Google Chrome and Android drop TrustCor support following privacy scare

Google, Microsoft, and Mozilla all ditch TrustCor

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Googlehas announced that it is set to drop TrustCor Systems as a root certificate authority (CA) for itsweb browser.

The tech giant cited a “loss of confidence in its ability to uphold these fundamental principles and to protect and safeguard Chrome’s users” in agroup discussion.

Joel Reardon, a professor and mobile space privacy researcher at the University of Calgary, said that his team had “uncovered and disclosed a spyware SDK embedded in apps that were invasively tracking users”.

TrustCor root certificate authority

In a joint effort withWall Street Journalinvestigative journalists, it was found that TrustCor was registered just a month apart from the company behind the SKD, known as Measurement Systems, both in Panama.

Reardon points out in his notice:  “To be clear, I have found no evidence of TrustCor issuing a bad certificate or otherwise abusing the authority they have in code signing, SMIME, and domain validation… Perhaps the identical ownership of TrustCor and Measurement Systems is a coincidence.”

Beyond this, there are a number of unfortunate, related coincidences that have led companies likeMicrosoftand Mozilla to drop TrustCor as a root CA, too.

These are the best VPN services around>Google Chrome is reportedly riddled with security issues>The company that verifies safe websites in your browser works for the US government

The change is set to take effect with the rollout of Chrome 111, which is set to land on March 7, 2023, following a beta release around one month before. Previous versions of Chrome capable of receiving component updates will also be included in the change.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Just how long we’ll have to wait for the change to make its way to Android devices is uncertain. Unlike Chrome for desktop, which can be tweaked by itself, Android’s root certificate is updated as part of the entireoperating system, which is likely to cause a delay.

While some apps, like Firefox for Android, can configure their own set of CAs on top of the operating system’s root store, this isn’t the case with Chrome.

While tech giantAppleis yet to announce any decision that it will make, TrustCor has published a public statement on itswebsite.

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

TP-Link Archer BE3600 Wi-Fi 7 Router review

Ulefone Armor Pad 3 Pro rugged tablet review

3 questions to ask before buying a robot vacuum in the Black Friday sales