Hacker News new | past | comments | ask | show | jobs | submit login
A free-as-in-freedom re-implementation of Google’s Android user space (microg.org)
790 points by doener 6 months ago | hide | past | favorite | 187 comments



I've been using a custom AOSP build with MicroG for a few months now and it actually works pretty well _if your goal is to avoid Google_.

What I mean by that is that if your goal is to use Android Pay, Chrome, Gmail, Google Maps, Google Drive, Google Fi etc. and somehow retain some level of privacy, MicroG isn't going to help. It doesn't fully implement _all_ of Play Services' APIs.

The point of MicroG is to make Android usable without having Play Services installed. With neither MicroG nor Play Services, many third-party apps fail to function. For example Lyft and Uber depend on the Play Services API for maps and many other apps depend on Google's network location service. If you try to use these apps without some replacement, the apps complain and shut down. MicroG gives you a way around that.

I'm quite happy with my MicroG-based phone but I use:

- OSMAnd or the open-source equivalent of Maps.me for maps

- My country's public transport app for public transit directions

- FairEmail for email

- Element for messaging

- Slide for Reddit

- Firefox for web browsing

And actively avoid all of Google's apps and services (except the occasional search and YouTube).


Created an(other) ta account to post this...

You DO NOT need the Google Play spyware, or the Uber or Lyft spyware apps, in order to use Uber/Lyft.

Most of these services, including Google Maps, have progressive webapps to be used right in a browser.

For additional security/privacy, open these apps in a separate/sand boxing browser.

For the truly careful, create a separate Android "profile" on the device for apps you don't trust even with permissions locked up (the accounts feature is an excellent sandbox for security/privacy).


I wish we had the option to use web apps instead for native apps for everything. As much as I hate modern web, I can't deny that not only are web apps cross platform, they also offer better privacy.


> For additional security/privacy, open these apps in a separate/sand boxing browser.

For sandboxing webapps in Android I recommend this app: https://f-droid.org/packages/com.tobykurien.webapps


For YouTube I've used NewPipe, which is absolutely fantastic (apart from occasional breakage due to API changes)


NewPipe is awesome... when it works. In my experience of only a few months, "occasional" is an understatement, unfortunately.


If you're using F-Droid, it helps to switch to NewPipe's own repo, since the default F-Droid repo tends to be a bit slow with updates.


How can i do that?


Here's their instructions: https://newpipe.schabi.org/blog/announcement/f-droid/pinned/...

I use the app every day - if memory serves they've usually had a new version out within 24hours of breaking changes on youtube.


Thank you


download apks directly from github


NewPipe is generally very rarely "down" - I think the youtube-dl upstream issues are impacting them, or they're playing dead for a minute until the RIAA fucks off.


NewPipe doesn't use youtube-dl. It uses its own library for downloading from Youtube.


playing dead avoids drawing attention to it


In my experience, NewPipe Legacy is more stable than NewPipe. Its intended for Android versions <5 but it works fine on my Android 9 device.


AFAIK NewPipe does not even use API, it parses UI, so it breaks when the UI changes.


I never looked into how NewPipeExtractor worked, I guess a hint was in the name.


NewPipe is also open source and very easy to sideload from F-Droid.


NewPipe is okay but I prefer Vanced Youtube


Careful with that one if you use some other Google service: https://news.ycombinator.com/item?id=21247759


>apart from occasional breakage due to API changes

I agree, but I thought they were just scrapping YT and using YT-DL.


What about Vanced?


That's just a mod of the Google YouTube app, if memory serves. It probably still relies on normal Play Services, and is likely nonfree anyway.


It actually works just fine on Chinese Android roms without Google services.

Edit: Vanced relies on MicroG for logging in, and requires it to be installed along Vanced even on phones that have the "real" Google Play services.

Edit 2: I took "Chinese Android roms" as an example for Google-less roms. Of course, Vanced can't help in bypassing the Chinese firewall to contact Google servers.


Last time I tried no-Google Android, one of the biggest problems was that Slack wouldn't send me notifications

How well does microG handle push notifications in general, and particularly Slack if you have experience with that case?

PS: for others in that boat I recommend APKMirror for downloading non-OSS apps. It's run by people from AndroidPolice which is a reputable site, and simply mirrors (free only) apps from the Play Store, so it's all above-board and legit. The only problem is, as described above, some apps have Google Services dependencies baked-in.


> How well does microG handle push notifications in general, and particularly Slack if you have experience with that case?

MicroG push notification module will talk to Google servers (that's one of the parts where you can't get rid of Google). That's because the Google infrastructure actually delivers push notifications and arbitrates between app's backend and the app.

IIRC the module is optional to enable for obvious reasons.


Why in do google servers need to middleman every push notification on a phone? I mean, google play store phones home every 2 mins anyway, but that is extra creepy


Not sure how you imagine push notifications to work, but literally Google provide a "service" for this so app developers don't have to. https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging


So that there's only one network connection delivering all the messages to apps, instead of 1,548 SSE/WS/XHR/GET(!) connections all ricocheting around and timing out and getting reconnected and sending 200MB of pings every minute.


Got it. I wasn't actually sure how it was structured, but that makes sense.

I guess that really seals it, for those of us who care about push notifications.


