--- a/mobile/android/base/java/org/mozilla/gecko/toolbar/SiteIdentityPopup.java
+++ b/mobile/android/base/java/org/mozilla/gecko/toolbar/SiteIdentityPopup.java
@@ -306,17 +306,26 @@ public class SiteIdentityPopup extends A
      * The connection state should reflect the combination of:
      * a) Connection encryption
      * b) Mixed Content state (Active/Display Mixed content, loaded, blocked, none, etc)
      * and update the icons and strings to inform the user of that state.
      *
      * @param siteIdentity SiteIdentity information about the connection.
      */
     private void updateConnectionState(final SiteIdentity siteIdentity) {
-        if (!siteIdentity.isSecure()) {
+        if (siteIdentity.getSecurityMode() == SecurityMode.CHROMEUI) {
+            mSecurityState.setText(R.string.identity_connection_chromeui);
+            mSecurityState.setTextColor(ColorUtils.getColor(mContext, R.color.placeholder_active_grey));
+
+            mIcon.setImageResource(R.drawable.icon);
+            clearSecurityStateIcon();
+
+            mMixedContentActivity.setVisibility(View.GONE);
+            mLink.setVisibility(View.GONE);
+        } else if (!siteIdentity.isSecure()) {
             if (siteIdentity.loginInsecure()) {
                 // Login detected on an insecure page.
                 mIcon.setImageResource(R.drawable.lock_disabled);
                 clearSecurityStateIcon();
 
                 mMixedContentActivity.setVisibility(View.VISIBLE);
                 mMixedContentActivity.setText(R.string.identity_login_insecure);
             } else if (siteIdentity.getMixedModeActive() == MixedMode.MIXED_CONTENT_LOADED) {
@@ -459,46 +468,57 @@ public class SiteIdentityPopup extends A
 
     @Override
     public void show() {
         if (mSiteIdentity == null) {
             Log.e(LOGTAG, "Can't show site identity popup for undefined state");
             return;
         }
 
-        // about: has an unknown SiteIdentity in code, but showing "This
-        // site's identity is unknown" is misleading! So don't show a popup.
+        // Verified about: pages have the CHROMEUI SiteIdentity, however there can also
+        // be unverified about: pages for which  "This site's identity is unknown" or
+        // "This is a secure Firefox page" are both misleading, so don't show a popup.
         final Tab selectedTab = Tabs.getInstance().getSelectedTab();
-        if (selectedTab != null && AboutPages.isAboutPage(selectedTab.getURL())) {
-            Log.d(LOGTAG, "We don't show site identity popups for about: pages");
+        if (selectedTab != null &&
+                AboutPages.isAboutPage(selectedTab.getURL()) &&
+                mSiteIdentity.getSecurityMode() != SecurityMode.CHROMEUI) {
+            Log.d(LOGTAG, "We don't show site identity popups for unverified about: pages");
             return;
         }
 
         updateIdentity(mSiteIdentity);
 
         final TrackingMode trackingMode = mSiteIdentity.getTrackingMode();
         if (trackingMode != TrackingMode.UNKNOWN) {
             addTrackingContentNotification(trackingMode == TrackingMode.TRACKING_CONTENT_BLOCKED);
         }
 
         try {
             addSelectLoginDoorhanger(selectedTab);
         } catch (JSONException e) {
             Log.e(LOGTAG, "Error adding selectLogin doorhanger", e);
         }
 
-        mTitle.setText(selectedTab.getBaseDomain());
-        final Bitmap favicon = selectedTab.getFavicon();
-        if (favicon != null) {
-            final Drawable faviconDrawable = new BitmapDrawable(mResources, favicon);
-            final int dimen = (int) mResources.getDimension(R.dimen.browser_toolbar_favicon_size);
-            faviconDrawable.setBounds(0, 0, dimen, dimen);
+        if (mSiteIdentity.getSecurityMode() == SecurityMode.CHROMEUI) {
+            // For about: pages we display the product icon in place of the verified/globe
+            // image, hence we don't also set the favicon (for most about pages the
+            // favicon is the product icon, hence we'd be showing the same icon twice).
+            mTitle.setText(R.string.moz_app_displayname);
+        } else {
+            mTitle.setText(selectedTab.getBaseDomain());
 
-            mTitle.setCompoundDrawables(faviconDrawable, null, null, null);
-            mTitle.setCompoundDrawablePadding((int) mContext.getResources().getDimension(R.dimen.doorhanger_drawable_padding));
+            final Bitmap favicon = selectedTab.getFavicon();
+            if (favicon != null) {
+                final Drawable faviconDrawable = new BitmapDrawable(mResources, favicon);
+                final int dimen = (int) mResources.getDimension(R.dimen.browser_toolbar_favicon_size);
+                faviconDrawable.setBounds(0, 0, dimen, dimen);
+
+                mTitle.setCompoundDrawables(faviconDrawable, null, null, null);
+                mTitle.setCompoundDrawablePadding((int) mContext.getResources().getDimension(R.dimen.doorhanger_drawable_padding));
+            }
         }
 
         showDividers();
 
         super.show();
     }
 
     // Show the right dividers

--- a/mobile/android/base/java/org/mozilla/gecko/toolbar/ToolbarDisplayLayout.java
+++ b/mobile/android/base/java/org/mozilla/gecko/toolbar/ToolbarDisplayLayout.java
@@ -122,16 +122,20 @@ public class ToolbarDisplayLayout extend
 
     private AlphaAnimation mLockFadeIn;
     private TranslateAnimation mTitleSlideLeft;
     private TranslateAnimation mTitleSlideRight;
 
     private final SiteIdentityPopup mSiteIdentityPopup;
     private int mSecurityImageLevel;
 
