diff --git a/app/src/main/java/eu/faircode/email/Bimi.java b/app/src/main/java/eu/faircode/email/Bimi.java
index 4bfe0f929b..1d32f29623 100644
--- a/app/src/main/java/eu/faircode/email/Bimi.java
+++ b/app/src/main/java/eu/faircode/email/Bimi.java
@@ -22,6 +22,7 @@ package eu.faircode.email;
 import android.content.Context;
 import android.graphics.Bitmap;
 import android.graphics.Color;
+import android.net.Uri;
 import android.text.TextUtils;
 import android.util.Pair;
 
@@ -122,6 +123,12 @@ public class Bimi {
                     if (TextUtils.isEmpty(l))
                         continue;
 
+                    Uri ul = Uri.parse(l);
+                    if (!"https".equals(ul.getScheme())) {
+                        Log.e("BIMI insecure img=" + l);
+                        continue;
+                    }
+
                     URL url = new URL(l);
                     Log.i("BIMI favicon " + url);
 
@@ -152,6 +159,12 @@ public class Bimi {
                     if (TextUtils.isEmpty(a))
                         continue;
 
+                    Uri ua = Uri.parse(a);
+                    if (!"https".equals(ua.getScheme())) {
+                        Log.e("BIMI insecure pem=" + a);
+                        continue;
+                    }
+
                     try {
                         URL url = new URL(a);
                         Log.i("BIMI PEM " + url);