FTP is a non-securable, legacy protocol. We've WONTFIXed FTP support on iOS, but its usage in Blink-based Chrome is high-enough that it seems difficult to remove all at once. This seems like a reasonable way of reducing its viability as an attack surface as a stepping stone to more complete removal.
Usage information from UseCounter
Navigation.MainFrameSchemeDifferentPage for the past 7 days, I see 0.06% of stable users navigating to an
ftp: page (0.003% of total navigations). Looking at
Download.TargetConnectionSecurity for the same time period, I see 0.04% of users downloading a resource from
ftp: (0.03% of downloads). If I limit the platform to Android, I see less usage:
Navigation.MainFrameSchemeDifferentPage is 0.01% of users and 0.0003% of total navigations,
Download.TargetConnectionSecurity is 0.01% of users and 0.003% of total downloads.
Support for rendering FTP resources was removed by https://crbug.com/744499. It's planned in bug 1560699.
Issue 500548: Remove FTP for Android
FTP is hardly used on Chrome-for-Android. We should see how much binary size reduction we would get for removing it.
There's a more general bug to remove FTP support across platforms. However, there is significantly more usage on desktop than mobile so we'd want to have a better replacement story in place. On Android we won't have an app fallback, but it is also used less frequently.