diff --git a/java/ql/src/experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.qhelp b/java/ql/src/experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.qhelp
index fcae00945a2..653b1a6a2a5 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.qhelp
@@ -13,11 +13,11 @@
   </overview>
 
   <recommendation>
-    <p>Only allow trusted web contents to be displayed in WebViews when JavaScript is enabled. And disallow universal resource access in WebSetting to reduce the attack surface .</p>
+    <p>Only allow trusted web contents to be displayed in WebViews when JavaScript is enabled. And disallow universal resource access in WebSettings to reduce the attack surface .</p>
   </recommendation>
 
   <example>
-    <p>The following example shows both 'BAD' and 'GOOD' configurations. In the 'BAD' configuration, setting is enabled and JavaScript is enabled while urls are loaded from externally controlled inputs. In the 'GOOD' configuration, JavaScript is disabled or only trusted web contents are allowed to be loaded.</p>
+    <p>The following example shows both 'BAD' and 'GOOD' configurations. In the 'BAD' configuration, universal resource access is enabled and JavaScript is enabled while urls are loaded from externally controlled inputs. In the 'GOOD' configuration, JavaScript is disabled or only trusted web contents are allowed to be loaded.</p>
     <sample src="UnsafeAndroidAccess.java" />
   </example>
 
@@ -28,4 +28,4 @@
       <a href="https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md">OWASP - Testing WebView Protocol Handlers (MSTG-PLATFORM-5 and MSTG-PLATFORM-6)</a>
     </li>
   </references>
-</qhelp>
\ No newline at end of file
+</qhelp>