Cybersecurity is never far from top of mind—new data breaches, or something as big as the WPA2 wifi security crack, are always happening to reminds us we should always be prioritizing internet safety, both as business owners and individuals. Comprehensive approaches to security have to be heavily layered, requiring the implementation of various tactics along different points in the chain—something we discussed in our article, Inside IT Security: How to Protect Your Network From Every Angle.

Now, it’s been reported that Google has made moves to add a new layer of security for Android users. Here’s a look at what it aims to do, how, and why.

The Concern Google’s Looking to Solve

As we mentioned, there are many different points that need securing from the moment you enter a URL into a browser to the time that website is returned to you. The exchange takes mere seconds, but a lot is coming into play—with many entry points for hackers to attempt to break in.

In this article we dove into the inner workings of HTTPS security, a way to enable secure internet connections encrypted with SSL, or transport layer security (TLS). These connections encrypt that “pipeline” between server and browser and have become the gold standard for safe browsing. But while those protocols seek to protect the information and data being sent across the web, there are still vulnerabilities that can happen at the DNS domain name server (DNS) level.

When it comes to mobile browsing on Android in particular, those connections have been TCP or UDP connections—not secure, TLS-encrypted connections. When you queried a website from your IP address, that clear text query was attached to your IP address, leaving DNS connections vulnerable to possible spying, redirects to phishing pages, or man-in-the-middle attacks.

To solve for this, it looks like Google will double down on Android’s secure connections by enabling HTTPS-level security with the “DNS over TLS” protocol. Let’s take a look at exactly what that means.

DNS & TLS: A Quick Refresher

In our Guide to Server Technology we explained how web (or HTTP) servers communicate with browsers, sending the site’s files via HTTP (or secure HTTPS) connections. A domain name system (DNS) is responsible for receiving your request for a website—i.e., typing in a URL into a browser—then translating that URL to an IP address that your browser can connect to. In that way, you can argue it’s the starting point for nearly any web browsing activity around the web, so an important component in the internet security chain.

When those requests are sent from the server to the browser, they’re happening in plain text over UDP (user datagram protocol, used in DNS connections) or TCP (transmission control protocol, used in HTTP connections), making them visible to anyone prying into that connection. Moreover, DNS security extensions only address data integrity, but they don’t do much in the way of actual privacy.

How DNS over TLS Works

This new feature—presumably to be released in the Android Oreo update—could help to secure your Internet traffic from network spoofing attacks at the DNS level.

Mohit Kumar, Founder and CEO of The Hacker News writes, “Just like Transport Layer Security (TLS) encrypted protocol secures HTTPS connections cryptographically, DNS-over-TLS dramatically enhances privacy and security with end-to-end authenticated DNS lookups.”

This means DNS over TLS will virtually mask the website name you’re viewing, but don’t jump to the conclusion this will completely block these sites and metadata from your ISP, a hotly debated aspect of this protocol’s efficacy. Those initial queries you make to the DNS (entering a URL into your browser bar) will get their own encryption—TLS encryption, one of the protocols used in HTTPS—and they won’t be logged by the DNS.

DNS over TLS is not a solve-all: Enabling the protocol is not going to make your Android browsing completely anonymous from your internet service provider (ISP)—for that, you’ll want to implement a virtual private network (VPN).

It’s not available yet, but definitely keep this on your radar and engage your Android developer to discuss details.