Root certificates are a very crucial part of the Android operating system in that browsers, applications and even other programs have a prepackaged store that shows these certificates are trustworthy. Sources have reported that updatable root certificate will be coming very soon.
For reference, root certificates are signed by trusted Certificate Authorities and make up the core of the Public Key Infrastructure. When you enter a website with HTTPS but don’t have a certificate signed by the certification authorities, that website will be flagged as insecure. Usually, the updatable root certificate isn’t available on Android unless via an OTA update but Android 14 might present us with something different.
Significance of Updatable root certificate
Certificates from Let’s Encrypt (which is signed by Internet Security Research Group) are quite reliable in that a lot of internet users trust the ISRG’s security. However, if the ISRG should lose their key, they’ll have to revoke it and users without an updatable root certificate will not be able to access the internet anymore.
Well, the probability of this event happening might be close to zero but there’s another occurrence that’s prompting Google to add the updatable root certificate – TrustCor. TrustCor was caught in some kind of untrustworthy activities that made a lot of companies (like Google, Microsoft and Firefox) drop their certificate. Since this certificate is no longer trustworthy, you can disable it by going to the certificates on your device and disabling it.
An updatable root certificate will then be coming in through the Project Mainline. This system delivers Mainline modules via Google Play System Updates. So the Big G will not have to wait for other OEMs to send out an OTA update before users get an updatable root certificate. Google might be planning to introduce this feature in the Android 13 QPR which leaves out other OEMs since the QPR update is for Pixel devices. So(most probably) it will be widely available via Android 14 next year.