Obsolete
Status Update
No update yet.
Comments
el...@gmail.com
I agree. Android is about choices. Let me make the choice.
mo...@gmail.com
I also agree. As miljbee said on XDA: "I keep the keys in my pocket, like my phone. No need to put them in a locked case. It would be annoying to have to find the key to open the case so I can get access to the key that would open the door ..."
dr...@gmail.com
UGH, this is FRUSTRATING! To use my phone on my company's wi-fi, they require installing a cert. Even though THEY don't require me to have a PIN on my device, once I install the cert, Android forces me to. iPhone's don't require this.
pa...@voltar.org
[Comment deleted]
mi...@gmail.com
I found a way to solve the problem. If you have a certificate that is not
trusted by Android, when you add it, it goes in the personal cert store.
When you add a cert in this personal cert store, the system requires a
higher security level to unlock the device. But if you manage to add your
cert to the system store then you don't have this requirement. Obviously,
root is required to add a certificate to the system store, but it is quiet
easy.
Here is how to do it :
1 - add your cert normally, it will be stored in your personal store and
android will ask you a pin/password... Proceed
2 - With a file manager with root capabilities, browse files
in /data/misc/keychain/cacerts-added. You should see a file here, it's the
certificate you have added at step 1.
3 - Move this file to system/etc/security/cacerts (you will need to mount
the system partition r/w)
4 - Reboot the phone
5 - You are now able to clear the pin/password you have set to unlock the
device.
I Think that this will only work for Root or Intermediate CA.
I got the idea by reading this :
http://nelenkov.blogspot.fr/2011/12/ics-trust-store-implementation.html
Le 8 mars 2013 19:54, <android@googlecode.com> a �crit :
trusted by Android, when you add it, it goes in the personal cert store.
When you add a cert in this personal cert store, the system requires a
higher security level to unlock the device. But if you manage to add your
cert to the system store then you don't have this requirement. Obviously,
root is required to add a certificate to the system store, but it is quiet
easy.
Here is how to do it :
1 - add your cert normally, it will be stored in your personal store and
android will ask you a pin/password... Proceed
2 - With a file manager with root capabilities, browse files
in /data/misc/keychain/cacerts-added. You should see a file here, it's the
certificate you have added at step 1.
3 - Move this file to system/etc/security/cacerts (you will need to mount
the system partition r/w)
4 - Reboot the phone
5 - You are now able to clear the pin/password you have set to unlock the
device.
I Think that this will only work for Root or Intermediate CA.
I got the idea by reading this :
Le 8 mars 2013 19:54, <android@googlecode.com> a �crit :
re...@gmail.com
this is extremely annoying policy. anybody have a solution that does not required root access?
br...@gmail.com
Part of the problem with this is that it is being applied overly broad.
There is a possible case to be made for requiring an increased level of security when installing a client certificate, say for VPN access, or web-site access.
But when all one wants to do is install a CA certificate, for one's own private infrastructure, the added security of PIN, etc. (over say, face detection or even swipe) is not securing anything needing additional security.
In fact I think this particular issue probably needs it's own ticket since it is distinct from the issues in this ticket. It's
There is a possible case to be made for requiring an increased level of security when installing a client certificate, say for VPN access, or web-site access.
But when all one wants to do is install a CA certificate, for one's own private infrastructure, the added security of PIN, etc. (over say, face detection or even swipe) is not securing anything needing additional security.
In fact I think this particular issue probably needs it's own ticket since it is distinct from the issues in this ticket. It's
en...@google.com
br...@gmail.com
Why is this "Obsolete"?
pa...@voltar.org
It's not obsolete, but they don't want to deal with it.
dr...@gmail.com
It wasn't maybe fixed in Lollipop was it?
Otherwise, do we need to start a new issue for it?
Otherwise, do we need to start a new issue for it?
al...@gmail.com
I agree, this issue is not Obsolete. It continues today, and it is very much unwanted.
mi...@protonmail.ch
I guess this continues in
Description
When I have installed them on my 4.0.4 GSM Galaxy Nexus, I Have been forced to set up a pattern/pin/password unlock and thus I can no more use slide to unlock or face unlock.
I don't want that. I can easily ban those certificates at the server side, so the client security that android enforces seems to me useless.
I understand that it can be usefull in some circunstances, but the user should still have the choice.
Android could strongly advice the user to set up a secure unlock, but should always let him decide.
Android is all about giving control to the user. I think this default security policy is the opposite ...
Of course, when the certificate is distributed in a configuration profile which enforce a certain client security level (such as exchange), the policy should still apply.
What I would like is a configuration screen or a settings file somewhere where we could define/alter the default security policy.
Thank you for your attention