Google will now also default dns-over-https on Chrome for Android. From version 85, the browser encrypts all traffic if the DNS provider supports it. It will also be possible to select an alternative DNS provider yourself.
Google writes in a blog post that it enables its implementation of dns-over-https on Chrome 85 for Android by default. Google calls this implementation Secure DNS. According to the company, its mobile version works the same as on the desktop. It has been experimenting with this since September last year. Since Chrome 83, dns-over-https is on by default in the desktop version.
With Secure DNS, DNS queries are encrypted by default if the user’s current DNS provider supports it. If the provider does not support it, which is currently still the case for most ISPs, the queries are simply sent in plain text. Google has compiled a list of DNS resolvers in which the queries are encrypted. In this way, own resolvers, such as those of corporate networks, are not overruled.
It will also be possible for the user to manually set a DNS resolver through the settings in Chrome. This can be a custom resolver, but also a provider, such as Google itself, Cloudflare or Quad9. In the settings it is also possible to disable dns-over-https. The function only applies to Android. It is not yet known when DoH will be released on iOS.
With dns-over-https, dns queries are encrypted by default. That is safer in theory, but experts are also skeptical, because it allows private parties to obtain more information about users.