New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 47 users

Issue metadata

Status: Verified
Not on Chrome
Closed: Apr 2015
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 2
Type: Bug

issue 302553
issue 420813

Participants' hotlists:

Sign in to add a comment

Issue 425158: Detailed connection info on Android

Reported by, Oct 20 2014 Project Member

Issue description

With the launch of the new PageInfo on Clank we will be temporarily removing the Connection info that used to be accessed by clicking on the lock. We need to bring it back in a subtle way that will satisfy the needs of power users but not distract the majority of our users who will never need it. 

See conversation here:

Comment 1 by, Oct 22 2014

Status: Assigned
Assigning to me to find a resource / cc'ing Rebecca as Android contact.

Comment 2 by, Nov 6 2014

Blocking: chromium:302553

Comment 3 by, Dec 19 2014

 Issue 442962  has been merged into this issue.

Comment 4 by, Jan 6 2015

Ccing Max, the dev tools designer for Chrome.

Comment 5 by, Jan 15 2015

Labels: -M-41 M-42 MovedFrom-41
Moving all non essential bugs to the next Milestone.

Comment 6 by, Jan 15 2015

Assigning to Lucas for now.

Comment 7 by, Jan 30 2015

Labels: Cr-Security-UX-WebDev
We should make sure this works with remote debugging when we move connection info to dev tools, but it would also be nice to have *some* way to view it on the device alone (even something buried three clicks deep).

Comment 8 by, Feb 6 2015


Comment 9 by, Feb 6 2015

Blocking: chromium:420813

Comment 10 by, Feb 6 2015

Owner: ----
Status: Available
Removing myself as owner, because I am unlikely to be the person implementing this.

Instead, this is now a blocker for  Issue 420813 : Security UX for (Web) Developers

Comment 11 by, Feb 6 2015

Adding tsergeant who might want to take a look at this. Do we have any idea what the UI could look like?

Comment 12 by, Feb 6 2015

Summary: Detailed connection info on Android (was: Detailed connection info on Clank)

Comment 13 by, Feb 10 2015

Idea: we only make connection info available when the device is in developer mode.

If the original idea for exclusion was simply to avoid overwhelming normal users, we could append the old information to the end of the OIB (when the device is in developer mode).

But if we want to keep connection information separate from the OIB, we could also add a button to the Chrome menu (when the device is in developer mode).

Comment 14 by, Feb 10 2015

Something like "technical details" or "more" button on the OIB would be better. 
I do not use such information only for development purpose. 
Ex. There is a security warning and depending on the exact reason I will carry on or not (and sometimes a company may have issued instructions to help users make such decisions). 
Or the non trusted certificate can be a private one I could trust enough if I can see the issuer/signature. 
Or I had to put a company proxy private certificate as trusted, but not trust it for anything, so need to check. 
Or want to check that the CA is still the expected/usual one for some sensitive site. 

Comment 15 by, Feb 10 2015

If my colleagues involved with  thought it was important to keep a "More" button for all users, I think they would have added it.

To address your reasons:
- Security warning: what exact reasons?
- Non-trusted certificate: The issuer is trivial to fake.
- Proxy: Android Chrome connection info gave you no way to check if the issue is caused only by the proxy.
- CA: Android Chrome connection info told you only the intermediate CA. If anyone is working with/hacks another CA, they can trivially issue an intermediate CA with the same name.

I understand your desire to see if an error is really "what you expected", but that isn't really possible with the old connection info – even if you know what you're doing!
In practice, connection info helps developers debug their websites much more than it gives a reliable indication of the security/errors of the connection for end users.

That said, I'd also love to see it available without developer mode. (My suggestion was an alternative, in case this is undesirable UX for the common user.)

Comment 16 by, Feb 10 2015

Thanks for your answer. 
- security warnings : that's the point,  the reasons may be various (and different over time/version),  such as not anymore fully trusted encryption (sslv3, key length,...), CA trusted but not anymore the same that before for the site,... whatever is considered not completely safe by a given chrome version. 
-issuer is easy to fake, but not the signature hash. I have already seen sites (ex. internal company sites) instructing to check the signature (they show you a screenshot of what is expected...). 
- CA info.  I do not remember exactly what details were in the connection info. I know on the desktop there is all the chain visible,  and I sometimes check it. Would be good if it was available info here too. 

I'd very much like this all to be available in non developer mode. Though for myself I can  turn it on anyway...

Comment 17 by, Feb 10 2015

 Issue 457104  has been merged into this issue.

Comment 18 by, Feb 26 2015

 Issue 462289  has been merged into this issue.

Comment 19 by, Mar 3 2015

Labels: -M-42 MovedFrom-42
Status: Untriaged
[AUTO] This issue has already been moved once and is lower than Priority 1,therefore removing mstone.

Comment 20 by, Mar 4 2015

Echoing sashab's #11 - do we have any ideas of the UI for this?

rolfe - any thoughts?

Comment 21 by, Mar 4 2015

Status: Assigned
Confirming the design ownership. Will keep you posted!

Comment 22 by, Mar 10 2015

Tried to set up a meeting for everyone but schedules are crazy for the next couple weeks. Who is the most invested eng for integrating connection info onto the revamped page info/OIB? I've got some questions and would love to meet 1:1 to figure out the connection info parameters.

Comment 23 by, Mar 11 2015

Re #20: Ben, can Tim pick this up? If so, Rebecca perhaps you could meet with me and Tim. I can help answer security questions.

Comment 24 by, Mar 11 2015

This probably fits well with Tim's stuff. I'm not sure if Lucas is already looking into this though?

Maybe we could quickly get together to discuss the overall game plan, I'm not sure what we're doing at a high level (sorry, I think it got paged out).

Comment 25 by, Mar 12 2015

I just wanted to throw out a design idea, you can take it, make it better, or leave it. This is just a little mock up I made of what I'd like to see when this gets resolved. I've tried to keep Material Design in mind as well while making the design.
385 KB View Download

Comment 26 by, Mar 17 2015

 Issue 467842  has been merged into this issue.

Comment 27 by, Mar 17 2015

The UI proposal in #25 looks like a good balance between not overwhelming regular users, while offering developers the same valuable information already available in desktop Chromium. I'd hate for it to be visible only when the device is in developer mode.

Comment 28 by, Mar 17 2015

I talked a bit in person with rolfe@ yesterday. My view is roughly:

- We need connection info on Android, for developers and power users.
- The current mobile summary is flawed (see comment #15), but we should bring it back for now.
- Once security stuff in DevTools has launched, we can revisit power users and mobile use cases.

I believe rolfe@ is working on mocks for adding a "Details" link to site settings (in the vein of comment #25).

Comment 29 by, Mar 19 2015

Status: Started

Comment 30 by, Mar 19 2015

A decent usecase was this recent twitter thread:

Comment 31 by, Mar 26 2015

"Details" link was approved! (a link to be appended at the end of the security string.)

egm@ - feel free to assign to dev to implement.

No spec needed I'm guessing, but let me know if there are questions.

Comment 32 by, Mar 26 2015

ro...@  could you attach that image to this thread for better viewing? (that was a private URL)

Comment 33 by, Mar 26 2015

Assigning the bug to tsergeant, who will be handling the implementation. Also attaching a screenshot of rolfe's mock.
166 KB View Download

Comment 34 by, Apr 15 2015


Comment 35 by, Apr 24 2015

Screenshots of implementation:
173 KB View Download
166 KB View Download
172 KB View Download
115 KB View Download

Comment 36 by, Apr 24 2015

Oops, forgot to add:

rolfe@ - I tweaked the padding in the dialog compared to the old version. Can you please double check that everything looks okay?

Comment 37 by, Apr 24 2015

Hey! Thanks for sending. Looks really good.

- Can you remove "Copy URL" bit or is it too soon?
- What part of the padding changed? Comparing connection info to the preview sgabriel@ made the top margin is 12px taller. Not sure if that's it though.
- If you're referring to the Certificate dialog I don't think design has ever done much with that (no specs in our file.) But it would be great if padding was consistent between the title and the rest of the text. Might be nice too to make it have a #FFFFFF background and give the text the same darker gray as text elsewhere (which I believe is #444444.) I know we don't touch this much though too so also fine to leave as is.

Comment 38 by, Apr 27 2015

I'm comparing my screenshot of the connection info popup to image number 5 in your folio link from #31 - I removed some padding from the top and bottom of the dialog and reduced the padding around the two links.

For the certificate dialog, I didn't touch anything, but I should be able to quickly make changes you've suggested.

Finally, I'll follow up on the Copy URL button in another bug.

Comment 39 by, Apr 27 2015

Ah sorry. I wouldn't recommend using my crummy mock as a reference. I thought the connection info layout was still live somewhere so you wouldn't have to re-create it (or whatever magic you engineers work to bring back code from the dead.)

Sgabriel's Material design is the best reference:

But he didn't make a spec for it. From what I see your file looked A-OK to me. Also fine to leave the certificate as if if you want to. The only thing that really bums me out is the inconsistent padding, but I can live with it since I'm sure you have other priorities.

Comment 40 by, Apr 28 2015

The screenshots from #35 are mostly the old code (brought back from the dead) with a few tweaks. Anyway, it wasn't too much work to make the additional changes you suggested, so I think that everyone is happy and this is ready to land!

Comment 41 by, Apr 29 2015

Project Member
The following revision refers to this bug:

commit f21c52aeafa701b18ed505347ee0e7a7d07e5d53
Author: tsergeant <>
Date: Wed Apr 29 03:26:54 2015

Add connection info popup within Page Info on Android.

Partial revert of 00e86ade3b71d372ebe49c3e24da75361e841dc7

This is a revived version of WebsiteSettingsPopupLegacy, which contains
detailed connection and certificate information, similar to the desktop
website settings popup. The popup is accessed through a 'Details' link
in the page info popup.

BUG= 425158 

Review URL:

Cr-Commit-Position: refs/heads/master@{#327429}


Comment 42 by, Apr 29 2015

Status: Fixed

Comment 43 by, May 5 2015

Status: Verified
Lookin' good! :-D
152 KB View Download
84.2 KB View Download

Comment 44 by, Jun 4 2015

Labels: -MovedFrom-41 -MovedFrom-42 M-44
Looking at the date this code landed, I think this went with M-44. Is that right? Updating labels.

Comment 45 by, Jun 4 2015

Yes, M44 is correct.
(I just double-checked.)

Comment 46 by, Mar 9 2016

Components: -Security>UX>WebDev
Labels: Hotlist-Security-UX-WebDev

Comment 47 by, Dec 9 2016

Components: -Security>UX
Labels: Team-Security-UX
Security>UX component is deprecated in favor of the Team-Security-UX label

Sign in to add a comment