Stanard Android OS, certificates are separated into System and User spaces and often many apps don't trust the user certs at all.
Is that the same with GOS, or can we freely add it as is without rooting device?
Its just I was tinkering recently with self hosted solution and having a web server that is enforcing client certificates, so you are not able to connect to web server unless you have a client certificate (which is pretty secure in my opinion). I managed to get it to work between local web server and my local pc, but for some reason Android didn't work after importing client certificates (WiFi, VPN+Apps) + RootCA. I do wonder if its because of the distrust for user from Android perspective. I say this because the same client certificates (pkcs12) were used for Firefox on my PC and it was working fine. Android was complaining about web server requiring certs (yes I know because I enforced it, but its like the client certs haven't been read by Android at all)