My Android app needs to support connecting to untrusted servers over TLS. I handle this by installing a custom SSLSocketFactory with a custom X509TrustManager that shows a dialog asking the user to confirm the connection. I also handle this by overriding WebViewClient's onReceivedSslError callback (which lead to this question).
These X509Certificates are public keys only, so it doesn't matter if they're stored in cleartext. However, is there a place I can store them so that the system will automatically handle verification for me? Right now, I just put them in a Set<String> SharedPreferences and check any untrusted cert I receive against that Set<String>. Ideally, there would be a way to put them into the default truststore and then clear them from the default truststore when the user logs out.