Users of Old Android Devices Could Face a Serious Root Certificate Problem in 2021

The Android fragmentation problem is about to create a significant problem in 2021 as some older devices will have trouble displaying websites using Let’s Encrypt certificates.

While Android occupies around 70% of the market, it does so with an important caveat. It’s not a single version of the operating system that’s responsible for the spread, but countless variants. Simply put, the entire market is divvied up among numerous Android versions, most of which are no longer supported.

The most moderns online services today include root certificates from recognized authorities, and “Let’s Encrypt” is one of them. In fact, it’s been around for a few years, which means that there should have been ample time for everyone to implement support. But it’s difficult to anticipate how many people still use very old devices that don’t support these newer certificates.

“Some software that hasn’t been updated since 2016 (approximately when our root was accepted to many root programs) still doesn’t trust our root certificate, ISRG Root X1,” said Let’s Encrypt. “Most notably, this includes versions of Android prior to 7.1.1. That means those older versions of Android will no longer trust certificates issued by Let’s Encrypt.”

It’s easy to get the impression that few old devices are still in circulation, but there are a lot more than we imagine. Let’s Encrypt estimates 33.8% of all devices out there will soon experience certificate errors.

A long-term solution is still in the works, but site owners have a temporary fix, allowing them to serve an alternate certificate chain for the same certificate that leads to DST Root X3 and offers broader compatibility. But eventually, site users might have to display banners informing users of incompatibilities or installing other browsers that might not face the same issues.

The most straightforward solution for some Android users would be to install Firefox Mobile, which ships with its own list of trusted root certificates, although that version only supports Android 5.0 and up.