[ad_1]
If you still have an old Android phone, you may soon have to do without much of the web. This is due to so-called certificates, with which encrypted connections between certain websites and the user’s browser are secured.
The trigger is an announcement from the not-for-profit “Let’s Encrypt” certification service, whose services are used by up to one third of all domains in the world. Let’s Encrypt announced that it will discontinue so-called cross signing for certain certificates in March 2016. The relatively young organization has been using this technology for many years to have its certificates authenticated by an established certificate provider, so to speak. In the future, however, “Let’s Encrypt” will rely entirely on its own certificates and this will be a problem for some.
Because smartphones, phones running Android 7.1.1 (Nougat) or earlier, websites that secure data connections via the HTTPS web protocol and use “Let’s Encrypt” certificates will no longer be classified as trusted and refuse to establish a connection. The reason is that those old Android versions just don’t know “Let’s Encrypt”.
According to the organization, around 33.8% of Android users are using an outdated version of Android that will have to struggle with compatibility issues in the future. Mainly this is not due to the lazy users in the update, but to the device manufacturers. In particular, cheaper smartphones often receive little or no updates for their operating system.
“We would like to improve the Android update situation, but there isn’t much we can do,” developer Jacob Hoffman-Andrews wrote on the organization’s blog. “We can’t even afford to buy a new cell phone for the whole world.”
Firefox is a way out
According to the certification authority, compatibility problems can be partially avoided by using the Firefox browser. Its manufacturer Mozilla is a partner of “Let’s Encrypt” and uses its own certificate store. Millions of users, who do not want to take this detour or who do not know it, could be cut off from parts of the secure Internet. The standard cross signing for the previously used certificate will be discontinued on January 11, 2021.
According to “Let’s Encrypt”, smartphones from 2015 and 2016 are particularly impressed, as they couldn’t count on updates as often. In the following years the situation on the Android side has improved slightly. Several manufacturers have now committed to longer update cycles and usually promise support for several years.
Source link