I have installed ODK Collect on my Huawei P20 Lite running Android 8. The app connects to our server but form downloads fail with a certificate error. After investigating, I understand that starting from Android 7+, apps no longer trust user-installed certificates by default - only system certificates are trusted. Our organization uses a self-signed certificate (or internal CA) on our ODK Central server.
On non-rooted devices, we cannot install certificates as system certificates, which means ODK Collect rejects the connection.
I attempted to modify the APK to add a network security config that trusts user certificates, but encountered numerous resource compilation errors with apktool (related to Material Design 3 dynamic colors and private Android resources).
Could you please advise on any of the following:
-
Is there an official way to configure ODK Collect to trust user-installed certificates?
-
Could a build flag or setting be added to allow user certificates for self-hosted servers?
-
Is there a recommended approach for organizations using internal CAs with non-rooted devices?
We have multiple field devices where rooting is not an option, and obtaining a publicly-trusted certificate for our internal server is not feasible.
Thank you for your assistance.