Google is actively preparing for the next era of cybersecurity by accelerating its transition to post-quantum cryptography (PQC), targeting a full migration timeline by 2029. As quantum computing continues to evolve, the company is taking proactive steps to safeguard digital systems from future threats that could potentially break today’s encryption standards.
To begin with, cybersecurity experts have increasingly warned that current encryption methods may become vulnerable once large-scale quantum computers reach maturity. In particular, the “store-now-decrypt-later” threat model has raised concerns, as attackers can collect encrypted data today and decrypt it in the future when quantum capabilities improve. Therefore, organizations must act early to transition toward quantum-resistant encryption.
In response, Google is urging enterprises to adopt PQC standards developed by the National Institute of Standards and Technology before quantum computing becomes mainstream. By doing so, organizations can future-proof their systems and reduce long-term security risks.
Highlighting the urgency of this transition, Heather Adkins, VP of Security Engineering, and Sophie Schmieg, Senior Staff Cryptology Engineer, stated:
“That’s why we’ve adjusted our threat model to prioritize PQC migration for authentication services — an important component of online security and digital signature migrations. We recommend that other engineering teams follow suit,”
Moreover, industry research indicates that preparedness remains low. According to findings from the Trusted Computing Group, 91% of organizations currently lack a formal roadmap for adopting quantum-safe algorithms. This gap underscores the need for immediate action.
Adkins and Schmieg further emphasized:
“As a pioneer in both quantum and PQC, it’s our responsibility to lead by example and share an ambitious timeline. By doing this, we hope to provide the clarity and urgency needed to accelerate digital transitions not only for Google, but also across the industry,”
In addition to its broader strategy, Google is integrating quantum-resistant security features into its ecosystem. Notably, the upcoming Android 17 release will introduce PQC enhancements, starting with beta testing and later expanding to full production deployment.
For instance, Android Verified Boot (AVB) will incorporate the Module-Lattice-Based Digital Signature Algorithm (ML-DSA), ensuring that the boot process remains secure against potential quantum attacks. At the same time, Remote Attestation will shift toward a PQC-based architecture, enabling devices to validate their integrity using advanced cryptographic methods.
Furthermore, updates to KeyMint certificate chains will allow devices to verify their operational state using quantum-resistant algorithms. These changes collectively strengthen device security at both the hardware and system levels.
Google is also enhancing app security through Google Play. During the Android 17 cycle, the platform will generate quantum-safe ML-DSA signing keys for new and existing applications that opt in. Later, developers will have the flexibility to manage hybrid key systems combining classical and quantum-resistant cryptography.
“To promote security best practices, Google Play will also start prompting developers to upgrade their signing keys at least every two years,” Google wrote.
Ultimately, Google’s initiative reflects a significant shift toward future-ready cybersecurity. By prioritizing PQC adoption and integrating it across platforms, the company is setting a benchmark for organizations aiming to stay ahead of emerging quantum threats.
Recommended Cyber Technology News:
- WatchGuard Expands Network Threat Detection for MSPs & SMEs
- Lumu Launches Agentic SOC for Autonomous Security Operations
- Cloud Phones Linked to Growing Financial Fraud Risks
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
