Millions of Android devices running the older versions of Google’s mobile OS may not be able to access some of the most popular secure websites by 2021. So, if you are using an older Android smartphone, it may be time for you to consider an upgrade.
According to a report from Android Police, non-profit certificate authority Let’s Encrypt has issued a warning that phones running Android versions before 7.1.1 Nougat will no longer trust its root certificate starting September 2021, preventing users from visiting many secure websites. In other words, many secure websites will no longer be compatible with older versions of Android.
The partnership of Let’s Encrypt, a partner of Mozilla, with the IdenTrust certification authority is set to expire on September 1, 2021. The company has no plans to renew its default cross-signing for IdenTrust’s root certificate, DST Root X3, that enables this functionality on January 11, 2021. Instead, the organization will be switching over to solely using its own ISRG Root X1 root.
Let’s Encrypt certificates are used by approximately 30% of all web domains. According to the organization, 33.8 percent of Android devices are running older versions of the operating system. Since older software won’t trust Let’s Encrypt’s root certificate, this could “introduce some compatibility woes,” lead developer Jacob Hoffman-Andrews said in a blog post Friday.
“Some software that hasn’t been updated since 2016 (approximately when our root was accepted to many root programs) still doesn’t trust our root certificate, ISRG Root X1. Most notably, this includes versions of Android prior to 7.1.1. That means those older versions of Android will no longer trust certificates issued by Let’s Encrypt,” he said.
If users do not wish to upgrade their phones, Let’s Encrypt has recommended such Android device owners to download and install Firefox and use it for their web browsing needs since it relies on its own certificate store that includes Let’s Encrypt’s root.
“For an Android phone’s built-in browser, the list of trusted root certificates comes from the operating system – which is out of date on these older phones,” explains a post on the organization’s website.
“However, Firefox is currently unique among browsers – it ships with its own list of trusted root certificates. So anyone who installs the latest Firefox version gets the benefit of an up-to-date list of trusted certificate authorities, even if their operating system is out of date.”
However, installation of Firefox browser doesn’t guarantee that it would prevent applications and other functions outside the browser from breaking or ensure functionality.