How to Check Trusted Root Certificates Installed on an Android Device

Mobile applications offer us a unique opportunity to go about our daily lives, they also expose us to hackers. Currently, Android has become the most popular operating system in smartphones, which was developed by Google in 2007. Statista projects the number of android users in the US alone to grow to over 133 Million by 2024.

However, mobile application development & usage on android as well as the penetration of smartphones are still increasing exponentially.

Although mobile applications offer us a unique opportunity to go about our daily lives, they also expose us to hackers. Hackers can use vulnerable mobile applications to gain access to users’ money and sensitive information. There are several mobile application security tips that you can implement to secure your android application.

Implementing an SSL certificate like a code signing certificate is one of the most vital security protocols that an android application should have. Securing after going through the above statistics lets us reveal the role of SSL certificate for android app.

Want more tech news? Subscribe to ComputingEdge Newsletter Today!

Why Secure an Android App with an SSL Certificate?

Below are few reasons to secure an android app with an SSL certificate. It shows how Code signing certificates and mobile applications are correlated.

1. 1. SSL Certificate for Data Protection

Data protection principles as enshrined under the Privacy Ordinance require that all data users take reasonably practicable measures to implement appropriate security defenses, the level of which should be proportionate to the gravity of probable damage occurring because of a security breach. 

To comply with such standards and for the sake of the safety of your users’ data, you must ensure the following.

1. 1. 1. That all data in transit is adequately protected through encryption.
      2. That the encryption strength is adequate to counter any possible associated threats. 
      3. The encryption is implemented correctly to avoid any form of circumvention.

The first step to safeguarding your mobile application against security issues of all kinds is by acquiring and installing an SSL certificate. We will later learn how you can secure an android app with an SSL certificate.

The SSL certificate is a complete encryption protocol that will protect your app data from malicious intruders. On most occasions, users do not think twice while giving out their sensitive data. Such blind trust from users leaves developers responsible for doing anything within their power to ensure that sensitive data belonging to users are adequately safeguarded.

The Secure Socket Layer plays the role of an impenetrable armor that safeguards application data from malicious forces. Installing an SSL certificate on your android application leaves the minimal possibility of a Man-in-the-Middle attack and unnecessary eavesdropping.

SSL encryption works by converting plain text data into ciphertext. The rightful private key bearer is the only one with the capacity to decrypt the data. Because eavesdroppers and Man-In-The-Middle attackers do not have the details of the decryption key, their chances of successfully accessing the encrypted data are limited.

1. 1. Security to Payment Gateways

Payment gateways are lucrative targets for attackers. So again, the Secure Socket Layer certificate should come into the picture. The certificates safeguard all banking details, credit card information, and debit card information by virtue of encryption. 

If you own a mobile application with a payment gateway, you have no option but to install an SSL certificate. It would also be wise to tell your users about it. Doing so establishes brand trust and loyalty.  Speaking of trust, let us look at the final reason why you need an SSL certificate on your android app.

1. 1. Trust

Trust is a critical aspect that determines every business’s success. Your users should trust the security of your app to transact with you. Having an SSL certificate enhances users’ trust. As a result, users will confidently browse through your mobile app.

Steps to Install an SSL Certificate on an Android Application

Now that you know the significance of an SSL in an android app, you probably want to have one installed on your app, but you do not know how to do this. Worry no more. Just follow the following steps, and you will have your app installed.

Step one- Buy SSL Certificate

The first step towards installing an SSL certificate on your app is to buy an SSL certificate. Here, you must get the correct certificate from the reliable certificate authority. It would be best if you acquired all certificates that are necessary to build a chain of trust. A chain of trust is composed of certificates starting from the server’s end to the root certificates. 

You can acquire the SSL certificates from the chain included in the root certificate. You can also obtain the certificates from the issuer’s official site. Upon receiving the certificates, you must save them in Base64 encoded X.509 format. View the below code.

