LineageOS fork including MicroG

On German site heise.de I found this article (
https://heise.de/newsticker/meldung/LineageOS-Ableger-vermeidet-Google-Code-3879358.html) telling there was a new fork of LineageOS replacing certain Google proprietary parts with open source MicroG components.
According to https://lineage.microg.org/ MicroG forged the code because of concerns on LineageOS side about including the signature spoofing required to make the MicroG parts work.

I’m a bit ambivalent. On the one hand side I like the idea of using open source instead of Google proprietary code, on the other side I can understand some reluctance because of potential security issues.
But I’m no Android expert or developer. So what do you experts think about this fork?

7 Likes

Have you read the FAQ?

“Wait, on their FAQ page I see that they don’t want to include the patch for security reasons. Is this ROM unsafe?
No. LineageOS’ developers hide behind the “security reasons” shield, but in reality they don’t care enough about the freedom of their users to risk to upset Google by giving them an alternative to the Play Services.
The signature spoofing could be an unsafe feature only if the user blindly gives any permission to any app, as this permission can’t be obtained automatically by the apps.
Moreover, to further strengthen the security of our ROM, we modified the signature spoofing permission so that only system privileged apps can obtain it, and no security threat is posed to our users.”

I guess as soon as the FP2-Rom is out, I’m gonna give it a try.

2 Likes

Yes, I read this, but this sounds a bit polemic to me. I wouldn’t want to assume, that the LineageOS just “don’t care enough”.

1 Like

Samsung and others also claim that using CustomRoms is a security issue. Depends on whom you trust.

Thank you for this headsup! This ROM is a dream come true, :smiley:

This is more straightforward and more secure than regular LOS + Tingle + my flashable ZIP and should be the first option for users relying on Gobble Services in their phones.

The way signature spoofing is implemented in the custom LOS for mG, it is as safe as possible. Only privileged system apps* can obtain that permission. It follows the Android security model. And @larma knows a lot about it.

It surely exposes a new vector of attack, but c’mon, only an app getting superuser rights can force their installation on system. And if it already has superuser rights (root user, see * below), it has all rights to do whatever it wants to.

My bet here is that LineageOS devs just don’t want to poke Gobble’s nose (again), because although Gobble cannot take legal actions for custom ROMs —they are based on AOSP, which is libre software, and thus forkable—, they can invoque a variety of companies that can do it for the redistribution of BLOBs or just render custom ROMs useless (e.j. by replacing Android’s bootloader with a new one less permissive that cannot be forced to install custom recoveries).


*= system apps in Android can be normal or privileged, depending on the folder where they are installed. If they are in /system/app, they have same privileges as user apps, but they just cannot be uninstalled. If they are on /system/priv-app, then they can request some special permissions right from the system user (user #1000, which still less powerful than root, user #0)


P.S.: I’ve remembered a ROM I used on my former mako and I think this LOS+mG ROM is its closest and updated spiritual successor: BRNmod. It also included some other neat privacy-oriented removals.

7 Likes

Awesome news! Just one question: Is this simply Lineage OS :heavy_plus_sign: Signature Spoofing :heavy_plus_sign: micgoG or is it also :heavy_minus_sign: some other G%§$e stuff (like #replicant is/was)?

Successfuly updated my S2 i9100 wich was run LineageOS unofficial with gApps to the latest version of Lineage with microG without loosing my apps and data.
Amazing! First step in a Google free world :grinning:

3 Likes

According to the FAQ it’s the full microG suite (GmsCore, GsfProxy, FakeStore, MozillaNlpBackend and NominatimNlpBackend) plus the signature spoofing, but no replacement for other proprietary parts (e.g. binary blobs), so not really replicant-like if I understand it correctly.

2 Likes

Nice project, indeed ! On https://download.lineage.microg.org/ I don’t see the Fairphone2, did you understood if they intend to automatically adapt all officially supported LineageOS devices, or if we have to make a special request to them for supporting FP2?

I am sure that I have seen FP2/on the list included in one of the threads on XDA which will be built. Unfortunately, I can’t find it anymore and no build is available at the moment. Maybe one could ask in the xda-thread?

Here is the XDA Thread with the hint that FP2 is in the next build Phase.

5 Likes

My reading of that thread, plus the appearence of this folder on the download site means we can expect a build within 27 hours.

