
MicroG – Re-implementation of proprietary Android apps and libraries - xvilka
https://microg.org
======
djsumdog
I'm glad this is still being maintained. It's a really great way to still run
popular apps without having to go the entire F-Droid/OSS only route.

My current phone no longer charges and I've already replaced so much stuff on
it (back, camera, etc.) that I'm deciding to go the KDE Plasma route, starting
with a new old-stock Nexus 5X.

I hope the Purism 5 and Pinephone get released as well. I really want to go
the Plasma route. If there is tooling I need that's missing, I hope it will
force me to write and contribute apps that can help myself and others.

We need a real open source mobile operating system, not Google's cripple-ware.

~~~
xvf22
Watch out for the 5x, I've seen 3 in addition to mine die the same way. They
start rebooting randomly then boot loop. It's an acknowledged problem with the
chipset. You can sort of fix it if you are able to load an alternative kernel
[0] on it that disabled the big cores and that bought me another few months
before it totally died. If you're willing to risk it you can get a higher RAM
version of the motherboard on aliexpress where they may have used better
solder.

[0] [https://www.xda-developers.com/nexus-5x-bootloop-fix-boot-
ph...](https://www.xda-developers.com/nexus-5x-bootloop-fix-boot-phone/)

~~~
manuelisimo
I was planning on keeping my 5X for years and years, but it died on my this
same way

~~~
baroffoos
I must have got lucky because mine still works fine and I use it daily.

~~~
ZeikJT
There are dozens of us!

------
codethief
MicroG is a fantastic project! I wouldn't know what to do without it! (×)

For anyone who wants a really easy way to install and use LineageOS with
MicroG, consider going for the MicroG-infused version of LineageOS:
[https://lineage.microg.org/](https://lineage.microg.org/) It's basically pure
LineageOS with a small patch that allows MicroG to spoof the Google services'
signatures. The ROM supports all the devices regularly supported by LineageOS
and even gets weekly OTA updates, too.

(×) In case you agree, consider donating to the project:
[https://salt.bountysource.com/teams/microg](https://salt.bountysource.com/teams/microg)
(or, if you want a specific issue to be solved, you can put a bounty on it,
too:
[https://bountysource.com/teams/microg](https://bountysource.com/teams/microg)
)

~~~
psandersen
I'm getting tempted to go the LineageOS with MicroG route on my Pocophone
(need to confirm it works first).

Does this mean I can use the Play store and apps such as Spotify without much
issue?

~~~
m-p-3
You could also use the Yalp Store (Play written in reverse) to grab the APK
without having the play store installed.

[https://f-droid.org/app/com.github.yeriomin.yalpstore](https://f-droid.org/app/com.github.yeriomin.yalpstore)

~~~
krageon
Yalp is currently abandoned, try using Aurora Store instead:
[https://f-droid.org/app/com.aurora.store](https://f-droid.org/app/com.aurora.store)

~~~
m-p-3
I didn't know that, thanks!

------
est31
Most of the proprietary Google apps on Android are actually just frontends to
their proprietary network services like play, maps, gmail, gms, firebase, etc.
Giving a replacement that deserves the name means that you have to re-create
the associated network services which is the actually hard part because you
won't just get shop owners to upload their opening hours to your service as
well as google maps. That's an immense competitive moat that Google has built.
It's on the territory where they are strongest, providing network services.
And it's part of the reason why they could open source the Android OS in the
first place: no competitor manages to replicate all of those network services.

~~~
Mediterraneo10
> You won't just get shop owners to upload their opening hours to your service
> as well as google maps

Over the last couple of years, I have noticed some shop owners (mainly chains,
but also individual proprietors) adding their opening hours to OpenStreetMap
themselves. Certainly more needs to be done to compete with Google, but OSM is
still a libre alternative with some level of uptake. Plus, anyone walking past
an establishment can add its opening hours from what the sign on the door
says.

~~~
rlpb
I add opening hours to establishments I frequent. Since next time, I can
easily answer the question "Is X open right now?" without needing to be online
to do so.

