make installation of free play services (µg/microG) easy and safe

asked 2016-07-18 13:57:55 +0300

lpr
4819 ●186 ●253 ●257

http://www.uni-tuebingen....

updated 2019-07-19 18:33:22 +0300

sjn

3080 ●25 ●40 ●36

http://code.foo.no/

A lot of apps for android are depending on google play services, so it would be a huge improvement in usability to provide an easy way to satisfy those. Microg claims to provide a free and open source solution.
Due to licensing issues it is understandable that it is not directly implemented in aliendalvik.
So it would be great to have an easy, user-friendly and almost secure way to install and enable microg. Installation works out of the box (install f-droid (jolla harbour/f-droid website) -> add microG F-Droid repo -> install µg [requires Android2.3 or later which is provided by Jolla devices]) but you have to enable signature spoofing to make services working¹. This is absolutely not recommended to be done in general for all apps. So aliendalvik has to be made aware of microG (signatures of µg are changing between versions, however, so one has to specify a supported version of microG for a particular version of aliendalvik).
Another approach described here would be that one should implement similar services directly in aliendalvik but then you will have to redirect google api calls which will produce licensing/law issues...

¹ using the debug version of µg is not the right way to work around...

edit 20171105: maybe look at new LineageOS for microG: "Moreover, to further strengthen the security of our ROM, we modified the signature spoofing permission so that only system privileged apps can obtain it, and no security threat is posed to our users."

edit retag flag offensive close delete

Comments

Oh, finding a solution for this could be a huge step forward for Sailfish.

AnaT ( 2016-08-16 21:59:43 +0300 )edit

Why don't you use original Android devices?

dirksche ( 2019-07-19 19:08:03 +0300 )edit

to be honest: I came here to be free from Google and all its services. If you still need apps from google and its store why not switching to LineageOS? From my point of view there are far more important things to do at the Sailfish OS than support Android apps.

Solidus ( 2019-07-19 20:14:10 +0300 )edit

@Solidus , totally wrong, I use SFOS apps if possible and closed-source-apk if only solution. Nobody wants Google apps but use apps not working without google-service-api through microG

lpr ( 2019-07-19 23:06:02 +0300 )edit

@lpr what I meant was, that I don't want to use ANY service from Google. So if this app doesn't work without ANY part of Google I don't use it. I understand that many want to use their apps they are used to when they came from Google. I paid also a lot for some. It's just my opinion that this should be more a nice to have than a must.

Solidus ( 2019-07-21 14:29:45 +0300 )edit

2 Answers

Sort by » oldest newest most voted

answered 2016-09-03 04:06:08 +0300

ale5000
141 ●1 ●7 ●7

updated 2016-09-04 05:53:22 +0300

To enable signature spoofing easily you could also use Tingle (a fork of Needle made by me that run perfectly on all OS), it is here: https://github.com/ale5000-git/tingle

IMPORTANT: Currently you need to deodex before using the patch if the file is odexed.

PS: You can get the official signed version of microG also here: https://microg.org/download.html

PS2: Once you have patched the framework.jar it accepts fake signature from microG, there isn't anything special to do when updating microG. Only if you update your ROM it needs re-patching.

edit flag offensive delete publish link

Comments

You mean the basic microG should work out of the box?

AnaT ( 2016-09-03 20:57:00 +0300 )edit

Once the framework.jar is patched with Tingle or Needle it should work out of the box.

ale5000 ( 2016-09-04 05:05:39 +0300 )edit

Care to elaborate the whole process from to Z in a few sentences? I'm struggling with Sailfish 3 - getting the famous error 86 from your tool (Alien Dalvik is odexed on Sailfish I guess). Tried every tool I found on XDA but nothing can deodex and patch framework.jar.

TheGrave ( 2019-01-14 01:09:19 +0300 )edit

answered 2016-07-19 22:38:08 +0300

szopin
2933 ●57 ●85 ●80

updated 2016-07-19 22:42:56 +0300

While installation works, the signature spoofing requires a bit of work, here is framework, app and privapp for JollaC (for replacing contents of /opt/alien/system/*):
https://uploadfiles.io/4934454
(link will expire in 30 days)
With it Pokemon Go on JollaC works (you probably need also fakestore and a few backends for the location framework, step by step instructions here:
http://talk.maemo.org/showpost.php?p=1509945&postcount=85
Patch.py fails on windows, so linux (or virtual image like ubuntu) is your best bet, adb doesn't seem to be required (patch was stripped by eekkelund, sadly won't run on phone itself due to java requirement), still a working app that usually would require google is a step in right direction)

edit: Just noticed this part: This is absolutely not recommended to be done in general for all apps... So beware and use at your own risk, from descriptions it seemed like messing with framework.jar will cause the system to update other apps, so this approach might be absolutely not recommended

edit flag offensive delete publish link

Comments

yes, I knew this post on talk.maemo.org but this is complete contrary of save and easy. This might work now and future updates might mess with it besides the security risk. The only way microg will be useful is if aliendalvik will know signatures without needle injection...

lpr ( 2016-07-19 23:02:10 +0300 )edit

Problem is: Jolla officially including ways to fake Google play services is a sure way to get sued by G, the fact Intex went with non-android distribution that includes alien dalvik with the whole 'android alliance' was amazing, providing support to fake gapps/services is totally new waters
edit: I think good way forward would be having auto-installing package in warehouse/openrepos if every new version of microG does require re-signing/spoofing (I believe you only need to do this once for the framework and next installs will get auto, but probably wrong for the services themselves, other apps install fine), easier to drop something from openrepos if G cares than having Jolla face problems

szopin ( 2016-07-19 23:07:46 +0300 )edit

Jolla should not provide the app to not get sued but preparing for user-intallation will work. When I try to update microg to new version, I have to uninstall first due to changed signatures, so I might be wrong but this seems re-signing services will be needed because if not, I do not understand general security concept of android...

lpr ( 2016-07-19 23:22:36 +0300 )edit

The part I read was: changing framework(.jar) will trigger the system to rework all existing apps, so be patient (same will happen when mounting new /system partition)... or something like that. You're proably right that new services will require respoofing, maybe someone can come up with a script that does that on device without needing java? Then you just run a program that updates framework and the system does the rest, would be painless and not involve any liability on Jolla/Myriad part

szopin ( 2016-07-19 23:28:50 +0300 )edit

@lpr wait, you inject Needle before installing MicroG, and the script has not been changed recently (eekkelund changed it to scrap adb, but signature was from months ago when vermut modified it for SFOS), so maybe you have to uninstall MicroG, but doesn't seem like you have to re-deodex/inject framework each time, or MicroG had no new releases since few months

edit: vermut, 7 months ago

szopin ( 2016-07-19 23:37:25 +0300 )edit

make installation of free play services (µg/microG) easy and safe

Comments

2 Answers

Comments

Comments

Question tools

Stats

Related questions

make installation of free play services (µg/microG) easy and safe

Comments

2 Answers

Comments

Comments

Question tools

Public thread

Stats

Related questions