[zeveb]

> Or they will ignore Google, continue to create bad certs, and users will start getting instructed by sites that they have to manually add a root certificate in order to use they site, and the entire ecosystem will collapse.

IIRC that's Amazon's answer to 'how should a user install Amazon Prime on Android?' I don't know how successful they've been convincing users to allow installation of untrusted apps (I certainly haven't done it), but … probably more than a few have done it.

[DaiPlusPlus]

Installing apps from other stores on Android is literally a checkbox away - but installing new root certs on computers is considerably harder, or impossible if your computer is locked-down (group policy, etc).

[wiml]

Installing new roots on Macs, iOS, and Android devices is really easy. It's mildly inconvenient on Linux desktops.

[victorhooi]

It's actually no longer possible on Android, without jumping through significant hoops:

https://android-developers.googleblog.com/2016/07/changes-to... https://news.ycombinator.com/item?id=12061320 https://github.com/mitmproxy/mitmproxy/issues/2054

And it's really not the sort of thing your average non-technical user is likely to do - and trust me, having supported these users before, it's likely to go horribly wrong if you try providing steps for them.

[tracker1]

I did it... mainly for amazon's own apps.