No Slack notifications is _why_ I use it ;-) but if you want you can use Google's notifications with migroG (obviously giving them substantial tracking opportunities). AFAIK the effort to support non-Google notification servers dose not yet work.


It's generally be better for one's sanity to not get instant notifications anyway. But if you need them, you can also get Slack notifications over email. Or maybe you can set up a bridge and use some Matrix client (one less proprietary app on your phone then).


>What I mean by that is that if your goal is to use Android Pay, Chrome, Gmail, Google Maps, Google Drive, Google Fi etc. and somehow retain some level of privacy, MicroG isn't going to help.

Have you tried using Magisk hide & MagiskHide Props Config to enabled SafetyNet? If SafetyNet is enabled then Google Pay, other Payments & Bank apps might work just fine with MicroG (I haven't tested it, just a theory).


So ignoring the broader issues with the root arms race for a minute (SafetyNet is getting hardware-based verification in future devices, among other things), you and the parent appear to be talking about two different issues.

MagiskHide covers up the fact that your system is modified. When they talk about "somehow retain[ing]... privacy" it's more about telemetry built into the apps themselves.

It's a statement on Chrome, Maps, etc. tracking you when you use them, which is distinct from whether or not specific ones have SafetyNet-induced breakage.


No, I don't use Magisk because my phone isn't rooted.

Google Pay won't work even if SafetyNet passes because it depends on Google Play Services APIs that aren't implemented as part opf MicroG.

I haven't had any issues with any of my banking apps despite SafetyNet failing. They don't like root but they don't seem to care about SafetyNet.


Can you speak some about OSMAnd? I've used it and MapsMe some, and while the navigation works fine, I often have issues actually finding the places I'm searching for. Typing in an exact address is hit or miss and searching for something like the nearest grocery store can be even worse.

Are there any tricks or supplemental apps you would suggest?


Provided that OpenStreetMap data in your area contains house numbers (in not all places is this available), OSMAnd works fine for finding exact address. The only catch is that you need to choose the city, then choose the street, then choose the house number. This is exactly how car GPS units worked for many years, but I know people today have been spoiled by Google Maps and expect the address to be found if they just type it in as freeform text.

Searching for the nearest grocery store in OSMAnd is trivial: go to Search and then tap on the shopping basket icon: a list of nearby shops will appear, sorted based on how close they are to your current position. Of course, the grocery store needs to already been added to OpenStreetMap. If it isn't there yet, you can always sign for some an OSM editor account and add it yourself (but be aware that with great power comes great responsibility).


While not an app that itself provides supplemental data, I can recommend the app StreetComplete (not affiliated - just a happy user) if you like OSM. It "game-ifies" the process of correcting and adding to OSM data by presenting little challenges and questions about nearby objects - e.g. "What is this building called?" or "Is there an ACME Corp. in this shopping center?"


Ironically, you can use the Google Maps mobile web-app without Google Services, and it's inherently sandboxed by the browser. And it actually works quite well for a web app: the user experience was better than the native OSMAnd app, last time I checked.

It will obviously know what you search for and click on, but it'll only know your location if you explicitly give it out, and without the Services Google won't be able to reach its fingers into the rest of your system. So it can be a reasonable compromise.

That said: Apple Maps was probably the thing I appreciated the most when I finally relented and just got an iPhone :P


How was your experience switching from Android to iPhone? The last time I used an iPhone was the iPhone 4, but I've been seriously considering switching back for privacy reasons.


Overall, it's been fantastic. Six years ago or so I was really into playing with all of the ways you can customize Android, but more recently (I switched 2 years ago), I realized I just wanted a phone that would work. And for the most part, that's what I got: a phone that does phone stuff, and does it well (and still does it, 2 years later, just as well as the day I bought it). And does so with the most privacy that you can reasonably find these days without giving up those basic features of modern life or constantly fighting and fiddling with your device.

My main complaints:

1) The notifications UX is not as good. It gets the job done, but it just feels overall clunkier and worse. There's also a bizarre separation between your lock-screen and the "Notification Center" pull-down. I almost never use the latter, but whenever I open it there's always a random notification from like a week earlier that had been dismissed from my lock screen but was still hanging around there. This doesn't really matter in practice but it's very weird.

2) It sounds like a tiny thing, but the Clock app is not as good. It lacks a couple of really nice little features like early-dismissal of alarms and a confirmation whenever you turn one on ("Alarm set for 8h 23m from now").

But really that's about it. Apple Maps works great (at least in the urban area where I live), despite the memes. Customer support is great. The granular app permissions are extra great. And mainly, it's just nice to know that you can be a full participant in modern society, and you can expect your device to simply work, without also having your every step tracked. Knowing you won't buy a pair of headphones only to find out you can't use them because they require an app, which requires Google Services, which you don't have (this actually happened to me).

Edit: I should point out that I wasn't using microG, so I don't know how much that changes the experience. YMMV.


> I realized I just wanted a phone that would work. And for the most part, that's what I got: a phone that does phone stuff, and does it well (and still does it, 2 years later, just as well as the day I bought it).

I certainly don't intend to wax lyrical about Android devices but it does do phone stuff and does it pretty well. Android versions usually make sweeping changes to the UI so mine is a bit dated but it does what I paid for.

I do agree that tracking by private corporations is big no and collectively we should push back hard but whether it be google or apple or samsung or microsoft, all of them give nigh 2cents worth a damn about our privacy. We are their products as the now popular maxim goes.

