Gravity Blog

Home / Blog / Android Phones vs. The Modern Internet

Android Phones vs. The Modern Internet

Is your Android phone running an Android version older than 7.1.1? Come mid January 2021*, you're going to have a hard time getting to about 34% of the internet. If you want to check now to see if your device is affected, go to the Let's Encrypt test page

The Cause

You may have noticed over the last number of years, that more and more sites and services have moved from the unsecured internet (http, ftp etc) to secure versions of that (https, ftps/sftp, etc). The underlying linchpins for these secure transmissions are Secure Certificates. These Secure Certificates as a group make up a chain of trust between a website or service all the way back to a Certificate Authority (CA) who is ultimately trusted by the operating system (or program).

The companies that issue certificates aren't always CA's. Their certificate has authority passed down to it from the CA, which makes it valid and useful. (Sometimes through an intermediary issuing company.)

One of the highly used Certificate Issuers, Let's Encrypt, stated in a post this month that they've has reached a point where they're going to stand on their "own two feet" and change their structure of certificates behind the scenes to use their own Root Certificate, rather than piggybacking off another peer's trust (IdenTrust). In doing this, all software that doesn't recognise the Root Certificate (issued in 2016) will just assume it's dodgy and throw warnings or deny connections.

On December 5 2016, Android 7.1.1 was released, and was the first Android version to include the Let's Encrypt Root Certificate. And as noted above, if your device doesn't include that certificate, you will face issues connecting to about 34% of the internet. (Not to mention any other issues you might face having not updated your device in the last four years.)

"Currently, 66.2% of Android devices are running version 7.1 or above. The remaining 33.8% of Android devices will eventually start getting certificate errors when users visit sites that have a Let's Encrypt certificate." Let's Encrypt said in their post.

The Stat Counter website shows that almost 14% of Australian Android devices seen on the internet in the last twelve months fall into this group, and will all be affected.

The Solution

The obvious solution is to upgrade your device. However, if you can't bring yourself to do that, there is another solution (for websites). Firefox. Unlike other browsers which rely on the platform they're installed on for this, Firefox contains it's own set of trusted certificates, encryption libraries and ciphers. Which means you can essentially drop it on any device and connect to a modern internet. However, it won't magically make your email program or other apps connect.

* This date is the revised day, the original date for change over was late September, 2020.