Pre-Android 7.1.1 devices will face connectivity issues next year
From September 1, 2021 forward, Android devices still running pre-Android 7.1.1Â will face connectivity issues for a large number of sites and services.
Update: A solution has been found that ensures that users on old Android devices won't face any connectivity issues later this year.
Sites and services that implement HTTPS need to use certificates for that. A popular choice is Let's Encrypt as it is offering free certificates. The service started five years ago and has since then become used widely on the Internet.
Let's Encrypt got a cross-signature from IdenTrust when it started to ensure that its certificates were trusted right away. With the partnership in place, Let's Encrypt managed to get on a lot of devices and systems in a short period of time.
The organization started to issue its own root certificate, called ISRG Root X1, and applied to have it integrated into the certification root stores of important software platforms. The original certificate is now trusted on major software platforms.
The cross-signature root certificate will expire on September 1, 2021. Expiration means that it cannot be used anymore. While that is not a problem for systems that have received the new root certificate of Let's Encrypt, it is a major problem for systems that ran out of support earlier.
On Android, that includes all devices running earlier versions of Android than 7.1.1. Let's Encrypt estimates that about a third of all Android devices are on that version or earlier versions of the operating system. Good news is that two-third of devices are up to date and will not face any connectivity issues. The remaining one third on the other hand will run into connectivity issues when they try to access sites that use a Let's Encrypt certificate. The number is lower right now already as Google has stopped publishing Android platform version distribution information in September 2020.
Fragmentation is a problem on Android, especially since many manufacturer's of Android devices provide only limited support in regards to updates.
The only solution, other than buying a new Android device that is using a newer version of the operating system, is to use a browser that uses its own certificate store. Let's Encrypt recommends Firefox for Android for that, as it is the only major browser that comes with its own certificate store. Firefox for Android requires Android 5 or higher currently.
Google did reveal recently that it plans to switch from using the operating system's root store to its own in the company's Chrome web browser to get more control over certificates and ensure that the experience is identical on all platforms in regards to security and accessing sites.
Whether Chrome for Android will start using its own root store before September 2021 arrives remains to be seen though.
Closing Words
The market share of pre-Android 7.1.1 devices will shrink in the coming ten months but there is a good chance that a large number of devices will still be in use in September 2021.
Now You: Do you use Android? Which version are you on currently? (via Deskmodder)
@ Martin Brink this article needs to be updated.
https://letsencrypt.org/2020/11/06/own-two-feet.html
says: thanks to community feedback and our wonderful partners at IdenTrust, we will be able to continue to offer service without interruption to people using older Android devices.
Thank you, updated.
As Ray wrote in his comment above, it is indeed laughably easy to install certificates manually – no XDA app needed ;)
I just discovered I never had any Let’s Encrypt certificates installed – and if my browser throws an error, I can always tap “ignore” and proceed anyway. This really matters only for connections that need to be secure.
I installed X1, X2 (root) and E1, E2, R3, R4 intermediate certs.
This article is misleading in not pointing out this easy fix.
At least most of websites with certificates soon to be inaccessible for under 7.1.1, in this case should’ve visit example.com (non-certificated oriented version) or download web browsers including LE’s cert packs.
OnePlus 2(64 gigs and 4gb ram) running Android 8.1 with October 2020 security update, with stock camera app and custom bootanimation and Microsoft apps instead of google for email, office files, your phone app I don’t need new phone any time soon.
So the webmasters who don’t want to lose traffic will have to buy a certificate from another issuer, like we used to do before letsencrypt exists
I grumble about Microsoft. But they do update regularly.
I grumble about iOS. But they do update regularly.
Am I the only Android user with multiple (family) devices who can only think of two words?
‘Shambles’ and ‘terrifying’?
I am still using 7.1.2. RIP me
Custom ROM.
Eye opening to see how many phones are on older versions of Android. The Android Reality Distortion Field would have you think almost everyone is on the latest version when few are on it over a year after release.
But then with Android being number one worldwide and flagship phones out of the reach of most, I guess the stats make sense.
We’re on Androids 5 and 8. Certificates are provided by a third party ad blocker and browser, so I doubt this revelation will have any affect. I’d be surprised if utilities to get around the inconvenience aren’t plentiful soon. I’d also be surprised if the vast majority of Phone Culture will have a clue what any of this means and just upgrade their devices to fix it.
