Internet surfers may take that little green or gold lock in the corner of their Web browser for granted. But starting Jan. 1, 2016, it might go away for a small percentage of people across the globe, and millions of users could lose access to websites because of it. It's all to do with the "SHA-1 Sunset," a phrase used by technology insiders to describe the expiration of support for a certain level of encryption. Over the next year, the algorithms older than SHA-1 level of encryption will no longer meet the trusted level of security for many websites, leaving as many as 37 million people unable to access them, according to research from Internet performance and security company CloudFlare.

Joerg Habermeier | Getty Images

It's a routine update to a Web feature called the certificate signature hashing algorithm. But the change, decided by a consortium of vendors of Internet browser software, could disproportionately affect mobile devices in the developing world.

As a result, some of the world's most vulnerable population will be left with only the selection of websites they can view without the needed safety protocols. Read MoreTen low-tech ways to protect your privacy online



Encryption, certificates and algorithms

Here's how it works, according Tim Erlin, director of IT security and risk strategy at Tripwire. When your website connects to a browser, each sends and receives data. During the encryption process, the website and browser enter into a "conversation," to use a metaphor. When they do so, they negotiate a secret, secure code to "speak" in, that's different for every conversation.

Part of the negotiation between the browser and website is to agree to use the most complex language that both parties can understand, Erlin said.

"Hackers break that algorithm," Erlin said. "Once its broken, it becomes much easier for a criminal to overhear your conversations. There should always be a plan to upgrade the algorithm because people are always looking to break it." Luckily, most people are protected from these types of hackers without any action on their part, since many websites and browsers default to encrypted versions, signified by the "s" in "https://." Indeed, if you're using an up-to-date browser, you probably were automatically upgraded to at least SHA-2 level algorithms, Erlin said.

Read MoreData encryption a 'matter of national security': Expert

Impact on the developing world

But older operating systems and browsers, such as Windows XP, may no longer support updates to newer encryption levels, said Erlin. And more encryption requires more processing power, leaving older mobile devices, mostly used in developing countries, too jammed up to handle secure browsing.

That may leave users with phones older than five years with an error message when they try to access sites that don't offer un-encrypted versions — a decision that varies for each individual site, Erlin said. SHA-2 support in Western Europe and North America is universally more than 99 percent, according to new CloudFlare research. But closer to 5 percent of Internet users in countries like China, Cameroon, Yemen, Sudan, Egypt and Libya user browsers without SHA-2 support. "When you trade in your cellphone in a country like United States, those cellphones make their way to the developing world," Matthew Prince, co-founder of CloudFlare, told CNBC's "Squawk Alley" on Monday. "And those phones are ending up in the hands of people who now won't be able to access parts of the encrypted Internet." Worldwide, a population roughly the size of California doesn't have the needed support, CloudFlare estimates. "Unfortunately, this list largely overlaps with lists of the poorest, most repressive, and most war-torn countries in the world," CloudFlare wrote. "In other words, after Dec. 31, most of the encrypted Web will be cut off from the most vulnerable populations of Internet users who need encryption the most. And, unfortunately, if we're going to bring the next 2 billion Internet users online, a lot of them are going to be doing so on secondhand Android phones, so this problem isn't going away anytime soon."

Read More On encryption, big tech isn't budging



Debate among technology companies