TL;DR
Does that mean that user-installed CA's are out of the window?
Currently I have my own CA to sign certificates for various home systems and I'd hate giving up that simplicity...
Google will sweeten the forthcoming Nougat release of Android by changing the way apps work with certificate authorities (CAs) and simplifying APIs. The changes will affect only some apps and users, Android security team software engineer Chad Brubaker says . The changes mean Google will not automatically trust user-selected …
I mean if I have some program which only needs to talk to my server, I can just deliver the correct certificate with it. There is no advantage in relying on some external certificate authority which I do not control.
In fact, since I have no idea what the Google approved CA does and I have to hand over the keys to my kingdom, it's kinda a problem. I trust in yet another external organisation.
Plus the obvious problem is that this might hinder reverse engineering as I cannot bypass TLS by using my own certificates.