While new apps and features may be off-limits to your older Android phone, you might assume that you’ll continue to have unfettered internet access.
You would be wrong: Beginning in September 2021, a large number of websites will be off limits to older phones, thanks to a change in how websites are digitally signed.
As explained by Android Police, it’s all thanks to changes at Let’s Encrypt — a certificate authority used by around 30% of domains on the web. For years, its own ISRG Root X1 root certificate has been cross-signed with IdenTrust’s DST Root X3, which is present in every major operating system.
But this partnership with IdenTrust is set to expire on September 1 2021, and Let’s Encrypt has expressed that it doesn’t intend on renewing the arrangement. That means that any browsers or operating systems without the Let’s Encrypt root certificate will stop working when they encounter the third of the web that requires them.
In short, you’re out of luck if your phone runs Android 7.1 or lower.
“This does introduce some compatibility woes,” the company writes. “Some software that hasn’t been updated since 2016 (approximately when our root was accepted to many root programs) still doesn’t trust our certificate, ISRG Root X1. Most notably, this includes versions of Android prior to 7.1.1.”
This, according to Google’s own figures, means that – short of a sudden spike in OS upgrades between now and September – 33.8% of Android devices will start generating errors when they visit sites with a Let’s Encrypt certificate.
“What can we do about this? Well, while we’d love to improve the Android update situation, there’s not much we can do there,” the company writes. “We also can’t afford to buy the world a new phone.”
The company has some advice for site owners to limit the damage for older devices via an alternate certificate chain, and recommends that those that can’t afford a new Android phone install Firefox Mobile, which supports anything from Android 5.0 onwards.
“Firefox is currently unique among browsers — it ships with its own list of trusted root certificates. So anyone who installs the latest Firefox version gets the benefit of an up-to-date list of trusted certificate authorities, even if their operating system is out of date,” the company explains.
But this is, ultimately, a sticking plaster. A phone needs to access websites via more than just the web browser, and you may still end up with strange behavior as a result.
Are you affected? Android 7.1.1 was released in December 2016, so any phones bought after that are all but guaranteed to be safe, and even handsets bought in the year or so before are likely to have had a software update. If in doubt, it’s worth checking what version of Android you’re running, by digging into the system settings.
If you find that your phone is incompatible with Android 7.1.1 or later, it’s time to upgrade. The good news is this needn’t be as expensive as you think, and budget phones have improved immeasurably over the last few years. Here’s our current list of the best cheap phones you can buy.
