Skip to content

Magisk module that allows using AdGuard's HTTPS filtering for all apps

License

Notifications You must be signed in to change notification settings

AdguardTeam/adguardcert

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

87 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AdGuard Certificate

Based on Move Certificates.

This Magisk module supplements AdGuard for Android and allows installing AdGuard's CA certificate to the System store on rooted devices.

Attention Current version of this module is designed for Adguard for Android 4.2 and newer.

If you're using AdGuard for Android v4.1 or older, please use the earlier version of this magisk module: https://github.com/AdguardTeam/adguardcert/releases/tag/v1.2.

Explanation

Chrome (and subsequently many other Chromium-based browsers) has recently started requiring Certificate Transparency logs for CA certs found in the system certificate store.

If your device is rooted, and you want AdGuard's CA certificate to be installed in the system store , then AdGuard will generate two CA certificates and ask you to install both of them in the user store. This module moves one of them to the system store. The certificate that is left in the user store is cross-signed with the one that goes into the system store. This allows apps that don't trust user certificates to still accept AdGuard's certificate, while apps that do trust user certificates (like Chrome or other browsers) will construct a shorter validation path to the certificate stored in the user store. And since it is stored in the user store, they won't require CT logs.

Why would I want AdGuard's certificate in the system store?

AdGuard for Android provides a feature called HTTPS filtering. It allows filtering of encrypted HTTPS traffic on your Android device. This feature requires adding the AdGuard's CA certificate to the list of trusted certificates.

By default, on a non-rooted device only a limited subset of apps (mostly, browsers) trust the CA certificates installed to the user store. The only option to allow filtering of all other apps' traffic is to install the certificate to the system store. Unfortunately, this is only possible on rooted devices.

Usage

  1. Enable HTTPS filtering in AdGuard for Android and save AdGuard's certificate(s) to the User store
  2. Download the .zip file from the latest release.
  3. Go to Magisk -> Modules -> Install from storage and select the downloaded .zip file.
  4. Reboot.

If a new version comes out, repeat steps 2-4 to update the module.

The module does its work during the system boot. If your AdGuard certificate(s) change, you'll have to reboot the device for the new certificate to be copied to the system store.

Illustrated instruction

Open Magisk modules

Install from storage

Select AdGuard certificate module

Reboot the device

Please note that in order for Bromite browser to work properly, you need to set the "Allow user certificates" flag in chrome://flags to "Enabled".

Bromite setup

Allow user certificates flag

Building

./dist.sh

How to release a new version:

  1. Push a new tag with a name like v*.
  2. A new release will be automatically created.