Always Trust User Certs

This powerful module is designed to easily add all user-installed certificates to the system’s main certificate store. The main goal of this process is to make sure that the user-added certificates are automatically recognized and trusted when building a secure trust chain for all applications. By moving user certificates to the system level, this module gets rid of the need for developers and security analysts to manually add the network_security_config property to an application’s manifest. This is a universal solution, especially for keeping an eye on encrypted traffic from third-party apps where changing the source code isn’t possible. By making sure that all custom certificates are trusted throughout the system, it makes security analysis, corporate network access, and advanced development workflows easier.

Key Capabilities

This module has a lot of features that make it easy to use and work with a wide range of Android devices and settings.

• Full support for multiple users: The module is designed to work perfectly in environments with more than one user. It makes sure that certificate trust is correctly shared between all user profiles on a single device without any problems.
• Compatibility with Broad Root Framework: It works well with the most popular and up-to-date root solutions, like Magisk, KernelSU, and the new KernelSU Next, so it will work on a wide range of customized devices.
• Support for Adaptive Systems: It can tell if a device is running with or without modern Mainline/Conscrypt updates, which makes it work with all devices and protects it for the future.

Adaptive Certificate Path Handling

The location of the system’s trusted certificate store can vary significantly depending on your device’s Android version and its Google Play Security Update level. In older or non-updated systems, certificates are typically stored in /system/etc/security/cacerts. However, with the introduction of Project Mainline, Google modularized core components, and on updated devices, the Conscrypt security provider manages its own certificate store located at /apex/com.android.conscrypt/cacerts/. This module expertly handles both scenarios. It automatically detects the correct system path on your specific device, ensuring reliable operation on any version from Android 7 all the way through the anticipated Android 16 without requiring any manual user intervention.

Implementation Guide

Follow these simple steps to manage your custom certificates.

Installing Certificates

First, set up the certificate you want as a standard user certificate. To do this, you usually open the certificate file (like a .crt or .cer file) and follow the instructions on the screen in the Android settings. You need to restart your device after adding the certificate to the user store. The reboot is very important because it tells the module to copy the new certificate into the system trust store before any applications are loaded.

Removing Certificates

It’s just as easy to take it off. First, go to your device’s security settings and delete the certificate from the user certificate store. You will need to restart the device again after you have confirmed its removal. This lets the module sync the system store, which makes sure that the certificate that was just deleted is no longer trusted by the whole system.

Version History and Development

v1.2

• Enhanced user convenience by integrating support for automatic module updates, ensuring users can effortlessly maintain the latest version.

v1.1

• Resolved a critical file permission discrepancy that affected non-Conscrypt systems.
• Corrected the certificate removal logic to ensure proper cleanup on non-Conscrypt devices.
• The project repository was renamed for improved clarity and discoverability.

v1.0

• This was a major release that added basic support for modern systems that use Mainline/Conscrypt certificate stores.
• Full support for multiple user profiles was implemented.
• Compatibility with the KernelSU root framework was added.

v0.4.1

• Added support for Android 10 devices to make it more compatible.
• The module’s structure was changed to match the new Magisk module template (v20.4+).

v0.3

• Made the synchronization process more reliable. The module now deletes all certificates that were previously installed by the user from the system store before copying the current set. This stops certificates that were removed by the user from being trusted.

v0.2

• Fixed a major bug that caused the wrong directories to be created during installation.
• The module template was updated to be compatible with the latest Magisk versions (v15+).

v0.1

• The initial public release, establishing the core functionality of the module.

Download Link

Download Link

Module Info

• Module By
  TheDauntless
• Root Support
  Magisk KernelSU APatch
• Source View on GitHub/Source
• Latest Update 17 May 2025
• Word Counter 716
• Character Counter 6061

Always Trust User Certs is a Module that supports installation on Magisk, KernelSU, APATCH, KSUNext