Let’s Encrypt, one of the top certificate authorities has announced that smartphones that run on versions of Android 7.0 or other earlier versions will be having difficulties browsing some websites from 2021. The announcement which has been passing around the tech world since Saturday might be the reason why you need to change your old smartphone if it is affected, PC Mag reports.
Let’s Encrypt is a widely used certificate authority which is powered by a nonprofit research group known as the Internet Security Research Group (ISRG). The Let’s Encrypt team announced that it has no wish to continue its partnership with another certificate authority, IdenTrust. The current agreement between the certificate authorities will end September 2021, and Let’s Encrypt will only use its own ISRG Root X1 as opposed to the DST Root X3 available in the older versions of Android.
Jacob Hoffman-Andrews, head developer at Let’s Encrypt stated in a blog post on Friday that about a third of web domains use the security certificates provided by the establishment. However, the switch to only the Let’s Encrypt Root X1 could be problematic for older phones as the software in Android versions 7.0 and less do not trust the certificate, Gizmodo writes.
“The software in the affected phones has not been updated since 2016, that’s about the time that our ISRG Root was introduced to several root programs.” the blog post reads. “As a result, phones running on Android versions 7.0 or less will not trust the certificates from Let’s Encrypt which are used in several web domains.”
Hoffman-Andrews suggested that users can still access the sites using the new root certificates if they can install Firefox. Let’s Encrypt are partners with Mozilla, and Firefox has its own certificate store that uses the Let’s Encrypt Root X1. However, applications that use the root will continue to malfunction according to the head developer.
Data from Google’s Android development suites approximates that about 34% of Android phones and other devices use Android 7.0 or less according to Hoffman-Andrews. That’s about millions of Android users who will not be able to access about one-third of the secured web from 2021. If your phone runs on the affected versions, it might be time to buy a new one and save yourself the trouble from next year.