Problem with adguard cert magisk module

[terrytw]

• [x] I am running the latest version
• [x] I checked the documentation and found no answer
• [x] I checked to make sure that this issue has not already been filed

Issue Details

• AdGuard version:
  • 3.6.8
• Filtering mode:
  • Local VPN
• Device:
  • Oneplus 5T
• Operating system and version:
  • 10.0
• Root access:
  • Yes

There is a serious problem with utilizing adguardcert module. I understand you used zygisk exclude list to exclude chrome from being affected by adguardcert, which mean for chrome, it only sees the adguard cert in user store not the system store (please correct me if I'm wrong) However that also mean all the other apps in the zygisk exclude list are affected the same way. They only see adguard cert in user store, and they do not accept it. And there are a lot apps that I put in the zygisk exclude list simply because I do not want them to be affected by other magisk modules, because they would refuse to work if they detect presence of root privilege.

[maxikuzmin]

@terrytw zygisk works by default for all applications. Our code automatically enables "invisibility" for browsers, but not for other applications (since the module is needed for system-wide HTTPS filtering). But if some applications break, you can really exclude them.

[terrytw]

Hi, thanks for the response.

The problem is that, I have to exclude some apps, like a banking app using zygisk exclude list because otherwise it will trigger some safety flag and I am not allowed to use it. However, if said banking app is in the exclude list, it will not accept the adguard certificate anymore.

Also I need to clarify I use shamiko: https://github.com/LSPosed/LSPosed.github.io/releases

[maxikuzmin]

@terrytw yes, you need to disable HTTPS filtering in Adgard for such applications to work properly

[terrytw]

Thank you again.

To me the current implementation of adguardcert feels more like a bandage instead of a proper solution.

I really hope something could be done to change the situation. I do understand it probably takes a lot of work and may not be on the top of adguard team's priority.

If the team deems this a minor issue that won't be fixed within the foreseeable future, please close this issue.

[maxikuzmin]

@terrytw yes, we have a solution to this in our plans, but it's hard to talk about a timeline right now. We understand that for some people using magisk there may be a similar inconvenience. For now, the only thing left to do is to use the bandage (disable HTTPS filtering).

[terrytw]

@maxikuzmin Hi I just saw the blog post about 4.0 and the potential of a proper solution using a second intermediate certificate. I guess this is the solution you mentioned. Is there an ETA right now for the delivery of this feature?

[Extreme-Icer]

@maxikuzmin what about adguard magisk cert module update? currenct version seems not move cert to system partition,maually move to system can use full https fliter but some app says they not trust this cert,refresh can solve.so adguardteam need update zygisk module