Endpoint/Device Security

Google introduces more efficient, DNS-over-HTTP/3 for Android

An Android statue is displayed in front of a building on the Google campus on January 31, 2022 in Mountain View, California. (Photo by Justin Sullivan/Getty Images)
Android devices version 11 and up will receive a service improvement for secure DNS lookups. (Photo by Justin Sullivan/Getty Images)

Android devices version 11 and up will receive a service improvement for secure DNS lookups by offering DNS-over-HTTP/3, or DoH3 — an arguably more efficient alternative to what's delivered to users now.

Specifically, DoH3 is a step up from the DNS-over-TLS (DoT) that Google offers already or the DNS-over-HTTPS (DoH) offered elsewhere.

DNS, the services that convert web domains like "scmagazine.com" to routable, numeric IP addresses, originally operated in clear text. That meant they were easy to surveil — internet service providers would use the websites it knew you were visiting to tailor advertisements — and susceptible to man-in-the-middle attacks. Encrypting DNS requests prevents those privacy and security problems.

Groups like Mozilla, Cloudflare and Google have all designed alternate DNS systems using either TLS or HTTPS encryption. Both are generally considered effective. But both also come at a cost of efficiency. DoH3 reduces that overhead.

Based on Google's tests, detailed in the company's Tuesday announcement, DoH3 reduces the median query time by 24% over DoT or as much as 47% in the 95th percentile of tests. The efficiency difference comes from a few places. DoT requires all requests to be performed in order over a single stream. If the request at the front of the queue lags, it creates a traffic jam. DoH3 puts everything in its own stream. DoT is also much less tolerant of interruptions to connections or changing networks.

Any kind of encrypted DNS — or any kind of encryption in general — courts controversy. DoH makes it more difficult for internet service providers to screen for people trying to access child exploitation material online — effectively a positive use of a man-in-the-middle attack. It also can make it more difficult for certain network defense tools to work. However, that may be less of a concern for mobile Android devices accessing the internet through a cell provider than devices to a network.

Google says that the DoH3 is in place for all Android versions 11 and higher, as well as certain devices that adopted Play Store updates early.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Related

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.