------
cdubzzz
I recently looked at this while reviving a trusty old Samsung S4, but
ultimately just went with Enhanced LOS and no gapps. F-Droid has pretty much
everything I really need. It’s kind of amazing how well supported this stuff
is by the community, I am tempted to move away from the Apple ecosystem for my
regular phone.

~~~
e1ven
I'm curious how well this went - The microG site says that some OSS apps are
requiring Google libraries.

Have you run into a problem here?

~~~
_underfl0w_
In my experience (running Lineage + microG for a month or so now) the main
issue is with in-app purchases like "Pro" versions of things or subscriptions.
There are various workarounds to make it happen, but I haven't had any
success. I've tried using the NanoDroid patched Phonesky apk but no luck on my
Pixel.

Some apps attempt to check their license via PlayStore on startup and won't
acknowledge your license otherwise (e.g. TitaniumBackup, DarkSky) Others
require play services to download additional stuff and refuse to function
without it - e.g. Monument Valley.

Some work fine when the pro version is restored via TitaniumBackup, though -
Solid Explorer is one example.

------
DivestTrump
Google requires a comprehensive privacy policy for apps and there are plenty
of policy generators, but they don't make their own library specific privacy
policies easy to find in my experience. Just using Google Play has privacy
implications and it's a mess trying to track down and link proper policies
without seeming like your app is stealing users social security numbers. It's
possible I just have no idea what I'm doing, but I shouldn't need to hire a
lawyer for an app that collects zero data by itself.

------
neilv
A downside to MicroG is that it relieves some of the demand coming from people
averse to Google snooping, so there's less demand for a genuine alternative.

Running MicroG makes you still under Google's thumb.

Additionally, Google can pull the rug out from under you at any time (by
breaking MicroG with technical changes, or ToS).

(Personally, I've temporarily switched to a dumbphone for essential voice/SMS,
while PostmarketOS gets developed for various Web/app purposes, and am also
looking at the Librem 5 work.)

------
archi42
I'm using this on a HTC 10 for 9 to 12 months now (on an inofficial LineageOS
build). Only major quality of life issue is the lack of system-wide weather
data (e.g. Garmin Connect is unable to display weather on my fitness tracker).
Minor annoyances are the absence of the pretty good Google Maps (though I've
heard good things about Here Maps on HN) and that Volvo on Call seems to have
some trouble with rendering the replacement OSM map data; but I only installed
VoC recently, so I could not check this on a Google-infected Android, plus
that feature is not that important (and if I'll ever be too drunk to find my
car that's probably a good thing after all).

Two friends of mine migrated from Windows Phone directly to Samsung Galaxy
S... uhm, not sure, 8 or 7 I think... with LineageOS+MicroG, and are quite
happy as well.

~~~
codethief
> Minor annoyances are the absence of the pretty good Google Maps

I don't understand. What prevents you from installing Google Maps on your
phone? It works perfectly fine on mine. (I'm running the MicroG-infused
version of LineageOS. [1])

[1] [https://lineage.microg.org/](https://lineage.microg.org/)

~~~
Liquix
The goal of some MicroG users is to completely remove all Google apps. It's
more a matter of preference and principle than the app not working.

Also, Maps is constantly harvesting location data and beaming it back to G
servers, something many MicroG users are explicitly trying to prevent.

~~~
StavrosK
I'm still disappointed by Google's ongoing refusal to implement "allow only
while in foreground" permissions to apps (for things like location).

------
z3c0
What are - if any - the security implications of the signature spoofing that
MicroG requires? I've considered trying to squeeze MicroG into GrapheneOS, but
GrapheneOS currently doesn't support signature spoofing. LineageOS does, but
unfortunately my device isn't supported by LineageOS.

~~~
_underfl0w_
If an app has the permission to spoof signatures (which must be specified in
its manifest - I.e. it's not a permission that's grantable with `pm` ) it can
spoof itself as being any other app, if my understanding is correct. This
opens the door to sketchy apps pretending to be system apps, then man-in-the-
middling your data, potentially leaking sensitive info, etc.

