Hello, I'm new to certificates so apologies in advance for the noob questions.
I'm interested in browsing through the directories where certificates are stored in GrapheneOS. Based on this link, it looks like there are several possible locations for stock Android.
In my phone, I found a bunch of files under /system/etc/security/cacerts
, which I assume are the pre-installed ones we can view under Settings > Security > More security settings > Encryption and credentials > Trusted credentials > System. What are the paths to the directories where other installed certificates are stored?
I also have a few follow-up questions:
- What is the best way to check the authenticity of these certificates?
- Hypothetically, could an attacker install certificates that would direct the user to malicious versions of sites, in a way that would not be detectable by Auditor?
Thanks in advance for any thoughts.