This feature is not directly on our roadmap, but “Managed DAVdroid” (which basically will be a special version of DAVdroid for Businesses and Organizations – we’re currently in the final planning phase for this) will have the ability to be configured via a file. If a file is present DAVdroid will auto-detect this on startup and configure itself. We need such a mechanism so that DAVdroid can be mass-deployed (organizations basically need to be able to install apps on hundreds and thousands of devices without setting each one up separately). So maybe – at least to a certain extent – this feature will also come to the single-user license 🙂 I’ll keep you up-to-date!
Feature request: Option not to trust system CAs (certificate pinning)
-
Hi,
First of all thanks for the great app, ownCloud with DAVdroid is great!
I have noticed that app developers are starting to add a user option into their apps which gives the option not to trust any of the pre-installed, system-wide certificate authorities - Instead the app will only trust a specific, accepted certificate.
This functionality is relevant to DAVdroid because ownCloud it is meant to be a private, personal cloud solution so there is a very good argument for clients only trusting a personal, private certificate.
The Conversations app is an example of where this has been implemented:
https://play.google.com/store/apps/details?id=eu.siacs.conversations&hl=enHere is an Android library project which may be useful:
https://github.com/moxie0/AndroidPinningAnd here’s an explanation (provided by the developer of the above library) as to why it’s really quite an important feature:
http://www.thoughtcrime.org/blog/authenticity-is-broken-in-ssl-but-your-app-ha/Hope this feature can be added to (the otherwise fantastic) DAVdroid!
(I think it may also help to get around the many certificate problems people seem to have with DAVdroid)
-
Hello,
Thanks for your suggestion. While I don’t think it makes sense to not trust system-wide CAs on app level (if you distrust those CAs, wouldn’t they have to be removed/disabled in the system so that they can’t do any harm in other apps, too?), I certainly support that certificate pinning would be a good thing.