Android 17: Google secures its OS against quantum computers
Google is preparing its mobile operating system for future attacks with quantum computers. The first protective mechanisms are being introduced in Android 17.
Android 17 is to be protected against future attacks with quantum computers.
(Image: Google)
Android 17 will be the first version of Google's mobile operating system with protection against attacks by quantum computers. The company announced this on Wednesday. The protection is implemented at various levels of Android – app developers will also have to help.
Precautionary, multi-year transition
As Google writes in its announcement, modern digital security is at a turning point. Quantum computers, in addition to their advantages, also pose a threat, as they could soon crack conventional encryption with ease. To be prepared for future potential attacks by quantum computers, Google is planning "a proactive, multi-year migration to Post-Quantum Cryptography (PQC)." According to its own statements, Google has been preparing for a "post-quantum world" since 2016.
Android must also be secured accordingly, according to the company. For the mobile operating system from Mountain View, the security goes beyond patching individual applications or transport protocols. The entire platform architecture of the operating system must be addressed.
According to Google's announcement, in which the company is publicly discussing the security of the operating system against attacks by quantum computers for the first time, Android 17 will receive comprehensive integration of the recently completed NIST PQC standard from the next beta version to integrate a "quantum-resistant chain of trust." This "Chain of Trust" continuously secures the platform - "from the booting of the operating system to the execution of globally distributed applications."
Videos by heise
Quantum-safe boot process
Google is initially integrating two innovations in the field of Post-Quantum Cryptography (PQC) into Android 17. Firstly, the ML-DSA (Module-Lattice-based Digital Signature Algorithm) signature algorithm is being incorporated into the Android Verified Boot (AVB) library. This makes the boot process quantum-safe.
Secondly, Google is beginning to transition remote attestation to a fully PQC-compliant architecture. This is a function that allows a device to prove its current state to a remote server, for example, to prove to a server in a corporate network that it is running a secure operating system version.
(Image:Â Google)
According to Google, the security of the operating system represents "only the first line of defense." Developers must also have the necessary cryptographic building blocks to use PQC keys and set up robust identity verification. To this end, Google will extend the Android Keystore with ML-DSA support, allowing developers to generate keys and store them directly in the device's secure hardware. This is intended to "establish a new era of identity and authentication for the app ecosystem without requiring developers to engineer proprietary cryptographic implementations."
Google also plans to transition the Play Store and the developer signatures of all apps listed therein to PQC. The company itself maintains research facilities that are intensively involved with quantum computing and recently researching neutral atoms.
The stable version of Android 17 is expected in June 2026, initially for Google's Pixel models.
(afl)
