Users’ disappointment to hear that Android 13 would not support DNS over HTTPSit was palpable, but there’s good news, as it turned out that Google didn’t integrate it into Android itself before the next update because (as noted at the time) it could also be implemented via a separate Android Mainline/APEX module, which is exactly what happened.
Google announced the feature today on its Security Blog, explaining the benefits and the mechanism for implementing the change. Just to clarify: DNS over HTTPS offers a number of great advantages for your security. HTTPS connections are a more secure way to browse the web, but there is still a vulnerability that occurs when you actually navigate to a site. Basically, when you type a site’s address into the address bar, you’re looking for that name in some sort of address book – this is the DNS system.
It turns out that DNS queries aren’t executed securely by default, exposing the user to things like man-in-the-middle attacks where someone could lead you to the wrong place. There are ways to close the security gaps, even with this relatively insecure query, but the system still has a “boot problem” where the chain of trust in any order of operations is difficult to establish.
Making these searches unencrypted is also a privacy issue, as someone in the right location can see which sites you visit or possibly even hinder access to those searches.
Android has already supported a method of using DNS over TLS to solve this problem by giving you an encrypted DNS server query, meaning you can trust the address provided when you ask, assuming you have the server, but this has some pros and cons.
Some companies like cloudflare they claimed so a little less safe because it cannot completely mask DNS queries as normal HTTPS traffic. In addition, DNS over HTTPS offers performance improvements and has already been adopted by many DNS operators (including Cloudflare and Google).
Source: Lega Nerd
