
LineageOS for microG – Access Google services without closed software - nizzo
https://lineage.microg.org/
======
headmelted
From the FAQ:

Q) "Wait, on their FAQ page I see that they don't want to include the patch
for security reasons. Is this ROM unsafe?"

A) "No. LineageOS' developers hide behind the "security reasons" shield, but
in reality they don't care enough about the freedom of their users to risk to
upset Google by giving them an alternative to the Play Services... Moreover,
to further strengthen the security of our ROM, we modified the signature
spoofing permission so that only system privileged apps can obtain it, and no
security threat is posed to our users."

This is such a petulent attitude towards what sound like well-founded
objections to the outright spoofing of Google signed apps that I'm just plain
out already.

Also, using the phrase "no security threat is posed to our users" in ANY
context is blindingly arrogant, and pretty irresponsible to boot.

~~~
Sir_Cmpwn
Maybe some of us don't want _any_ kind of google services on their phone, open
source or not?

~~~
traverseda
That how lineage ships by default. It's a bit of a pain and many other apps
(even open source ones) won't work, since google is providing the library for
those apps to do things like access your location.

~~~
madez
Programs that require Google Services just plain suck. That's like a game that
only runs if you have a mouse from Logitech or a document viewer that only
supports printinf if you have a HP printer. Both would just suck and be
shitty, borderline malicious programs.

~~~
kuschku
The problem is that Google has moved almost all Android features into Google
apps.

You can't access the stepcounter directly anymore, only through Google Fit.

Most location features are only available through Google Play's location API.

You can't even get up-to-date openssl or OpenGL support in your app without
Play Services.

~~~
mcny
The way they've done this basically has users begging for it though because
the alternative would likely be excessive battery usage for some things and no
updates for others. I'm on lineage but most people aren't fortunate enough to
have nexus devices or don't know/care enough to run anything other than what
comes with their device. I think moving everything possible to play services
is helpful for them.

~~~
larma
If it was about the features, they could (and should) have released these bits
as part of AOSP, as free software.

Not doing so reveals there actual reason: control. Forcing every manufacturer
to ship Play Services and thus being able to force various things on _their_
devices is a major financial benefit. It also ensured that Amazon or Nokia
were unable to set up a commercially viable Android Fork without Google.

------
SmellyGeekBoy
I've been running LineageOS on my OnePlus 3 for a few weeks now, since the
whole data collection furore. It's been absolutely fantastic and I'd
wholeheartedly recommend it to anyone. Battery life has been much better and I
love all the extra features in their camera app, for instance.

I'm not so sure about this though. It seems like they've disabled some very
important security features. Their justification of "Lineage obviously hate
freedom and are in bed with Google" doesn't sit right with me. Also there seem
to be a lot of hoops to jump through just to re-enable the Play Store, which
I'd consider basic functionality for any Android device.

Still, the pursuit of more freedom is a noble goal and I wish them all the
best.

~~~
PMan74
> Battery life has been much better

I'm guessing this is a gut feeling as opposed to any empirical data? Either
way I'm curious as to why this would be the case. Unless I misunderstand the
kernel is identical between LineageOS & whatever stock OS was on the device.
And it's the kernel that presumably impacts most on battery consumption.

I installed LineageOS on an old Nexus 5. The stock OS on the Nexus is already
pretty clean so I can't say I noticed a massive difference (although I didn't
spend much time on it)

~~~
jbg_
I actually tested this a little on a Nexus 5X a while back. With a clean
install of a LineageOS build manually patched to include microG (before I knew
about this fork), I unplugged it from the charger at 100% and left it for 8
hours without using it, at which point the battery read 98%. The same device
with a clean install of stock Android from Google read 87% after 8 hours of
standby after a full charge. In both cases it had good LTE signal and had no
modifications from a clean install other than signing into a Google account.

~~~
_jal
It is a bit entertaining to think of Google's surveillance quantified via
electricity - we can measure their intrusiveness in mAh.

------
bubblethink
While this is cool, I feel that this will always be a second class citizen at
whims of Google, who can break or change their APIs any time. What would it
take to provide a proper API replacement that apps can target instead of
google play services ? i.e., not spoofing but providing a legit alternative.
If I have a spare server for instance, can I set up a GCM like server that can
relay messages instead of them going through Google ?

~~~
anilgulecha
It's not going to be completely at Google's whim, as disabling a certain
API/interface means older proper-android devices will also fail. So microg is
banking on it's API interface being fine, given Google's interface, for
business reasons, has to be fine.

~~~
amelius
But isn't Google auto-updating on all devices, including old ones?

~~~
Arnt
Only mostly.

I don't know why. Lack of space on some phones maybe, or they could be
configured to autoupdate via wifi only but never see wifi. Whatever the
reason, if you use google play services, you'll see a few devices with old
versions that don't update even though there is a newer version for that OS
version.

------
muxator
I am perfectly fine with plain LineageOS and no Play Services at all. But,
then, I am fine with just Firefox and some instant messaging app.

If I need other apps, I install them with Yalp store or F-droid. Lots of them
run fine without Play Services (including Google Maps).

The phone is fast, the battery lasts a lot, slightly better security

~~~
ivan_ah
+1 for not needing Play Services. I've been running a free Android, and so far
every app installed has worked fine, except push notifications, but I see that
as a feature—less interruptions.

Can you recommend a good free gmail client? The default email app doesn't work
well with gmail -- double sends every time.

~~~
burner47
I use K-9 Droid without any issues with gmail.
[https://f-droid.org/packages/com.fsck.k9/](https://f-droid.org/packages/com.fsck.k9/)

~~~
tomlong
Same here, it's great. Integrates with OpenKeychain as well for the best
PGP/GPG workflow on a phone.

------
amluto
I'm rather puzzled by all the fuss about this signature spoofing thing. As far
as I can tell, the microg team has not proposed what seems to me to be the
obvious solution: allow signature spoofing for system apps and their
downloaded replacements only. So users _can 't_ install a signature-spoofed
app unless they do it as root or using a .zip update. No risk of users
clicking the wrong box or being dumb. Heck, one of LineageOS's review comments
even offered this as a potential option with no meaningful reply.

What am I missing?

Edit: here's the review comment:

> Adnan Begovic > Oct 8, 2015 > > Patch Set 2: > > Also "dangerous" doesn't
> limit third party apps from using it, you'd have to limit this explicitly to
> system|signature if you wanted any realm of a security model.

That doesn't sound like "politics" to me. That's a spot-on reply.

~~~
SifJar
Sounds like they do this:
[https://lineage.microg.org/#faq7](https://lineage.microg.org/#faq7)

> Moreover, to further strengthen the security of our ROM, we modified the
> signature spoofing permission so that only system privileged apps can obtain
> it, and no security threat is posed to our users.

~~~
amluto
Sure, but did they submit a patch like that to Lineage OS? As far as I can
tell, they didn't.

~~~
larma
The patch was submitted, it's unfortunately not visible to the public:
[https://review.lineageos.org/194562](https://review.lineageos.org/194562)

~~~
petecox
It seems like such a small one method change, in the context of forking an
entire distro.

I wonder if PackageManagerService is hard coded in many places, rather than
using XML dependency injection. If the latter then may it be possible to
override the method in a subclass, e.g. MicroGPackageManagerService and
distribute the change via a once-only installable zip?

That way Lineage OS doesn't need to break security, only downstream.

------
datamoshr
I was under the impression that lineage doesn't come with this anyway and you
had to flash whatever google binaries you wanted. This just seems like they've
removed one step. See bullet point on Step 1. on the wiki:
[https://wiki.lineageos.org/devices/cheeseburger/install](https://wiki.lineageos.org/devices/cheeseburger/install)

~~~
corna
[https://lineage.microg.org/#faq3](https://lineage.microg.org/#faq3)

LineageOS works without the GApps, but you lose lots of (fundamental) things,
like network location and GCM (push notifications). Moreover lots of apps
require the GApps API to work (often the Maps API) and crash if the GApps are
not installed.

