Learn More About Root CA
A Root Certificate Authority (Root CA) is the top-level entity in a Public Key Infrastructure (PKI). It issues and signs digital certificates that validate the identity of entities such as websites, servers, or applications. Devices and operating systems maintain a trust store containing public keys of pre-approved Root CAs. When your device encounters a digital certificate (e.g., during an HTTPS connection), it verifies that the certificate chains back to a trusted Root CA. If it does, the connection is considered secure and trusted.
Why The beem app Requires a Custom Root CA
To protect you effectively while browsing the internet, the beem app needs to install a special certificate on your device. This certificate is called the Swisscom beemNet Root CA and is issued directly by Swisscom. Installing this custom Root CA is required to enable enhanced security features such as:
TLS/SSL inspection: Decrypting and analyzing secure traffic to detect threats like phishing, malware, or man-in-the-middle attacks.
Zero Trust policies: Verifying traffic not just at the network perimeter but continuously, including encrypted payloads.
Secure content filtering: Blocking known malicious domains or content based on real-time threat intelligence.
To perform these functions securely, beem acts as a trusted proxy. The Root CA allows the service to issue and sign ephemeral certificates for outbound HTTPS connections — making it possible to inspect encrypted traffic on-device without disrupting service integrity.
What Does This Mean for You?
The certificate allows beem to detect hidden threats inside encrypted internet traffic. Today, many online risks, like phishing or malware, are disguised inside "secure" websites (those starting with https://). To protect you from these threats, beem uses advanced techniques to identify malicious content, while maintaining strict privacy safeguards.
How does the certificate work?
The certificate is a security feature used only within the beem app. It helps ensure that your connection is secure and that only trusted devices can access your data. This certificate does not monitor your activity, it’s designed solely to protect your privacy and keep your information safe.
Why Is This Safe?
- The certificate comes directly from Swisscom.
- It only works on your device and only together with the beem app.
- It does not give anyone access to your private data.
- The beem app uses it strictly to identify and block security threats.
What Do You Need to Do?
The beem app will guide you step by step through the certificate installation. It takes just a few seconds, and you’ll be shown exactly what to do.
For more information on installing or removing custom certificates on mobile devices, please refer to the following links.
Scope: The certificate is only trusted locally by your device, and only affects traffic routed through our app.
Where Can You See the Certificate?
On iOS, it is installed via a signed configuration profile and managed under Settings → General → VPN & Device Management.
On Android, the certificate can be viewed under Settings → Security & privacy → More security settings → Encryption & credential.
INFO
Android Note: Please note that the installation and management of user certificates may vary depending on the Android device manufacturer (e.g., Samsung, Google Pixel, Xiaomi) and model. The beem app will guide you through the necessary steps as accurately as possible — however, menu names and paths on your device may differ slightly.
If you are unsure, we recommend consulting the official support documentation for your specific device.
Security & Privacy Considerations
- No traffic is sent to our servers unless required for threat analysis and governed by our Privacy Policy.
- Root CA usage is auditable and compliant with modern enterprise mobile security frameworks.
Can Swisscom see everything I do?
No. The beem app routes certain network traffic through Swisscom’s secure SASE platform to detect threats like phishing or malware.
Only security-relevant traffic is analyzed – not your private messages, passwords, or banking details.
No content is stored or used beyond what is strictly necessary for your protection. All processing follows Swisscom’s Privacy Policy and Swiss data protection laws.
Can I remove it later?
Yes. You can delete the certificate anytime in your device settings. However, the app’s full protection features may no longer work without it.