Google is introducing major security upgrades in Android 17 using the National Institute of Standards and Technology's post-quantum cryptography standards. Verified Boot now uses ML-DSA signatures, making sure the system's startup process resists tampering even from quantum-powered attacks. Remote Attestation moves to fully quantum-safe cryptography, securing device integrity checks.
Inside the device, Android Keystore adds native support for ML-DSA keys within its secure hardware. This means developers can now sign their apps and verify identities using post-quantum cryptography without changing their existing tools and workflows.
To protect app users on a large scale, Google Play App Signing is rolling out hybrid signatures that combine traditional and quantum-safe algorithms. This hybrid approach keeps app authenticity intact during installs and updates, defending against the risk of quantum-driven forgery.
These updates mark the first key step in Android's long road towards making the entire platform resistant to future quantum threats, ensuring the security and trust of billions of devices worldwide.
