my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Google Says Q Day Is 2029. Three Billion Android Devices Are Already Changing.

John Z Black Mar 27, 2026 Security Operations & Resilience #post-quantum #cryptography #quantum-computing #android #enterprise-security #pqc #rsa

The encryption protecting your bank login, your VPN, your email, and your phone’s secure boot chain all runs on math that a quantum computer will be able to break. That computer doesn’t exist yet. Google’s cryptography team now believes it will by 2029.

That’s not 2030. That’s not “sometime next decade.” That’s three years.

Google’s VP of Security Engineering and a senior cryptography engineer published a post this week laying out the internal timeline. The message: 2029 is the deadline, and Google is treating it as real.

What Actually Breaks

RSA and elliptic curve cryptography are everywhere. TLS connections, SSH keys, code signing certificates, authentication tokens, the whole certificate infrastructure the web runs on. A quantum computer running Shor’s algorithm breaks RSA in hours. The same math kills ECC.

The problem isn’t just future traffic. Adversaries collecting encrypted data today, the “harvest now, decrypt later” strategy, can go back and read everything they’ve stored when Q Day arrives. Intelligence services, healthcare systems, financial institutions. Anything encrypted with RSA or ECC and worth keeping is potentially sitting in someone’s archive waiting for the right computer.

Android Is Already Moving

The announcement hits harder because of the Android detail. Android 17 beta introduces ML-DSA, NIST’s post-quantum digital signature standard (FIPS 204), added to Android’s hardware root of trust. Android Verified Boot, the Play Store’s signing infrastructure, and developer app signatures are all migrating to post-quantum cryptography.

That’s 3 billion active devices. Google doesn’t move 3 billion devices as a theoretical exercise. This is the clearest possible signal that 2029 is real.

What to Do Now

Start with a cryptographic inventory. You can’t migrate what you haven’t mapped. Most organizations know their systems but not the cryptographic dependencies those systems carry. Building that inventory takes time, and it has to start now.

NIST has published the standards to migrate to. ML-DSA (FIPS 204) for digital signatures. ML-KEM (FIPS 203) for key exchange in protocols like TLS. These are finalized. The migration path exists.

Organizations starting in 2027 are probably cutting it close for complex environments. The kind of cryptographic debt large enterprises carry doesn’t unwind quickly. If you wait until Q Day feels more certain, you’re working a shorter runway than you think.

What Google’s 2029 Q Day deadline means for your organization’s cryptographic migration plan, and what to do now.