[Q] security question regarding 'Trusted Credentials'

I'd like to know about this as well.

Sent from my SAMSUNG-SGH-I337

These are all root certificates. The certificate authorities that issue cents to web sites have their root certificates loaded on the phone so the phone can verify that an sisal cert from a web site is legitimate.

This is a lucrative business so there are quite a few CAs around the world. And big banks have become CAs too.

Theoretically they are all legitimate as it is a huge process (or it used to be) to get your root cert included in an OS or browser by default.

Can you remove them? Yes, but be careful. If you only use USA websites then you can probably remove most non-USA CAs. But why do you care? Older versions of android didn't let you remove any, and the only time you need to is if a CA has been compromised.

If you do remove one you need, you will get SSL warnings about visiting an untrusted site, but you should be able to add the root cert back.

HTH

alphadog00, I realize your post is from 2013, but I've been searching for answers to this as well. Why do we need these certificates on our phones? I have 156 on mine, and some of them aren't even in English. Some have the country in the company name, like China, Turkey, and Germany. Some companies have more than one certificate. VeriSign, Inc. has 7, all with different issue dates going back to 1996 but all expiring between 2029 and 2036. A couple of them look sketchy to me, with 'certificate' spelled 'cirtificate', and 'global' spelled 'globel'. They remind me of emails that I get from my dear friend, the widow of a former bank president in Kenya, who needs my help getting her money out of the country. Why do I need 156 trusted credentials from half a dozen countries? How many do I really need? There is a grey item at the bottom of the security page that says “Clear Credentials,” but it’s un-clickable on my phone. Why would that be an option if these certificates are necessary? Would I be safe disabling all the ones from outside of the US and Canada? Are all these certificates taking up space on my phone? What is a ‘fingerprint’? Thanks in advance for any help and advice you can offer me.

27 July 2017. "Turned Off" all but two CAs. Result is could not access Play Store as well as several other sites. One screen stated "No internet connection. Make sure WIFI or cellular data is turned on, then try again." Needless to write, turning off all the CAs has repercussions.

I was helping a friend which I had no idea what was going on until I got there...it's a huge huge ring of I'm not sure what?? Now my phone, my parents phone, there desktop and laptop are all under attack! I downloaded over 20 antivirus apps and could not allow permissions, nor can I get any recovery codes to any email because it keeps changing the password. Plus I found strange apps just installed, settings changed that were not and all countries in the world chamber of commerce trusted certificates and so much more. I'm pretty sure we are under attack! I would GREATLY APPRECIATE and thoughts or ideas of what i should do to our info safe!!!!! Thank You!! p.s. I'm now living every second in fear like her and very scared!