Jürgen Brauckmann <[email protected]> writes: >Nice example from the consumer electronics world: Android >= 4.4 is quite >resistant against private PKIs. You cannot import your own/your corporate >private Root CAs for Openvpn- or Wifi access point security without getting >persistent, nasty, user-confusing warning messages: "A third party is capable >of monitoring your network activity". > >http://www.howtogeek.com/198811/ask-htg-whats-the-deal-with-androids-persistent-network-may-be-monitored-warning/
Ugh, yuck! So on the one hand we have numerous research papers showing that Android apps that blindly trust any old cert they find are a major problem, and then we have Google sabotaging any attempt to build a proper trust chain for Android apps. Does anyone know if this was a momentary aberration in 4.4 or is this behaviour is still present in newer versions of Android, 5.x and 6.x? Peter. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
