TechEngage®

Technology Reviews, Guides & Analysis

TechEngage » Internet

Millions of websites won’t work on over 30% of Android phones in 2021 — here’s why

Avatar for Sheharyar Ahmad Saeed November 9, 2020

Google Nexus phones
PinLinkedInPrint

The widely preferred certificate authority, Let’s Encrypt, is parting its way from another authority IdenTrust. Except for its own root certificate, Let’s Encrypt has been using a cross-signed certificate from IdenTrust. However, the partnership will be ended by September 1, 2021.

This transition would cause a problem for millions of websites on over 30% of Android devices. The heart of the problem lies in the compatibility issue. The devices that are running Android 7.1.1 or older version will be facing a problem in loading. The root certificate of Let’s Encrypt will provide support to the updated versions, and thus devices with the older version still tend to rely on cross-signatures from authorities like former IdenTrust.

Five years ago, when Let’s Encrypt launched, that’s exactly what we did. We got a cross-signature from IdenTrust. Their “DST Root X3” had been around for a long time, and all the major software platforms trusted it already: Windows, Firefox, macOS, Android, iOS, and a variety of Linux distributions. That cross-signature allowed us to start issuing certificates right away, and have them be useful to a lot of people. Without IdenTrust, Let’s Encrypt may have never happened and we are grateful to them for their partnership. Meanwhile, we issued our own root certificate (“ISRG Root X1”) and applied for it to be trusted by the major software platforms.

via Let’s Encrypt

In its announcement, Let’s Encrypt dubbed its decision as the company is standing on its own two feet. According to statistics drawn from Android Studio, over 34% of Android devices worldwide are operating version 7.1 or older. So after January, a huge amount of sites and apps might face security and compatibility problems.

Google has been the torchbearer and constantly urging the website developers to obtain an SSL certificate for the domain directly from a Certificate Authority. Secure Sockets Layer or simply SSL is a type of digital certificate that renders authentication for a website and provides an encrypted connection. Google has also endorsed the services of Let’s Encrypt and ask users to obtain a free SSL certificate from this popular Certificate Authority. As per the Google Transparency Report, 95% of website traffic over the search engine is now encrypted on its network.

At first, the certificate was only necessary for e-commerce websites where users need to give their confidential details, but since more or less every website now asks for user’s information hence the Google made it mandatory for websites to obtain an SSL certificate.

Workaround for the problem

The answer to this problem is also suggested by some experts to install and use Mozilla’s Firefox browser on these older version devices because it utilizes its own root certificate list to check online web pages. As of the time of writing, Firefox Mobile is supporting Android 5.0 and above. But still, the apps that are likely to depend on older certificates will not be able to take advantage of this patch.

Filed Under: Internet, Phones Tagged With: , , , ,

Related Stories

PinLinkedInPrint
Avatar for Sheharyar Ahmad Saeed

Mobile & Events Reporter

Sheharyar Ahmad Saeed is a Mobile and Events Reporter at TechEngage, tracking smartphone launches, tech conferences, and social media developments across more than 170 articles. He approaches technology with a blend of artistic curiosity and scientific rigor, making complex product announcements easy to follow for everyday readers.

Joined October 2020

Reader Interactions

Share Your Thoughts

Please read our comment policy before submitting your comment. Your email address will not be used or published anywhere. You will only receive comment notifications if you opt to subscribe below.