The only phone with some privacy is a Nokia 3310.


> but it does do phone stuff and does it pretty well

It does, if you have Google Services. If you don't want Google Services, you're going to have a crippled device. Apple is the only company that has any financial incentive not to spy on you, so while I don't take them 100% at their word, I accept that they're the best I'm going to get in that regard.

Basically, pick two:

- A fully-functioning smartphone

- Reasonable privacy

- Customizability


> We are their products as the now popular maxim goes.

But this isn’t true for Apple. They sell their services and don’t depend on ad revenue.


That’s my experience with notifications as well, but I also still miss having a separate LED to show pending notifications when the screen is off.


I did like having a notification LED, but I don't miss it as much as I thought I would. And anyway, those are becoming less common on Android devices too.

FWIW you can configure your iPhone to flash the camera LED when you get a notification. Not quite the same thing because it isn't passive, but it's something.


Thanks!


I see OP has answered already but I also want to chime in and say that moving from (mostly flagship) Samsung and Sony phones (paid for by my employers) to a midrange iPhone XR has been a massive upgrade:

For the first time since Samsung SII I don't have to wait for the camera (or anything) to open.

Unlike on Android suggestions makes sense:

- Logged in with my 15 year old gmail account Android would suggest, at 4 in the morning: "send Telegram message to <random friend>" or "call CTO at customer".

- My 1 year old iPhone mostly suggest harmless things like "take the usual route home", "it is time to leave", "send Telegram message to <my beautiful wife>". On Saturday however it surprised me by being slightly more advanced: I had plotted an appointment to pick up something I had agreed to buy somewhere 40 minutes from home. Afterwards my iPhone suggested I should send my wife a message that I was on my way home. The message was even almost correct: it used "my" abbreviations but was a little bit to posh otherwise.


I use Here maps along with OsmAnd and they work fine for me. But I'm in EU and OSM data is quite solid here though.


So the DB app works with MicroG?

Because, when I tried running without Google Services, this was one of the few apps, which I really needed and which did not work. Annoyingly only because they used it for loading the map, which I didn't need anyway.


I'm not German so don't use it often but I installed it, ran it and had a quick look around and nothing was noticably broken. For me, Mapbox is used to display the map.


Would you ever consider an iPhone?


Yes, I have a bunch of Apple devices as well.

I find that iOS itself and its first-party apps are fantastic from a privacy perspective, especially compared to Google. Most of the apps I mentioned using on Android have an Apple-provided alternative that's vastly superior to Google in regards to privacy. For example Apple asks you when you set up your device whether you want to allow analytics and easily allows you to opt-out. Apple also allows you to use basically every service other than Siri and the App Store without storing any data on their servers.

It's not all sunshine and rainbows though. Unlike Android, there isn't a strong open-source/privacy culture among iOS developers, so there are few privacy-respecting or open-source third-party apps (while on Android, F-Droid is full of them). And there's no app sideloading and the OS itself is locked-down and closed-source.

Still, I'd say that as far as stock mobile OS go, iOS is the clear winner in terms of privacy.

When it comes to non-stock though, Android is much better, with the right device. There are devices (mainly Nexus/Pixel) that allow you to re-lock the bootloader after flashing a custom ROM by adding your own system verification key. With these, you can build AOSP, LineageOS, GrapheneOS or whatever takes your fancy, sign it with your own key, flash it to your device and then bootloader lock it. GrapheneOS also has verifiable builds.

With that, you get all the advantages of a locked device but you don't have to accept the backdoor that is Google Play services.


The level of privacy you get with a degooglized Android is light years better than any Apple product.

There are enough privacy scandal every months in the news to remind ourselves that Apple privacy is mainly marketing.

If I have to choose betweens stock Android and stock IOS, I would go IOS too, but none of those solution should be considered decent for privacy


microG is still very useful even if you only use free software apps that don't rely on google APIs: it provides wifi and cell based geolocation


I'd say this is a very clever political move. It's a privacy-conscious alternative to Google's libraries, supported financially by the German government. If this becomes popular with users, it'll limit Google's and the US government's access to mobile data from EU citizens.


The wording in this comment makes it sound like the German goverment was involved a lot more than a 1 year research grant which caps at €47,500 (couldn't find the exact amount they actually got) 4 years into the project that wasn't renewed the next year (not sure if it's even renewable).

I.e. glad to see the funding but it was a one off standard research grant not a special political chess move.


If I understand it correctly, the "Open Knowledge Foundation Deutschland" has received roughly $3 mio in government funding annually to promote "Cyber sovereignty". You are correct that the individual grant to microG was probably capped at €47k, but since they also sent out grant money to

https://www.qubes-os.org/

https://openwrt.org/

https://bitmask.net/

https://github.com/juga0/dhcpcanon

https://taler.net/en/index.html

https://identity-stick.github.io/

https://github.com/lernapparat/lotranslate

https://sbws.readthedocs.io/en/latest/

https://leap.se/

https://robur.io/Our%20Work/Projects#OpenVPN

it looks like a coordinated campaign to me. The list includes a privacy-conscious OS, some VPNs, some Tor services, and a Cloud-free translation system for LibreOffice. microG very much fits into that list of tools to avoid Google's spying eye.



