Android : add cert to system store

gistfile1.txt

https://code.google.com/p/android/issues/detail?id=32696#c5

If you have a certificate that is not
trusted by Android, when you add it, it goes in the personal cert store.
When you add a cert in this personal cert store, the system requires a
higher security level to unlock the device. But if you manage to add your
cert to the system store then you don't have this requirement. Obviously,
root is required to add a certificate to the system store, but it is quiet
easy.


Here is how to do it :
1 - add your cert normally, it will be stored in your personal store and
android will ask you a pin/password... Proceed
2 - With a file manager with root capabilities, browse files
in /data/misc/keychain/cacerts-added. You should see a file here, it's the
certificate you have added at step 1. If you can not find it in that path, look in /data/misc/user/0/cacerts-added/

3 - Move this file to system/etc/security/cacerts (you will need to mount
the system partition r/w)

4 - Reboot the phone

5 - You are now able to clear the pin/password you have set to unlock the
device.

I Think that this will only work for Root or Intermediate CA.

I got the idea by reading this :

http://nelenkov.blogspot.fr/2011/12/ics-trust-store-implementation.html

@Sudo989 No.

I adopted the Adguard module and wrote Cert-Fixer for installing custom CA certificates.

The module copies user certificates installed on the phone to system certificate store during boot. I've tested and verified it on an AVD emulator Pixel 8, Android 15 (API 35) and Pixel 8, Android 14 (API 34).

No intense testing was done on this. So if you get an error, copy the logs from /data/local/tmp/cert-fixer.log and ping me.