[Bug] Adding a trusted local CA to Android is not honored by DDG

[kensmith]

Describe the bug

DDG warns that a site may be insecure even after installing a CA certificate to Android's system level trust store.

How to Reproduce

• Create a certificate with mkcert
• Install as a trusted CA in Android Settings
• Create a cert with common name = foo
• Make sure DNS or /etc/hosts (eg. Using Virtual Hosts from Fdroid) resolves foo to the host
• Create an HTTPS server with a mkcert certificate issued from that CA with CN = foo
• Navigate to that server https://foo

Expected behavior

Chrome, Brave, and Firefox on the same phone all stop warning after the mkcert CA is installed in the system level trust store. I expect DDG to follow suit. This seems like a bug because the warning message claims that the certificate is not trusted by the OS when it is trusted based on being able to navigate to it in other browsers.

Environment

- DDG App Version: 5.222.0 (52220000)
- Device: Pixel 8
- OS: Android 14, Build AP2A.240905.003.B1

[github-actions]

Thank you for opening an Issue in our Repository.
The issue has been forwarded to the team and we'll follow up as soon as we have time to investigate.
As stated in our Contribution Guidelines, requests for feedback should be addressed via the Feedback section in the Android app.

[karlenDimla]

Hello! I’ve forwarded this issue internally and will let the correct team prioritise the fix. Thank you!