Android 13 finally adds built-in DNS support over HTTPS

Android has supported DNS-over-TLS (DoT) since Android 9.0 Pie. It is available in your phone’s network and Internet settings under the name Private DNS. Last September, a code change in the Android Open Source Project (AOSP) suggested that Google was planning to add DNS over HTTPS support in Android 13. And it’s now finally official.

As discovered by Espers Mishaal Rahman, Android 13 finally adds built-in DNS support over HTTPS (DoH). At the most basic level, both DoT and DoH do the same thing: encrypt DNS traffic. DNS over TLS uses TLS (also known as SSL) to encrypt traffic, while DNS over HTTPS uses HTTP or HTTP / 2 protocols to send DNS queries and replies.

However, using DoH instead of DoT has some benefits. DoT uses a dedicated port where everyone at the network level can see incoming and outgoing traffic – however, the content itself remains encrypted. DoH, on the other hand, uses port 443, the default port for HTTPS traffic. As such, requests and traffic sent over DoH can hide in the rest of HTTPS traffic, making it nearly impossible for attackers or network administrators to monitor or block DoH requests. Popular browsers like Mozilla Firefox and Google Chrome already offer DNS over HTTPS support.

Currently, there does not appear to be a user-facing option to access DNS over HTTPS on devices running Android 13 DP2. However, Esper reports that it can be enabled through device_config Boolean flag “doh” under the “netd_native” namespace.

Recent code changes on AOSP suggest that Google is considering enabling DoH support by default in Android 13, though it is not final yet.

Android 13 brings tons of new features, including auto-theme icons, language support per. app, full Bluetooth LE Audio support, driving time permissions for notifications and more. In addition, the latest version also enables HDR video support in the Camera2 API and introduces new gaming APIs that can significantly reduce game loading times.

Source: Esper