Millions of Android smartphones will be deprived of certain websites from the year 2021. In fact, phones running a version of Android prior to Nougat 7.1.1 will no longer be able to consult the sites that rely on on certificates from Let’s Encrypt for their HTTPS connections. Explanations.
Successor of HTTP, the HTTPS protocol secures communication between the Internet user and the site visited via certificates. It thus prevents hackers from being able to easily retrieve and decrypt what you transmit or visit on the site in question. Among the most popular certificates on the web, we find the DST Root X3, co-signed by Let’s Encrypt and IdenTrust. This certificate owes its popularity mainly to its free admission. “This cross signature has enabled us to issue certificates quickly and make them accessible to many sites” Let’s Encrypt explains in a press release issued on November 6.
At the same time, the certification authority has developed its own certificate for HTTPS sites. In 2016, Let’s Encrypt then requested that its own “ISRG Root X1” root certificate be included in all browsers and operating systems. After years of working with IdenTrust, Let’s Encrypt finally decided to bet everything on its “ISRG Root X1” certificate, present in the Android OS since Nougat 7.1.1. Let’s Encrypt’s partnership with the IdenTrust certification authority will expire on September 1, 2021.
On the same subject: a billion Android smartphones and tablets are obsolete
33.8% of Android smartphones will be deprived of 30% of websites by next year
De facto, all devices confined to a version of Android later than Nougat 7.1.1, and equipped with the DST Root X3 certificate, will no longer be able to view HTTPS sites that use the ISRG Root X1. According to Let’s Encrypt, 30% of websites rely on the certificate signed with IdenTrust. “Some software that has not been updated since 2016 (around when our certificate was accepted by many programs) still does not trust our root certificate, ISRG Root X1” Let’s Encrypt details in its press release.
33.8% of Android smartphones in circulation in the world run under a version prior to Nougat 7.1.1. Ultimately, these millions of smartphones will no longer be able to access 30% of websites as of September 21, 2021. The phones will display “certificate errors when users visit sites with a Let’s Encrypt certificate ”, details the certification authority. In short, you will simply be blocked as soon as you arrive on the site. According to Let’s Encrypt, dropping DST Root X3 will also deprive users of certain Android applications that connect to a website over HTTPS to function. Here again, if the site is based on the certificate signed by IdenTrust, the application will no longer be able to function on the Android smartphone or tablet.
Let’s Encrypt recommends installing Firefox
Aware that many users will not be able to invest in a new smartphone by September 2021, Let’s Encrypt offers a workaround: install Firefox, Mozilla’s web browser. Partner of Let’s Encrypt, Mozilla uses “Its own list of trusted root certificates” including ISRG Root X1. Chrome, Opera and other web browsers rely on certificates built into the mobile OS. “Firefox is currently unique among browsers, anyone who installs the latest version of the browser benefits from an up-to-date list of certificate authorities, even if their operating system is completely out of date” states Let’s Encrypt. On the other hand, the authority does not propose no solution for Android applications which are found unusable.
From our side, we invite you to gradually consider the purchase of a new smartphone. If your phone is still running on a version of Android older than Nougat, it’s outdated and at the mercy of hackers. Indeed, Google no longer deploys security updates on smartphones and tablets running Android Nougat 7.0 (deployed in 2016) or an earlier version. Without a security update, your smartphone is more likely to be infected with malware. It is not uncommon for malware to target Android phone users in order to extort personal data or money.
Do you still use a smartphone confined to Android Nougat? Are you going to change your smartphone following the announcement of Let’s Encrypt? We await your opinion in the comments below.
Source: Let’s Encrypt