Does Firefox for Android use the devices certificate store? [closed]

Question

The only evidence I have found is:-

The user kbrosnan in this thread http://support.mozilla.org/en-US/questions/808899 mentions that Firefox uses its own CA list.

On this site http://www.jethrocarr.com/2012/01/04/custom-ca-certificates-and-android/ Jethro carr mentions that "Websites are a bit different, since at least some of the browsers glares at firefox mobile rely on their own internal certificate databases, and not the Android OS DB".

I cannot find any concrete evidence anywhere that suggests Firefox is using the devices certificate store (Settings > Security > Trusted Credentials).

The reason I am asking this is because I have a CA-Root certificate that I have installed on the device and Firefox does not trust when I make a connection, which to me looks as if it is not looking at the devices certificate store and that Firefox has its own list of trusted CA's.

Please note that installing this certificate on the Desktop version of Firefox works perfectly without any issues.

I am using:

Firefox version: 18.0 / Phone: Samsung Galaxy S3 / Android version: 4.1.2

Many Thanks.

Answer 1

This is correct. Firefox Mobile for Android currently users its own certificate database and not the native Android one.

User OERNii created a Cert Manager Plug in for Firefox Mobile but it only supports versions 9-13. More information can be found at https://addons.mozilla.org/en-US/mobile/addon/cert-manager/. Due to the dramatic updates in the FF code over the past year, the cert DB does not interface in the same fashion as before and any updates to incorporate certificate management would require extensive Firefox research.

The native Android Browser packaged with Android 4.0+ utilizes the native Android trust store and allows users to perform TLS client authentication.