From 35e30590c76da0220ee2a8f1043e8a999ce51fab Mon Sep 17 00:00:00 2001 From: Yuxiang Zhu Date: Fri, 29 Nov 2024 20:55:44 +0800 Subject: [PATCH] Android app: Trust user-added CAs This PR allows the Android app to trust user-added CAs without skipping SSL certificate verification. It is pretty common that a self-hosted Immich server uses an SSL certificate issued by a self-signed CA, such as a company's internal CA. On Android systems, users can install a custom CA certificate by going to system Settings -> Security & privacy -> More Security and privacy -> Encryption & credentials -> Install a certificate. However, starting with Android N, an app doesn't trust user-added CAs by default unless it explicitly opts in. See https://developer.android.com/privacy-and-security/security-config for more information. iOS doesn't have this issue because it always trust user-added CAs. Even Chrome on Android trusts user-added CAs (https://github.com/chromium/chromium/blob/f65f60551faa7e21c176c951cf874ce98278fd0b/chrome/android/java/res_base/xml/network_security_config.xml#L8) so it shouldn't a security concern. --- mobile/android/app/src/main/AndroidManifest.xml | 1 + .../src/main/res/xml/network_security_config.xml | 14 ++++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 mobile/android/app/src/main/res/xml/network_security_config.xml diff --git a/mobile/android/app/src/main/AndroidManifest.xml b/mobile/android/app/src/main/AndroidManifest.xml index c85ce136844bcd..502bf2add9d61f 100644 --- a/mobile/android/app/src/main/AndroidManifest.xml +++ b/mobile/android/app/src/main/AndroidManifest.xml @@ -24,6 +24,7 @@ + + + + + + + + + +