Google released the first Android 17 beta with a range of privacy, security, and developer-focused improvements across performance, media, camera, and connectivity. Major security changes include deprecation of the usesCleartextTraffic attribute (blocking cleartext by default without a network security config), a public SPI for HPKE hybrid cryptography, certificate transparency enabled by default, and a new install-time localhost protection permission. #Android17 #HPKE
Keypoints
- Google published the first Android 17 beta introducing multiple privacy and security enhancements.
- Apps targeting Android 17 will have cleartext traffic blocked by default if usesCleartextTraffic is true but no network security config is provided.
- A new public Service Provider Interface (SPI) adds support for HPKE hybrid cryptography to enable stronger encrypted communication.
- Certificate Transparency (CT) is enabled by default on Android 17, reversing the opt-in approach from Android 16.
- Android 17 includes a new install-time permission for localhost protections and moves toward a secure-by-default architecture with platform stability targeted by March.