GOOGLE announced the first beta version of Android 17, which includes several privacy and security enhancements, according to its developers. Android 17 strengthens a secure-by-default design, with two major changes: the deprecation of the usesCleartextTraffic attribute and the introduction of a public Service Provider Interface for HPKE hybrid cryptography.
On apps targeting Android 17, cleartext traffic will be blocked by default unless a network security configuration is present, and developers are advised to migrate to network security configuration files for finer control. The new HPKE SPI enables secure hybrid encryption combining public-key and symmetric mechanisms to improve encrypted communications in apps.
The release notes also state that certificate transparency is enabled by default on Android 17, and there is a new install-time permission to enhance localhost protections. Android developers plan platform stability by March, after which testers will have several months to review the OS before the final release.