Almacenamiento de Credenciales Confiables / Trusted Credential Storage

Man in the Moon

New Member
~ Hola a todos.

Hi all.

~ Antes de pasar a exponer el tema, voy a poner en primer lugar cuatro capturas de pantalla numeradas que pienso que servirán de apoyo a la exposición.

Before going on to present the subject, I am going to put first four numbered screenshots that I think will support the presentation.

~ Lo que trato de mostrar mediante esas cuatro capturas de pantalla es uno de los peores escenarios que pueden darse en Android a la hora de instalar los certificados de confianza que precisa AdGuard AdBlocker. Un escenario de gran dificultad que suele frustrar las ganas de tener instalada y con plenas facultades de funcionamiento a ésta maravillosa aplicación.

What I try to show through these four screen captures is one of the worst scenarios that can occur on Android when installing the trusted certificates that AdGuard AdBlocker requires. A highly difficult scenario that often frustrates the desire to have this wonderful application installed and fully operational.

~ Siguiendo la secuencia de dichas cuatro fotografías, puede ser observado lo que un pésimo equipo de "ingenieros desarrolladores" han dejado como apartado de "Seguridad" en un dispositivo Android 7.1.1: NO EXISTE LA POSIBILIDAD DE INSTALAR CERTIFICADOS EN EL ALMACENAMIENTO DEL USUARIO. Almacenamiento del Usuario que suele ser por defecto el lugar primero destinado a tal cometido...

Following the sequence of these four photographs, it can be observed what a lousy team of "developer engineers" have left as a "Security" section on an Android 7.1.1 device: THERE IS NO POSSIBILITY OF INSTALLING CERTIFICATES IN THE USER'S STORAGE. User Storage, which by default is usually the first place for this purpose...

~ Sin embargo, también puede observarse que no han extirpado el Almacenamiento del Sistema. Y que es ahí a dónde he llevado el certificado de AdGuard. Razón por la cual, ésta maravillosa aplicación, ha podido pasar a formar parte del dispositivo con plenos poderes.

However, it can also be seen that they have not removed the System Storage. And that is where I have taken the AdGuard certificate. Which is why, this wonderful application, has become part of the device with full powers.

~ Hago esta ridícula demostración con la esperanza de que pueda servir de alguna ayuda a todos aquéllos que estáis teniendo problemas con la instalación del certificado de AdGuard en Android. Y así, quizás también proporcione alguna idea sobre qué poder hacer a los que utilizáis un entorno de Computadora Personal. Porque, si para un dispositivo Android mutilado hay solución, ¿cómo no va a haberla en una PC con Windows?

I am doing this ridiculous demonstration in the hope that it can be of some help to all of you who are having problems with the installation of the AdGuard certificate on Android. And so, maybe it will also provide some idea about what to do to those of you who use a Personal Computer environment. Because, if there is a solution for a mutilated Android device, ¿how can there not be one on a Windows PC?
 

Attachments

Boo Berry

Moderator + Beta Tester
Moderator
You can if you're rooted and use a Magisk module. But if you do move the certificate to the system store and you use Google Chrome, do know that with Chrome 99+ certificate transparency errors will appear.
 

Boo Berry

Moderator + Beta Tester
Moderator
Unfortunately no, root is required to move the certificate to the system store.
 

Anon27

New Member
Could this be the reason AdGuard can't create a local VPN connection? I've tried restarting the device, reinstalling the application, reinstalling the certificate, switching to AdGuard Nightly…

I thought this was a no-root adblocker, but I guess not, it's for rooted devices only.
 

Boo Berry

Moderator + Beta Tester
Moderator
It uses a local VPN for filtering on non-root devices (which means if you use any other sort of VPN app, it won't work as Android limits to one VPN at a time). But apps that don't trust user certificates can't be filtered unless the device is rooted and AdGuard for Android's certificate is moved to the system store.

I personally don't root my devices anymore, and use AG for Android with the local VPN alongside AG VPN which in its compatibility mode uses SOCKS5 proxies. Any VPNs that provide SOCKS5 proxies (if you use a VPN service) should work this way as well. Even though AG for Android's local VPN isn't a real VPN (it's all local on the device) it still counts towards the OS' limit.

