While everyone’s talking about the software updates on the surface internet, there’s something about to expire in the background, which can cut off outdated Android users from the internet soon.
Let’s Encrypt, a free certificate authority that’s serving over 30% of the world’s web domains with its TLS certificates, will have its partnership expired with IdenTrust, making outdated Android phones useless soon.
Android Phones Running v7.1 or Older at Risk
Users who’re much into browsing may notice the green padlock icon just beside the domain. This signifies that the connection between the user’s device and the accessing domain is encrypted and secured throughout the session. This is important as any sensitive details entered into the domain’s page shouldn’t be seen by anyone else.
Making such connections secure are the organizations like Let’s Encrypt, which started about five years ago and partnered with IdenTrust, a Certificate Authority (CA), to cross sign its root certificates, thus authenticating the connection.
Let’s Encrypt applied for installing its ISRG Root X1 certificate in most OS like macOS, Android, Windows, Linux, etc., verified by the IdenTrust’s DST Root X3 root.
And since the partnership between these two is about to expire in September next year, Let’s Encrypt says that devices using its root certificate will be cross-signed by any CA later. This makes all the web domains, nearly 30% of the world’s domains, inaccessible from users browsers. Let’s Encrypt mentioned that devices running on Android version 7.1 and older will not be supported then.
While it’s now able to run independently with its own root certificate, only the newer devices (Android 7.2 and above) will be supported.
It also mentioned a workaround for using the Mozilla Firefox browser, which has its own root certificates installed when it is set and supports Android 5.0 and later.