Security News > 2023 > February > Google's big security cert log overhaul broke Android apps. Now it's hit undo
Google this week reversed an overhaul of one of its security-related file formats after the transition broke Android apps.
In November, 2021, Google announced changes to the format of its Chrome Certificate Transparency log list file and, in August, 2022, notified developers whose apps might be affected that it would stop publishing legacy log list files on October 17, 2022.
A certificate transparency log is an append-only public ledger of newly issued security certificates trusted for things like HTTPS encryption.
Google vacuums up these logs from certificate authorities, and publishes this consolidated record as the Chrome Certificate Transparency log.
When the deadline arrived on Wednesday, February 15, 2023, apps relying on the Chrome log and not expecting the new format broke.
Joel Oughton-Estruch, engineering manager for finance app maker TrueLayer, also sent out a plea for a Google rollback: "We missed this announcement and this change has caused SSL failures across all our Android Apps on end user devices."
News URL
Related news
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- CERT-UA warns against “security audit” requests via AnyDesk (source)
- CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits (source)
- Google blocked 2.36 million risky Android apps from Play Store in 2024 (source)
- Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)