Main points
- Google plans to implement post-quantum cryptography in Android by 2029, starting with Android 17, to protect data from future quantum threats.
- The company integrates new lattice-based algorithms, such as ML-DSA, to provide resilience to hacking and guarantee software integrity.
Google is introducing post-quantum cryptography to Android / Collage 24 Channel/Depositphotos/Unsplash
The world is on the brink of a technological revolution where the power of quantum computing could instantly render current encryption methods worthless. Google is getting ahead of the curve by laying the foundation for a new security architecture that will protect user data for decades to come.
What changes await Android?
Modern digital security is based on complex mathematical problems that would take thousands of years for conventional supercomputers to solve. However, the development of quantum technologies creates new challenges: such machines are able to consider many options simultaneously, which theoretically allows them to easily crack current cryptographic locks, writes Neowin.
This puts bank transfers, trade secrets, and personal correspondence at risk. While powerful quantum computers are still in development, this only slightly reduces the threat, as sensitive data can be stolen today and decrypted in 10 or 20 years. Much information will, of course, lose its relevance, but something like military secrets about the characteristics of weapons, state secrets, or compromising information on politicians has a much longer shelf life.
Google has officially set a 2029 deadline for its ecosystem to transition to post-quantum cryptography (PQC) standards. The key milestone in this migration will be the release of Android 17. The company is implementing new standards developed by the US National Institute of Standards and Technology (NIST), integrating them deeply into the operating system architecture.
How will the system be protected?
The most significant innovation is the transition to a lattice-based digital signature algorithm – ML-DSA. This technology provides resistance to cracking even with the use of quantum computers of the future.
In Android 17, the update will primarily affect the foundation of security – the device boot process. The Android Verified Boot library integrates ML-DSA, which guarantees the integrity of the software from the moment the smartphone is turned on. If attackers try to make unauthorized changes to the system, quantum-resistant digital signatures will block such an attempt.
Additionally, the transition to the new architecture will encompass a remote attestation mechanism. Updating KeyMint certificate chains will allow devices to securely attest to their state to third-party services, maintaining trust in the new digital environment.
Problems and challenges
Implementing lattice-based cryptography has been an engineering challenge, requiring significantly more memory and longer keys than traditional methods. Implementing such algorithms inside a resource-constrained trusted execution environment (TEE) allows signatures to be generated and verified directly at the hardware level. This isolates the private keys from the underlying operating system, significantly increasing the level of security.
Google will also take care of app developers. The updated Android Keystore will receive native support for ML-DSA, and a new toolkit will allow you to create quantum-safe signatures using standard programming interfaces.
Meanwhile, the Google Play Store is introducing a “hybrid” signing system for games and apps. It combines classical and post-quantum keys, allowing it to maintain compatibility with current devices while blocking unauthorized updates in the future.
Google is not the first
While Google is not the first company to implement PQC – Apple already uses similar protection in iMessage, and Microsoft added it to Windows 11 – it is the scale of Android that makes this update critically important for the entire industry, writes PhoneArena.
The first tests will begin in the next beta version of Android 17, and a full release will take place with the release of the final version of the system. In the future, the roadmap includes the implementation of quantum-resistant key encapsulation to protect not only authenticity, but also complete privacy of users.