Unless I'm missing something it wasn't the QubesOS team that got funding: https://prototypefund.de/en/project/portable-firewall-for-qu...

Though I'm also unsure why that page links a github repo that hasn't been updated since 2017, and is a fork of one that is active as of last month.


Only if it becomes popular. Which means phones need to come with it preinstalled somehow. If this starts to become popular I expect Google to take steps to lock it out. Changing things constantly (which google does all the time anyway) it the obvious one to make it a moving target that this cannot hit.


Making it a moving target they can't hit would be a lot harder a few years ago when customers were more demanding of new functionality.

These days people are less keen on upgrading on every iteration than they used to be and are happier using older kit for longer. If they upped the maintenance window, in fact, that would force google to compete even more fiercely coz users would have to really really want the new features.

I, for one, would vastly prefer using this over the latest android even if it lagged a couple versions and cost a bit more.


> I expect Google to take steps to lock it out.

They already did years ago. The PlayStore license prohibits manufacturers from providing Android based systems that do not come with Googles "services" preinstalled. Unsurprisingly this has been found illegal in many countries.


From what I can find, that's not accurate. The issue was that Google required manufacturers to include various Google friendly default choices in exchange for getting access to Play Services and other Google apps.

It was not about banning AOSP-based Google-less systems (like Amazon Fire, which hugely disproves your claim).

https://www.techdirt.com/articles/20160420/10225434223/eu-of...


The EU antitrust findings definitely included Google banning device makers from manufacturing devices running a fork of Android.

>In particular, the EC has decided that Google:

has required manufacturers to pre-install the Google Search app and browser app (Chrome), as a condition for licensing Google’s app store (the Play Store);

made payments to certain large manufacturers and mobile network operators on condition that they exclusively pre-installed the Google Search app on their devices; and

has prevented manufacturers wishing to pre-install Google apps from selling even a single smart mobile device running on alternative versions of Android that were not approved by Google (so-called “Android forks”).

https://techcrunch.com/2018/07/18/google-gets-slapped-5bn-by...


> like Amazon Fire, which hugely disproves your claim

The FireOS wiki page calls out how members of the Open Handset alliance (which includes almost all relevant manufacturers) are explicitly prohibited from using Android forks like it[1]. It exists in spite of Googles efforts to insert anti competitive language into any bit of legalese it gets its hands on. All its existence proofs is that Google sucks at being a knock of 90s Microsoft.

[1] https://en.wikipedia.org/wiki/Fire_OS#Amazon's_ecosystem


I have a vague feeling that if Google takes active steps to lock out a government project, the EU will find a way to motivate Google to play nice. I mean Google surely wouldn't want to give anyone an incentive to revive that $1bn historical tax debate or the $1.5bn antitrust investigation ;)


What's 1.5 billion for Google? Apparently they give something like 10bn every year to Apple to be their default search engine.

I much prefer the Japanese way: you get a massive fine AND you have to close shop for a certain amount of time. It's much more painful for a company not to work than to pay a fine.


You have a point there, but Google's profits from Android are at least one order of magnitude larger than the numbers you quoted [0], and it may be rational for them to risk the fight.

[0] https://www.kamilfranek.com/how-google-makes-money-from-andr...


Maybe, but the counter is enough money is at play to create a successful competitor. Someone doing a smart phone with 1/10th the penetration of Android is somewhat significant and not to be ignored. (in absolute numbers that is more than the number of Mac users vs Windows users)


Is this a government project though?

I don't know anything about it other than their site, but it states that it was supported "in 2019" by PrototypeFund ("a project of the Open Knowledge Foundation Germany, funded by the Federal Ministry of Education and Research") and/but "since 2020" supported by E Foundation.


Google may be able to make specific deals for particular countries and hence greatly limit the impact.


They could change their server-side services constantly, but part of this is an implementation of important APIs they've put in Play Services instead of AOSP (e.g. location services). Can't change those without affecting apps that use them too.


This is not political at all. microG has been in development for many years now.

Marvin, the creator, has made many contributions to FOSS Android apps and is IMO a pillar of the FOSS Android community.


Public funding of research does not imply a political endorsement.


You are aware that Germany is a member of SSEUR, right? Forget privacy and assume it's all plain text unless it's encrypted and signed.


For those are curious about usability:

I use LineageOS+MicroG¹ as the daily driver of one of my spare test devices (Oneplus One bacon) and it is the best ROM for that phone IMO. I use FDroid, AdAway, NewPipe, Youtube Vanced and Aurora app store. The performance is really good and together with UnifiedNLP backends it's a perfect Android phone.

[^1]: https://lineage.microg.org/


I used Lineage OS for MicroG and it's by far the best experience I've had so far. Now I'm using a custom ROM supporting signature spoofing (because my new phone doesn't get official Lineage builds) and there are some issues and it was a lot more work (especially learning about signature spoofing itself is just too hard).

Lineage OS for MicroG: Absolutely recommended.

MicroG even supports the bluetooth contact tracing protocol used by the Corona-Warn-App, by the way.


As someone with more money than time, if I buy an e smartphone, will it Just Work and be usable?

https://esolutions.shop/

Or am I setting myself up for a world of hurt?

They're not expensive either! I figured I'd be paying an arm and a leg.


Fairphones definitely has first class support for LineageOS due to it's open nature. You can always check the support page of these ROMs.

