Android is planning to follow Chrome's lead and will stop trusting Symantec-issued certificates in a future update. Our current plans are not to do this in P, but you should see the removal in a future platform version.
-bri On Thu, May 10, 2018 at 5:07 PM Campbell Moss <campbell.m...@gmail.com> wrote: > Regarding the Symantec SSL cert distrust that was announced in September > 2017 ( > https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html) > > > > Clearly this affects the Chrome browser, but I was wondering what impact > if any there will be on Android native apps. Specifically: > > - HTTPS connections initiated by native Android apps > (HttpsURLConnection etc.) > - Webview components (android.webkit.WebView etc.) > > > > I’ve looked through the documentation but can only find information on the > Chrome browser. Is there any information on if / when Android native HTTPS > APIs will start rejecting Symantec-issued SSL certs? > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to android-security-discuss+unsubscr...@googlegroups.com. > Visit this group at > https://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. Visit this group at https://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
