Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Google Introduces DNS-over-HTTP/3 in Android

Google this week announced the rollout of DNS-over-HTTP/3 (DoH3) for Android 11 and newer devices.

An encrypted DNS protocol, DoH3 is expected to provide performance and safety improvements compared to alternatives, mainly through the QUIC transport layer network protocol.

Google this week announced the rollout of DNS-over-HTTP/3 (DoH3) for Android 11 and newer devices.

An encrypted DNS protocol, DoH3 is expected to provide performance and safety improvements compared to alternatives, mainly through the QUIC transport layer network protocol.

By default, even for encrypted connections, DNS lookups are not private – the base DNS protocol does not have encryption – something that has been resolved through solutions such as DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH).

Support for DoT was introduced in Android 9, but Google says that the protocol incurs overhead on any DNS request. Although it enjoys wide adoption and has already been deployed by numerous public DNS operators, DoH doesn’t reduce overhead, the internet giant says.

DoH3, which should provide both performance and safety improvements courtesy of its use of QUIC, has been rolled out as part of a Google Play system update and will replace the use of DoT for well-known DNS servers that already support it.

“Which DNS service you are using is unaffected by this change; only the transport will be upgraded. In the future, we aim to support DDR which will allow us to dynamically select the correct configuration for any server. This feature should decrease the performance impact of encrypted DNS,” Google says.

Google also notes that the QUIC transport can resume a suspended connection, which is useful when the mobile device changes networks, and that DoH3 may outperform traditional DNS in unreliable networks.

“Field measurements during the initial limited rollout of this feature show that DoH3 significantly improves on DoT’s performance. For successful queries, our studies showed that replacing DoT with DoH3 reduces median query time by 24%, and 95th percentile query time by 44%,” the internet giant says.

DoH3 in Android, the company adds, also takes advantage of the Rust programming language that Android supports, which helps reduce the risk of security vulnerabilities.

Google also explains that Android will query a Cloudflare HTTP/3 library called quiche, which has “a memory-safe implementation, few dependencies, and a small code size.”

“With the introduction of Rust, we are able to improve both security and the performance at the same time. Likewise, QUIC allows us to improve network performance and privacy simultaneously. Finally, Mainline ensures that such improvements are able to make their way to more Android users sooner,” the internet giant says.

Related: Google Secures Public DNS Queries With DNS-over-TLS

Related: DoH Makes It Difficult to Track Botnets: Spamhaus

Related: Google Patches Critical Android Vulnerabilities With June 2022 Updates

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.