Installing custom cert into android emulator system cert store

A quick Android security testing tip from our colleagues John Kozyrakis and Doug Logan…

Up to Android 2.3 adding trusted CA certs to the keystore required either a rooted phone and manual editing of the java keystore or an OTA update.

After 2.3 Android added that GUI in the Settings app, making possible for non-rooted phones to install new certs.

Some other options for easily inserting a new trusted system cert into the Android emulator:

1) mount an sdcard on the emulator. Just use ‘mksdcard 50M’ and start the emulator with -sdcard [or hardcode it in its config file].

2) upload the cert somewhere, browse to it, download, install.

3) use a third party app like otertool