From September 1, 2021 forward, Android devices still running pre-Android 7.1.1 will face connectivity issues for a large number of sites and services.
Sites and services that implement HTTPS need to use certificates for that. A popular choice is Let’s Encrypt as it is offering free certificates. The service started five years ago and has since then become used widely on the Internet.
Let’s Encrypt got a cross-signature from IdenTrust when it started to ensure that its certificates were trusted right away. With the partnership in place, Let’s Encrypt managed to get on a lot of devices and systems in a short period of time.
The organization started to issue its own root certificate, called ISRG Root X1, and applied to have it integrated into the certification root stores of important software platforms. The original certificate is now trusted on major software platforms.
The cross-signature root certificate will expire on September 1, 2021. Expiration means that it cannot be used anymore. While that is not a problem for systems that have received the new root certificate of Let’s Encrypt, it is a major problem for systems that ran out of support earlier.
On Android, that includes all devices running earlier versions of Android than 7.1.1. Let’s Encrypt estimates that about a third of all Android devices are on that version or earlier versions of the operating system. Good news is that two-third of devices are up to date and will not face any connectivity issues. The remaining one third on the other hand will run into connectivity issues when they try to access sites that use a Let’s Encrypt certificate. The number is lower right now already as Google has stopped publishing Android platform version distribution information in September 2020.
Fragmentation is a problem on Android, especially since many manufacturer’s of Android devices provide only limited support in regards to updates.
The only solution, other than buying a new Android device that is using a newer version of the operating system, is to use a browser that uses its own certificate store. Let’s Encrypt recommends Firefox for Android for that, as it is the only major browser that comes with its own certificate store. Firefox for Android requires Android 5 or higher currently.
Google did reveal recently that it plans to switch from using the operating system’s root store to its own in the company’s Chrome web browser to get more control over certificates and ensure that the experience is identical on all platforms in regards to security and accessing sites.
Whether Chrome for Android will start using its own root store before September 2021 arrives remains to be seen though.
Closing Words
The market share of pre-Android 7.1.1 devices will shrink in the coming ten months but there is a good chance that a large number of devices will still be in use in September 2021.
(via Deskmodder)