Hacker News new | past | comments | ask | show | jobs | submit login

Why is this its own fork though? Seems in line with the Lineage mission, shouldn't they just merge in?



Apparently this requires a hole to be punched in the sandbox to allow android apps to "impersonate" other apps (by way of signature spoofing).

The lineage folks didn't want to merge it in on grounds of security concerns.

(I'm not affiliated with the project, I just read the code reviews because I had the exact same question).

EDIT: for those interested: https://review.lineageos.org/#/c/64967/ and https://review.lineageos.org/#/c/65366/



In order to use MicroG, it is required to patch the ROM to allow app signature spoofing. People from LineageOS claim that this can be a huge security risk (and they are right) but there is no other way to achieve an implementation like this.

So MicroG people created this fork with the patch builtin.

More info here: https://github.com/microg/android_packages_apps_GmsCore/wiki...




"Wait, on their FAQ page I see that they don't want to include the patch for security reasons. Is this ROM unsafe?

No. LineageOS' developers hide behind the "security reasons" shield, but in reality they don't care enough about the freedom of their users to risk to upset Google by giving them an alternative to the Play Services."

LineageOS's have a policy of not circumventing integrity checks e.g.:

https://www.lineageos.org/Safetynet/

The people behind this ROM seem a bit immature if that's how they react to their policy especially since they're just taking the upstream code wholesale to stick their patch in.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: