diff --git a/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql b/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
index 6bc332d085c..34796fdc19b 100644
--- a/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
+++ b/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
@@ -13,6 +13,7 @@
 
 import java
 import semmle.code.java.dataflow.FlowSources
+import semmle.code.java.security.RequestForgeryConfig
 import semmle.code.java.security.UnsafeAndroidAccess
 import DataFlow::PathGraph
 
@@ -25,6 +26,10 @@ class FetchUntrustedResourceConfiguration extends TaintTracking::Configuration {
   override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
   override predicate isSink(DataFlow::Node sink) { sink instanceof UrlResourceSink }
+
+  override predicate isSanitizer(DataFlow::Node sanitizer) {
+    sanitizer instanceof RequestForgerySanitizer
+  }
 }
 
 from DataFlow::PathNode source, DataFlow::PathNode sink, FetchUntrustedResourceConfiguration conf
diff --git a/java/ql/test/query-tests/security/CWE-749/UnsafeAndroidAccess.java b/java/ql/test/query-tests/security/CWE-749/UnsafeAndroidAccess.java
index 414a50f80c4..b7d04477da2 100644
--- a/java/ql/test/query-tests/security/CWE-749/UnsafeAndroidAccess.java
+++ b/java/ql/test/query-tests/security/CWE-749/UnsafeAndroidAccess.java
@@ -147,6 +147,6 @@ public class UnsafeAndroidAccess extends Activity {
 
 		String thisUrl = getIntent().getStringExtra("url");
 		// This should be considered safe - the query lacks a proper sanitizer for partial URLs.
-		wv.loadUrl("https://www.mycorp.com/" + thisUrl); // $ SPURIOUS: hasUnsafeAndroidAccess
+		wv.loadUrl("https://www.mycorp.com/" + thisUrl);
 	}
 }
diff --git a/java/ql/test/query-tests/security/CWE-749/UnsafeAndroidAccessTest.ql b/java/ql/test/query-tests/security/CWE-749/UnsafeAndroidAccessTest.ql
index 6563286f5c7..697fc99dc71 100644
--- a/java/ql/test/query-tests/security/CWE-749/UnsafeAndroidAccessTest.ql
+++ b/java/ql/test/query-tests/security/CWE-749/UnsafeAndroidAccessTest.ql
@@ -1,8 +1,9 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.FlowSources
-import TestUtilities.InlineExpectationsTest
+import semmle.code.java.security.RequestForgeryConfig
 import semmle.code.java.security.UnsafeAndroidAccess
+import TestUtilities.InlineExpectationsTest
 
 class Conf extends TaintTracking::Configuration {
   Conf() { this = "qltest:cwe:unsafe-android-access" }
@@ -10,6 +11,10 @@ class Conf extends TaintTracking::Configuration {
   override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
   override predicate isSink(DataFlow::Node sink) { sink instanceof UrlResourceSink }
+
+  override predicate isSanitizer(DataFlow::Node sanitizer) {
+    sanitizer instanceof RequestForgerySanitizer
+  }
 }
 
 class UnsafeAndroidAccessTest extends InlineExpectationsTest {