Hacker News new | past | comments | ask | show | jobs | submit login

They propose to install Firefox to work around the root certificate problem on old android devices. But can’t you just manually install their root certificate on most phones?



It probably looks a lot less sketchy to your users to tell them to install a browser they've probably heard of and may have used in the past than install a root certificate. Plus, that doesn't fix the problem of other certificates expiring, only extends it.


>Plus, that doesn't fix the problem of other certificates expiring, only extends it.

Although I agree fully on the sketchiness part, installing the root is a fix.

ISRG Root X1 expires in 2035. Not one of these problematic Android devices will be online anymore.


But to have the whole modern web work you'll need to install more than one root.


I'm not sure if it's the same on older versions, but on recent Android versions, that requires a rooted device.


Interestingly, it appears to be back in 11. You are right it wasn't possible for some set of versions, not sure how far you have to go back for it to be possible again.

They appear to have added it back with a big warning screen similar to what they do for VPNs and stuff telling users it could compromise them, which is reasonable. It was a pain you couldn't before.


I see you've guessed why I'm on Android 7! The updater refuses to work if you have su.apk in your system directory. Can't simply ignore that file now, can we?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: