just wondering, is there any security feature/ guarantee that i have the correct CAs?
I mean as in while they are shipped with the os, since they are changeable, they are not part of verified boot.
So could not in theory someone like change them and for example exchange the trusted amazon CA for a fake one (or just add one)? and then in a later attack send me to a fake website/ man in the middle my connections?
Is there something like appverifier for this?
(or do apps never have these permissions)
(I mean i have heard about a chain of trust for these before, do they like certifie each other? With some root os CA at the top?)