[^1]: https://wiki.lineageos.org/devices/FP3 [^2]: https://devices.ubuntu-touch.io/


Note that Fairphone officially cooperates with /e/: https://www.fairphone.com/en/2020/04/30/keeping-your-data-sa...


The status page does not look particularly reassuring https://github.com/microg/GmsCore/wiki/Implementation-Status


The vast majority of the things there are things that few people interested in MicroG would want. The important things (accounts, notifications, maps, SafetyNet) are there and mostly working.


If you need Telegram or Signal, it may work now. WhatsApp works but push is iffy.

https://news.ycombinator.com/item?id=25253507


I've been using Signal and WhatsApp for while on a lineageos + microg, it works perfectly fine without going through microg, i.e. I don't use push messages though (using the constant background notification from Signal and letting WhatsApp do whatever it does to work around the lack of push messages).

I guess it uses a bit more battery, but I haven't noticed it in my case (n == 1...).


Yeah, I have a phone with neither Play Services nor MicroG, and Signal works just fine using its own notification delivery system (which it emphasises you should use at your own risk of it not working and slurping battery).


The Telegram FOSS fork also is g-services and telemetry/firebase free (you can verify this with AppWarden). [1]

[1] https://github.com/Telegram-FOSS-Team/Telegram-FOSS


Can highly recommend these options. Very usable.

(Unless you desire security, of course - Lineage breaks AOSP's security model, knowingly)


Is that a specific oneplus one phone? Is there a recommended one for lineage/microg? I’ve used lineage in the past but didn’t take the time to trick things out.


OnePlus is the brand, One is the model, bacon is the codename for the OnePlus One. The OnePlus 5 is codenamed cheeseburger. I'm using LineageOS on a OnePlus 5 and it's working great. I'm not using microg or gapps at all, but I'd imagine microg's variant of LineageOS should have pretty similar device support, so just check the devices page on the LineageOS site.


Excellent thank you!


Can confirm that lineageos for microg works great on the Onplus 5 series

- posted from my oneplus 5 with microg :)


Even better! I have an open source heart rate monitor that’s been fun to write programs for.


Oneplus devices are perfect for trying out new ROMs. e.g. my OpO runs LineageOS, UBPorts, Sailfish, Purism etc without any issues. However there are other devices as well like the Fairphone etc which are equally good.


The project was funded by the "Prototype Fund" [1] btw, which in my opinion is one of the best open-source funding programs in the EU. Applications for the next round open in February.

[1] https://prototypefund.de/


That looks like a great fund! For "best in the EU" it'll have to compete with the terrific and pretty light-weight NGI Zero though, which has supported many projects already: https://www.ngi.eu/ngi-projects/ngi-zero/


Slightly OT, but the Prototype Fund has one of the best Codes of Conduct I've seen: https://prototypefund.de/en/code-of-conduct/.


It's extremely vague and seems unlikely to help resolve any practical disagreement.

It's like a slogan "Move Fast and Don't Break Anything".


It treats people like responsible adults, not like children to be told what to do and disciplined if they don't.


It what now? It treats people like adults? Adults need to have their "hurt feelings" protected through a code of conduct? That's one of the most childish/naive things I've read.


Quoting from https://github.com/microg/GmsCore/wiki:

> This is alpha-grade software and not yet ready for production use. Do not use if you don't know what you're doing.

Personally I'd also be concerned that Google's bot detection code might mark accounts that use microg as suspicious (as they're going to behave differently than phones using the official software) which could increase the risk of Google banning the account.


> might mark accounts that use microg as suspicious which could increase the risk of Google banning the account

So what?

As a Chinese the only way for me to connect to Google is through a proxy, and I'm a Firefox user with some privacy settings enabled.

Few months ago I started to notice that Google is keep logging me out of their services, and I had to go through the entire authentication process to log back into my accounts in order to check my emails and do some searches without having be spammed by that capthshitTM of theirs etc, then after few days I'm been logged out again.

Eventually, I got tired of this, and decided "Hey, at least duckduckgo.com won't try to give troubles as long as you use their service normally", so I quickly developed this new habit of not to use google.com. Now I only use YouTube, Gmail, Play Store and sometime the backup service (Google Drive or maybe Photo, I don't care) on my Android phone.

If Google wants to ban all microG users, I'd say that's Great! It was fun Google, thank you for the service.

Plus, can Google actually block a microG user ethically? Using microG isn't hacking or abusing Google service, and "suspicious" is not enough for an account to be blocked, at least permanently.


> Plus, can Google actually block a microG user ethically? Using microG isn't hacking or abusing Google service, and "suspicious" is not enough for an account to be blocked, at least permanently.

What'd be ethical? Google can permanently ban accounts for any reason and they do.


Yes, but if you can show systematic discrimination or anticompetitive practice, then they can no longer hide behind "any reason"


AI doesn't have ethics. If you share enough parameters with a known villain, you are treated as a villain.


There's a saying that significantly predates the AI, computer and even industrial ages:

"If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck"

Let's not pretend that this is a new problem caused by AI (whatever that is).


It's not a new problem sure, but AI made it much more prevalent.


Yeah, but their support ticket handlers do have ethics. If Google support don't unblock your account to undo their mistakes, then it's still their fault.


