Xiaomi and Redmi smartphone owners often face the need to set up corporate email or install specific applications that require security certificates, but sometimes they lead to alerts about untrusted connections or, worse, to blocking banking applications, because a Certificate Authority (CA) certificate appears on the system that intercepts traffic or raises suspicions among security systems.
Removing this element is a critical procedure to restore the normal operation of the device, and having someone else's or unknown certificate in the system store allows third parties to decrypt your device. HTTPS-In this article, we will discuss how to find and delete suspicious files, returning the phone to its original level of protection.
The process of cleaning the storage of credentials in the shell of MIUI or HyperOS can be different from standard Android, which often leaves users confused. We will consider all possible ways to solve the problem, from standard settings to using the engineering menu if the usual method does not work.
Why you need to remove certificates on Android
CS certificates are digital passports that verify the authenticity of sites and applications. When you add a certificate manually, you are effectively telling the system, "I trust this source more than Google's built-in benchmarks." In the corporate environment, this is necessary for secure access to a company's internal networks, but in personal use it is a potential security hole.
Often users install these files themselves, trying to bypass locks or run modified versions of games without knowing the risks. Attackers can inject their root certificate through malware, gaining full control of encrypted traffic, which is why regularly checking the list of trusted DSs is a basic digital security hygiene.
Banking applications such as Sberbank Online or Tinkoff have built-in security mechanisms (Root detectors and environment integrity checks).If they detect user certificates in the system that can be used to swap traffic (Man-in-the-Middle attacks), the application can refuse to launch or display connection errors.
Where to find the storage of credentials in MIUI
Xiaomi’s shell interface has its own navigation features, and the path to encryption and certificate settings can vary depending on the Android version and regional firmware (Global, China, EEA).
To find storage, you need to go to Settings → Passwords & Security → Privacy. In some versions of MIUI, this item may be simply called “Security” or located under “Special Features.” If the search for settings does not work, use the built-in search bar at the top of the settings menu by querying “certificate” or “trusted”.
It is important to distinguish between system and user storage, and the system certificates that are preinstalled by the manufacturer cannot be removed without the superuser rights (Root), and we are interested in the section User Certificates or Trusted Items, which displays files added by you or applications.
💡
Use a search by phone settings (a magnifier at the top of the settings screen) by entering the word “DS” or “Certificate” to instantly navigate to the desired menu without wandering through sections.
Step-by-step instructions for removing the certificate
The deletion process is simple enough if you know exactly where to click. Mistakes deletion of system files can cause some applications to fail, so keep a close eye on the names of the objects being deleted. We will only work with the user partition.
First, open the settings menu and find the security section, then proceed according to the algorithm:
- 🔍 Click on "Privacy" or "Encryption and credentials".
- 📂 Select the option “View CS certificates” or “Delete credentials".
- 🗑️ Find a suspicious certificate (often with the name of the organization or just the date of creation) and click on it.
- ✅ Confirm the removal by entering PIN-screen unlock code or pattern lock.
Once you do this, the system will recalculate the hash amounts of trusted roots, and if you delete the certificate that was used to run corporate email or VPN, the relevant applications will stop connecting until the credentials are re-installed, which is normal behavior to confirm the effectiveness of the cleanup.
☑️ Post-deletion check
What to do if the removal button is inactive
Sometimes users are faced with a situation where the certificate is visible in the list, but the Delete button is inactive (gray) or absent. This can occur for several reasons: the file is protected by device administrator rights, the certificate is embedded in the system partition (Root is required), or it is used by an active profile.
First, check the Device Administrators section. Go to Settings → Passwords & Security → Privacy → Device Administrators. If there is an unknown application or profile that you didn't install, disable its rights. Often, it is administrative rights that block the ability to modify the key store.
If disabling the administrator did not help, it is possible that the certificate was installed through the organization profile (MDM), in which case the option “Profiles” or “Work profile” may appear in the settings menu, deleting such a profile will completely clear the certificates and data associated with it.
⚠️ Note: If the certificate has the name of the system component (e.g. Android System or the name of the chip manufacturer), do not force it to be removed.
Using ADB commands for advanced users
For power users who can’t remove the certificate through a GUI, there is a method through USB debugging and a computer.This method requires installing Xiaomi USB Drivers and the SDK Platform-Tools platform on a PC.
Before you start, turn on the developer mode. To do this, quickly click on the build number in the About Phone menu 7 times. Then activate the "Debugging by USB" menu from the "Developers" menu. Connect the phone to your computer with a cable.
Open the command prompt on your computer in the ADB folder and enter the command to check the connection:
adb devicesOnce you have confirmed authorization on your smartphone screen, you can try resetting the credential storage by command, although the standard ADB does not have a direct command to delete a specific user certificate without root rights.
adb shell pm clear com.android.certinstallerThis command clears the cache of the certificate installer. In more complex cases, if the phone has Root rights, delete files from the directory is used. /data/misc/user/0/cacerts_added/. Without superuser rights, opportunities ADB in this context are limited to resetting settings or cleaning the application cache.
Risks of using ADB
Table: Types of certificates and risks
To better understand what’s on your phone, check out the certificate classifications. Not all of them are dangerous, but knowing the differences will help you make the right decision about deletion.
| Type of certificate | Source | Security risk | Recommendation |
|---|---|---|---|
| System (Root) | Manufacturer (Google/Xiaomi) | Absent. | Don't touch it. |
| Corporate | IT-works department | Low (within the company) | Remove on dismissal |
| User-generated (Unknown) | Downloaded from the Internet | High (traffic interception) | Urgently remove |
| VPN / Proxy | Bypass applications | Medium (depending on the provider) | Remove if not used |
As you can see from the chart, the main threat is user certificates with an unknown source, which is a red flag for any security system, and it takes a couple of minutes to audit the list regularly, but saves you from potential data leakage.
💡
The main sign of danger is the appearance of a certificate that you did not knowingly establish for work or study.
Prevention and protection against re-emergence
Once a device is cleaned successfully, it is important to prevent the threat from re-entering, and often certificates are installed along with free applications from unverified sources or when clicking on phishing links, and digital hygiene minimizes these risks.
First of all, refuse installation. APK-Google Play Protect and Xiaomi’s built-in virus scanner are able to weed out most threats. Also, don’t ignore browser warnings that “Connection is not secure” is often the first bell about certificate issues.
Update your operating system regularly. Android Security Bulletin security updates address vulnerabilities that could allow attackers to inject their root certificates without the user's knowledge. The current firmware version is your best shield.
⚠️ Note: If the certificate appears again automatically after deletion, it is a sign of active malware (virus) in the system.