Android 13 won't support DNS over HTTPS as previously planned

Android Police

By Ryne Hager

Published Feb 23, 2022

It still does DoT, though

Although Google's NNAPI plans for Android 13 still seem to be on, the company is taking a step back when it comes to anticipated DNS changes. Last year, it looked like Google was going to give Android support for DNS over HTTPS, but it looks like those plans have changed, and Tiramisu probably won't ship with the feature.

The benefits of DNS over HTTPS (DoH) have to do with customer privacy and security. Encrypting DNS queries using HTTPS makes it harder for someone in the middle — like your ISP or someone with access to your network — to track or block your DNS access, giving them the ability to redirect your queries and see which sites you're visiting. This can potentially interfere with things like the UK government's repeated attempts to block adult content, much to their chagrin.

Firefox already uses DNS over HTTPS in the US, and Google's been looking into it for years, hoping to augment the existing DNS over TLS feature that encrypts DNS requests via another method and which landed back in Android 9 Pie.

The distinction between the two features is small, but according to Cloudflare, it primarily comes down to their port: DoH queries are better able to blend in from an external viewpoint, looking like standard HTTPS traffic. That makes it potentially better for customer privacy even if both standards protect customer queries with encryption. Many popular DNS resolvers, including Google and Cloudflare, support both standards. Windows 11 supports DoH, while recent versions of macOS and iOS support both DoH and DoT.

DoH was expected to land as part of Android 13, but according to a change spotted by XDA Developers, the plans have since been abandoned. A commit on the AOSP Gerrit indicates the feature will not be enabled in T (as in: Android 13 T) by default. Esper.io's Mishaal Rahman tells us that this doesn't just mean it will be some optional setting, but that the details indicate the feature has been pulled. However, because it would be part of the DNSResolver APEX module, Google could change its mind later and enable the feature.

Android still supports DoT, but the potentially more privacy-respecting DoH feature, with its better traffic obfuscation, sounds like it will be delayed.