Hacker News new | comments | show | ask | jobs | submit login
Effectively Using Android Without Google Play Services with Gplayweb in Docker (fxaguessy.fr)
318 points by fxaguessy 133 days ago | hide | past | web | 74 comments | favorite

Time to mention https://microg.org/ / https://news.ycombinator.com/item?id=12864429 again. It's a FLOSS re-implementation of Google Play Services. It offers e.g.:

* Optional completely offline geo location service via an on-phone database which often preserves battery and even works when no internet access is available. Online backends using e.g. Mozilla Location Service are also available

* The often unavoidable Push notifications via Google Cloud Messaging while only sending minimal identifying data

* The Analytics (tracking) and Ad parts are simple stubs which avoid app crashes but do nothing else

Anybody have the lowdown on what currently does/doesn't work with this? Specifically, which sort of apps work and which don't?

Does this clone the google services framework or just google play services?


Wearable and Cast are often missed APIs. Contacts and Calendar sync is also not implemented yet. I can't think of any app that I personally used that doesn't work. That includes Google Maps and the Play Store. There were some crashes in the past, but microG became a lot more stable since then. However, I completely rely on my own infrastructure for mail and contacts / calendar sync (using DAVdroid).

HERE WeGo (https://play.google.com/store/apps/details?id=com.here.app.m...) is a good alternative to Google Maps. Does not need Google Services installed and you can download the maps to your device, even to an external sd card.

Second this. I used it on my iPhone.

it sure needs LOTS of permission, gonna go try it anyway :D

A lot less then Google Maps actually ;-) Just compare permissions view details under https://play.google.com/store/apps/details?id=com.google.and... and https://play.google.com/store/apps/details?id=com.here.app.m....

Permission Google Maps has in addition to HERE WeGo:

[Device & app history] retrieve running apps

[Identity] add or remove accounts

[Contacts] modify your contacts

[Phone] directly call phone numbers [Phone] write call log

[Microphone] record audio

[Other] download files without notification

[Other] view configured accounts*

[Other] send sticky broadcast

[Other] disable your screen lock

[Other] measure app storage space

[Other] control Near Field Communication

[Other] read sync settings

[Other] run at startup

[Other] use accounts on the device

[Other] toggle sync on and off

[Other] read Google service configuration

Permission HERE WeGo has in addition to Google Maps:

[Identity] read your own contact card

[SMS] send SMS messages

[Other] pair with Bluetooth devices

[Other] access Bluetooth settings

[Other] change network connectivity

[Other] uninstall shortcuts

> * Optional completely offline geo location service via an on-phone database which often preserves battery and even works when no internet access is available. Online backends using e.g. Mozilla Location Service are also available

Sounds really cool!

> * The often unavoidable Push notifications via Google Cloud Messaging while only sending minimal identifying data

Can you elaborate, please?

> Can you elaborate, please?

Are you asking how it is unavoidable or how it is sending only minimal identifying data?

I'm asking more about what "Push notifications via Google Cloud Messaging" are and why they are unavoidable. I think I will be able to infer what minimal identifying data is required from that.

You can probably find a more accurate description somewhere else, but here is a TL;DR version:

In order to receive notifications without a push notification service like Google Cloud Messaging (GCM), every app would have to

a) poll for updates, meaning that the app establishes a connection repeatedly and asks a server for update. In the worst case, there is a delivery delay as big as the period between two polls. That also means that the app has to be running and thus the phone "awake" every time an app tries to get updates


b) keep a connection to the server open. That also requires that the app is running and sending something like keep-alive commands to avoid timeouts

In both cases it means that it doesn't scale at all. The phone would be awake a lot just to fetch updates, it would drain the battery and cause unnecessary much network traffic. Unnecessary, since there is a better solution: register with a 3rd-party service that handles the updates instead, in the case of Android mostly GCM. It basically works as follows: GCM keeps one connection to the Google servers open the whole time. Apps on the phone can register with the GCM client. Instead of sending the updates directly to the app on the phone, the app backends send the data to google instead, which then sends it with very little delay and overhead to the GCM client on the phone, which then in turn wakes up the respective app and passes the payload data.

If all these services just use GCM instead of handling notifications on their own, using WhatsApp, FB Messenger, Telegram, Signal, Skype, WeChat, Line and Viber at the same time is suddenly not such a bad idea anymore.

GCM it often unavoidable, since very little apps support alternatives to it. E.g. in China several alternatives exist, since connections to Google are blocked. I think also Amazon runs its own push notifications service.

I bet it's not TL;DR. :) Because if I asked something and got a reply, not reading it would be disrespectful to the author, no matter how long the reply is.

> In order to receive notifications

Your answer would be absolutely perfect if you added "from a remote server". I was slightly confused, wondering what kind of notifications an app is supposed to receive.

Thanks for answering. Your answer is great.

Also, now I'm curious how they do it while sending only minimal identifying data. I was wrong thinking that it would be immediately clear. I wonder if TheCoreh is correct about proxying.

Oh, and you don't need to answer if you don't want to. I can do my own research.

Didn't some early Android apps poll? I remember complaints about Android phones using up people's monthly data allowance in the first week or so...

I had to turn data off completely just to run the phone.

Google offers a push notification system like Apple's, with centralized servers, to efficiently deliver notifications to all users without having apps constantly running in the background killing battery life.

It is unavoidable, I assume, because otherwise you won't get notifications, which defeats the purpose of several apps, and they can't provide a fully independent alternative server because it would require integration on each app developer's backend side. "Sending minimal information", probably means they proxy the requests to avoid giving geoip info to Google about you.

Can I use Signal under this setup?

Copperhead maintains a fork called Noise available in their F-Droid repository


The repo's signing key fingerprint (sha256) is

    F0 D4 EB 11 93 AD 82 FE B2 24 BD 11 74 B6 FB
    D8 9A 39 D8 ED 98 8C 9F FF 2A DD 0D CD 1C 4E
    27 1B

Or you can just install Yalp Store from F-Droid (https://f-droid.org/repository/browse/?fdid=com.github.yerio...) and download the apps from the Google Play Store directly to your device. You can also easily update your apps with Yalp Store.

Another possibility is to use the Java software Raccoon on your Desktop, available here: http://raccoon.onyxbits.de/

Yalp uses a Google account, which isn't good.

I use https://apkpure.com

No idea what Yalp is doing with your email here: https://github.com/yeriomin/YalpStore/blob/23503d639034d68b8...

I find Android code really hard to read - there's so many levels of indirection here I can't find where it's actually calling whatever.google.com to grab the APK

This particular code looks fairly straightforward (could definitely be clearer). It's building a url and including the email as a path segment. What the remote service (http://tokendispenser-yeriomin.rhcloud.com/) is doing with that email is harder to determine.

That part is open source too: https://github.com/yeriomin/token-dispenser

That said, if you're sketched out by it, don't use it on a Google account with any data on it. Just make a new empty account for apk downloading.

"Stores email-password pairs, gives out Google Play Store tokens"

I couldn't tell if it was encrypting the password but even if it was... yuck!

Basically the author created web interface to similar APK downloader. At least Docker is completely unrelated.

Uber, Tinder, and other apps I use require Google Play Services in their latest version. They simply refuse to work without it and there is no web alternative. It's either downgrade to a bug-prone version or use Google Play Services. There is really no privacy on a fully functional Android Phone that isn't just email and phone services - though I guess if you're using Uber and Tinder there is no privacy one way or the other.

You'll find this the case with most location-dependent apps like Uber (to find you) and Tinder (to find people near you). Google nudged most of these apps over to using the proprietary Google Location Services API for this sort of stuff, because of their Wi-Fi triangulation feature.

Whether or not these apps work with MicroG, I don't know.

Tinder does work with MicroG.

When I tried Uber (a few months ago) without Play Services, it was working, but without the location feature. So, if you typed an address, it was working as expected.

Uber has a web client. I used it a few times from a laptop when I was without a phone (coincidentally, left it on an uber). Does it not work from mobile devices?

The desktop version doesn't (iirc) but they have a mobile website version, but you have to raise a support ticket manually to get access (or else you get an indistinguishable "permission denied"-like error). It's an odd requirement.... And infitely frustrating :-p

The mobile website works fairly well :-)

I actually thought this might be an avenue for someone like Lyft to excel, but alas they didn't seem any better, iirc...

Uber is an odd one with "gated" features - I needed to log a ticket to get access to UberAssist vehicles.

The Economist magazine not only requires Google Play Services, but also access to your microphone. There is no way to disable that.

I cannot figure out why they would need such intrusive access -- there is no "speak" feature in their app that I'm aware of.

I've no evidence this is being used by The Economist's app - but this is "usually" the reason for this feature:

- https://www.wired.com/2016/11/block-ultrasonic-signals-didnt...

(not trying to spread FUD, endorse this practice or criticise in anyway, just trying to help the parent comment understand one potential "excuse" for an app "needing" this functionality for a non-obvious use-case.)

Thanks for the link -- that would explain why so many apps need access to the mic.

Have you checked it recently? There's no microphone permission listed: https://play.google.com/store/apps/details?id=uk.co.economis...

Have you tried running Uber or Tinder under microG mentioned by JulienSchmidt in this thread?

I use an Android phone without any Google services or a Google account. When I got the phone, it brought up a demand to sign in with a Google account. But there's a "Later" option to bypass that temporarily. Disabling "Google One Time Setup" made that go away.

Mail is the built-in IMAP client. Browsing is with Firefox. Apps come from F-droid. Maps come from ZNavi. It's OK.

Sure, but sometimes you want app that's only in play store - maybe Signal (if you trust the creator), maybe e-banking app, or local transport app, or Waze, or whatever.

Some bigger apps are on apkmirror.com, but smaller ones aren't uploaded very often, so this might be a way to get them.

