This store, in case you're not familiar, differs significantly from Android system-wide certificate store, and since Android 7 (Nougat, released in 2016) it's been impossible to install any CA certificates into the system store without fully rooting the device. That only applied to the user certificate store. It wasn't possible to do accidentally, and it was hard to trick users into accepting these scary prompts (although probably not impossible). These certificate trust prompts came with a variety of loud warnings & confirmations, and mandated setup of a device pin or other screen lock before you could complete them, if one wasn't already set. Similarly, the operating system would offer to trust a CA certificate if one was manually opened on the device from the filesystem. Until now, an app could ask a user to trust a CA certificate in the user certificate store (but not the system store), using the Ke圜hain.createInstallIntent() API method. Let's dig into the details: How did Android CA certificate management work until now?
There's a balance here to manage, and I'm not sure Android has made the right choice. That said, there are many legitimate use cases where you want to be able to choose which CAs you trust, and that just got much harder.
Protecting users from themselves is absolutely necessary here, and it's a hard problem. To be clear, carefully managing the trusted CAs on Android devices is important! Adding a CA should not be easy to do by accident or unknowingly. The only way to install any CA certificate now is by using a button hidden deep in the settings, on a page that apps cannot link to.
Nonetheless, it's also something that power users might want to configure, for Android testing, for app debugging, for reverse engineering or as part of some enterprise network configurations.Īndroid has tightly restricted this power for a while, but in Android 11 ( released this week) it locks down further, making it impossible for any app, debugging tool or user action to prompt to install a CA certificate, even to the untrusted-by-default user-managed certificate store. That's a lot of power, and the list of trusted authorities is dangerous to mess around with.
Your trusted Certificate Authorities (CAs) are the organizations that you trust to guarantee the signatures of your encrypted traffic and content.
0 kommentar(er)
