Intercepting and decrypting HTTPS traffic on modern Android devices is notoriously difficult due to strict certificate trust policies. Move Certificate by ys1231 elegantly solves this problem. Engineered as a highly efficient, systemless module, it automatically identifies user-installed certificates—such as those generated by AdGuard, HttpCanary, Charles Proxy, or Burp Suite—and seamlessly injects them into the heavily restricted system credential store. Fully optimized for Magisk, KernelSU, and APatch, this tool is indispensable for developers, security researchers, and privacy enthusiasts.
Unrestricted HTTPS Decryption
Bypass Android's restrictive network security configurations. Ensure your adblockers and packet sniffers can inspect secure app traffic flawlessly, all via systemless mounting.
Automated Migration
You don't need to manually move files via root explorers. Install your certificate normally through Android's security settings, reboot, and the module handles the complex migration to the system store automatically.
Android 14+ APEX Support
Modern Android versions locked the root certificate store inside an immutable Conscrypt APEX container. This module utilizes advanced overlay techniques to bypass the APEX barrier safely and effectively.
AdGuard & Proxy Ready
Essential for tools that rely on Man-in-the-Middle (MITM) interception. Without system-level trust, modern apps will drop connections to your proxy. This module completely restores HTTPS filtering capabilities.
Universal Systemless Architecture
Weighing just over 500 KB, the script relies strictly on temporary memory mounts (tmpfs). It integrates natively across Magisk, KernelSU, and APatch, ensuring your actual partitions remain unadulterated.
How Systemless Certificate Injection Works
On Android 7.0+, Google changed the default Network Security Configuration so that apps ignore the User certificate store. Furthermore, starting in Android 14, the System store was moved from the writable /system partition into an unmodifiable APEX module (/apex/com.android.conscrypt/cacerts).
Move Certificate bypasses these roadblocks by executing a highly specialized shell script during the post-fs-data boot phase.
The operating system is seamlessly tricked into viewing your custom certificates (like AdGuard or Charles Proxy) as pre-installed Google-verified system certificates. Once you reboot the device, the injection is complete, and the memory mounts disappear entirely upon uninstall.
Frequently Asked Questions
/system/etc/security/cacerts directory into an unmodifiable Conscrypt APEX module. This module features updated mounting logic to bypass this restriction, making it fully compatible with Android 14+.