Ask / Submit
45

[feature-request] Make Sailfish's Aliendalvik more MicroG friendly [released in 3.1.0.11]

asked 2019-07-17 15:23:47 +0300

DrYak gravatar image

updated 2019-07-18 22:09:45 +0300

Update 2017-07-18 : released in 3.1.0.11, howto available here. Big thanks to jolla and all the devs involved behind the scene.


Dear Jolla Devs,

it would be great if you could take the necessary steps to make your OS more friendly toward MicroG.

Jolla presents Sailfish OS as much more privacy-conscious than competitors (such as, e.g. Google's Android).

Sailfish also supports Android apps.

Yet, many among the most popular Android apps are absolutely dependent on the com.google.android.gms API provided by the proprietary closed source Google Play Service blob. And it's a bit a shame that users of a reportedly privacy-aware OS end up taking steps to install a blob known for slurping as much private data as possible.

Luckily, there are alternative providers of com.google.android.gms API, such as the opensource MicroG which is also better configurable and provides a good part of the missing API.

Some foundations wanting de-googled eco-system and some alternative ROMs are relying on MicroG to provide the necessary API.

As a company promising to focus on end-users' data privacy, it would be great if Jolla could spend some efforts to make less-privacy-invasive solutions for Android easier to use :

1. Signature-spoofing

In order for MicroG's GMS core to be installed, Signature Spoofing is needed.

Currently, on Sailfish OS' Aliendalvik this requires that the end-user manually patchs the JAR frameworks using specific software (available as a docker). This is cumbersome and might be off-putting for newbies who might end up avoid this alternative.

There is a better solution as Signature Spoofing can be enabled in the AOSP image. Lots of other AOSP-based images already do it , there's even an user interface so that only users who need it will enable it.

It would be great if Jolla could similarily build in the Signature Spoofing together with the settings UI to enable it, it would vastly simplify the work required for users who want to install MicroG.

2. UnifiedNLP support

Currently location works poorly under MicroG.

It fails to register (similar to this issue ). There is a known problem that starting from Android 7.0 Nougat and above, location doesn't work outside /system. There is a patch available mentionned in the MicroG's GmsCore installation instructions. But even after integrating the haystack patch into the Signature Spoofing docker, the UnifiedNLP still fails to register, and location is still flaky in most app (with the current exception of GoogleMaps and Uber) which prevents e.g. some vehicle sharing apps from working properly (Circ, Tier, Mobility swiss, etc.)

There might some conflict, e.g.: the way Jolla has implemented location sharing between Sailfish and Aliendalvik (FusedLocation) might block the copy of UnifiedNLP that is provided inside MicroG's GmsCore.

Help from Jolla dev would be needed to get Location working better with MicroG.

edit retag flag offensive close delete

Comments

2

I think this makes a good topic for the Community Meeting

rtr2001 ( 2019-07-17 20:26:15 +0300 )edit

just hope the next community meeting is happening at a time when I am not overloaded at work with my real paying job...

:-/

DrYak ( 2019-07-17 20:30:51 +0300 )edit
3

wait for the next update. there are rumors that Jolla is on the right way.

mettska ( 2019-07-17 21:51:16 +0300 )edit
1

And check the new translations if you want some hints for what is coming...

attah ( 2019-07-18 00:28:40 +0300 )edit

You wrote

  • Jolla presents Sailfish OS as much more privacy aware than competitors (like Google's Android for example). *

Did you mean if you make more security holes (Play Services, MicroG, Spoofing) that everything is going better?

MicroG means less data and information for Google and not none.

4carlos ( 2019-07-18 07:35:52 +0300 )edit

3 Answers

Sort by » oldest newest most voted
4

answered 2019-07-18 20:54:08 +0300

TMavica gravatar image

released in 3.1.0.11

edit flag offensive delete publish link more

Comments

1

Dear Jolla, I know you're an abstract entity (a company) and not.a girl, but:

!! * I love you!!! <3 * !!

DrYak ( 2019-07-18 22:01:54 +0300 )edit

There are two problems mentioned in the question. Has a fix been released for both? Or only for 1?