Yep, me using an older Android version, 5 if I am right. Using FF as my default browser, safes me ,, as I learn from this article. Renewing to a newer version of Android? Only when my phone will break down. Why should I throw away a good working phone, that offers me all I need?
I do however agree, that Android is very bad in upgrading their os. In future, I do plan to buy the cheapest phone (ca. $100) that does what I want, never buy the top series phones(ca $1200) as in 2yrs each Android is not updated anymore and you loose a lot of money as a $100 new phone will give you the latest Android again.
Manufactures not updating Android devices is a big problem. For many, once they have your money, they don’t care about you. Even Google phones suffer from this problem within the useful lifespan of a device.
For this particular issue, could people just install a new user certificate to resolve it? If they issued a new cert with a new expiration date, couldn’t people manually install it as a user cert?
Of course, Android can be a real PITA after a user cert is installed, forcing the user to enter a password just to unlock the screen each time. That makes Android real annoying every time you just want to use your own device.
I don’t see an issue having to enter a password to unlock a phone.
The phone has access to personal information (web apps and also bank accounts) that I don’t want others to see.
Martin you may have made an error,I saw another site say “if your running versions of android prior to 7.1.1”
They mean before 7.1.1
Thank you, corrected!
so is 7.1.1 safe?
Yes.
Good luck with fixing your own devices though.
my 6 year old galaxy 12.2 pro tablets will be an issue. oh well I use it mostly for kindle. that large screen rocks.
IceRaven should also have it’s own certificate store, as it is a fork of Firefox, I’ve been following it’s development since the very beginning, and I have never seen any of the developers talk about removing that feature.
People may want to double check to be sure, since Iceraven ripped out a lot of the telemetry that is in Firefox, and there is a very slight possibility that somehow the browser’s certificate store was an unintended casualty of that process, but I doubt it. The certificate store is likely still there, which means it is potentially an option for people running earlier version of Android (And, hey, if it doesn’t work, you can always uninstall it and install Firefox or whatever).
Iceraven can be obtained here:
https://github.com/fork-maintainers/iceraven-browser/releases
The brief description of what Iceraven is:
“Our goal is to be a close fork of the new Firefox for Android that seeks to provide users with more options, more opportunities to customize (including a broad extension library), and more information about the pages they visit and how their browsers are interacting with those pages.”
For those with older versions of Android, you can import the certificates manually.
Download the certificates from Let’s Encrypt here: letsencrypt.org/certificates/
And install them with these instructions: http://www.lastbreach.com/blog/importing-private-ca-certificates-in-android
I have a couple of older devices and I will try this out. The problem is having to do this manually. I bet some XDA guy will write a small app to manually pull certificates from Let’s Encrypt.
Thanks ! I was pretty sure it was possible to import a certificate and you showed it is.
oh look. a huge addition the mound of E-waste of otherwise perfectly functional devices…
you just know thats gonna happen.
I think it’s important to point out that while this article states that this involves Android 7.1.1 and older devices. Every other article I’ve seen online about this matter, including the announcement by Let’s Encrypt, states this will affect Android devices prior to 7.1.1. Subtle difference but still relevant taking into consideration this affects a substantial number of out-of-date devices still in use.
https://community.letsencrypt.org/t/transition-to-isrgs-root-delayed-until-jan-11-2021/125516
https://www.androidpolice.com/2020/11/07/many-websites-will-stop-working-on-older-android-versions-in-2021/?scrolla=5eb6d68b7fedc32c19ef33b4
https://www.neowin.net/news/lets-encrypt-certificate-switch-to-cause-problems-in-2021
Do you use Android? Which version are you on currently?
Yes, still have two Samsung Note 4’s (one as primary another as backup) as it’s the last Note to have a user-replaceable battery an invaluable feature to me. It’s on Marshmallow 6.01 but rooted so should have options when the time comes. My only real concern with it and what may determine whether I need to replace it is how long it will continue to work on my carrier’s network.
Fine. I am on 7.1.1 on my Motorola phone and have no intention of getting a new phone until 5G is available here. This goes back to my main complaint about Android. There is very limited support for the OS by the phone manufacturer beyond a certain point in time and I have no knowledge on upgrading to a newer OS.