Yes, by not rooting a good number of apps can't be filtered by AG for Android anymore due to them not trusting user certificates, this personally doesn't matter to me as long as filtering in web browsers like Chrome works. Also worth noting that even if you root and move the certificate to the system store some apps like YouTube, Facebook, Instagram, Twitter, etc. still can't be filtered by AG for Android.

So there's filtering limitations no matter what.
 

Anon27

New Member
As I posted in a dedicated ask that everyone is ignoring (whence my appropriating this one), AdGuard cannot use local VPN to filter my device. Which is not because my device isn't compatible, as Blokada uses local VPN to filter my device just fine. And it's not because Blokada is interfering with AdGuard either, as I always disable Blokada before attempting to enable AdGuard. I've tried switching to AdGuard Nightly, reinstalling AdGuard Default, etc. Please tell me what I'm doing wrong, how do I enable AdGuard for Android on a non-rooted device?

EDIT: the "delete" button for deleting the duplicated screenshot on this website works about as well as the "enable" button on the AdGuard app.
 

Attachments

Anon27

New Member
Hi there!

We’ve received your message, the ticket number is 592383. At this moment we've got a lot of incoming requests, so there is a delay in our answers. We'll do our best to get to your ticket as soon as possible, but, due to technical reasons, we are strictly limited in our resources and have to treat mostly payment-related tickets postponing technical ones. We apologize for the inconvenience

Meanwhile, you may read the knowledge base on our website or AdGuard Forum where you may find the solution for some issues.



P.S. If you have got something to add to your first message, just reply to this one. Any new request with a different subject will create a new ticket. It would be a complete mess!


Stay safe,
AdGuard Support Team
Where can I contact them via Github? Can you give me an exact page link? Although I haven't had the best experience on Github; the developers of Drozer completely ignored me and I was never able to connect to my mobile device. And the people on this forum are completely ignoring me, too; the only reason you answered is because you seem to have been watching this tread. No one seems to realise I'm on a deadline; my free trial licence expires on the 12th of April and I'm not buying a licence to a software I haven't run a free trial of, to know whether it's worth paying money for. If the experience of having a paid licence is having an app that occupies over 100MB of storage and doesn't do anything because the on switch isn't working, I'm gonna have to go with "no, thanks"; the developers have five days to change my mind, unless they're willing to give me a new 7-days trial to make up for the one where the licence was running but the app wasn't.

PS: Do you have any idea why Avast Mobile Security detected suspicious app activity on AdGuard for Android in one of my devices, but not in the other? Both devices are Samsung Galaxy A51 with Android 10 and the latest version of Avast Mobile Security (or, at least, the latest version available at the Google Play Store) running on a free licence and the latest up-to-date virus definitions.

EDIT: The original e-mail they sent me contained emojis, but I guess those are not supported on this website
 
Last edited:

Man in the Moon

New Member
How do you move the certificate from the user's storage to the system's storage?



~ Si tu dispositivo está Enraizado y se encuentra en la fea situación de la que hablé anteriormente, basta con una pequeña pero genial y poderosa aplicación olvidada para llevar el certificado hasta el Almacenamiento del Sistema.

If your device is Rooted and you are in the ugly situation I talked about above, all it takes is a small but great and powerful forgotten app to get the certificate to the System Storage.

~ Si tu dispositivo NO está Enraizado, sólo podrás acceder al Almacenamiento del Usuario.

If your device is NOT Rooted, you will only be able to access System Storage.

~ (Continuaré...)

(I will continue...)
 

Man in the Moon

New Member
You can if you're rooted and use a Magisk module. But if you do move the certificate to the system store and you use Google Chrome, do know that with Chrome 99+ certificate transparency errors will appear.


~ ¿Y por qué no te deshaces de Google Chrome?... ¿Acaso ya no se trata de poder usar AdGuard AdBlocker?... ¿Acaso no es Google Chrome quién presenta el error?... ¿A Google le interesa AdGuard AdBlocker?...

¿And why don't you get rid of Google Chrome?... ¿Is it no longer about being able to use AdGuard AdBlocker?... ¿Isn't it Google Chrome that has the error?... ¿Is Google interested in AdGuard AdBlocker? ?...
 