+    // Security level constants, which map to the icons / levels defined in:
+    // http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/java/org/mozilla/gecko/resources/drawable/site_security_level.xml
+    // Default level (unverified pages) - globe icon:
+    private final int LEVEL_DEFAULT_GLOBE = 0;
     // Levels for displaying Mixed Content state icons.
     private final int LEVEL_WARNING_MINOR = 3;
     private final int LEVEL_LOCK_DISABLED = 4;
     // Levels for displaying Tracking Protection state icons.
     private final int LEVEL_SHIELD_ENABLED = 5;
     private final int LEVEL_SHIELD_DISABLED = 6;
 
     private PropertyAnimator mForwardAnim;
@@ -435,16 +439,24 @@ public class ToolbarDisplayLayout extend
             trackingMode = siteIdentity.getTrackingMode();
             loginInsecure = siteIdentity.loginInsecure();
         }
 
         // This is a bit tricky, but we have one icon and three potential indicators.
         // Default to the identity level
         int imageLevel = securityMode.ordinal();
 
+        // about: pages should default to having no icon too (the same as SecurityMode.UNKNOWN), however
+        // SecurityMode.CHROMEUI has a different ordinal - hence we need to manually reset it here.
+        // (We then continue and process the tracking / mixed content icons as usual, even for about: pages, as they
+        //  can still load external sites.)
+        if (securityMode == SecurityMode.CHROMEUI) {
+            imageLevel = LEVEL_DEFAULT_GLOBE; // == SecurityMode.UNKNOWN.ordinal()
+        }
+
         // Check to see if any protection was overridden first
         if (loginInsecure) {
             imageLevel = LEVEL_LOCK_DISABLED;
         } else if (trackingMode == TrackingMode.TRACKING_CONTENT_LOADED) {
             imageLevel = LEVEL_SHIELD_DISABLED;
         } else if (trackingMode == TrackingMode.TRACKING_CONTENT_BLOCKED) {
             imageLevel = LEVEL_SHIELD_ENABLED;
         } else if (activeMixedMode == MixedMode.MIXED_CONTENT_LOADED) {

--- a/mobile/android/base/locales/en-US/android_strings.dtd
+++ b/mobile/android/base/locales/en-US/android_strings.dtd
@@ -587,16 +587,17 @@ Example Enterprises, Inc.
 
 The layout of the identity dialog prevents combining this into a single string with
 substitution variables.  If it is difficult to translate the sense of the string
 with that structure, consider a translation which ignores the preceding domain and
 just addresses the organization to follow, e.g. "This site is run by " -->
 <!ENTITY identity_connection_secure "Secure Connection">
 <!ENTITY identity_connection_insecure "Insecure connection">
 <!ENTITY identity_login_insecure "This page is not secure and your login could be vulnerable.">
+<!ENTITY identity_connection_chromeui "This is a secure &brandShortName; page">
 
 <!-- Mixed content notifications in site identity popup -->
 <!ENTITY mixed_content_blocked_all1 "&brandShortName; has blocked insecure content on this page.">
 <!ENTITY mixed_content_blocked_some1 "&brandShortName; has blocked some of the insecure content on this page.">
 <!ENTITY mixed_content_display_loaded1 "Parts of this page are not secure (such as images).">
 <!ENTITY mixed_content_protection_disabled1 "You have disabled protection from insecure content.">
 
 <!-- Tracking content notifications in site identity popup -->

--- a/mobile/android/base/strings.xml.in
+++ b/mobile/android/base/strings.xml.in
@@ -482,16 +482,17 @@
 
   <string name="bookmarkdefaults_title_restricted_support">&bookmarks_restricted_support2;</string>
   <string name="bookmarkdefaults_url_restricted_support">https://support.mozilla.org/kb/controlledaccess</string>
 
   <!-- Site identity popup -->
   <string name="identity_connection_secure">&identity_connection_secure;</string>
   <string name="identity_connection_insecure">&identity_connection_insecure;</string>
   <string name="identity_login_insecure">&identity_login_insecure;</string>
+  <string name="identity_connection_chromeui">&identity_connection_chromeui;</string>
 
   <string name="mixed_content_blocked_all">&mixed_content_blocked_all1;</string>
   <string name="mixed_content_blocked_some">&mixed_content_blocked_some1;</string>
   <string name="mixed_content_display_loaded">&mixed_content_display_loaded1;</string>
   <string name="mixed_content_protection_disabled">&mixed_content_protection_disabled1;</string>
 
   <string name="doorhanger_tracking_title">&doorhanger_tracking_title;</string>
   <string name="doorhanger_tracking_state_enabled">&doorhanger_tracking_state_enabled;</string>