Google Chrome and Android drop TrustCor support following privacy scare

A padlock against a black computer screen.

(Image credit: Pixabay)

Google has announced that it is set to drop TrustCor Systems as a root certificate authority (CA) for its web browser.

The tech giant cited a “loss of confidence in its ability to uphold these fundamental principles and to protect and safeguard Chrome's users” in a group discussion.

Joel Reardon, a professor and mobile space privacy researcher at the University of Calgary, said that his team had “uncovered and disclosed a spyware SDK embedded in apps that were invasively tracking users”.

TrustCor root certificate authority

In a joint effort with Wall Street Journal investigative journalists, it was found that TrustCor was registered just a month apart from the company behind the SKD, known as Measurement Systems, both in Panama.

Reardon points out in his notice: “To be clear, I have found no evidence of TrustCor issuing a bad certificate or otherwise abusing the authority they have in code signing, SMIME, and domain validation… Perhaps the identical ownership of TrustCor and Measurement Systems is a coincidence.”

Beyond this, there are a number of unfortunate, related coincidences that have led companies like Microsoft and Mozilla to drop TrustCor as a root CA, too.

> These are the best VPN services around

> Google Chrome is reportedly riddled with security issues

> The company that verifies safe websites in your browser works for the US government

The change is set to take effect with the rollout of Chrome 111, which is set to land on March 7, 2023, following a beta release around one month before. Previous versions of Chrome capable of receiving component updates will also be included in the change.

Just how long we’ll have to wait for the change to make its way to Android devices is uncertain. Unlike Chrome for desktop, which can be tweaked by itself, Android’s root certificate is updated as part of the entire operating system, which is likely to cause a delay.

While some apps, like Firefox for Android, can configure their own set of CAs on top of the operating system’s root store, this isn’t the case with Chrome.

While tech giant Apple is yet to announce any decision that it will make, TrustCor has published a public statement on its website.

These are the best privacy tools and anonymous browsers around

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!