feat(mobile): trust user-added CAs #14403
Open
+15
−0
Commits on Nov 29, 2024
-
feat(mobile): trust user-added CAs
This PR allows the Android app to trust user-added CAs without skipping SSL certificate verification. It is pretty common that a self-hosted Immich server uses an SSL certificate issued by a self-signed CA, such as a company's internal CA. On Android systems, users can install a custom CA certificate by going to system Settings -> Security & privacy -> More Security and privacy -> Encryption & credentials -> Install a certificate. However, starting with Android N, an app doesn't trust user-added CAs by default unless it explicitly opts in. See https://developer.android.com/privacy-and-security/security-config for more information. iOS doesn't have this issue because it always trust user-added CAs. Even Chrome on Android trusts user-added CAs (https://github.com/chromium/chromium/blob/f65f60551faa7e21c176c951cf874ce98278fd0b/chrome/android/java/res_base/xml/network_security_config.xml#L8) so it shouldn't a security concern.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.