Hi,
First of all thanks for the great app, ownCloud with DAVdroid is great!
I have noticed that app developers are starting to add a user option into their apps which gives the option not to trust any of the pre-installed, system-wide certificate authorities - Instead the app will only trust a specific, accepted certificate.
This functionality is relevant to DAVdroid because ownCloud it is meant to be a private, personal cloud solution so there is a very good argument for clients only trusting a personal, private certificate.
The Conversations app is an example of where this has been implemented:
https://play.google.com/store/apps/details?id=eu.siacs.conversations&hl=en
Here is an Android library project which may be useful:
https://github.com/moxie0/AndroidPinning
And here’s an explanation (provided by the developer of the above library) as to why it’s really quite an important feature:
http://www.thoughtcrime.org/blog/authenticity-is-broken-in-ssl-but-your-app-ha/
Hope this feature can be added to (the otherwise fantastic) DAVdroid!
(I think it may also help to get around the many certificate problems people seem to have with DAVdroid)
