AlwaysTrustUserCerts is a Magisk/KernelSU module that automatically adds user-installed certificates to the system root CA store, making them trusted across all apps without extra configuration. This tool is especially useful for developers, security researchers, and advanced Android users who need seamless certificate handling.
In Android, user-installed certificates are normally treated differently from system certificates. This can cause issues when apps don’t recognize them as trusted, requiring extra configuration. The AlwaysTrustUserCerts module solves this problem by automatically adding user certificates to the system root CA store. In this blog, we’ll explore what it is, its features, requirements, pros and cons, installation steps, usage, and FAQs.
Table of Contents
What is AlwaysTrustUserCerts?
AlwaysTrustUserCerts is a Magisk/KernelSU module developed by NVISO Security. It ensures that any certificate you install as a user is automatically copied into the system certificate store. This means apps will trust your certificates without needing special settings like network_security_config.
Features of AlwaysTrustUserCerts
- Automatic trust: User certificates are added to the system root CA store.
- Multi-user support: Works across multiple Android users.
- Compatibility: Supports Magisk, KernelSU, and KernelSU Next.
- Wide Android support: Works from Android 7 up to Android 16.
- Handles storage paths: Manages both /system/etc/security/cacerts and /apex/com.android.conscrypt/cacerts/.
- No extra app config needed: Removes the need for network_security_config.
Requirements
- Rooted Android device with Magisk or KernelSU installed.
- Android version between 7 and 16.
- Basic knowledge of installing modules.
Why Use AlwaysTrustUserCerts?
- Simplifies certificate management.
- Saves time for developers and testers.
- Ensures apps trust your certificates without manual configuration.
- Useful for penetration testing, debugging, and custom network setups.
Pros and Cons
| Pros | Cons |
| Easy certificate trust setup | Requires root access |
| Works across multiple Android versions | May introduce security risks if malicious certs are installed |
| Compatible with Magisk & KernelSU | Advanced users only |
| No need for app-level changes | Not suitable for casual users |
Download & Install
- Visit the official GitHub repo: AlwaysTrustUserCerts.
- Download the latest release (e.g., v1.3).
- Open Magisk Manager or KernelSU Manager.
- Install the module ZIP file.
- Reboot your device.
How to Use
- Install certificates: Add your certificate via Android settings → Security → Install certificate.
- Reboot: Restart your device to apply changes.
- Remove certificates: Delete from user store in settings and reboot.
FAQs
No, it requires Magisk or KernelSU.
Yes, but only if you trust the certificates you install. Malicious certificates could compromise security.
Yes, simply remove it from Magisk/KernelSU Manager and reboot.
Conclusion
AlwaysTrustUserCerts is a powerful tool for rooted Android users who need seamless certificate trust. It’s especially valuable for developers, testers, and security researchers. If you’re comfortable with rooting and managing modules, this can save you time and effort.
