Trusted certificates are typically used to make secure connections to a server over the Internet. A certificate is required in order to avoid the case that a malicious party which happens to be on the path to the target server pretends to be the target. Such a scenario is commonly referred to as a man-in-the-middle attack. The client uses the en.wikipedia.org/wiki/Certificate_authority Certificate Authority (CA) certificate to verify the CA signature on the server certificate, as part of the checks before establishing a secure connection. Usually, client software—for example, browsers—include a set of trusted CA certificates. That makes sense in as much as users need to trust their client software: A malicious or compromised client can skip any security check and still fool its users into believing otherwise.(Wikipedia)
How to find Android certificates on your device?
Tap on Settings -> Security -> Trusted credentials
View System and User credentials; system credentials are factory installed certificates