So, this may be G-custom OS specific, or Android generally.

I was looking through the security settings, and when going to Settings-Security-More-Encryption and Credentials, I see that there are a plethora of CA Root certs installed. I recognize some (Digicert, Comodo, etc), but there are a lot that are just numbers and letters, and some from Beijing China, etc.

I don’t recall ever installing ANY certs, so I suppose these are all preinstalled (they show under the System tab, not the User tab.)

Can they be installed by regular apps?

I disabled any that weren’t recognizable like Amazon, Google, Digicert, and Comodo.

Are these dozens of other Certs necessary, and are they safe to be on my device? Are they preinstalled with G-Custom OS, or did they somehow sneak into my system settings?

I have too much to do a factory reset at this point and it would only be a last resort.

I also have Mullvad, Proton, and a personal WG vps on my phone, would those add certs to the “storage”?

I know I named brands in here but I’m not promoting anything, I don’t want to break something making changes, that’s all.

Thanks in advance.

  • ᴅᴜᴋᴇᴛʜᴏʀɪᴏɴOP
    link
    English
    18 months ago

    I never got a real answer, other than “don’t mess with the certs”.

    So I eventually found the list of certs included in base Android, and the Beijing ones are included. I don’t need certs from the CCP.

    I disabled all cert CA’s except for Amazon, Comodo, D-Trust, Digicert, Microsoft, Google, ISRG, and a few others that I’ve heard of previously.

    I have not noticed any difference, but will add a reply here in the event that I do have issues.

    It seems to me that dozens of these CA’s are not necessary, and they allegedly can pay Google to be included in the default configuration.