Image: ZDNet
Google said today that Chrome for Android will soon support DNS-over-HTTPS (DoH), a protocol that encrypts and secures DNS queries to boos user privacy.
DoH support is already available for desktop versions of the Chrome browser since May, since the release of Chrome 83; however, the feature was never added to the Android and iOS versions.
In a short blog post today, Google said that it has now decided to enable the feature for Android users, where it will progressively enable DoH inside Chrome mobile browsers over the coming weeks.
All users who have updated to Chrome for Android 85 will, at one point or another, see a new option in their browser’s settings, titled “Secure DNS.”
Image: Google
The Secure DNS option will be enabled by default for all users, and once turned on, Chrome will attempt to make DNS queries in an encrypted form (via DoH), where supported, and use classic plaintext DNS as a fallback.
Under the hood, Google said the feature works identically to the desktop versions of Chrome, meaning that users don’t have to tinker with Android’s overall DNS settings.
Instead, Chrome will use an internal list of DoH-capable DNS servers, and if the user has one configured as the OS-wide DNS setting, Chrome will use that server’s DoH interface instead of the default one, and replace plaintext DNS queries with encrypted DoH queries on the fly.
In addition, for situations where users don’t want to change their Android device’s system-wide DNS server to one that supports DoH, Google also lets users customize Chrome’s DoH server just for their browser alone.
Chrome users can do this by using the second option in the screenshot above, named “Choose another provider,” and add the IP address of the DNS server they want to use. Since this option is configured inside Chrome’s settings, it only applies to Chrome for Android, and not to the entire Android OS.
Furthermore, Google says that Chrome for Android will also automatically disable DoH if it finds that the smartphone is part of a managed environment, such as those in corporate networks. On these types of networks, IT staff usually deploy enterprise-wide policies to control a company’s smartphone fleet for security reasons, and DoH might, sometime, open users to attacks, hence the reason Google won’t force the setting in such tightly-controlled environments.
Google didn’t say when DoH was coming to Chrome for iOS; however, this is very likely a long way away, as Apple has only recently added support for the DoH protocols to iOS and macOS.