Generally the signatures are there as a tamper-proofing mechanism. Some builds
(e.g. official-ish LineageOS for MicroG ROMs) have a hardcoded notification
that's shown for the signature spoof permission so it can't happen in the
background, though.

The possibility of widening the attack surface just triggers security paranoia
in those of us ditching Big G for privacy reasons - that's why there's
controversy over it at all.

------
jimbo1qaz
\- MicroG felt somewhat unmaintained, it took months for my bugfix PR to get
merged. Maybe it's better now? idk... Nanodroid's fork was more active at the
time, but idk if it's trustworthy or still active.

\- Getting SafetyNet to pass on Lineage-MicroG required installing the
pirate/ad-remover app Lucky Patcher (which comes with some questionable
adware) and using it to patch away APK installation signature checks. Lineage-
MicroG's built in spoofing doesn't work.

\- Hangouts would crash at launch unless you disabled some https/pinning/etc.
I heard it was fixed.

------
_bxg1
Something I've wondered- does this allow you to totally forego Google's web
APIs? I.e., sending any data to Google at all? Or is it just that the local
code is open source?

~~~
codethief
AFAIK MicroG doesn't send any data to Google unless you explicitly tell it to.
Here are some situations where you might want to do that:

\- You might want to enable the Google Cloud Messaging feature inside MicroG,
so that your apps can receive push notifications just like they would on a
regular Google phone.

\- SafetyNet. If you want some app to work that requires Google SafetyNet,
your phone will necessarily have to communicate with the Google servers.
MicroG provides functionality to do that. (Though, if you're worried about
your phone's security, I strongly advise against using this feature because
SafetyNet essentially requires the phone to download and run a binary blob
from the Google servers.)

\- If you want to install apps from the Play Store you will have to install
the Google Play Store app or at least some open-source alternative like
YalpStore or Aurora Store both of which will obviously download the .apks from
and therefore connect to the Google servers. However, this has nothing to do
with MicroG per se.

Anyway, you decide all this for yourself. If you don't want your phone to
connect to Google _at all_ , that's perfectly possible.

UPDATE: Indeed, I just checked and found a setting in MicroG saying "Allow
connecting to Google servers. If disabled, all connections to Google servers
usually done by microG will be denied. This overrides service-specific
settings."

~~~
commoner
One of the key benefits to MicroG is that you can turn on/off Google Cloud
Messaging for every single app that uses it. As far as I'm aware, this fine-
grained permission is not available on Google Play Services.

------
OrgNet
While this is cool (and old), it is only a band-aid... it would be much better
if the mobile apps would be native linux apps or maybe web-apps

------
amaccuish
This worked great when I had an android (I replaced with an iPhone since I
wanted easy privacy).

Worked for most things, the maps and location part was most dodgy though. Uber
was almost impossible to use and Grindr stopped working. Other than that,
things like G/FCM worked perfectly.

~~~
paavoova
> I wanted easy privacy

> Uber [..] Grindr

Can I just comment how contradictory this is? I understand "privacy" means
different things to people, but when used like this it's diluted to an
arbitrary buzzword. What I mean is:

Grindr Shares Personal Information With Third-Parties:
[https://news.ycombinator.com/item?id=16735956](https://news.ycombinator.com/item?id=16735956)

Uber pulls U-turn on controversial tracking of users after trip has ended:
[https://www.theguardian.com/technology/2017/aug/29/uber-u-
tu...](https://www.theguardian.com/technology/2017/aug/29/uber-u-turn-
tracking-users-after-trip-ended-app-user-privacy-new-ceo)

Uber has user route history, payment history, etc, and law enforcement is
readily utilizing this data, e.g. in the recent Jussie Smollet fiasco, in
cases. Even if you're not worried about that, Uber had a massive data breach,
which they were investigated for and fined.

~~~
mcv
A lot of people have problems with some privacy violations but not with
others. Until recently, I trusted Google with my data but not Facebook,
because I felt I knew how Google operated.

Since then, Google has lost my trust, and now I'd like to restrict their
access to my data.

