Root certificates are the heart of the public key infrastructure (PKI), and for them to take effect, they must be signed by a reputable certificate authority (CA). The two applications and programs can refresh the root authentication, yet Android telephones must be refreshed through OTA updates as of now. That might change in Android 14, which is coming soon.
Add Realmicentral to your Google News feed. 
Android isn’t the only operating system with its in-built root certificate. On your Android phone, go to the Security & Privacy option in the Settings app to view root certificates.
The issue, however, is that this root storage solution is not sufficient. To avoid man-in-the-middle (MITM) attacks, applications can choose to use and trust their root store, as Firefox does, and they can accept only specific certificates (known as certificate pinning).
Users can also install their certificates on Android 7, and app developers can decide whether or not to let their apps use these certificates. Conscript, a Mainline module giving a TLS execution to Android, will uphold sustainable root declarations in a future update, as per another proposition on AOSP Gerrit.
As a result, Project Mainline’s Google Play system update enables certificates to be removed or even added, speeding up processing in the event of future issues like TrustCor.
Without relying on how OEM manufacturers push updates, Google can update the root certificate promptly after introducing this feature to enhance device security.