Commentary on Post-Quantum Cryptography Readiness and Gaps in End-to-End Encrypted Messaging
Security commentary highlighted that end-to-end encryption (E2EE) has materially improved privacy in mainstream messaging, but important gaps remain—especially where plaintext or recoverable ciphertext is reintroduced via cloud backups and multi-party backup chains. The discussion pointed to Apple’s iMessage ecosystem as an example where E2EE can be undermined if device backups are not protected with Advanced Data Protection (ADP), and noted uneven progress across platforms on post-quantum resilience (e.g., Signal and Apple cited as having post-quantum protections, while Android messaging protocols were described as not yet upgraded).
Separate industry perspective argued organizations should accelerate post-quantum cryptography (PQC) planning due to the long lead time required for migration and the risk of “harvest now, decrypt later” collection by sophisticated adversaries. It emphasized that guidance from NIST and CISA has shifted toward urgency, warned that widely used public-key cryptography (e.g., RSA/ECC) faces future quantum risk, and described practical blockers such as building a usable cryptographic inventory at scale—where common discovery approaches (like certificate scanning) miss embedded and non-obvious cryptographic dependencies.

Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Forecast says quantum systems may break RSA and ECC by 2029
The SC Media article reports a projected milestone that by 2029 quantum computing will likely be capable of breaking widely used RSA and ECC cryptography, compressing enterprise migration timelines.
Android 17 enables Certificate Transparency by default
The Feisty Duck newsletter reports that Android 17 turns on Certificate Transparency by default, marking a platform security change affecting certificate validation and ecosystem visibility.
Let's Encrypt reports ACME changes
The newsletter notes changes in the Let's Encrypt ACME ecosystem as part of broader PKI and certificate-management developments relevant to secure communications.
IETF advances work on post-quantum certificates
The Feisty Duck newsletter reports ongoing IETF work related to post-quantum certificates, reflecting technical ecosystem progress toward PQC-ready PKI.
Experts warn adversaries are harvesting encrypted data for future decryption
The SC Media piece says sophisticated adversaries are already collecting encrypted data now with the expectation that future quantum capabilities will let them decrypt it later, increasing the urgency of crypto modernization.
NIST, CISA, and Gartner shift to urgent PQC migration warnings
Guidance cited in the references indicates major standards and security bodies have moved from long-term planning to urging organizations to begin post-quantum cryptography migration immediately because the risk timeline has accelerated.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.


