Google shortened its quantum-readiness deadline to 2029 and announced Android 17 will include post-quantum cryptography support, warning all industries to migrate now.
Google announced it is preparing for Q Day — the point at which quantum computers can break RSA and elliptic curve cryptography — by 2029, a timeline significantly shorter than previous estimates. Google VP of Security Heather Adkins and cryptography engineer Sophie Schmieg published a warning urging the entire industry to adopt NIST-standardized post-quantum cryptography (PQC) algorithms. Separately, Google confirmed Android 17 beta will add ML-DSA support, a NIST-standardized digital signing algorithm, added to Android's hardware root of trust. This is the first time Google has publicly committed to a PQC roadmap for Android.
Any system you're building today that relies on RSA or elliptic-curve cryptography for signing, key exchange, or authentication will need a full rewrite before 2029. NIST has already finalized ML-DSA and ML-KEM as the PQC standards — these are the drop-in targets. Android 17's hardware root of trust will enforce ML-DSA for app signing, meaning your app distribution pipeline will need to be PQC-compliant before that rollout hits production.
Audit your current authentication and signing dependencies this week: grep your codebase for 'RSA', 'EC', 'ECDSA', 'secp256', and 'SHA256withRSA' — any hit is a migration candidate to flag before Android 17 enforcement begins.
Tags
Also today
Signals by role
Also today
Tools mentioned