristic to the server once a user-created password is stored. If stored credentials are used for the first time in a username field which was already filled differently by the website itself, Chrome also transmits a short one-byte hash of the prefilled value.
This allows Google to classify if the website uses a static placeholder in the username field which can be safely overwritten without deleting valuable user-specific data. Chrome helps protect you against password phishing by checking with Google when you enter your password on an uncommon page. Chrome keeps a local list of popular websites that Safe Browsing found to be safe. The verdict received from Safe Browsing is usually cached on your device for 1 week. For users who have enabled the "Help improve security on the web for everyone" setting, Chrome will ignore the list of popular websites for a small fraction of visits, to test the accuracy of that list. This beacon's URL is not sent to Google's PWS unless the Physical Web feature is enabled.
Once a user enables the feature, Chrome scans for nearby devices for a few seconds each time the user unlocks the mobile device in use and sends them to the PWS in order to obtain more information about the beacon. The user receives a silent notification when Chrome finds a nearby URL. Usage statistics contain information such as system information, preferences, user interface feature usage, responsiveness, performance, and memory usage. This feature is enabled by default for Chrome installations of version 54 or later. You can control the feature in the "Sync and Google services" section of Chrome's settings.
Enhanced protection also enables reporting additional data relevant to security to help improve Safe Browsing and overall web security, and it enables Chrome's password breach detection. When browsing in incognito or guest mode, these extra checks do not occur, and Enhanced protection mode operates the same way as Standard protection. If you're not signed in, Chrome offers to save your credit cards locally. If the card is not stored locally, you will be prompted for your CVV code or device authentication, such as Touch ID, Windows Hello, or Android screen lock, each time you use the card.
In some versions of Chrome, it is possible to store a card to Google Payments and locally in Chrome at the same time, in which case Chrome will not ask for a CVV or device authentication confirmation. If you have cards stored in this way, their local copies will persist until you sign out of your Google account, at which point the local copy will be deleted from your device. If you choose not to store the card locally, you will be prompted for your CVV code or device authentication each time you use the card.
You can opt out of using device authentication in the Payment methods section of Chrome settings. If you use a card from Google Payments, Chrome will collect information about your computer and share it with Google Payments to prevent fraudulent use of your card. For sync users, Google may collect additional information derived from Chrome history for the Federated Learning of Cohorts experiment. FLoC is one of the open standards proposed as part of the Privacy Sandbox, an initiative to make the web more private and secure for users while also supporting publishers. Google will use logged interest cohorts to perform an internal privacy analysis before making them available to the web ecosystem for broader testing.
On iOS, if you are syncing your browsing history without a sync passphrase, Chrome reports usage for certain URLs that other Google apps could open. For example, when you tap on an email address, Chrome presents a dialog that allows you to choose between opening with Google Gmail or other mail apps installed on your device. The usage information also includes which apps were presented to you, which one was selected, and if a Google app was installed. If you are signed in, this usage is tied to your Google account.
If you are signed out, the information is sent to Google with a unique device identifier that can be regenerated by resetting the Google Usage ID found in Chrome settings. The raw reports are deleted within 60 days, after which only the aggregated statistics remain. Your preferences will be sent to Google so that better suggestions are provided to you in the future. For example, if you indicate that you're not interested in a particular topic or publisher, suggestions about that topic or publisher will not be shown in the future.
Likewise, you can indicate that you're not interested in a specific article via the "Hide story" option in the article's three dots menu. Suggestions are also personalized based on your interactions with the suggested articles . You can manage this interaction data, which is stored in the Discover section of your Google account, at My Activity. Google may use anonymized and aggregated interest and interaction data from you to improve the quality of suggested articles for other users. For instance, if you view or open a suggestion it might be suggested more often, while if you report its contents as inappropriate it might stop being suggested.
For Chrome on Android, in certain countries, Chrome may download the content of the New Tab page suggestions from Google, for use while offline. Chrome sends to Google a cookieless request with the URL for each suggestion, along with Chrome's user agent string, in order to render the content. You can remove downloaded content by clearing Chrome's cache data, or by opening the Downloads menu and selecting individual pages to delete.
You can disable this feature by disabling "Download articles for you on Wi-Fi" in Chrome's Downloads settings. The enterkeyhint attribute is a global attribute that can be applied to form controls or elements that have contenteditable set to true. This attribute assists users on mobile devices that use a virtual on-screen keyboard. The Windows version of Chrome is able to detect and remove certain types of software that violate Google's Unwanted Software Policy. If left in your system, this software may perform unwanted actions, such as changing your Chrome settings without your approval. Chrome periodically scans your device to detect potentially unwanted software.
Additionally, if your device has network location enabled , the X-Geo header may also include visible network IDs , used to geocode the request server-side. You can learn more about how to control the Android OS location sharing with apps on this article for Nexus, or find your device here if you do not use a Nexus. How to control location sharing with a site within Chrome is written in this article. See the Geolocation section of this whitepaper for more information on default geolocation permissions. Your device may receive push messages from the backend servers of apps and extensions installed in Chrome, websites that you grant the "notification" permission to, and your default search engine. Disabling push messages from your default search engine is done in the same way as disabling push messages from any site, by visiting the "Notifications" section of "Site settings".
Using the same secure method described above, you can check all the saved passwords against the public data breaches in the "Passwords" section of Chrome's settings. Once you've run a password check, Chrome will show a list of breached passwords. If a password in this list is outdated, you can manually edit it to store the current version. If you choose to edit, the new username/password pair will be checked automatically but only if the feature described above is not disabled. If Autofill is enabled and you encounter a web page containing a form, Chrome sends some information about that form to Google. In response, Chrome receives a prediction of each field's data type (for example, "field X is a phone number, and field Y is a country").
