From ba9340ab8e96d0864575db2745857a942c10c251 Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Sat, 22 Jun 2019 12:10:50 +0200
Subject: [PATCH] Updated FAQ

---
 FAQ.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/FAQ.md b/FAQ.md
index 529e5d4c02..a0054ad450 100644
--- a/FAQ.md
+++ b/FAQ.md
@@ -277,6 +277,9 @@ Invalid security certificate (*Can't verify identity of server*): you should try
 because invalid security certificates are insecure and allow [man-in-the-middle attacks](https://en.wikipedia.org/wiki/Man-in-the-middle_attack).
 If money is an obstacle, you can get free security certificates from [Let’s Encrypt](https://letsencrypt.org).
 
+Note that older Android versions might not recognize newer certification authorities like Let’s Encrypt causing connections to be considered insecure,
+see also [here](https://developer.android.com/training/articles/security-ssl).
+
 IMAP STARTTLS: the EFF [writes](https://www.eff.org/nl/deeplinks/2018/06/announcing-starttls-everywhere-securing-hop-hop-email-delivery):
 "*Additionally, even if you configure STARTTLS perfectly and use a valid certificate, there’s still no guarantee your communication will be encrypted.*"