I recently (this week) bought an FP2 because I saw it ran this and started doing a bit of reading down the list of Lineage supported devices and the FP2 (which I had not heard of before) struck me like a great project. It’s only with a bit of subsequent reading I see the phone has only just made it to the officially supported Lineage devices, largely down to people on this forum. I just fancied sticking my head up and saying thanks to those folks, and letting them know they are literally selling FP2s through their work.

It sounds like the holy grail of phone OS’s for me at the moment, i hope it lives up to the promise, and I can figure out how to get a paid for app or two working.

7 Likes

and here we are:

https://download.lineage.microg.org/FP2/

11 Likes

Wonderfull ! :slight_smile:
I’ll opt for the “dirty install”, to keep my apps installed.

Dirty install (keep data and installed apps)

If you instead don’t want to lose your current data, you can use our migration ZIP, that replaces the LineageOS’ keys with ours. However, if you have installed unofficial builds of:

F-Droid or F-Droid Privileged Extension
microG's apps (GmsCore, GsfProxy, FakeStore and mapsv1 API)
MozillaNlpBackend
NominatimNlpBackend

you have to uninstall them before the ROM migration. You also have to uninstall the GApps if you have previously installed them.

Finally download the migration ZIP and a build of LineageOS for microG (make sure the ZIP you’re installing is newer than the current installed ROM, if it is not, wait for the next build), reboot in recovery, install the migration ZIP and, without rebooting, install LineageOS for microG.

@Roboe : does it means we have also to uninstall your survival script? What is the procedure for that ?

After flashing the migration ZIP but before flashing the LOS+mG ROM, wipe the system partition to remove survival scripts and changes.

Other possibility, more granular (just if you have other survival scripts you don’t want to remove), is manually removing the survival scripts you don’t want with a root file explorer (e.g. Amaze) before installing anything. They are located at the /system/addon.d folder.

4 Likes

It is available now and works for me. Note to install it I had to do a factory reset/full banjax wipe or I would get Error 7s in TWRP. It works great! So lovely to be able to boot an android without being asked to sign in to google.

I have used Yalp Store to log in to my old google play account which has some paid for apps, and they work fine. WhatsApp is working. I have a caldav & carddav connections working for contacts & calendars.

Obviously haven’t tried an OTA update yet, or used it long enough to make an informed judgement on battery life (to be honest I have not used the phone long enough in any configuration to provide a comparative appraisal)

The only thing I can’t get to work is Signal Messenger, which gives a can’t connect to server error which I can’t work out if it is a related problem. I have tried with an apk from play store & off their website. Is this something people have run into before?

One note, whilst I only got my phone yesterday afternoon, I experienced 1 random reboot in the stock Fairphone OS, 1 in the 20171107 standard Lineage Nightly which I was running for a total of about 2 hours each. I’ve had the microg fork on my phone for about 12 hours and it hasn’t rebooted at all, so thats good.

I have some more questions about things I want to get sorted - disable the camera button, change the default camera app, is this the right thread for that or should I ask somehwere else?

I did the migration and everything is working. For memory this is what I did:

  • uninstall F-Droid (the microG apps were system apps already, so are wiped with /system)
  • reboot to TWRP and install migration zip.
  • wiped /system as advised by @roboe, and also wiped cache/dalvik just to be sure…
  • installed the build of LineageOS+MicroG for FP2 :slight_smile:
  • reboot
  • self-checked MicroG settings, but everything was already well configured !
  • no root access at the moment, I may reinstall the su addon later :wink:

Even Signal is working fine :slight_smile: @tomlong I’m using the “Danger zone” version of Signal >> Signal Android APK

@oli.sax That’s exactly what I installed! Good to know its not an issue with the apk/phone/OS, narrows down where to look for problems, thanks.

I installed the addsu-arm zip but after I had installed this fork, and I don’t seem to be root. Am I missing a step, or did I need to do it at the same time as the install? Is there a way to gain root now?

In the past I generally get Signal Error messages just after an LOS update and before repatching Tingle…
I wonder if this was a question of Safety Net failing?
Can you check if you have all options checked in MicroG settings?

For su, yes I would suggest to reflash it again :slight_smile:

@oli.sax The issue was the ‘Google Device Registration’ in microg settings, I was hoping not to enable it, but I have, and as if by magic Signal is working. I’ll read about it and get a better understanding of what is going on on the microg side.

Still no luck on the root front, but it’s not such a bugbear. I just want to get Yalp working more sympathetically, and allow KISS launcher some hibernation privs. No biggy.

1 Like