Learning about custom ROMs on Android is very interesting, and actually installing one is very satisfying. Sure, there’s a learning curve and it requires a little bit of patience to get the hang of it..much like anything else in this world =) I do not consider myself a skilled nerd or a super-tinkerer at all, I’m a 50 year old man with too much free time and the will to google my way around. Having said that, my Motorola G5S Plus is now a completely new phone with Pixel Experience (Android 10), in fact it’s better than it ever was! I say roll up your sleeves and get a custom ROM, breathe new life into your aging gear instead of tossing it away.
And that’s why we always buy iPhone’s instead of android phones, kiddos
You get free iOS upgrades/updates even on a 2011 iPhone 4 devices ;-)
They had to show up, right?
I’d rather make car payments than be hobbled by iPhone costs.
Phones are commodities; if paying too much for a commodity, which is the antithesis of sane investing, seems like a good idea, the brainwashing is complete.
Nah. I can always flash roms to my Android phone.
Tell that to the Apple “toddlers” with a PPC (no official support) or MacBook Pro ca. 2012 with macOS (Officially limited to El Capitan if I recall correctly). ;)
I won’t even go into lack of modern browser support on these.
Apple does planned obsolescence too… so just as guilty of the comment re: “Keep consuming, goys”.
Regarding the Android OS, there might be a way to install the APK updates manually if available but haven’t tried that since the certs haven’t expired yet.
low_quality_bait.jpg
I happen to have an iPhone 4, and iOS 7 literally killed the device. Whether or not it supports some certificates it makes no difference as Apple ALWAYS kills their devices with one final update. On iOS 7 the iPhone 4 struggles to load a simple html page with little to no JS.
Meanwhile, a Nexus 4 can run Android 9 just fine and with a Chromium-based browser it loads desktop webpages perfectly, providing 60fps animations.
>tfw you used to be an iSheep
yikes, dark times of my past, questionable decisions and so on. also the phone was a gift. neveragain
@Yuliya
Funny you mention iPhone 4 and iOS 7, because my father had this problem too (with a 4S I think). Apple just straight-up refused to let his device install the new iOS, and at the same time the apps on his phone started offering him “updates” which made the apps unusable without an iOS update. This is the textbook definition of forced obsolescence.
There is no perfect model of smartphone. Apple gives you a pretty reliable and smooth ecosystem if you pay the big bucks and are ok with walled gardens, forced obsolescence, limited user control, etc. Android gives you a customizable operating system that offers the possibility of deep control but also leads to a messy update process and potential incompatibilities. This is why I just can’t justify paying too much money for a phone, whether it’s Apple or Android.
No control / no choice, you have to run what Apple wants you to run, no matter what. Custom ROMs support phones long enough.
My main concern is IoT Smart devices. Is there a way Martin to see the certificates on such devices, Martin?
Most important websites/services use a commercial certificate, so in worst scenario you’re blocked from reading a blog. Nothing critical about that.
Damn! If this is true, then Google Fi’s first phone, the Nexus 6 will be toast…… unless that Chrome hack works. Good money soon to go down the drain.
The title is very misleading.
“Connection” is the device connected to my router via Wi-Fi.
As long as it can do that there’s no issues with the “connection”.
If there was a problem connecting with the play store or for apps like youtube or pandora connecting with thier servers, that would be an issue.
As for connecting to webpages using a mobile browser, I myself would rather have sex with meat grinder as it would be far less painful. So if that don’t stops working, I don’t care.
And yes, we have 2 devices running 7.1.1.
Keep consuming, goys
Nice 4channer shitpost, bro.
@Anonymous:
How do you know we’re goys? Was it the bacon-wrapped shrimp that gave us away? :-)
All typo-based joking aside, I’m apparently on 8.1 (I had to check) on my Moto G5S Plus (I had to check), but I would have resisted getting a new phone because of this looming incompatibility regardless. I’m not an upgrade whore. That’s just so … goyishe. ;-)
(Damn. I shouldn’t have written about bacon-wrapped shrimp. Now I’m getting hungry.)
@Peterc
Moto G’s are hidden gems. More than good enough and priced right.
Especially the G5sPlus, a freak model that is closer to their high end phones and barely resembles other G’s. We have two of them.
Even my Nexus 4 runs Android 8.1 :)
I remain on 6.0.1 and have no intention of upgrading my phone until 5G has far greater coverage.
Given “..that about a third of all Android devices are on that (7.1.1) version or earlier versions of the operating system” I would expect Chrome to be adequately upgraded prior to September 2021.
yes but if chrome use it’s own root store, the webstore app not, so some app will stop to work