Home News Invalid Root Certificate Will Prevent Website Access on Older Android Devices in...

Invalid Root Certificate Will Prevent Website Access on Older Android Devices in 2021

Nov 10, 2020

We wanted to tell you about something that’s going to be happening in late 2021. This issue could affect many people all over the world on Android devices. Older Android devices are going to lose the ability to access websites beginning in September 2021, which will be due to invalid and improper root certificates. If you have an older Android device, read on to learn more about what’s going to happen late next year.

Old Android Devices Losing Website Access When Root Certificate Partnership Expires

If you have an older Android device, you might want to be aware that in late 2021, it’s likely your device will no longer be able to access most websites. As you probably know, a lot of websites use HTTPS in order to transmit information securely.

In order for your browser to connect to the websites, proper certification is required for the page to load. If the certificates are invalid, then you’re unable to connect to the site. It appears that’s what likely is going to happen next year to certain older Android devices. This includes smartphones and tablets that are running outdated software.

You might not have heard of Let’s Encrypt before, but it’s one of the leaders in certificates and actually is used by about 30 percent of all website domains. Let’s Encrypt applied for a root certificate called “ISRG Root X1” and this was included in operating systems and browsers.

Those same certificates were cross-signed with the “DST Root X3” which was the root certificate from IdenTrust. IdenTrust is everywhere including in Android, macOS, and Windows platforms. The issue is that the partnership between these two groups is going to end and another cross-signed agreement is not very likely to happen.

Agreement Unlikely Between Root Certificate Groups as Partnership Nears End

The agreement between IdenTrust and Let’s Encrypt is going to be expiring on September 1, 2021. We know that it seems like a long time away from now to most people. Even though it’s quite a while away and things could change, here is what we know. At this point, it looks like a new deal isn’t going to happen. Once the deal expires, the operating systems and the browsers that lack the root certificate from Let’s Encrypt are no longer going to be working.

When this announcement was made it appeared to be pointing to those on Android devices with an operating system of 7.1 or lower. This means that it’s likely that any older Android version will no longer be trusting of a certificate that was issued by Let’s Encrypt. The company said any software that hasn’t been updated since 2016 is likely going to be affected.

A Workaround to Root Certificate Issue Does Exist on Android in Limited Capacity

Another issue here is that the cross-signing isn’t going to end in September 2021, but actually end a lot sooner. On January 11, 2021, the cross-signing of the root certificates will stop by default. Websites and services can still generate those certificates on their own, but after September that option will no longer be available either. As of now, no deal is expected to happen between IdenTrust and Let’s Encrypt to continue cross-signing root certificates.

The good news here is that there is a workaround somewhat for older Android devices. If you install Firefox on your Android device, you should be good to go in terms of browsing the web. Firefox uses ISRG and has its own store for certificates. That will allow older Android devices to connect to the web and browse but won’t do anything for apps outside of the browser. In the comment section below, we want to know what you think about this news.

Do you think that Let’s Encrypt and IdenTrust should sign another agreement? If they did, it would keep those root certificates active after September 2021. If you’re on an older Android device, we want to know if you have the option to upgrade to a newer Android operating system. For those without that ability, will you be downloading Firefox? It would be a good idea so that you can continue to browse the web in 2021. If you already use Firefox on your Android device, do you plan on upgrading your phone or operating system anyway?