Tech

1 in 3 Android Devices Set to Block Lets Encrypt SSL Certificates in 2021

1 in 3 Android Devices Set to Block Lets Encrypt SSL Certificates in 2021

Millions of Let’s Encrypt-certified websites could be blocked next year due to the score of mobile devices that are still running unsupported versions of Android.

IdenTrust’s DST Root X3, which is the root certificate used by Let’s Encrypt, is set to expire on September 21, 2021.

This expiration means that millions of Let’s Encrypt-certified websites could be blocked overnight.

Let’s Encrypt is the SSL/TLS certificate authority (CA) and the expiration of DST Root X3 will leave the CA reliant on its own certificate, ISRG Root X1.

The problem with leaving ISRG Root X1 on its own is that it is still not trusted by versions of Android prior to 7.1.1.

Let’s Encrypt is backed by Mozilla’s non-profit Internet Security Research Group which currently certifies around 225 million domains.

Beginning September 1st, Android users running versions from before 7.1.1 of their mobile operating system will receive a warning from their browser that these websites are not secure unless they upgrade or use Firefox.

Whereas Chrome, Android’s default browser, generates trusted root certificates via the OS, “Firefox is currently unique among browsers” in having “its own list of trusted root certificates”, said Jacob Hoffman-Andrews, lead developer for Let’s Encrypt.

“So, anyone who installs the latest Firefox version gets the benefit of an up-to-date list of trusted certificate authorities, even if their operating system is out of date.”

Currently, Firefox mobile supports versions going all the way back to Android 5.0 and above.

This is important because one in three Android users are still running pre 7.1.1 versions on their mobile device.

“It’s quite a bind,” he said. “We know that the people most affected by the Android update problem are those we most want to help – people who may not be able to buy a new phone every four years.”

Hoffman-Andrews said Android Studio shows that, as of September 2020, 33.8% of Android devices were running versions older than 7.1.1 – representing 1-5% of traffic to websites operated by large integrators and they don’t foresee a significant shift in these number by September 2021.

About the author

mm

Denise Elizabeth

Denise is one of our Senior Editors who has over 5 yrs hands-on Experience in the IT Software Procurement industry as well as extensive experience in forensic accounting.

Denise has a Master Degree in Organization Development and a Bachelors in Science in Accounting & Business Administration. He career path has taken her through several Tech companies and she's come to work for ITDM full-time as our Senior Editor.

What Topics Interest You?