Users of Android devices that run Android 7.1.1 and older will soon have more problems than the usual security holes they had to deal with until now. Let’s Encrypt, the non-profit certificate authority, has published a notice to warn these users about an imminent web browsing trouble they’re about to get. More specifically, the DST Root X3 root certificate is set to expire on September 1, 2021, less than a year from now, and the ISRG Root X1 is to be the only valid one from then on.
Android devices older than 7.1.1 haven’t been updated since 2016 when the “X1” was released, so they still rely on the root certificate that’s about to expire. This practically means that visiting websites using trust certificates issued by Let’s Encrypt will generate warnings and access problems, so the browsing experience will get choppy and capricious without a good reason. Users will be attempting to visit perfectly safe and signed websites, yet they will have trouble doing so.
If you think that this concerns a small percentage of Android users, you are mistaken. According to Android’s developer portal stats, roughly one-third of all Android devices out there are running 7.1 (Nougat) and older, so approximately 750 million users will start getting certificate warnings next year. This brings the problem with Android updates at the forefront once again, which is one that Google has failed to resolve all these years.
Android devices perfectly capable of staying operational are abandoned by Google and their manufacturers, left unsupported, and only good for the dumpster. Considering the environmental implications of throwing smartphones away (they’re not designed for recycling) and buying new ones that are set to “expire” in three years is outrageous.
If you’re still sporting an old Android device, there are two things you can do after September 1, 2021. First, installing Firefox would help because the open-source browser comes with its own set of root certificates, so you will be free to browse the web without much trouble. The second thing you can do is install an Android distribution like LineageOS, which is currently based on Android 10, and so it comes with recent security and privacy features as well as an up-to-date set of root certificates.