Millions of Android users could find themselves blocked from popular websites

Millions of Android users could find themselves blocked from popular websites

11/13/2020

We will use your email address only for sending you newsletters. Please see our Privacy Notice for details of your data protection rights.

Android users that are still on an ageing version of the market-leading Google mobile OS may have no other option but to upgrade next year. In 2021 millions of Android devices may be unable to access some of the most popular websites in the world. That’s because one of the world’s leading providers of certificates needed for the HTTPS protocol are changing their criteria.

Let’s Encrypt issue certificates that are used by almost a third of all web domains, and they’ve got some big changes in store for 2021 that will impact Android users in huge ways.

As reported on in a post by Android Police, next year the California-based firm will see a partnership with fellow certificate authority IdenTrust come to an end.

This will kick into effect next September, and ahead of this Android users have been warned to prepare for some compatibility issues.

The long and short of it is – from September 30 2021, if you’re using an Android device running 7.1 or below you may have trouble accessing millions of websites.

Forbes estimates that this is 220million domains that could effectively break, or fail to be recognised by these Android devices.

The upcoming changes were revealed by Jacob Hoffman-Andrews, a lead developer on Let’s Encrypt, in a blog post.

Hoffman-Andrews said research shows 34 percent of Android users are running a version of the OS that’s below 7.1.

And considering there are over two billions Android users worldwide, it would mean hundreds of millions of people are set to be affected by the inbound changes.

Outlining the changes, Hoffman-Andrews explained in a blog post how in 2021 Let’s Encrypt won’t be co-signing certificates with IdenTrust’s DST Root X3 root.

Instead, Let’s Encrypt will be going solely with its own ISRG Root X1 root certificate – with work on this move beginning at the start of 2021.

Explaining how this will impact Android users, the Let’s Encrypt engineer said: “We’re going to delay the transition to ISRG’s root a little further, to January 11 2021. The patterns of Android adoption have not significantly improved since last year.

“According to numbers from Android Studio 49, only 66 percent of Android users are on version 7.1 or above, which includes ISRG’s root. Android 7.1 was released in August 2016. 

Most of the devices stuck on older versions of Android do not receive updates from their manufacturers.

“Currently Let’s Encrypt certificates are trusted on older devices by virtue of our cross-signature from IdenTrust’s DST Root X3.

“That cross-signature expires March 17 2021. We plan to generate new intermediate certificates and get cross-signatures on them, but those cross-signatures will only be good until September 30 2021 at the latest. That’s when DST Root X3 itself expires.

“After September 30 2021, Let’s Encrypt certificates won’t work on Android devices older than 7.1. So why not wait until then to change which root we recommend chaining to?

“We don’t expect the Android situation to change much in the coming year, which means sites that need support for older Android devices may need to switch CAs. We’d like to give those sites plenty of time to transition.

“But some of those sites probably won’t be aware of the need to transition until they start receiving reports of errors from their users. 

“In 2020, the fix for such errors will be simple: The site can change which intermediate it serves in its certificate chain, and everything will work fine for another year.

“However, if a site doesn’t receive error reports until September 2021, it would be stuck with no quick fix and needing to change CAs entirely during an outage. That’s not good for anyone.

If you can’t say goodbye to an older version of Android just yet, then a stop gap solution will be to use Mozilla’s Firefox instead.

That browser will be able to support Android 4.1 after this big Let’s Encrypt change. But if Chrome or another browser is your go-to option then you may have no other choice but to upgrade.

Source: Read Full Article