You might have to upgrade your Android phone before long if you want to visit large portions of the secure web. According to Android Police, Certificate Authority Let’s Encrypt is warning that phones running Android versions before 7.1.1 Nougat won’t trust its root certificate starting in 2021, locking them out of many secure websites. The organization will stop default cross-signing for the certificate that enables this functionality on January 11th, 2021, and will drop the cross-signing partnership entirely on September 1st of that year.
A partial workaround is available by installing Firefox (Mozilla is a partner in Let’s Encrypt) and using its own certificate store, but that won’t help with rival clients or functionality beyond browsers.
It’s entirely common for developers to drop support for older operating systems. However, this could be a sore point given Android update policies. Let’s Encrypt noted that about 33.8 percent of Android users on Google Play run a version older than 7.1, and some hardware vendors cut off support early. It wasn’t uncommon for Android vendors to offer relatively few updates in previous years, and some devices (typically budget phones) would even be stuck with their shipping OS. You may have bought a phone in 2016 or even 2017 that could abruptly lose access to some websites, at least without workarounds.
The situation is improving. Samsung and other Android makers are committing to three years of OS updates. That won’t change the reality for many people with older hardware, though, and there may be few recourses if you can’t or won’t use Firefox. Even though many other sites will keep working, the inconsistent support could be a hassle at the least and a major obstacle at worst.
Author: Jon Fingas, @jonfingas
Source: Engadget