------
m-p-3
Is that something a company like Huawei could use to skirt around the Google
ban?

~~~
baroffoos
Maybe. Google could probably find a way to block it if they tried. A lot of
this custom android stuff only works because Google put no effort in to stop
it.

------
cfarm
Response to the Huawei ban?

~~~
pedrocx486
Nope, this is quite an old and mature project. Maybe it'll grow more in
response to that.

~~~
cfarm
An appstore equivalent would allow developers to bypass the appstore revenue
cut.

~~~
TheRealPomax
what is this in response to?

The App Store is a different ecosystem running on a different operating system
designed for different hardware owned by a different company entirely?

~~~
cfarm
I believe that Huawei no longer will have access to Google Play.

~~~
yorwba
[https://appstore.huawei.com/](https://appstore.huawei.com/) ?

~~~
cfarm
Sure this is Huawei's store, but if you were born in Europe, there's no chance
that you would download something from here.
[https://www.nytimes.com/2019/05/20/business/huawei-trump-
chi...](https://www.nytimes.com/2019/05/20/business/huawei-trump-china-
trade.html)

~~~
yorwba
I think so too, so I guess you realize that simply having an app store is not
enough to actually replace Google Play.

------
IloveHN84
It would be cool to remove the original stock Google Layout and replace with
microG without wiping the phone and installing a custom ROM

------
Frenchgeek
Now if I could find a working ROM for my Landvo V1 (failed rooting)... That
would be a nice thing to play with

~~~
cyphar
I imagine you've already tried
[https://lineage.microg.org/](https://lineage.microg.org/)?

~~~
Frenchgeek
Since it's a cheap chinese phone, unless I find my self with the talent and
motivation to do a port myself, nothing support it.

~~~
_underfl0w_
Google around for a project called NanoDroid (I'm not affiliated)

That guy has released a ROM patcher for most AOSP ROMs that can add in
signature spoofing support. IIRC there was also flashable tooling for removing
GApps from your device.

You'd need a custom recovery, though. Just flash your stock vendor image,
remove GApps, flash the patcher, then flash microG. I'm simplifying a bit, but
it might be possible.

[https://forum.xda-developers.com/apps/magisk/module-
nanomod-...](https://forum.xda-developers.com/apps/magisk/module-
nanomod-5-0-20170405-microg-t3584928)

[https://gitlab.com/Nanolx/NanoDroid](https://gitlab.com/Nanolx/NanoDroid)

~~~
Frenchgeek
That's the thing: there is no (working) stock vendor image for it.

------
olalonde
Not an Android dev here... What's the IPC mechanism used to communicate with
those services?

~~~
rstat1
The version of the Linux kernel used in Android implements a custom IPC
mechanism called Binder that userspace services and apps use, which I think
(though I could be wrong) is based on some kind of also custom-made shared
memory facility.

------
ktosobcy
would be awesome to be able 'play services' implementation like you select
launcher, without the need to rely on Google (and one woild select microG,
which works great... and push is optional)

------
paulrd
Didn't read the article, but people reading the article might be interested in
Termux: [https://termux.com/](https://termux.com/)

------
unixhero
Doesn't work anymore on my Galaxy S10 Plus :(

------
rodneyzeng
Huawei would hope this could be used. Definitely.

------
NamPNQ
Look like dead project

~~~
e1ven
Their Github (github.com/microg) shows activity over the last month. What
gives you the impression it's dead?

------
GreeniFi
Can anyone comment on Dutch attitudes in this respect? The Dutch I have worked
with could come across as very confident - even when very obviously wrong.
I’ve found it a little confusing: they sound like they’re right, but what
they’re saying is incorrect! In Anglo culture people tend to be a little more
circumspect when there is the potential to be wrong.

I had a Dutch boss, who once said, “you never put forward something as your
opinion, you always state a secondary source. Why?”. I said it was to give
credence to what I was saying, because I myself am only one data source. His
answer was, “oh, that is very honest”. I never really understood that.

~~~
yorwba
It looks like you're posting in the wrong thread.

~~~
GreeniFi
So I did. How did that happen?

