[ad_1]
Millions of secure websites will not load on smartphones running Android 7.1 or earlier after September 2021, it has been revealed.
The U.S. certification authority Let’s Encrypt has said that a change to its criteria from next September will mean older Android operating systems will not trust its root certificates.
Root certificates are issued by certified authorities like Let’s Encrypt to verify that the owner of the software or website is who it claims to be.
Currently, around 66% of Android devices are running version 7.1.1 – also known as Android Nougat – or higher, Let’s Encrypt says.
Others running Android 7.1 and earlier will start receiving certificate error messages when they visit sites that have a Let’s Encrypt certificate on the default Android browser – Google Chrome.
Since there are around 2.5 billion active Android users, the issue could affect over 800 million users of older Android operating systems.
The websites affected will be those certified by Let’s Encrypt – including Wikipedia, Open Street Map, and news sites such as Metro, Variety, and the New York Post.
Millions of secure websites will not load on smartphones running Android 7.1 or earlier by September 2021, Let’s Encrypt CA.
Let’s Encrypt has confirmed to MailOnline that phones with Android 7.1 will be affected, but 7.1.1 and anything above will be safe.
7.1 was released in October 2016, while update 7.1.1 was released two months later.
Smartphone users with Android 7.1 or earlier can fix the issue when the changes go into effect next September by trying to perform a software update.
However, older devices launched with Android 7.1 or earlier may not be compatible with newer versions of Android software.
Let’s Encrypt therefore recommends that affected users install Firefox Mobile, which currently supports Android 5.0 and above.
“Firefox is currently unique among browsers because it comes with its own list of trusted root certificates,” said Jacob Hoffman-Andrews, lead developer at Let’s Encrypt, in a blog post.
“So anyone who installs the latest version of Firefox gets an up-to-date list of trusted certification authorities, even if their operating system is outdated.”
When Let’s Encrypt launched five years ago, it signed an agreement with another certificate authority (CA) IdenTrust for a cross-signature to start it.
“This cross-signing allowed us to start issuing certificates right away and making them useful to a lot of people,” Hoffman-Andrews said.
IdenTrust’s ‘DST Root X3’ certificate has been around for a long time and is still found in major software platforms such as Windows, Firefox, macOS, Android and iOS.
However, this DST Root X3 root certificate will expire on September 1, 2021.
From that point on, Let’s Encrypt will only rely on its own root certificate, called ISRG Root X1.
Some of Let’s Encrypt’s old HTTPS certificates will no longer be recognized, the US company said
“However, this introduces compatibility issues,” Hoffman-Andrews said.
“ Some software that has not been updated since 2016 (around when our root was accepted for many root programs) still does not trust our root certificate, ISRG Root X1.
“In particular, this includes versions of Android prior to 7.1.1.
“This means that these older versions of Android will no longer trust certificates issued by Let’s Encrypt.”
Let’s Encrypt is one of the various certification authorities, which also include DigiCert and GlobalSign.
This is why some sites have compatibility issues and display a warning message if a web browser does not support a particular certificate.
Let’s Encrypt certificates for almost 30%, or 47.2 million web domains, more than any other registrar.
[ad_2]
Source link