Overview
- Google, which announced the shift on Wednesday, set 2029 to finish moving its products and infrastructure to post‑quantum cryptography.
- Android 17 will test PQC in the next beta and include it at release, using NIST’s ML‑DSA to protect Verified Boot and start a new Remote Attestation design.
- Android Keystore will generate and use ML‑DSA keys inside secure hardware, and Google Play will create hybrid app signatures, manage new keys in Cloud KMS, and prompt key rotations every two years.
- Google said it updated its threat model to focus first on authentication services and urged companies to move faster than federal timelines that stretch into the 2030s.
- Reports stress the present risk of “harvest now, decrypt later” data theft, while crypto outlets point to fresh pressure on Bitcoin and Ethereum to plan quantum‑safe upgrades.