You might think that while new apps and features might be restricted to older android phones, access to the Internet will be free
You'd be wrong: starting in September 2021, many websites will no longer be available on older phones, thanks to changes in the way websites are digitally authenticated
As Android Police explains, this is all thanks to changes at Let's Encrypt, the digital certificate authority used by about 30% of domains on the web For years, Let's Encrypt's own ISRG Root X1 root certificate has been cross-signed with IdenTrust's DST Root X3
However, this partnership with IdenTrust expires on September 1, 2021, and Let's Encrypt has stated that it does not intend to renew this partnership This means that browsers and operating systems using IdenTrust root certificates will no longer be able to load the estimated one-third of all websites that use Let's Encrypt certificates
In short, if your phone is running Android 71 Nougat or earlier, you will experience some issues (This fix was introduced in Android 711, released in December 2016)
"This introduces some compatibility issues," Let's Encrypt wrote in a blog post last week "Some software that has not been updated since approximately 2016, when our root was accepted by many root programs, still does not trust our certificate, ISRG Root X1 Most notable are versions of Android prior to 711"
This means that, according to Google's own figures, unless there is a sudden surge in OS upgrades between now and September, the majority of Android phones and tablets will begin to generate errors when accessing sites with Let's Encrypt certificates
Statistics from April 2020 show that 338% of Android devices were running 71 or earlier; by September 2021 this percentage will certainly decrease, but hundreds of millions of Android devices will still be affected
"What can we do? Well, we would like to improve the Android update situation, but there is not much we can do," Let's Encrypt wrote" We also can't afford to buy the world a new phone"
If this sounds familiar to Tom's Guide readers, it should: in June 2020, British security researcher Scott Helme found that Roku set-top boxes and several online services had expired digital certificates blocked many web connections and prevented them from functioning properly
Although the problem was temporary, Helme predicted that the Let's Encrypt issue would lead to a major wave of website incompatibility in September 2021 He mentioned not only older Android phones, but also millions of smart home devices that receive little or no firmware updates, such as light bulbs, wall outlets, or smart TVs
"This is going to be a problem," Helme said 'We don't have a handle on this'
The company has some advice for site owners to limit damage to older devices through alternative certificate chains It also recommends that those who cannot afford a new Android phone install Firefox Mobile, which runs on Android 50 Lollipop or later phones; Firefox is able to load problematic websites
"Firefox is currently unique among browsers in that it ships with its own list of trusted root certificates," Let's Encrypt explains
"Therefore, anyone who installs the latest version of Firefox, even with an older operating system, will benefit from the most up-to-date list of trusted CAs
But this is, after all, only a temporary fix Smartphones need to access websites in addition to web browsers, which can result in strange behavior in other apps
Are you affected?Android 711 was released in December 2016, so phones purchased after that date are almost guaranteed to be secure If in doubt, it's worth digging into the system settings and checking the version of Android you're running
If you find that your phone is incompatible with Android 711 or later it's time to upgrade The good news is that this doesn't have to be as expensive as you think, and cheap phones have improved immensely over the last few years Here is our current list of the best cheap phones you can buy
Comments