[MishaalRahman]

Left a reply to the author on Twitter, but putting it here as well in case they didn't see it.

Hi! I'm the guy who wrote the blog post about updatable certs in Android 14 that your article linked. Not sure if you're aware, but there's actually a system property you can set to bypass reading from the APEX cert directory.

system.certs.enabled=true

From: https://android-review.googlesource.com/c/platform/framework...

[pimterry]

I don't think that helps much unfortunately. That's a java.lang.System property (i.e. a config value set within one JVM/app) as opposed to an android.os.SystemProperties OS property (globally configurable on the device via adb). Reconfiguring the former requires modifying the app itself AFAICT.

That's useful for automated testing (which appears to be why they've added it) or for toggling settings between debug/prod builds, but not so much if you want to globally trust a CA certificate on your device. Of course, if you know a way to externally set such a property so that it applies to every app, that would indeed work great, and I'd love to hear about it!

(I'm the author btw, and I don't see any such reply on Twitter? Classic 2023 Twitter ofc)

[MishaalRahman]

Finally had a chance to test it, and you're right. It's not a property that can be set via "setprop", unfortunately.