CT log V2 issue for commercial use on Android, VERT URGENT
203 views
Skip to first unread message
方一格
Jan 5, 2026, 2:22:53 AM (2 days ago) Jan 5
to certificate-transparency
Hi all,
We recently noticed that our company’s commercial Android devices are facing a serious issue with CA certification checks related to Certificate Transparency (CT) through the third‑party library at https://github.com/appmattus.
Background
In 2021, our commercial android system and applications integrated CT mechanisms via appmattus. Since then, we have not actively tracked updates and unfortunately missed the deprecation notice for CT v2.
We recently noticed that our company’s commercial Android devices are facing a serious issue with CA certification checks related to Certificate Transparency (CT) through the third‑party library at https://github.com/appmattus.
Background
In 2021, our commercial android system and applications integrated CT mechanisms via appmattus. Since then, we have not actively tracked updates and unfortunately missed the deprecation notice for CT v2.
These applications are preloaded in the ROM, making it impossible to update or override through standard installation methods. In addition, many of these devices (purchased by our business partners) have been stored in warehouses, which will make updates solutions even more impossible.
After evaluation, We believe a significant number of devices (potentially millions) may face a high risk of activation failure and disruption to normal operation due to CT v2 deprecation, with no effective feasible recovery path. This could result in substantial losses for our company.
After reviewing prior discussions, we understand Google’s updated CT policy and we are willingly to complying with it. However, the situation is extremely urgent: the relevant HTTPS certificates are scheduled for renewal in April. Without intervention, millions of our devices in market or stored in warehouse will face a large‑scale disruption or other issues.
Request
To mitigate this risk and give us time to permanently resolve our dependency on CT v2, we kindly request that Google updates the CT v2 log list(https://www.gstatic.com/ct/log_list/v2/log_list.json) to align with the CT v3 log list (https://www.gstatic.com/ct/log_list/v3/log_list.zip).
This would be the most reliable and immediate way to prevent device failures while we complete a full migration away from CT v2 and remove the dependency on the appmattus library.
We look forward to your reply.
Kind regards,
Ethan
On behalf of our company
Joe DeBlasio
Jan 5, 2026, 6:25:02 PM (2 days ago) Jan 5
to certificate-...@googlegroups.com
(For those subscribed to certificate-...@googlegroups.com, but not to ct-p...@chromium.org, please note that I responded on the other list.)
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/certificate-transparency/6162fc03-1648-43f0-8a73-40f1799a45efn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages