Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to intelligence
post-quantum-cryptographyprivacy-surveillance-policy

Commentary on Post-Quantum Cryptography Readiness and Gaps in End-to-End Encrypted Messaging

Updated 2d agoFirst seen Feb 26, 20262 sources

Security commentary highlighted that end-to-end encryption (E2EE) has materially improved privacy in mainstream messaging, but important gaps remain—especially where plaintext or recoverable ciphertext is reintroduced via cloud backups and multi-party backup chains. The discussion pointed to Apple’s iMessage ecosystem as an example where E2EE can be undermined if device backups are not protected with Advanced Data Protection (ADP), and noted uneven progress across platforms on post-quantum resilience (e.g., Signal and Apple cited as having post-quantum protections, while Android messaging protocols were described as not yet upgraded).

Separate industry perspective argued organizations should accelerate post-quantum cryptography (PQC) planning due to the long lead time required for migration and the risk of “harvest now, decrypt later” collection by sophisticated adversaries. It emphasized that guidance from NIST and CISA has shifted toward urgency, warned that widely used public-key cryptography (e.g., RSA/ECC) faces future quantum risk, and described practical blockers such as building a usable cryptographic inventory at scale—where common discovery approaches (like certificate scanning) miss embedded and non-obvious cryptographic dependencies.

Share:
Commentary on Post-Quantum Cryptography Readiness and Gaps in End-to-End Encrypted Messaging
Stay ahead

Get ahead of threats like this

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.

EVENT TIMELINE

How this story unfolded

6 events from the most recent confirmed update back to the earliest known activity.

6 EVENTS
Jan 1, 2029just now

Forecast says quantum systems may break RSA and ECC by 2029

The SC Media article reports a projected milestone that by 2029 quantum computing will likely be capable of breaking widely used RSA and ECC cryptography, compressing enterprise migration timelines.

Feb 26, 20264mo ago

Android 17 enables Certificate Transparency by default

The Feisty Duck newsletter reports that Android 17 turns on Certificate Transparency by default, marking a platform security change affecting certificate validation and ecosystem visibility.

Let's Encrypt reports ACME changes

The newsletter notes changes in the Let's Encrypt ACME ecosystem as part of broader PKI and certificate-management developments relevant to secure communications.

IETF advances work on post-quantum certificates

The Feisty Duck newsletter reports ongoing IETF work related to post-quantum certificates, reflecting technical ecosystem progress toward PQC-ready PKI.

Feb 23, 20264mo ago

Experts warn adversaries are harvesting encrypted data for future decryption

The SC Media piece says sophisticated adversaries are already collecting encrypted data now with the expectation that future quantum capabilities will let them decrypt it later, increasing the urgency of crypto modernization.

NIST, CISA, and Gartner shift to urgent PQC migration warnings

Guidance cited in the references indicates major standards and security bodies have moved from long-term planning to urging organizations to begin post-quantum cryptography migration immediately because the risk timeline has accelerated.

LINKED ENTITIES

Related entities

Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.

33 LINKEDOpen in app
Affected products
17 linked
AndroidWhatsappSignalImessageAndroidIosIosIosTelegramBitwardenDiscordDashlaneGrafanaIphone1passwordGrafanaChrome
Organizations
16 linked
AppleSignal MessengerMeta PlatformsDashlaneDiscordGrafana LabsLastPass1passwordTrail of BitsGartnerBitwardenThe Washington PostDigiCertLet's EncryptGoogleAxiad
The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.
Exposure mapping

Map indicators from this story to your assets and identify affected systems in minutes.

Threat actor evidence

Every observed campaign, victim, and pivot linked to actors named in this story.

Associated malware

Malware, exploits, and IOCs connected to the activity described here.

Detection signatures

YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.

Scheduled alerts

Get matching new stories delivered to your team as they break — not the next morning.

AI threads

Ask questions about this story and take action on the answers.