How are they determining trusted websites? Is there a blacklist or whitelist involved?
If they are determining by checking if TLS (Transport Layer Security) is in use, they merely tells you if the connection is difficult to eavesdrop, and says nothing about whether the service you are connecting to over a secure connection is trustworthy or not.
People really should not confuse security of the connection with security of the service being offered by the smartphone app or website. Criminals can use LetsEncrypt too.