[thayne]

> Maybe an app could simplify delivery?

I'd be very surprised if an app without root privileges could install a new root certificate. If an app installed a malicious (or even just a poor quality) certificate, that would be a pretty big compromise to the OS.

What is strange to me though, is that it seems like the OS should have a mechanism to update the root certs independently of the OS itself. Then again, not updating root certs is a way to put an expiration date on a phone, forcing customers to buy more phones...

[alanfranz]

I would imagine that the app could make the delivery smoother than "download a file on the filesystem, look for a menu somewhere where to add the root ca".

Maybe a single confirmation box "would you like to add this ca" would work.

[throwii]

> I'd be very surprised if an app without root privileges could install a new root certificate.

Its not like the OS can actually withstand the app though, looking at a years out-of-date OS with thousands of accumulated known bugs.