You often do well not to get rid of your old Android smartphone when you have bought a new one. You can use it for many things, including of course visiting web pages. However, in 2021 something will change, making that difficult.
It took a while, but a large part of the websites now run on the secure HTTPS connection. This is good news, as data can be sent securely. But this may also mean problems for devices that do not (anymore) have the correct certificates. And that is exactly what will happen next year with older Android smartphones.
Let’s Encrypt is a leading body when it comes to handing out the necessary certificates. About thirty percent of all web domains use a Let’s Encrypt certificate. When the group was founded, it released its own “ISRG Root X1” root certificate. This certificate must be present in all browsers and operating systems. All certificates to date are also signed by IdenTrust’s ‘DST Root X3’ root, which has been present on Windows, Android, macOS and many more devices for years.
Hassle with certificates on Android
The initial partnership between Let’s Encrypt and IdenTrust will end on September 21, 2021. Both organizations do not intend to enter into a collaboration again or to extend the current collaboration. This means that all browsers and operating systems without the Let’s Encrypt root certificate will no longer work with sites and services that use the organization’s certificates. The organization also mainly mentions the devices running Android 7.1.1 or lower as the affected device group.
The quote reads, as it can be read on the official website, as follows.
However, this does introduce some compatibility woes. Some software that hasn’t been updated since 2016 (approximately when our root was accepted to many root programs) still doesn’t trust our root certificate, ISRG Root X1. Most notably, this includes versions of Android prior to 7.1.1. That means those older versions of Android will no longer trust certificates issued by Let’s Encrypt. “
There is a solution available, but the question is for how long. For example, Android users can download and use the Firefox browser, as it uses its own certificate store and offers the ISRG root. However, this does not prevent apps and services from working outside the browser.