Looks like you've never tried to submit a ticket to Google. They just don't answer, let alone apply any ethics to your case. You need a significant Twitter following to force even the simplest response out of them. There are countless horror stories floating around HN about not just individials', but entire companies' Google accounts disappearing overnight because of a mistake and at best being partially recovered only after literally thousands of people on Twitter made some noise and called up their Google connections.


Not sure it'll apply to all the cases, but I actually did submitted a ticket to Google Pay on support.google.com back in early 2019 and somebody in Google did replied and tried to fix the issue (So I can pay them, hehe).

But as I understand it, it is really risky if you host all your online assets in one company. So if you go back around on the topic, yeah, that 30% fee is probably really too much for company might not want to serve you.


It hasn't happened to any user yet. Additionally most of the features don't require a Google account because they are replacements (it does allow you to log in with Google however).


I don't log in to any google account on my phone.


This is an open-source implementation of the google cloud integration in Android that is necessary for push notifications in virtually all apps, the account mgmt that the Play Store uses and so on.

This makes it possible to use LinageOS without installing Google Blobs with root access, while having almost 90% of apps work as normal.


> This is an open-source implementation of the google cloud integration in Android that is necessary for push notifications in virtually all apps, the account mgmt that the Play Store uses and so on.

No, sorry, this is not true at all - MicroG push notification module will talk to Google servers and use their infrastructure to deliver the notifications.

It can't really work any other way - the app backends will request notification delivery from Google servers and you can't really MITM that.


What exactly are you disagreeing with here? You're just saying the same thing a different way. It's open source, it implements google cloud integration, google cloud integration is necessary for push notifications...


Question: who is running the push notification service? Why are they doing it for free?


Google runs the notification delivery on Android. It is part of of Firebase, which is present in almost every app on your phone

Firebase has analytics built in, on by default. Therefore Google gets to know how users use all other apps, so they can release their own version or just to improve their AI.

I think it is free, but only till a certain number of notifications. (Not sure, I am not an android dev)

https://firebase.google.com/docs/cloud-messaging/


Considering app servers have to hardcode the https://fcm.googleapis.com/fcm/send API endpoint and auth details, I don't really see how push could work properly without each app developer modifying their server side code.

Most apps work kinda without push - you just have to open the app to get notifications.


I wonder if fastmail could be persuaded to put in a different endpoint for their app. They already have the infrastructure in place to run servers, and take a privacy stance. Not having to go through google would probably make them happy. Obviously it would have to be optional, but little cracks in the door.



This seems like it would be great to release as a library. That might increase adoption.


There is a massive technical benefit for all apps to use the same push server.

If many different apps use their own push server, a connection has to be kept open to each and every server, and each open TCP connection costs quite a lot of battery (since the system has to wake up to receive keep alives)


Agreed, but I trust my email provider to provide push. I would be willing to block all the rest.


I'd imagine an accompanying Android fork could intercept requests to that address and send them elsewhere, no?

It might need to do naughty things to get around https issues, but that shouldn't be much of a barrier since the project would control both the client OS and the server endpoint.


Android fork cannot intercept request between (for example) Slack backend servers and Google backend servers.

To fork this service, you need your own push notification infrastructure and then persuade app developers to implement it as another option (next to Apple, Google, Firefox, Huawei and other existing ones).

There are push arbitrator services which make this easier, so perhaps having those on board might be a good path forward.


...oh, I just re-read the great-grandparent. I didn't realize the application's servers were talking to Google's servers, I thought the application was talking to Google's servers directly. That seems terribly convoluted, although I assume there's actually a sound reason for it.


The push servers (Google, Apple, etc.) effectively work as a message queue server - they aggregate and batch payloads and send them to the devices. The devices keep a single persistent HTTP connection for reception of all possible messages.

It's built like that due to efficiency - the devices need to minimize number of radio and CPU wakeups to keep running on battery. In early days of Android each app handled this by itself. This resulted in apps polling their servers on fixed interval (e.g. every 5 minutes, etc.) which caused a disastrous tragedy of the commons and horrible standby battery life.

This is why the approach was changed to mandatory push services - the long-lived TCP connection, push aggregation and radio management have significantly prolonged battery life.


It's still using Google's push notification server. There is also no way to get around this, as apps backend server talk directly to Google to send notifications.


I also just found this: https://news.ycombinator.com/item?id=25253091

which IS LineageOS without Google Blobs :)


When i used lineageOS+microG on my old phone i could not get Telegram + Signal to work. WhatsApp worked, but push messages arrived hours later or if i opened WA. No idea if this is fixed now.


I'm using MicroG for a year now and didn't have problems with push yet. Signal and WA are working fine, other Apps with push as well. No idea about Telegram, I'm not using that.


Telegram works for me if you use the Google Store version.


I think it's worth noting that Telegram and Signal both have fallbacks in the absence of FCM or microG. I use both daily and luckily am able to daily Android without any of Google's services or microG.


The tag line on the page "A free-as-in-freedom re-implementation of Google’s proprietary Android user space apps and libraries." seems more accurate than the HN title " A free-as-in-freedom re-implementation of Google’s Android user space".


What about “A libre reimplementation of Google’s Android user space apps and libs”?


The interesting part is that its a re-implementation of the proprietary runtime services not the main android userspace, which is already free.


I don't think a lot of people know that libre means the same thing as free-as-in-freedom.


I suspect that the former might be too long to fit.


Exactly.


