Doesn't work with Android 14 beta 3

[Skalt18]

Module hasn't any effect.

[themerror]

The same problem. Actually, the cert file has been copied to /etc/security/cacerts successfully. However, it won't appear in the settings app, which means that the system won't trust it.

[Skalt18]

I believe I find the problem. From: https://www.esper.io/blog/android-14-updatable-certificates "Currently, Android loads root certificates from files stored under /system/etc/security/cacerts (left). After this change, Android will first check if the directory /apex/com.android.conscrypt/cacerts exists, and if so, will load root certificates from there. If it doesn’t, then Android will fall back to the usual system location. (right)Type image caption here (optional)" So the module need to change the directory for A14.

[steupz]

In nightly builds, using Android 13, the certificate is transferred to System store but Adgaurd shows Personal CA can be moved

[Rtizer-9]

A well-known http request interceptor has put out a blog post titled : Android 14 blocks all modification of system certificates, even as root.

Author of an old root for Android rejects the claims on Hacker News thread though

HN post : https://news.ycombinator.com/item?id=37391521

Comment of that old root author: The title is, and forever will be wrong. When we say you're root in Android, you're actually root. You can actually do whatever you want

[pimterry]

Hi! I'm the original author of the above post. I've just published an update: https://httptoolkit.com/blog/android-14-install-system-ca-certificate/.

I'm not sure if it'll work for your needs here, but there's two techniques in there that do now provide working CA certificate injection on Android 14.

[Rtizer-9]

@pimterry Great work. Hopefully now the certificate headache is gone.

[sfionov]

@pimterry Thank you for information, it really helped.

I've created pull request with working solution.

I didn't include nsenter part (since module is applied before final boot phase) but tmpfs part was useful.

I noticed that magisk just ignores module overrides with /apex path, so this workaround may not be needed with future Magisk releases if they change this policy.

[Rtizer-9]

@sfionov I hope both root detection and kernelsu compatibility will also be taken of in the newer release. The previous beta4 already works perfectly with ksu.

[sfionov]

v2.0-beta5 is released

https://github.com/AdguardTeam/adguardcert/releases/tag/v2.0-beta5