Google Warns on Quantum Threats and Targets 2029 for Encryption Migration

Google’s 2029 Post-Quantum Cryptography Deadline

Google said it plans to complete its migration to post-quantum cryptography by 2029, setting an internal deadline to move away from encryption standards that quantum computers are expected to break in the future.

The company tied that timeline to a broader warning for the technology industry: the shift to quantum-resistant encryption can’t wait. A major concern is the “harvest now, decrypt later” threat. That’s the idea that attackers may already be collecting encrypted data today, storing it, and waiting until quantum computers become powerful enough to unlock it later.

The move builds on a February policy briefing from Kent Walker, president of global affairs at Alphabet and Google, and Hartmut Neven, founder of Google Quantum AI. In that briefing, they urged governments and industry to speed up adoption of encryption designed to withstand quantum-era attacks.

Why Google Says the Quantum Encryption Transition Is Urgent

Google’s message is pretty direct: the risk isn’t only about what quantum computers can do someday. It’s also about what adversaries may be doing right now.

The “Harvest Now, Decrypt Later” Risk

The company emphasized a scenario where encrypted information is intercepted and stored in the present, then decrypted in the future once capable quantum systems arrive. That makes the transition to post-quantum cryptography feel less like a long-range research project and more like a security deadline already taking shape.

A Push for Faster Industry Adoption

Google also framed this as something much bigger than its own systems. It called for faster adoption across both government and industry, making the case that broad coordination matters if current encryption standards are going to be replaced in time.

Android 17 Marks the First Major Step

The most significant near-term changes are coming through Android 17, which Google described as the first major phase of the rollout.

Google said it is starting tests of post-quantum enhancements in the next Android 17 beta, with wider availability expected in the production release.

Android Verified Boot Will Add ML-DSA

Android 17 will add the Module-Lattice-Based Digital Signature Algorithm, or ML-DSA, to Android Verified Boot. That change is meant to bring quantum-resistant signatures to the software integrity checks that happen during the boot process.

In practical terms, this is about protecting the software loaded when a device starts up using signatures built for a post-quantum future.

Remote Attestation Will Shift to a PQC-Compliant Architecture

Google said Remote Attestation is also being updated as part of the Android 17 changes. The company will move it to a post-quantum cryptography-compliant architecture by updating KeyMint’s certificate chains so they support quantum-resistant algorithms.

That means the changes aren’t limited to one layer. They reach into the trust and verification systems that support device security more broadly.

Android Keystore Will Support ML-DSA Natively

Android Keystore will gain native support for ML-DSA, giving apps the ability to generate and verify post-quantum signatures inside a device’s secure hardware.

The SDK will expose two variants:

• ML-DSA-65
• ML-DSA-87

This gives developers access to post-quantum signature options directly through the platform.

Google Play Will Start Using Quantum-Safe Signing Keys

Google Play will begin generating quantum-safe ML-DSA signing keys for new apps, along with existing apps that choose to opt in during the Android 17 release cycle.

That’s an important detail because it extends the transition beyond device-level protections and into the app distribution pipeline.

Google’s Broader Post-Quantum Cryptography Effort

Google said it has been working on post-quantum cryptography since 2016. The company also said it has already migrated key exchanges for internal traffic to ML-KEM, which it described as the post-quantum standard finalized by NIST in August 2024.

According to Google, all Google services now use quantum-resistant key exchange by default.

Internal Traffic Has Already Moved to ML-KEM

This part of the transition is already in place for Google’s internal traffic. That matters because it shows the company isn’t treating post-quantum cryptography as only a future product roadmap item. Some core infrastructure changes have already happened.

Quantum-Resistant Key Exchange Is Now the Default for Google Services

Google said quantum-resistant key exchange is now enabled by default across its services. That signals a broader deployment beyond isolated testing and helps explain why the company is comfortable setting an aggressive deadline for full migration.

How Google’s 2029 Timeline Compares With Others

Google’s 2029 goal is more aggressive than some of the timelines announced elsewhere.

Microsoft said in 2025 that it wants to adopt quantum-safe capabilities by 2029, but expects full migration across its products and services to be completed by 2033.

Federal agencies are working within a 2030 to 2035 timeframe under NIST guidelines. The European Commission has also urged member states to move critical infrastructure to post-quantum cryptography by the end of 2030.

Google’s Deadline Is Ahead of Some Peer Timelines

Compared with those schedules, Google’s target stands out for how quickly it wants the migration completed. The company is positioning 2029 not just as a planning milestone, but as the finish line for its own transition.

Why Google Says It Has a Special Responsibility

Google described its position as unusual. It sees itself as both a quantum computing pioneer and a provider of widely used digital infrastructure, and said that combination creates a particular responsibility to act.

The company said it wants to lead by example and share an ambitious timeline. It also said it hopes that clarity and urgency from its own plans will help speed up digital transitions not only inside Google, but across the wider industry.