> Let’s Encrypt, is discontinuing support for Android ... 7.1.0 and earlier.
> beginning April 15, 2024, Android 7.1.1 will be the earliest supported Android OS for all OverDrive apps and websites, including Libby.
This change was already delayed from 3 years ago as Let’s Encrypt found a workaround back then [1]. Too bad they aren’t delaying it anymore. Good bye to my old tablet for library ebooks.
(There are Android compatibility changes that will affect anybody using Let's Encrypt certificates which are consumed by older unsupported Android devices.)
This might be cold solace, but there now exists a plethora of cheapish e-Ink tablets that are running newer Android. I have a Boyue Likebook and love it for reading ebooks, much nicer than traditional screen and runs Libby etc. although I mostly use Z-lib.
Much like you I hate to see my old devices waste away in a drawer so hope you find a use for it.
Wow, I didn't realize that older versions of Android (and possibly current versions?) didn't let you install root certificates without rooting it. IIUC iOS does let you install whatever root certificate you want with multiple confirmations/password prompts and it doesn't require authenticating every time it's going to use it.
You can install CA certs on current versions without being rooted. For Android 14 on a Pixel 6a:
Security & Privacy -> More
Security & Privacy -> Encryption & credentials -> Install a certificate -> CA certificate
This works for Chrome and any app that uses the system cert store. I've used it for self-hosted services for several years. Don't know when it was first added.
Unfortunately this installs it as a user cert and only works for app that explicitly request it. To work everywhere you need to install it as a system cert which requires root
Interestingly ios (which is generally more locked down for dev stuff like this) allows users to install certs for all apps without jailbreak
From memory, you definitely were able to install root certs pre-7.0ish but that functionality was removed, presumably to stop users from running man in the middle proxies and sniffing app traffic.
A huge irony in that alongside all the talk of conservatism, iOS provides much more user flexibility in this area of all things, and something that keeps me using the ecosystem.
You can still load root certs but as mentioned, it requires rooting your Android device. Some apps do have certificate pinning but the majority I would bet don't
It's not a matter of "not wanting to handle it", it's that 7.1.1 is the oldest Android version with an unexpired root certificate that Let's Encrypt can use (my language may be a little bit sloppy here).
If you want to be more precise, you could say "a root certificate that Let's Encrypt will be able to use to build an unexpired trust path after September 2024" (because of the fact that Android doesn't enforce expiration of roots, but does enforce expiration of certificates signed by them).
> beginning April 15, 2024, Android 7.1.1 will be the earliest supported Android OS for all OverDrive apps and websites, including Libby.
This change was already delayed from 3 years ago as Let’s Encrypt found a workaround back then [1]. Too bad they aren’t delaying it anymore. Good bye to my old tablet for library ebooks.
[1]: https://android.stackexchange.com/questions/231025/lets-encr...
https://letsencrypt.org/2023/07/10/cross-sign-expiration.htm...
(There are Android compatibility changes that will affect anybody using Let's Encrypt certificates which are consumed by older unsupported Android devices.)
- Android devices which needed the cross-sign compatibility dropped to 6.1%.
- “dropping the cross-sign will reduce the number of certificate bytes sent in a TLS handshake by over 40%.”
- “it will significantly reduce our operating costs”
Too bad for those who use their old Android devices to access the public library and can’t afford to upgrade.
It’s not ideal, but using Firefox Mobile to access Libby web app should still work?
Much like you I hate to see my old devices waste away in a drawer so hope you find a use for it.
In fact, I'd even argue that not having root means you don't own it.
That's a rental, not a sale.
And I'd argue that under FTC rule, that's illegal.
Security & Privacy -> More Security & Privacy -> Encryption & credentials -> Install a certificate -> CA certificate
This works for Chrome and any app that uses the system cert store. I've used it for self-hosted services for several years. Don't know when it was first added.
Interestingly ios (which is generally more locked down for dev stuff like this) allows users to install certs for all apps without jailbreak
A huge irony in that alongside all the talk of conservatism, iOS provides much more user flexibility in this area of all things, and something that keeps me using the ecosystem.
You can still load root certs but as mentioned, it requires rooting your Android device. Some apps do have certificate pinning but the majority I would bet don't
https://letsencrypt.org/2023/07/10/cross-sign-expiration.htm...