After Let's Encrypt , the next to come is Hongkong Post Root CA . For users in HK, the impact is even larger because it is not supported by the following OS. It is affecting web browsers and app. Android 10 and below macOS iOS, iPadOS, watchOS, and tvOS Starting from Android 7.0 (API 24), developers could add a network security configuration file to configure a custom CA . Developer could also learn the best practices about Security with HTTPS and SSL from developer.android.com.