Your Android phone is already under attack — just not yet. The threat is a class of computers that don't exist at scale today but are coming fast, and when they arrive, the encryption protecting your banking app, health data, and trade secrets could unravel in hours.
Google isn't waiting. With Android 17, the company is rolling out what it calls a comprehensive architectural upgrade — one that spans from the silicon at boot time to the app you just downloaded from the Play Store.
The changes, announced by Google's Android security team and first appearing in Android 17 Beta 3, represent the most ambitious cryptographic overhaul in Android's history. They're built around the post-quantum cryptography (PQC) standards finalized by the U.S. National Institute of Standards and Technology (NIST), which are specifically designed to resist the brute computational power of quantum machines.
Why Your Current Encryption Is on Borrowed Time
Today's public-key cryptography — the math that secures HTTPS connections, app signatures, and remote attestation — relies on problems that classical computers find impossibly hard to solve, like factoring enormous prime numbers. Quantum computers don't play by the same rules. Using a property called superposition, they can evaluate many possible answers simultaneously, which, in theory, makes breaking today's encryption dramatically easier.
Apple introduced the PQ3 cryptographic protocol for iMessage in 2024, and Samsung's Galaxy S25 came with some PQC features, but this marks the first time such protections are being applied at the Android OS level. Given that Android runs on billions of devices worldwide, the scale of this deployment is unprecedented.
Quantum-Resistant Locks From the Very First Boot
Security on any computing device lives and dies at startup. If the boot process is compromised, nothing that runs afterward can be trusted. Android 17 addresses this directly with two foundational upgrades.
First, the Android Verified Boot (AVB) library is being updated to incorporate ML-DSA — the Module-Lattice-Based Digital Signature Algorithm, one of NIST's newly finalized PQC standards. ML-DSA uses mathematical structures called lattices (think of high-dimensional geometric grids) that quantum computers cannot efficiently navigate, unlike the elliptic curve algorithms currently in use. This means the cryptographic check that validates your phone's operating system hasn't been tampered with will now survive even quantum-enabled forgery attempts.
Second, Android 17 begins migrating Remote Attestation — the mechanism by which a device proves its trustworthy state to external services like banks or enterprise IT systems — to a fully PQC-compliant architecture. KeyMint's certificate chains are being updated to carry quantum-resistant algorithms, so a device can continue to securely prove its identity even after classical cryptography is broken.
Cramming lattice-based cryptography into the Trusted Execution Environment (TEE), the isolated secure processor that runs these checks, is no trivial feat. Lattice-based algorithms require significantly larger key sizes and memory footprints than classical elliptic curve methods — making this a notable engineering achievement in a highly resource-constrained environment.
Developers Get New Quantum-Safe Tools
Beyond the boot chain, Android 17 updates Android Keystore — the system that lets apps generate and store cryptographic keys in secure hardware — to natively support ML-DSA. Apps can now generate quantum-safe signing keys entirely within the device's secure hardware, keeping sensitive key material isolated from the main OS.
Google is exposing both ML-DSA-65 and ML-DSA-87 variants via the familiar KeyPairGenerator API, enabling developers to integrate post-quantum signatures without rewriting their cryptographic code from scratch.
Play Store Apps Are Getting Hybrid Signatures
The upgrade doesn't stop at the device. Google Play is introducing "hybrid" APK signature blocks that combine a classical signature with a new ML-DSA quantum-resistant signature on the same app package. This approach preserves backward compatibility — older devices can still verify the classical signature — while new devices can also verify the quantum-resistant one, future-proofing every app update.
Managing key upgrades across billions of devices is operationally complex, so Google is handling it centrally. Play App Signing, backed by Google Cloud KMS, will automatically generate ML-DSA signing keys for new apps, and existing developers can opt in. Later in the release cycle, developers will be able to provide their own classical and ML-DSA keys and delegate them to Play for hybrid signing. Google also said it will begin prompting developers to rotate their signing keys at least every two years — a long-overdue nudge for basic key hygiene.
The Broader Security Sweep: Not Just Quantum
The PQC work is the headline, but Android 17's security and privacy improvements extend well beyond it.
Android 17 deprecates the android:usesCleartextTraffic manifest attribute — apps targeting Android 17 that rely on it without a proper Network Security Configuration will have unencrypted traffic blocked by default. This is a meaningful baseline hardening that forces apps to communicate over encrypted channels. Certificate Transparency, which was opt-in on Android 16, is now enabled by default.
A new runtime permission called ACCESS_LOCAL_NETWORK now governs which apps can discover or connect to devices on your home or office LAN — smart home gadgets, casting receivers, and the like. Apps must declare and request this permission, with two paths available: use a system-mediated privacy-preserving device picker, or explicitly request the permission at runtime. This closes a long-standing side channel that could be exploited for covert device fingerprinting and tracking.
SMS one-time password (OTP) protections are also being tightened — programmatic access to OTP messages for most apps will be delayed by three hours, limiting the window for malicious apps to intercept verification codes. Default SMS apps and approved companion apps remain exempt.
On the privacy front, Android 17 introduces a location button — a new UI element designed for one-time access to precise location data — for tasks like finding nearby places that don't require persistent or background access. The location icon within the button remains mandatory and non-customizable to prevent deception. Help Net Security Google is also improving how approximate location works by replacing the previous static 2 km grid with a dynamically-sized area based on local population density, ensuring privacy protection is consistent in both dense cities and sparsely populated rural areas.
The platform is also hardening Background Activity Launch (BAL) restrictions — extending protections to IntentSender and requiring developers to migrate away from the legacy MODE_BACKGROUND_ACTIVITY_START_ALLOWED constant — reducing the attack surface for interaction hijacking and confused deputy attacks.
What This Means for You
Most users will never see any of this directly. No new settings to toggle, no permission dialogs to accept. The quantum-resistant chain of trust runs invisibly, from the moment your phone boots to the moment an app is installed. But the consequences of not doing this would eventually be visible — in forged app updates, compromised attestation, and broken trust between your device and the services that rely on it.
Google's PQC journey started in 2016. Android 17, expected to reach general availability around June 2026, marks the first phase of OS-level deployment. The roadmap beyond it includes integrating post-quantum key encapsulation into KeyMint and the full remote key provisioning infrastructure — extending quantum resistance from device identity all the way through the cloud services that provision and verify it.
The quantum apocalypse for encryption isn't here yet. But Android 17 is making sure it won't catch Google's platform flat-footed when it arrives.