Millions of Android smartphones will no longer be able to access certain websites in 2021

Millions of Android smartphones will be deprived of certain websites from the year 2021. In fact, phones running a version of Android prior to Nougat 7.1.1 will no longer be able to access the sites that rely on on certificates from Let’s Encrypt for their HTTPS connections.

Successor of HTTP, the HTTPS protocol secures communication between the Internet user and the site visited via certificates. It thus prevents hackers from being able to easily retrieve and decrypt what you transmit or visit on the site in question. Among the most popular certificates on the web is the DST Root X3 , co-signed by Let’s Encrypt and IdenTrust. This certificate owes its popularity mainly to its free availability. “This cross-signing allowed us to issue certificates quickly and make them accessible to many sites,” Let’s Encrypt explains in a press release published on November 6.

At the same time, the certification authority has developed its own certificate for HTTPS sites. In 2016, Let’s Encrypt then requested that its own “ISRG Root X1” root certificate be included in all browsers and operating systems. After years of collaboration with IdenTrust, Let’s Encrypt finally decided to bet everything on its “ISRG Root X1” certificate , present in the Android OS since Nougat 7.1.1. Let’s Encrypt’s partnership with the IdenTrust certification authority will in effect expire on September 1, 2021.

33.8% of Android smartphones will be deprived of 30% of websites by next year

De facto, all devices confined to a version of Android later than Nougat 7.1.1, and equipped with the DST Root X3 certificate, will no longer be able to view HTTPS sites that use the ISRG Root X1. According to Let’s Encrypt, 30% of websites rely on the certificate signed with IdenTrust . “Some software that has not been updated since 2016 (around when our certificate was accepted by many programs) still does not trust our root certificate, ISRG Root X1” Let’s Encrypt details in its release.

33.8% of Android smartphones in circulation in the world run under a version prior to Nougat 7.1.1. Ultimately, these millions of smartphones will no longer be able to access 30% of websites as of September 21, 2021 . Phones will display “ certificate errors when users visit sites with a Let’s Encrypt certificate”, details the certification authority. In short, you will simply be blocked as soon as you arrive on the site. According to Let’s Encrypt, dropping DST Root X3 will also deprive users of certain Android applications that connect to a website over HTTPS to function. Here again, if the site is based on the certificate signed by IdenTrust, the application will no longer be able to function on the Android smartphone or tablet.

Let’s Encrypt recommends installing Firefox

Aware that many users will not be able to invest in a new smartphone by September 2021, Let’s Encrypt offers a workaround: install Firefox, Mozilla’s web browser. Partner of Let’s Encrypt, Mozilla uses “its own list of trusted root certificates” including the ISRG Root X1. Chrome, Opera and other web browsers rely on certificates built into the mobile OS. “Firefox is currently unique among browsers, anyone who installs the latest version of the browser benefits from an up-to-date list of certificate authorities, even if their operating system is completely out of date,” Let’s Encrypt says. On the other hand, theno solution for Android applications which are found unusable.

From our side, we invite you to gradually consider the purchase of a new smartphone. If your phone is still running on a version of Android older than Nougat, it’s outdated and at the mercy of hackers. Indeed, Google no longer deploys security updates on smartphones and tablets running Android Nougat 7.0 (deployed in 2016) or an earlier version. Without a security update, your smartphone is more likely to be infected with malware. It is not uncommon for malware to target Android phone users in order to extort personal data or money.