If you are using an older Android phone, you might have to upgrade it soon if you want to visit secure websites. According to an Android Police report, Certificate Authority Let’s Encrypt has warned that phones running Android versions before 7.1.1 Nougat will not trust its root certificate starting 2021. This will lock these older phones out of many secure websites.
The organisation is going to prevent default cross-signing for the certificate that allows this functionality on January 11 next year and will drop the cross-signing partnership entirely by September 1.
A partial workaround is available by installing Firefox and using its own certificate store, but that won’t help with rival clients or functionality beyond browsers.
It’s entirely common for developers to drop support for older operating systems. However, this could be a sore point given Android update policies. Let’s Encrypt noted that about 33.8 percent of Android users on Google Play run a version older than 7.1, and some hardware vendors cut off support early. It wasn’t uncommon for Android vendors to offer relatively few updates in previous years, and some devices would even be stuck with their shipping OS. You may have bought a phone in 2016 or even 2017 that could abruptly lose access to some websites, at least without workarounds.
The situation is improving. Samsung and other Android makers are committing to three years of OS updates. That won’t change the reality for many people with older hardware, though, and there may be few recourses if you can’t or won’t use Firefox. Even though many other sites will keep working, the inconsistent support could be a hassle at the least and a major obstacle at worst.