What's the difference?


I propose "Ungoogling Android"


Totally recommend the MicroG-LineageOS fork [1], if your phone model is in the supported list (all devices supported by LineageOS). As a daily-driver.

I bought my current phone (Asus) because it was supported, after I had successfully used it on my MotoG for years (2-3 ? Not sure).

Very happy to have no Google spying in my phone anymore. Some apps requires some Google services that are not supported so they will not work but not a problem for me. The most problematic thing is the lack of push notification but it is perfect if you don't want to be distracted.

[1] https://lineage.microg.org/


Note that while it's theoretically a fork all they do is apply around 2 patches for signature spoofing and include microG (all automatically, so you're in sync with the official LineageOS).


Do in-app purchases work or is there a workaround for that?


Made me look up current GrapheneOS take on MicroG; https://grapheneos.org/#never-google-services says they're

> developing support for installing microG as a regular app without any special privileges. This will allow users to choose to use a partial reimplementation of Play services in a specific profile. We won't be supporting arbitrary signature spoofing by microG or any other app since it seriously compromises the OS security model.


Note that Microsoft basically did this for Windows 10 Mobile but then killed it. I actually recompiled a few apps for it at that time, it worked fine. I imagine getting 95% is easy, the last 4% doable, and the last 1% virtually impossible (not to mention this is a moving target)

See https://www.androidauthority.com/windows-10-mobile-android-a...


BlackBerry also did this back in the day before it gave up on its BlackBerry 10 OS.


But the current state of most Google apps is mostly right for most of the users. They don't need to play catch up very aggresively.


With catch up I mostly mean library dependencies. If Google changes the location API calls and popular apps that customers want do update, then the implementation will have to update, or the apps will crash/fail to work/etc.


Until google upgrades their apps to the new API and makes the old version impossible to find...


The big thing that's missing from me is Auto. It's insane just how invasive it is: basically your location + a full ODD dump being broadcast to Google. I'll never use it as is but would welcome a way to use screen mirroring in privacy.


It would be nice to see this work out, but it's quite ambitious.

From what I can see, the "government support" is actually a fairly general (and limited) one-time grant. The badge may give the impression that it's more.

It seems to have only two contributors: https://github.com/orgs/microg/people

They may be pretty awesome programmers, but they are working on something to compete with another project that is currently supported by...a larger number...of full-time, salaried developers.

These two developers have a rather scary number of issues to address: https://github.com/microg/GmsCore/issues

Their status page seems to have some room to grow: https://github.com/microg/GmsCore/wiki/Implementation-Status

I sincerely wish them luck, but they have their work cut out for them.


Have you tried it? (Especially considering the things you mention) It works phenomenally well.


You do realize that I wasn't dinging the project, right?

In fact, I'm fairly impressed, and I sincerely wish you guys well.

As someone who has also pursued ambitious open-source efforts (some, successful; most, not so successful), I can sympathize, but I am also pretty practical (comes from many years as a manager).


MicroG has been around for years at this point


> The linux-based open-source mobile operating system Android is not only the most popular mobile operating system in the world, it’s also on the way to becoming a proprietary operating system.

Android is also making major departures from unix-like OS semantics, mostly in the name of security. I'm particularly concerned about the directions they're headed with storage.

As someone with minimal Android development experience, I spent a good chunk of time the last couple weeks getting a golang program to run on Android. The experience was a bizarre mix of things that ended up way easier than expected and things that were incredibly frustrating.

Favorite thing that worked:

Static linux ARM binaries from the standard go compiler work just fine. The biggest caveat so far is that if your app does any networking, you need to manage DNS yourself because Android doesn't provide /etc/resolv.conf.

Weirdest thing that didn't work:

The only way to run a native executable in an Android app is to pretend it's a dynamic library and smuggle it into your APK via the jniLibs directory. You even have to name it lib*.so or the system won't run it.


I was curious what services this project used to replace Google's backends and found this after a bit of searching: https://github.com/microg/UnifiedNlp/wiki/Backends. IMO, some sort of summary of this information would be useful to have on the homepage.


If you enjoy microG I'd implore you to donate.

The website doesn't mention it (in my opinion it's pretty bad generally), but you can easily set up a recurring donation on liberapay: https://liberapay.com/microG/

Consider what it's worth to you. It's the only project of the kind we have.


This is great work.

I guess from a legal perspective this hinges on the idea that you can't copyright/patent an API. The graphical design and UX, however, can be copyrighted I suppose.

I also wonder if it would be legally possible to do the same for iOS.


I think the technical problems are harder. AFAIK, you can’t run most services on iOS, so you would have to find creative ways to implement them.

Also, on iOS, it would be an (¿almost? Does the iOS UI have any open source parts?) complete reimplementation of the user space.


I don't believe this claim from their web site: "you can still run your favourite apps…, conveniently access your bank accounts". If you don't have access to Play Store, you have no easy way to install your favorite apps (say Waze) or your bank's app, because those are not on f-Droid or available through direct download. Running these "favorite" apps is possible in principle in a Google-free environment with something like microg, but how does an average user get them installed? From where?

I have a run a Google-free phone for years now (currently crDroid on Moto G7) and I have experimented with moving apks from a second phone (with Play Store installed) to the de-Googled phone and it is quite an effort. So I keep my old phone shut down, at home, with only WiFi access as needed (no sim card) when I need to deposit a check by image for my bank for example. But I have no good solution for proprietary apps I want to use on the road, like Waze, without a great deal of effort. Yes there are acceptable open alternatives to many proprietary apps but these are in some cases not my "favourite".


If you've been running a Google-free phone for "years" then I'm surprised you haven't come across options like Yalp Store[0] for installing proprietary APKs that are only published in the Play Store.

[0] https://f-droid.org/en/packages/com.github.kiliakin.yalpstor...


Afaik Yalp store isn't maintained anymore. Maybe try Aurora Store instead.


You can download them with a 3p playstore client like aurora or from one of the many apk sites like qooapp or apkmirror.


these kind of things are limiting because of developer buy-in. As anyone who has built android apps would know - everyone uses "Play Services". Right from maps, to ads to everything in between. Many of the apps i have built, wont even work on phones without play services. And I suspect that's the case with most developers.


I run GrapheneOS without google play services nor MicroG, and install almost all of my apps from Fdroid.

I do not have any issues with Apps from Fdroid (I think they are compiled without any google play dependencies).

When I get packages from Auroua (Google Play), it varies from the app working as expected (sans notifications), to I get a notification that it needs Google Play (but then works), to the same notification then the app quits.


MicroG solves exactly this problem. It is replacement of play services for apps which require it. Many of google's own apps work with MicroG.


Not exactly. Coded an App myself, used WorkManager to execute tasks (on the phone, for the App) once a day, did not work.


The easiest way I've found to get MicroG working properly is through Nanodroid: https://gitlab.com/Nanolx/NanoDroid

It takes an existing ROM, patches it for signature spoofing, and bakes in a bunch of FOSS apps. (But the installer is fully customizable so this is optional.) It also can (try to) patch non-LineageOS roms, so if you're stuck with an unsupported Android build, it can still gut out some of the bloat. I actually used it with my vanilla LineageOS install because the maintainer also packages a patched version of the Play Store that still supports in-app purchases so you can still use your paid apps with MicroG. Overall it's been a great experience for me, my battery life is way better than before and I feel much better about what's running on my phone.


If you have a Pixel phone or a Xiaomi Mi A2, I recommend https://calyxos.org/ which has MicroG integrated.

I am using it as a daily driver for some weeks and it has been flawless.

(Combined with what I documented in: http://duncan.codes/posts/2020-10-20-migrating-away-google-s... ).

As an alternative, there is https://grapheneos.org/ but it does not have MicroG and it takes a performance hit.


The problem is if I were to flash AOSP on to my Note 9, it'd blow an eFuse and limit my future options IRT reselling the thing.

If I did the same with a Sony Xperia XA2 (which I did) the eFuse means I can never get OTA updates again.


Sure, you wouldn't necessarily get OTA updates for stock firmware, but doesn't LineageOS provides its own OTA updates?


Yes, but if you flash back to Sony's ROM, you still won't get updates - it's a one way trip.


Disappointed it's not under GPL– since it isn't, any other company (Huawei? Samsung?) could use the code to create a surveilling alternative to Google Play Services and take away user freedom once again.


Nobody forces you to use those services though.


I heard of this years ago when I had a OnePlus One and played with LineageOS.

What's the current status of the project? Is is a full functional replacement? Is it transparent to apps?


Partly. It mostly works well for the things I use it (push messages, maps, exposure notifications seem to work too). Some apps behave a bit weirdly if the try to access specific API's, like Google Pay. So it definitely isn't fully functional, but works well enough for many use cases. There is also a LineageOS+microG fork, which makes trying it out a lot easier.

The way it works is that it pretends to be Google Play Services, so it isn't transparent to the apps. Not sure if the apps could figure it out it isn't running on the real deal.


For me it works great. You do need to use a special fork of LineageOS, because it needs to implement signature spoofing, which lineage devs refuse to do for security reasons. Get it from lineage.microg.org .

Once you have this fork it's great though, the spoofing is what makes it transparent to apps. It does use Google's push service as this is the only way (this is what the apps' backend servers talk to), but it doesn't require a google account, just a random ID.

The other things like geolocation don't require google services at all. In my experience it works great.


MicroG is amazing! Works really well while hiding your data from Google as much as possible (e.g. if you use google's push).

They even implemented the covid notifications api now!


Really happy to see that the project is back (the commit graph flatlined for quite a while) :D Thanks for the great work!

This project will probably never be "done" and will have to play catch up with Google all the time but it's really amazing that people are putting the work in to achieve this! Thanks a lot! I think this project is vital to the future of AOSP based community distributions.


This can't be sponsored by Amazon because Amazon wants something for nothing. This can't be sponsored by Google because Google wants everything.

Show that there's something there to donate to and I'll get some money to you.


Its ok, but what confuse me that developers are not very responsive. I submitted a question on github some time ago on how to integrate our speech recognition services to microg https://github.com/microg/GmsCore/issues/1164. No response from developers at all.

Its hard to take off the open source project this way.


Lets see how they will manage, now that Android 12 will also make ART part of Play Services.


It fascinates me that the German Government funded this


Nice. Will this be on F-Droid?


You can add their repo[1].

[1] https://microg.org/fdroid.html


It's unfortunate how similar the logo is to Contentful https://i.imgur.com/nnu2AEN.png




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: