[Cryptography] Damned if you don't, even more damned if you do

[Peter Gutmann]

In the last few years there have been a number of papers pointing out that far
too many Android apps will blindly trust any cert they run into.  The solution
to this is to install your own trust anchor on the device so you can build a
proper trust chain that you control, and verify that the certs you encounter
chain up to a root that you trust.

That's the theory.  If you do do this then you find out that Google has
sabotaged your efforts by popping up a warning that "a third party is capable
of monitoring your network activity including emails, apps, and secure
websites":

http://www.howtogeek.com/198811/ask-htg-whats-the-deal-with-androids-persistent-network-may-be-monitored-warning/

(thanks to Jürgen Brauckmann for the link, and the one below).

So if your app blindly trusts any cert it encounters, including ones from
MITMs, Android/Google are quite happy with that.  If you want to run your own
private PKI with verification of trust chains to ensure proper security,
Google's software pops up scary warnings about your comms being intercepted.

This is even worse than the reverse security offered by browsers where
unencrypted web sites are treated as more secure than encrypted-via-a-non-
public-CA ones.  In this case the MITM-able connection is treated as secure
while the (hopefully) MITM-proof one is treated as insecure.

But wait, there's more!  Android also includes an API in Android 4.3+ for apps
to silently install their own CA certs (e.g. malware slipping in a rogue CA)
without triggering any warnings.  OTOH if the user manually installs a
carefully-selected CA cert of their own choice, they get eternal warnings
about it being unsafe:

https://code.google.com/p/android/issues/detail?id=82036#c31

I think one of the contributors to the thread sums it up best: "this is
insane".

Peter.