Suitable browsers for Android system on portable devices

(status: 2021)

Portable devices, as smartphones, are frequently powered by the Android operating system (OS). The Android system (version 10) has its own certificate repository you can see in the application Settings -> Security -> Advanced Settings -> Enciphering & Credentials -> Trusted credentials (basically the CAs root certificates). You can see the SYSTEM part and the USER part. You are able to add CAcert roots (both Class 1 and Class 3) into the USER part from e.g. the removable memory card or another place, where these roots are saved as files (CAcert: root.crt & class3.crt).

Your client certificates are stored under the Settings -> Security -> Advanced Settings -> Enciphering & Credentials -> User ID data. These are your client certificates with private keys, and you can install them from .p12 or .pfx backup files (containing your certificate & corresponding private key).

More about installing roots into Androids: read here.

Available browsers

You can find many browsers in the Google Store application. Unfortunately, only the minority of them work properly with certificates stored in the system repository (or at least its USER part).

Usable browsers

The following browsers are usable to work with CAcert webs, as main www/secure, wiki, bugs, CATS, blog etc. Unfortunately again, none of them is able to produce a CSR and therefore you will be unable to create a certificate using them.

Browser name

supports user added roots

supports client certificates

Chrome & Beta Chrome

yes

yes

Edge

yes

yes

Brave

yes

yes

Vivaldi

yes

yes

Kiwi

yes

yes

SuperFast

yes

yes

Adblock Free

yes

yes

Power Fast

yes

yes

Ecosia

yes

yes

Yandex alpha & beta

yes

yes

Less usable browsers

The following browsers are of limited use to work with CAcert webs. You can login with username/password only - the certificate login does not work. These browsers consider user-added root certificates and system pre-installed CAs' roots or their own pre-installed roots and (possibly) support client certificates issued by that CAs (1).

Browser name

supports user added roots

supports client certificates

RITS

yes

no (1)

Moon

yes

no (1)

Monkey

yes

no (1)

Fulldive

yes

no (1)

Styx

yes

no (1)

Unusable browsers

The following browsers are completely unusable. You cannot use HTTPS for CAcert webs at all. These browsers do not consider client and/or user-added root certificates, or they use only system pre-installed CAs' roots or their own pre-installed roots and (possibly) support client certificates issued by that CAs (1). Some browsers allow to enter a CAcert web using HTTPS only after a security warning (2).

Recently, there has been a trend where browsers consider all CAs, that do not have their root certificates already shipped with the system or application, to be untrusted. Again, unfortunately for CAs like CAcert.

Browser name

supports user added roots

supports client certificates

Opera & clones

no (2)

no (1)

Firefox & clones

no

no (1)

Maxthon

no (2)

no (1)

Tor

no (2)

no (1?)

DuckDuckGo

no (2)

no (1?)

Seznam

no

no (1?)

UC 2021 & clones

no

no (1?)

Avast

no

no (1?)

Aloha

no

no (1)

Mi Pro

no

no (1)

Web 2021 & clones

no

no (1?)

Dolphin

no

no (1?)

Puma

no (2)

no (1?)

Mint

no

no (1?)

Puffin

no

no (1?)

Incognito

no

no (1?)

Via

no

no (1?)

NextWord

no

no (1?)

APUS

no

no (1?)

PureWeb

no

no (1?)

Cake

no

no (1?)

SmartSearch

no

no (1?)

Soul

no

no (1?)

Hot

no

no (1?)

Other small portable devices with another OSes

There is an expectation that another OSes (as iOS, MacOS, Windows 10 Mobile) can use the same browsers, and thus the results may be very similar to those on the Android. After all, the certificate processing is the issue of every single browser, and system certificate repositories are merely a support from the OS.


PortableDevicesBrowsers (last edited 2021-07-27 22:42:50 by EtienneRuedin)