Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix install problem and Chrome Certificate Transparency problem #16

Open
wants to merge 9 commits into
base: master
Choose a base branch
from

Conversation

andyacer
Copy link

This PR combines the previous install fix from azio7 and also addresses the Certificate Transparency problem with Chrome. The method of addressing the CT problem is described in these issues:
movecert issue
Adguard issue

The method of this "fix" is to change the primary operation of this module from "moving" to "copying." The certificate is copied to the system store, with the original left in the user store. With the certificate in both places, and if the Zygist DenyList is used against Chrome, the all objectives are achieved. Chrome will use the certificate from the user store, where CT is not enforced by default, and all other apps will use the certificate from the System store, where it's often trusted by default.

@andyacer
Copy link
Author

andyacer commented Jul 17, 2022

Implemented solution is described below. Directly copied from the Adguard issue explanation.
AdguardTeam/AdguardForAndroid#4124 (comment)

Recommended way to use this module:

  1. Install the updated Move Certificates module.
  2. Install the desired certificate to user store.
  3. In Magisk, enable Zygisk, enable Enforce DenyList and then add Chrome to the DenyList.
  4. Reboot your phone.
  5. Chrome should work using the certificate in the user store, and all the other apps should work using the certificate in the system store.
  6. If you want to add any other apps later, just add them to the Magisk Hide list/DenyList, then force stop that app. Next time it launches it should use the certificate in the user store. Removal works the same way.

@yochananmarqos
Copy link
Collaborator

@ianmacd I don't use Magisk anymore. Please review.

@FrankSpierings
Copy link

This fix works for me. Certificates are now both in the user and system store, which makes Chrome happy when applying the Denylist.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

4 participants