Boo Berry

Moderator + Beta Tester
Moderator
A bit offtopic, but I use Chrome because it's the one web browser that just works without having to spend time tweaking or fixing broken bookmark sync or anything like that. It just works. I have zero interest in using any other web browser, I don't see the point.
 

Anon27

New Member
How do I contact the AdGuard developers via Github? Do you know what's the page I should post issues at?

PS: Do you have any idea why Avast Mobile Security detected suspicious app activity on AdGuard for Android in one of my devices, but not in the other? Both devices are Samsung Galaxy A51 with Android 10 and the latest version of Avast Mobile Security (or, at least, the latest version available at the Google Play Store) running on a free licence and the latest up-to-date virus definitions.

PPS: I might be interested in rooting my device if it can be done without bricking the camera, it might be easier than getting AdGuard to work on a non-rooted device. Does anyone know a way to root a Samsung Galaxy A51 without bricking the camera?
 

Boo Berry

Moderator + Beta Tester
Moderator
In my opinion, it's not worth rooting, especially on Samsung devices. You'll likely trip Samsung's Knox (and the efuse) while attempting to unlock the bootloader (assuming you can in the first place) and flashing an alternate recovery like TWRP then flashing Magisk. It's just not worth it.

Avast thing sounds like a potential false positive. Make sure you download the AdGuard for Android APK from the main adguard.com site, and not from any other sites or use any modified/cracked APKs, there's no telling what malware could be hiding in those.

The AdGuard for Android Github issues tracker is here (requires Github account to post a new issue): https://github.com/AdguardTeam/AdguardForAndroid/issues
 

Anon27

New Member
As I said in my dedicated thread, I downloaded it from https://adguard.com/en/welcome.html. That looked like the legitimate website, I find it more likely that it's been compromised than that I've been phished. What I don't get is: if it's a fake positive, why does it only happen in one out of two identical devices?

What even is Samsung Knox? A supposed security solution that comes pre-installed but you need a license key and a Samsung account to activate, and which comes with a bunch of security vulnerabilities packed in the coding, to make it easier for hackers to hijack my phone? I'd rather pay for a Kaspersky license, TBH. Rooting would not only allow me to use AdGuard (I'll admit that it works in non-rooted devices like Blokada when someone can tell me how to enable it on a non-rooted device using local VPN, like Blokada), but also get rid of a bunch of useless bloatware Samsung forces down our throats (including the MSM / DTI malware, a bunch of spyware like Rubicon, annoyances like Flipboard and Bixby, features that I don't want but can't uninstall, like Kids' Home and Game Optimiser, and apps that I don't want because I don't have an account, like Facebook and Netflix, but can't remove either), enable extra features on Avast/Kaspersky, disable permissions on certain pre-installed apps, install a new ROM, and even use cooler apps like Titanium Backup. It would seem like the perfect deal to me if Samsung didn't boobytrap their devices to make sure you can't actually own the phone you buy from them, or, at least, not without throwing away the camera along with the bathing water. I can't wait until the European Union passes that law that will reign in manufacturers and allow us to remove bloatware without root, and hopefully also forbid them from boobytrapping against root.

Thanks for the Github link. Here's my post: https://github.com/AdguardTeam/AdguardForAndroid/issues/4137
 
Last edited:

Man in the Moon

New Member
No busques el Enraizamiento de tu dispositivo Samsung galaxy A51 antes de averiguar el por qué no admite el sistema de VPN Local de AdGuard AdBlocker.

Y, aún cuando lo averigües, infórmate bien de cómo ha preparado Samsung la posibilidad de Enraizamiento en ese dispositivo antes de dar el paso...

Ya sabes, por aquello de: "Es un pequeño paso para un hombre..."

(Esto último debe ser tomado como un ingenuo guiño humorístico.)

;););)





Won't look for Rooting your Samsung galaxy A51 device before finding out why it doesn't support AdGuard AdBlocker Local VPN system.

And, even if you find out, be well informed on how Samsung has prepared the possibility of Rooting on that device before taking the step...

You know, because of: "It's one small step for a man..."

(This last should be taken as a naive humorous wink.)

;););)
 
Top