Changes to Trusted Root Certificates in Android 8.0 Oreo
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Changes to Trusted Root Certificates in Android 8.0 Oreo

Amazon’s CA Now Trusted By Android; 155 Trusted Roots in Total

The latest version of Google’s snack-food-named mobile OS was released this week (on August 21st).

While most Android users are excited about new emojis, picture-in-picture app support, and better performance, I bet you can guess what we are most excited about. That’s right, root certificate changes!

With this release, six roots were added and six were also removed – leaving the total number of trusted roots at 155. The most notable additions were four root certificates for Amazon’s new CA..

Android 8.0 also removes support for SSL 3.0, an aging version of the protocol which ‘killed’ three years ago by the POODLE vulnerability.

Roots Added

Root Name Owner Key Signature Expires
Amazon Root CA 1 Amazon RSA 2048-bit SHA-256 Jan 17, 2038
Amazon Root CA 2 Amazon RSA 4096-bit SHA-384 May 26, 2040
Amazon Root CA 3 Amazon ECC 256-bit ECDSA SHA-256 May 26, 2040
Amazon Root CA 4 Amazon ECC 384-bit ECDSA SHA-384 May 26, 2040
LuxTrust Global Root 2 LuxTrust RSA 4096-bit SHA-256 Mar 5, 2035
AC RAIZ FNMT-RCM Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) RSA 4096-bit SHA-256 Dec 31, 2029

Note that the Starfield Class 2 Certification Authority root, which was previously owned by GoDaddy, was sold to and has been operated by Amazon since June 10th, 2015. This root has been trusted on Android for many versions. Amazon’s roots are cross-signed by this root certificate to enable trust on older devices.

Roots Removed

Root Name Owner Reason for Removal Expires
Buypass Class 2 CA 1 Buypass Expired Oct 13, 2016
Juur-SK AS Sertifitseerimiskeskuse (SK) Expired Aug 26, 2016
EBG Elektronik Sertifika Hizmet Sağlayıcısı E-Tugra Expired Aug 14, 2016
IGC/A Government of France (ANSSI, DCSSI) CA requested removal Oct 17, 2020
RSA Security 2048 V3 RSA (EMC) CA requested removal Feb 22, 2026
Root CA Generalitat Valenciana Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) CA requested removal July 1, 2021
Be the first to comment

Leave a Reply

Your email address will not be published. We will only use your email address to respond to your comment and/or notify you of responses. Required fields are marked *

Captcha *