1-----BEGIN CERTIFICATE----- 2MIIGqTC.....(continues)
3-----END CERTIFICATE-----

Step two- Create a Keystore

To create a Keystore, you will first have to download and cautiously store the Bouncycastle package at an easily retrievable location. With this step, it is prudent that you clearly understand how to invoke the keytool command. You can find the keytool command in the bin folder of the JRE installation.

You will then have to import the acquired SSL certificates into a Bouncycastle formatted store. Kindly note that I am not referring to the endpoint certificates. With certificate importation, I strongly recommend starting with the lowermost intermediate certificate to the Root CA certificates. You will then have to execute the command shown below.

keytool -importcert -v -trustcacerts -file
"path_to_cert/interm_ca.cer" -alias IntermediateCA
-keystore "res/raw/myKeystore.bks" -provider
org.bouncycastle.jce.provider.BouncyCastleProvider
-providerpath "path_to_bouncycastle/bcprov-jdk16-145.jar"
-storetype BKS -storepass mysecret

Again, you must countercheck to ensure that the certificates are imported in the appropriate style into the Keystore. Upon doing all these, you can now comfortably copy the Keystore as a raw resource in your mobile app under res/raw/.

RootCA, 22.10.2010, trustedCertEntry, Thumbprint (MD5):
24:77:D9:A8:91:D1:3B:FA:88:2D:C2:FF:F8:CD:33:93
IntermediateCA, 22.10.2010, trustedCertEntry, Thumbprint
(MD5): 98:0F:C3:F8:39:F7:D8:05:07:02:0D:E3:14:5B:29:43

Step three- Load the Keystore into the Mobile Application to Establish a Secure Connection.

The final step involves creating a custom Apache HttpClient that uses a similar Keystore to establish a Hypertext Transfer Protocol Secure (HTTPS) connection.

public class MyHttpClient extends DefaultHttpClient { final Context context; public MyHttpClient(Context context) { this.context = context; } @Override protected ClientConnectionManager createClientConnectionManager() { SchemeRegistry registry = new SchemeRegistry(); registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); // Register for port 443 our SSLSocketFactory with our keystore // to the ConnectionManager registry.register(new Scheme("https", newSslSocketFactory(), 443)); return new SingleClientConnManager(getParams(), registry); } private SSLSocketFactory newSslSocketFactory() { try { // Get an instance of the Bouncy Castle KeyStore format KeyStore trusted = KeyStore.getInstance("BKS"); // Get the raw resource, which contains the keystore with // your trusted certificates (root and any intermediate certs) InputStream in = context.getResources().openRawResource(R.raw.mykeystore); try { // Initialize the keystore with the provided trusted certificates // Also provide the password of the keystore trusted.load(in, "mysecret".toCharArray()); } finally { in.close(); } // Pass the keystore to the SSLSocketFactory. The factory is responsible // for the verification of the server certificate. SSLSocketFactory sf = new SSLSocketFactory(trusted); // Hostname verification from certificate // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506 sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER); return sf; } catch (Exception e) { throw new AssertionError(e); } } }

Upon completing this step, you successfully create the custom HttpClient to be used for encrypting app data.

How to Check the Certificates Installed on Android Devices

It is simple to check the certificates installed on android devices. Here are the steps to follow when you want to check the certificates installed on your android device.

• • First, you will have to go to your phone settings.
  • Click on Security.
  • Under device security, locate the Encryption & Credentials tab and click on it.
  • Under credentials storage, click on Trusted credentials. A list of all certificates will appear.
  • You can click on a specific certificate to see more details about the CA.

You can also add certificates on your android device by following the steps below:

• • 1. Go to your phone settings.
    2. Click on security
    3. Navigate to advanced encryption & credentials
    4. Under credential storage, click on install certificate.
    5. Tap on the menu located on the top left side
    6. Locate the location where you saved the certificate file.
    7. Input a name for the file.
    8. Click ok.

Conclusion

I am sure this guide will help you understand why your android application needs an SSL certificate. Additionally, it will help you know how to install the certificates on your android application and check the certificates on your android application. If you are not sure about what you are doing, you can consider hiring an expert.