This information helps Chrome match up your locally stored Autofill data with the fields of the form. You can read more in the Usage statistics and crash reports section of this Whitepaper. This document describes the features in Chrome that communicate with Google, as well as with third-party services (for example, if you've changed your default search engine). This document also describes the controls available to you regarding how your data is used by Chrome. Here we're focusing on the desktop version of Chrome; we touch only tangentially on Chrome OS and Chrome for Mobile.
This document does not cover features that are still under development, such as features in the beta, dev and canary channel and active field trials, or Android apps on Chrome OS if Play Apps are enabled. For field technicians, it may be difficult to enter the password on their device when logging in every time. The mobile application uses built-in operating system storage to store user credentials, which is secure. If the Android Backup Service is enabled on your device, some of your Chrome preferences will be saved and stored on Google servers. For Nexus and Android One devices, it is described under "Back up your data and settings with Android Backup Service" in this article. For other Android devices, you may be able to find help by looking up your device on this page.
When setting up a new Android device, you may request that it copies the preferences from a previously set up device. If you do so, Android may restore backed up Chrome preferences when Chrome is first installed. On iOS devices, users can enable the feature in the Privacy settings or by adding the Chrome widget to their Today view in the notification center.
Additionally, the feature is automatically enabled for users who have location enabled on their device, granted Chrome the location permission, and have granted Google the geolocation permission. Chrome scans for nearby devices whenever it is open in the foreground. When Chrome finds nearby URLs, users will see them as omnibox suggestions. Additionally, Chrome scans for nearby devices for a few seconds when the Today widget is displayed in the notification center. This feature is disabled by default; to turn it on, click "Ask Google for suggestions" in the context menu that appears when you right-click on a misspelled word.
You can also turn this feature on or off with the "Enhanced spell check" checkbox in the "Sync and Google services" section of Chrome settings. When the feature is turned off, spelling suggestions are generated locally without sending data to Google's servers. When this feature is enabled, Google Chrome stores a randomly generated unique token on your device, which is sent to Google along with your usage statistics and crash reports.
The token does not contain any personal information and is used to de-duplicate reports and maintain accuracy in statistics. This token is deleted when the feature is disabled and a new token is regenerated when the feature is enabled again. If the website is deemed unsafe by Safe Browsing, you may see a warning like the one shown above. This mechanism is designed to catch unsafe sites that switch domains very quickly or hide from Google's crawlers.
Pages loaded in Incognito are not checked using this mechanism. Chrome tries to make personalized suggestions that are useful to you. For this, Chrome uses the sites you have visited from your local browsing history. To save data, Chrome may additionally send a hash of the content that Google provided to you the last time, so that you only download content when there is something new. By default, tapping the input will cause the keyboard to appear with the text "return" on a gray submit button. You can optionally set the inputmode property to "search", which will change the text from "return" to "go", and change the button color from gray to blue.
Alternatively, you can wrap the ion-searchbar in a form element with an action property. This will cause the keyboard to appear with a blue submit button that says "search". To save the username, you need to access Display Settings from the Configuration section of your Mobile Application. You need to select the 'Remember User Name on Login Screen' option. Selecting this option saves your user name and populates it automatically, when you use the same device and browser to log into the application. This feature is available only for users who have the Internal and LDAP login policies, and not for users who have the SAML or OpenID Connect policies.
If your authentication fails, your user name doesn't get populated when you try to login to the mobile application next time. Emptying your browser's cache will delete any temporarily stored data from websites. The cache is used to briefly store page elements such as images or search queries.
Cached data also helps reduce loading times when you wish to access a recently visited site. The local build cache is pre-configured to be a DirectoryBuildCache and enabled by default. The remote build cache can be configured by specifying the type of build cache to connect to (BuildCacheConfiguration.remote(java.lang.Class)). Gradle supports a local and a remote build cache that can be configured separately. When both build caches are enabled, Gradle tries to load build outputs from the local build cache first, and then tries the remote build cache if no build outputs are found.
If outputs are found in the remote cache, they are also stored in the local cache, so next time they will be found locally. Gradle stores ("pushes") build outputs in any build cache that is enabled and has BuildCache.isPush() set to true. Since a task describes all of its inputs and outputs, Gradle can compute a build cache key that uniquely defines the task's outputs based on its inputs. That build cache key is used to request previous outputs from a build cache or store new outputs in the build cache.
If the previous build outputs have been already stored in the cache by someone else, e.g. your continuous integration server or other developers, you can avoid executing most tasks locally. The following sections explain how to programmatically disable these features regardless of whether you've enabled them via your property settings or via your tracking code. The corresponding programmatic enablement instructions, also available elsewhere in our documentation, are provided here for reference. You can also control whether Advertising Features and Advertising Personalization are enabled or disabled for an app by following these instructions.
Chrome is constantly evolving to better meet the needs of users and the web. To ensure new features are providing the best experience and working correctly, they may be enabled for a subset of users before they are fully launched. For example, if we improve how page loading works in Chrome, we may try it out for 1%% of users to ensure that it doesn't crash or run slower before launching to everyone.
This is done through a system called "Chrome Variations" - also known as "field trials". Push message data is sent over a secure channel from the developer through Google's infrastructure to Chrome on your device, which can wake up apps, extensions, and websites to deliver the message. The developer may end-to-end encrypt the message data, or may send it in a form such that Google servers process it as plain text. Google servers retain up to 4 weeks' worth of messages to ensure delivery to users even if their devices are offline at the time of the initial pushing.