------
Espionage724
How long did this fork exist?

I've been providing a similar fork for the Nexus 6 for a little while:
[https://forum.xda-developers.com/nexus-6/development/rom-
lin...](https://forum.xda-developers.com/nexus-6/development/rom-lineageos-
easy-microg-unifiednlp-t3632360)

------
Animats
What's the point? If you're using Google services, you're a slave to the
mothership and they know what you're doing. So why use a different layer of
middleware to access them?

I use F-Droid because I don't want to use Google services. I do miss voice
dialing, though.

~~~
Brakenshire
You're mixing up microG with OpenGApps. microG for instance can do Assisted
GPS location searches, but allows you to choose your own Location Services
provider, Mozilla instead of Google. It's not just a middleware to access the
same Google services.

------
blablablaat
Finally! Until now after each LineageOS update I had to connect phone to adb,
and patch with tingle or needle to re-enable signature spoofing. Great
solution, shame the LineageOS devs won't just add this as an flashable zip or
configurable option.

------
segmondy
This reminds me of what Linux and WINE for Linux was to MS Windows. It's a
fight against a closed eco-system. I applaud them, and hope to give it a try.

------
JepZ
I wish Google would put and end to this by releasing the code for their
Android services and slowly force the Android manufacturers to open source all
future drivers.

Please Google, don't be evil.

------
j_s
This sounds great but they lost me immediately as a near-complete rookie with
no list of supported devices.

Maybe someone else will will find this useful:
[https://wiki.lineageos.org/devices/](https://wiki.lineageos.org/devices/)

Can this properly support Google Fi and their network-switching magic?
Preliminary research claims it's possible.

[https://www.reddit.com/r/Nexus6P/comments/5qusmn/lineage_os_...](https://www.reddit.com/r/Nexus6P/comments/5qusmn/lineage_os_and_project_fi_does_it_work/)

 _if you install it from the play store you need to make sure that Project Fi
has all of it 's permissions granted_

------
sleepychu
Why is this its own fork though? Seems in line with the Lineage mission,
shouldn't they just merge in?

~~~
tribaal
Apparently this requires a hole to be punched in the sandbox to allow android
apps to "impersonate" other apps (by way of signature spoofing).

The lineage folks didn't want to merge it in on grounds of security concerns.

(I'm not affiliated with the project, I just read the code reviews because I
had the exact same question).

EDIT: for those interested:
[https://review.lineageos.org/#/c/64967/](https://review.lineageos.org/#/c/64967/)
and
[https://review.lineageos.org/#/c/65366/](https://review.lineageos.org/#/c/65366/)

~~~
nExXxuS
More information: [http://blogs.fsfe.org/larma/2016/microg-signature-
spoofing-s...](http://blogs.fsfe.org/larma/2016/microg-signature-spoofing-
security/)

------
sturmen
The FAQ states I should shoot them an email to get my device added to the
support list, but I can't seem to find the email address… Am I blind? Can
someone point me to it?

~~~
nExXxuS
Open a github issue or comment in here. That was obviously a point we were
missing :-)

------
floatboth
I guess that's more convenient than what I've been doing (manually patching
Lineage using Tingle to support microG on every update :D)

------
nsomaru
Anyone actually using this and can comment on the stability of various
apps/services?

~~~
GvS
There is wiki page with that info:
[https://github.com/microg/android_packages_apps_GmsCore/wiki...](https://github.com/microg/android_packages_apps_GmsCore/wiki/Implementation-
Status) looks like it's not stable yet.

~~~
nizzo
Actually is pretty stable right now, the most important features like Google
Cloud Messaging and the Maps API v2 work flawlessly. Only certain specific
apps give some issues, which usually are fixed in short time.

------
keypress
Can someone explain what this? Is it a fork of Android with the Google service
apps rewritten? Or just the latter? Could I take an old Android OS and install
the alternative Gapps? Yours, confused.

~~~
libeclipse
It's a fork of LineageOS, which is the daughter of CyanogenMod, which is a
fork of Android.

Only difference when comparing against LineageOS is that the OpenGApps package
is "free".

