On 30th September 2024 we will no longer be able to support TLS/SSL/HTTPS connections with devices running Android 7.0 (and earlier).
This is due to our TLS certificate provider, Let’s Encrypt, ending support for legacy Android versions on that date.
Android 7.0 was released in August 2016 and received its last security update in August 2019. Android 7.1 (October 2016) and all newer versions of Android continue to be fully supported.
Our internal API usage stats show that in August 2024, less than 1% of Android requests to our APIs come from these legacy versions of Android. However, we thought it might be useful if we provided a full technical explanation here.
Let’s Encrypt are a Certificate Authority (CA), and they are the biggest provider of TLS certificates in the world (you can read their wikipedia page for more).
Their root certificate (known as ISRG Root X1) is installed and trusted on pretty much all operating systems and browsers, including Android from version 7.1.1 onwards. However, on very old Android versions, the Let’s Encrypt root certificate was not yet included in the Android trust store. Instead, Let’s Encrypt offered a version of their root certificate cross-signed by another Certificate Authority, which had been originally included in the trust store.
You can read more details about the cross-signing at https://letsencrypt.org/2023/07/10/cross-sign-expiration
Let’s Encrypt stopped distributing this cross-signed certificate by default in February 2024, and entirely in June 2024. However, we’ve kept a copy ourselves, so that we could extend support for just a few months longer. We send this extra cross-signed certificate with every TLS response from our APIs. This special cross-signed certificate is the one that’s finally expiring on September 30th 2024.
We use Let’s Encrypt to provide our TLS certificates, which are used on all TLS/SSL/HTTPS connections to our APIs. We get a fresh TLS certificate from them every 60 days, which are ultimately signed by their root certificate. Since it’s one of their root certificates that’s expiring (specifically, the ISRG Root X1 cross-signed by DST Root CA X3), it’s not something that we can control.
We’ve analyzed our internal API usage stats, and the vast majority of our customers are completely unaffected - they simply have no requests to our APIs coming from these legacy Android versions. We’ve reached out to a small number of our customers by email, whenever we can detect requests from their users that would be affected.
We’re also planning a short “brown-out” period. From the 23rd September we will disable legacy Android support for short periods, of a few hours each day. We’ll do this by removing the soon-to-expire cross-signed certificate from our TLS responses. This is in order to alert any remaining users to the upcoming end of support.
Yes, Loads. As described above, Let’s Encrypt are the biggest provider of TLS certificates in the world. Every site that uses Let’s Encrypt will also end support for legacy Android this year, if they haven’t already. Since Let’s Encrypt have already phased out their cross-signed certificate, anyone using an old Android device will have already found that many thousands of sites have stopped working, starting from February 2024 - we had to take additional technical measures to extend support until now. So large parts of the internet will already be no longer be accessible from these legacy devices. It won’t be a surprise to users of these devices when more sites stop working too.
In general, we don’t recommend or encourage using unsupported operating systems on the internet. These devices likely have many unpatched security vulnerabilities. We would encourage your users to upgrade their device to a version of Android that is receiving regular security updates.
However, there are still a few options available, if you want to extend support to legacy Android yourself.
If you are providing our maps on your website, then you have a couple of options:
ISRG Root X1 root certificate for Let’s Encrypt.If you are providing our maps using an Android app, then you have several additional options:
If you have any questions about anything on this page, please contact us for further support.