Skip to main content

Reading is great. Tracking makes it stick. Sign up for a free Dashboard to tick off tasks and see your Security Score.

Get my free Dashboard →
CE: Malware Protection5 minutesEasy

Safe browsing on Android Chrome

Chrome on Android includes several security features that protect you from phishing sites and malware. This guide walks you through enabling them, and explains how to spot dangerous sites before you enter any personal information.

Google search page displayed on a smartphone screen

Enable Enhanced Safe Browsing

Chrome's Enhanced Safe Browsing checks the URLs you visit against Google's constantly updated list of dangerous sites in real time. To enable it:

  • Open Chrome and tap the three-dot menu (top right)
  • Go to Settings > Privacy and Security > Safe Browsing
  • Select "Enhanced protection": this provides the strongest protection
  • "Standard protection" is the default and is still effective; Enhanced protection adds real-time checks

Enable HTTPS warnings

HTTPS encrypts the connection between your phone and a website, protecting data you submit (including passwords and payment details). Chrome warns you about non-HTTPS sites by default; make sure this is active:

  • Go to Chrome Settings > Privacy and Security > Always use secure connections
  • Toggle it on: Chrome will warn you before loading any non-HTTPS page
  • Look for the padlock icon in the address bar before entering any sensitive information
  • A missing padlock on a banking or shopping site is a serious warning sign

Review and restrict site permissions

Websites can request access to your camera, microphone, location, and notifications through Chrome. Review what you have already allowed:

  • Go to Chrome Settings > Site Settings to see all permissions granted to websites
  • Revoke location, camera, and microphone access for any site that does not genuinely need it
  • Block notifications from sites that send excessive or misleading alerts
  • Set Camera and Microphone to "Ask first" rather than allowing all sites by default

Spotting phishing and malicious sites

Safe Browsing catches most threats, but knowing the signs yourself adds another layer:

  • Check the URL carefully: attackers use addresses like "paypa1.com" or "hsbc-secure.phish.com" that look legitimate at a glance
  • Legitimate UK banks, HMRC, and government services use .gov.uk, .co.uk, or .com domains, not unusual combinations
  • Do not enter passwords or payment details on a page you arrived at via an unexpected link in a text or email
  • If Chrome shows a red warning page, do not proceed: go back and access the site by typing the address directly

Track your Android security progress. Free.

Create a free account to tick off tasks, see your Security Score improve, and know exactly what you've done and what's still to do.

Start your free security check
← Back to Android Security Hub