In that case you can try yalpstore: https://f-droid.org/wiki/page/com.github.yeriomin.yalpstore The app downloads apks from the play store. You'll have to use a Google account, perhaps a trowaway account created on a different device.

This article is about a third party tool that lets you download apps from the Play store.

Remember using play services unofficially like e.g. microg can get your account locked. It is OK to create a throw away accounted for downloading apps,but continued usage _may_ lock your account. I do use lineageOS on a nexus 5 without play services and battery lasts 2 days with light usage.

Instead of downloading an app from Google Play and transferring it to the open source phone you could use Aptoide. https://www.aptoide.com/?lang=en

What is the worst thing about G Play Services you can't turn off?

The fact that everything you do is linked to a google account.

Probably the fact that Google Play Services can update itself without your approval or consent, so Google can push any antiprivacy feature to your phone they want without your knowledge at any time.

Play Services meets basically every definition of malware.

Hyperbole much?

Not really. Strictly speaking Google Play Services is a rootkit. One that can be used remotely. And it contains heaps of invasive user tracking code. Is is pretty much malware.

Genuine question, what user tracking is there that isn't opt out?

How would I know for sure?

Yet on geek kingdom, bad Microsoft pushing W10 telemetry on us, but Google is cool and doesn't do no evil.

To be fair though, it is important that we continue to pressure Microsoft about their telemetry practices as well. Microsoft's business doesn't depend on data collection, and they could very easily return to not mandatorily collecting it, but our voices on the issue have not been loud enough yet. (And actually, as I recently discovered, Microsoft won't allow you to submit feedback about their apps unless telemetry is enabled at the Enhanced or Full levels on their OSes.)

But, I do agree that Google gets naturally positive response and Microsoft gets automatically negative response, even though many of their practices are quite similar.

Googles much nmore threatening to privacy the way i see it.

Generally, people who say one is bad will say the other is bad too.

The exceptions are brand fanatics.

> Google is cool and doesn't do no evil.

That expired in 2015.

I don't think many geeks think that anymore.


My comment history will reflect a persistent strong advocacy for privacy on the Internet. :)

If you're going to follow me around here, please try to argue with my points rather than insinuating something about my character.

I blocked mine from using body sensors, microphone and camera and it now complains that it needs them whenever I fire up the gmail app.

It doesn't. Gmail works fine. It still whinges though.

Software which nags and annoys the user is malware.

Besides the security issues that other people will talk about, it's huge in terms of both RAM usage and storage, so if you have a low-end phone, that's quite significant. It can also be a major battery consumer.

I tried to use a Cyanogenmod phone over the summer without google play services (I couldn't get it to install).

I used the Amazon android store, which has many of the same applications as the play store. However, most apps I installed crashed on first launch due to (I assumed) lack of play services.

It was a very crappy experience which lasted only about a week before I switched back to a handset where the gapps flash worked correctly.

There really isn't that much on google play store worth installing (except games I guess? even that's not so great and most cost money) that doesn't have some open source counterpart. The only exceptions are things like kik (and those don't run well, if at all, without google play services.)

G play services sucks phone battery

That's completely true, on my previous phone (Nexus 4), as soon as I used Android Stock, without Google Play Services, my battery life increased by around 30%!

I have my Nexus 4 still until my Pixel XL arrives sometime mid March. It has gotten unbearably slow lately (navigation taking literally 1 min. or more to open up.

I tried to narrow down the cause via battery usage and OS Monitor but since all the tracking and ad related stuff apps use goes through Google Play Services I can't identify the culprit.

I assume routing ad and tracking related stuff and core functionality through there was so Google could lock down their open garden and prevent ad blockers from really blocking them. Bummer that iOS notifications are unusable for me.

It can be simply internal storage wear.

I actually don't use my phone much, and not at all for entertainment. Consequently my battery usually lasts three or four days. (Motorola G4).

Vaguely within the last week or two, no change in behavior, no new apps, that's been cut at least in half. One day it lasted less than a day.

I've got things like location and bluetooth turned off. I haven't been able to track it down. I'm wondering if it's a recent google or other app update. It's pissing me off.

Have you looked under Settings then Battery? Tells you which things are using the battery (%) and approx how much time you have left.

I usually get 3 days from a Nexus 6, and the biggest battery user is "Mobile standby" (5%).

it could also come from the hardware.

Possible, sure. You mean like the battery getting old? Capacitors getting arthritis? It's less than six months old. And it was a vaguely sudden change.

Even high end devices often have batteries issues. Battery tech is just not that great.

Usually they arrive at the one year date though.

Otherwise, you should be able to track the culprit with the battery historian (unless it is hiding behind play services ..)

They'd be a lot better if they just made the phone 1mm thicker ;-)

that would help a lot for sure. Batteries would still lose roughly half of their maximum capacity over time though, afaik battery tech has not solved that yet.

Welcome to the world where smartphones from cheap Chinese company like Lenovo are planned to be obsolete by a year.

Lenovo also makes not-cheap ThinkPads and not-cheap Motorola smartphones for Google ;-)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact