Ever since Android 7.0 Nougat, Google tightened device security by preventing apps from trusting user-installed certificates by default. This change crippled HTTPS filtering ad-blockers and network analysis tools. Move Certificates (movecert) by yochananmarqos effortlessly solves this problem. It systemlessly intercepts user-installed certificates and injects them into the system store—restoring full functionality to tools like AdGuard, HTTPCanary, and Burp Suite across Magisk, KernelSU, and APatch environments.
Regain HTTPS Trust
A lightweight, automated script that bridges the gap between Android's strict Network Security Configuration and your need for deep packet inspection and system-wide ad blocking.
Automated Migration
You don't need to use root file managers or terminal commands. Simply install your certificate via Android settings, flash/enable the module, and reboot. The script automatically finds user certificates and mounts them as system certificates.
Enables SSL Interception
Essential for developers and security researchers. By moving the proxy certificate to the system level, tools like Burp Suite, Charles Proxy, and Mitmproxy can successfully decrypt and inspect HTTPS traffic from modern apps.
Unlocks HTTPS Ad-Blocking
Advanced ad-blockers like AdGuard rely on local VPNs and custom certificates to filter out ads inside secure HTTPS traffic (like YouTube or social media apps). Movecert makes this feature fully operational on Android 7+.
100% Systemless
Your actual /system partition remains completely untouched. The module uses Magic Mount (Magisk/KSU/APatch) to overlay the certificates virtually. Disabling the module instantly reverts everything to stock.
How Android Handles Certificates (Android 7.0+)
Before Android 7.0 (Nougat), whenever you installed a custom CA certificate, Android treated it with the same level of trust as the pre-installed system certificates (like those from Google, Let's Encrypt, or DigiCert). This made it incredibly easy to set up a man-in-the-middle (MITM) proxy to block ads or inspect network traffic.
To improve security against malicious profiles, Google introduced the Network Security Configuration. By default, applications targeting API Level 24 and above only trust certificates located in the System certificate store (/system/etc/security/cacerts/). Certificates you install manually go to the User store (/data/misc/user/0/cacerts-added/), and are outright ignored by most apps.
The Movecert Solution
Movecert runs a boot script that scans your user certificate directory. It takes any valid certificates found there, generates the proper hash format if necessary, and virtually bind-mounts them directly into the system certificate directory. To the Android OS and all installed apps, your custom certificate looks exactly like a built-in, highly trusted root certificate.