~~~
alinspired
>Only difference when comparing against LineageOS is that the OpenGApps
package is "free".

Rather GApps (google) functionality is re-implemented from scratch and the
necessary means (app signature spoofing) to replace GApps with microG is built
into this LOS fork

------
sanbor
Is this going to try to install updates every day? It sounds like too much.

------
Brakenshire
Can't you just install microG services from F-Droid on any LineageOS phone?
Why doesn't that have the same issue with spoofing?

------
msdocs
I tested a few apps that required gapps like uber and transit and both would
load a map but would crash and fail

------
AlexandrB
I am utterly baffled by this project. What's the benefit of using open source
software to access a completely closed-source set of services? If you're going
to trust Google with your data anyways why would you care whether you're
running a Google binary blob on the device?

~~~
blablablaat
I can't use Signal or my local railway app without Google Cloud Messaging. So
I have two choices: \- Don't use them \- Install Google crapware package \-
Install microG, which supplies the APIs so other apps can function normally

~~~
kasbah
Signal can now work without GCM, they merged an alternative that uses
websockets.

------
geekamongus
I have a Pixel XL (first gen) on Google Project Fi. Do I need LineageOS?

~~~
alinspired
can't answer your question, but there is no official LineageOS for any Pixel
(1st or 2nd gen). There are unofficial ones

------
fithisux
Is it possible to use microG with Android x86 on netbooks?

~~~
larma
Sure, if you patched your Android x86 for signature spoofing capability. The
official builds of microG support x86 (and x86_64)

~~~
fithisux
Thanks for the info.

------
grabcocque
IANAL, but won’t this violate the license terms Google provides for Play
services?

~~~
Aissen
Maybe, since this hits Google APIs directly:
[https://github.com/microg/android_packages_apps_GmsCore/blob...](https://github.com/microg/android_packages_apps_GmsCore/blob/d9e86d960d46e1be1f343591d7f37967b9ce8f3b/play-
services-core/src/main/java/org/microg/gms/gcm/RegisterRequest.java)

But then, there's no TOS at this URL, and there's no point in taking this repo
down, it would only make Google look bad and give microG free advertisement.

~~~
larma
Most GCM and checkin related code is actually a Java rewrite of open-source
code by Google. They released a client and some protocol specs as part of
Chromium:
[https://chromium.googlesource.com/chromium/chromium/+/trunk/...](https://chromium.googlesource.com/chromium/chromium/+/trunk/google_apis/gcm)

------
als0
Personally, don't think it's worth turning off proper signature checking in
exchange for shaving off 100MB of proprietary code.

~~~
jbg_
It does not turn off signature checking. It allows selective, whitelisted
system apps to impersonate other apps after a permission is granted by the
user.

Specifically, it allows the open-source, auditable microG apps to impersonate
the closed-source, unauditable Google Play Services apps.

~~~
morganvachon
As much as I like the idea of running an Android device without _gapps_ while
remaining fully functional, and I feel this fork goes out of its way to
attempt to remain secure, I just can't get past the fact that it's still a
security hole. Eventually some bad actor is going to hammer at this hole until
he finds a way in, then it's game over, restart from scratch.

I think the larger problem, the one that caused the _microg_ gang to go this
route, is the increasing control Google wants to hold over their platform.
Fanatics always promote Android as the "open source alternative" to iOS and
Windows Phone, but if you have to strip out so much proprietary gunk that it
renders the device unusable, how can they claim it's open source with a
straight face? Sure, the core Android code and kernel is still open, but
there's a huge difference between being able to boot a device and actually
using it daily.

~~~
jbg_
This doesn't make sense to me. You already have other permissions (draw on top
of other apps, full filesystem access, etc) that could be catastrophic to
grant to malicious apps. If you don't trust yourself not to grant them, or you
don't trust the Android permissions system itself to be implemented correctly,
it's already game over.

(Edit to add: I agree with everything in your second paragraph.)

~~~
morganvachon
I may be misunderstanding the methods involved then; I'm not a security expert
and I no longer use Android so I am behind the curve.

