A third of Android devices will lose support for many secure websites next year

[midian182]

In brief: Next year will see around 33 percent of Android devices worldwide face compatibility issues with many websites following changes by Let's Encrypt—a security authority that serves more than 192 million sites.

Google has spent years trying to get more of the web to adopt the HTTPS protocol, which allows information to be securely transmitted as it travels between browser and website. Let’s Encrypt is one of the world’s leading authorities to issue these certificates—it has handed out more than one billion, and now serves about 30 percent of all web domains.

When it formed in 2015, Let's Encrypt entered into a cross-signing agreement with another certificate authority, IdenTrust. That partnership ends on September 1, 2021, and Let's Encrypt doesn’t plan on renewing the deal. The company will stop cross-signing by default starting on January 11, 2021, with sites and services able to continue generating cross-signed certificates until September.

The change will introduce problems for older platforms that still don’t trust Let’s Encrypt’s ISRG Root X1 certificate, the most notable of these being versions of Android before 7.1.1. It’s estimated that 33.8 percent of Android devices are still on these older versions—mostly budget phones bought before December 2016 that have offered few if any upgrades from the OS they shipped with originally.

“What can we do about this? Well, while we’d love to improve the Android update situation, there’s not much we can do there,” the company writes. “We also can’t afford to buy the world a new phone.”

Android Police notes that there is a workaround for this problem: Firefox. Mozilla’s browser uses its own certificate store that includes the ISRG root, though that won’t stop problems outside of the browser.

“Firefox is currently unique among browsers — it ships with its own list of trusted root certificates. So anyone who installs the latest Firefox version gets the benefit of an up-to-date list of trusted certificate authorities, even if their operating system is out of date,” Let's Encrypt explains.

Image credit: digidreamgrafix

Permalink to story.

https://www.techspot.com/news/87514-third-android-devices-lose-support-many-secure-websites.html

 

[messy]

While I would love to see more firefox usage... good luck! people generally just aren't that flexible or perceptive. they are going to see busted sites and maybe not even blame the site, but blame their phone. who knows - sometimes it's like watching a wide-eyed frightened animal.

 

[duckofdeath]

Thank you, Google, for caring more about network operators selling new phones every two years than consumers paying a thousand bucks for a mobile.

 

[Mr Majestyk]

I'm on Android 8 and already I can't use certain apps on the play store anymore. So sick of the limited support for Android. Even 3 years is pathetic. OnePlus won't officially sell where I live and lacks bands and features we need, so they are out, Google makes garbage at stupid prices and still only offer 3 years on their own phones, sick of Samesung, so it's off to the iPhone I go which I don't want to do.

 

[Danny101]

What about the custom rom market?