Federico ( 2019-07-19 17:18:34 +0300 )edit
  1. Yes, signature spoofind can now be activated with a (well, not exactly simple) permission granted from Android Settings, instead of needing to patch system.img

    1. UnifiedNLP now does register, but I am still having some troubles...
DrYak ( 2019-07-22 04:00:44 +0300 )edit

Problem solved :

the last UnifiedNLP problem were due to :

  • me using Mozilla's plugin configured for Wifi AND 3G/4G cell-tower based location
  • according to docs by Jolla officials, Android Apps currently only support querying status of Wifi.

Either disabling the 3g/4g in Mozilla or switching to a Wifi-only back-end (e.g.: Apple) solves the problem.

DrYak ( 2019-07-22 14:05:01 +0300 )edit
3

answered 2019-07-18 01:34:25 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2019-07-18 01:34:25 +0300

lpr gravatar image

this request does already exist: https://together.jolla.com/question/138213/make-installation-of-free-play-services-ug-easy-and-safe/

edit flag offensive delete publish link more

Comments

@lpr you are obviously right, but one could argue that this question has been written with much more effort, formatting and most of all references.

Maus ( 2019-07-18 11:00:20 +0300 )edit
1

@lpr thanks for pointing this out.

It's indeed pretty similar to the point 1 of my request.

Sorry for the dupe: as the author of that request wrote the unusual 'µG' form instead of the much more common 'microG' - it happened to never pop-up in searches during the last ~1 year I've been using it.

Regarding the request there are still a couple of differences making fusion of the two thread a bit more complex:

  • it dates back from 2016, it dates back from the era of Jolla 1 phone and Android 4.2 Jelly Bean running inside Myriad's modified Java-VM Aliendalvik. Quite a few things have changed nowadays with Sailfish X on Xperia XA2 with AOSP 8.1 Oreo running inside a LXC (Linux container).
  • Back then the signature spoofing was relatively new and without much infrastructure. That post argues for an always integrated signature spoofing (and points that having this feature always-on is a big security risk).
  • A 2017 update then points to solutions used in MicroG for LineageOS (which limits signature spoofing to /system privileged apps)
  • Nowadays we have AOSP 8.1 Oreo which allows (since 6.0 Marshmallow) much finer-grained permissions control. Nowadays, Signature Spoofing is a permission that can be granted to specific apps, and modern microG has a special settings UI to control it. It's definitely NOT always-on (and can be turned on on-demand only for the GmsCore framework that actually needs the spoofing, and nothing else).
  • Also, there's the whole system.img thing: nowadays, Android aren't 'just' Java(-like) bytecodes ran inside a Java(-like) VM (Dalvik), they are a full blown binary native system (ART - Android Runtime). And thus Android application compatibility layer isn't just a modified Java(-like) VM, but a full blown self-contained AOSP image. On Sailfish X this image is read-only SquashFS and there is no easy straight-forward way to write inside /system. The whole restrict spoofing to priviledged apps is a dead end.
DrYak ( 2019-07-18 11:53:32 +0300 )edit
1

(Also this is just half of my request, then there's the whole point 2, which is an entire extra chapter. Apparently, given the report of gamers playing Pokemon Go on MicroG+Aliendalvik, that wasn't a problem back then, but is now)

DrYak ( 2019-07-18 11:54:01 +0300 )edit
2

answered 2019-07-19 10:14:52 +0300

teemu gravatar image

updated 2019-07-19 10:17:49 +0300

I'll put this as an "answer", so this specific discussion has a string of it's own:

If you already have installed Opengapps by the instructions linked in the OP, and now wish to switch to using MicroG, how do you undo the things you have done this far to your system?

You will have had the Play Store app and the Play Services "app" installed, and they probably create problems if you try to also install fakestore and MicroG Services Core to your Android setup.

So:

A1. How do you remove all traces of the Google Play apps (OpenGapps pico version if installed by the instructions),

A2. How do you get a clean /opt/alien/system.img in case you lost your original one, and

B. If you wish to do a full clean Android Support installation, what will you need to remove in addition to uninstalling Android Support from the Jolla Store before reinstalling it again?

So effectively I'm asking for an all-purpose tutorial for making the OpenGapps -> MicroG switch.

edit flag offensive delete publish link more

Comments

2

How do you remove all traces of the Google Play apps

If you want to manually uninstall, MicroG has a wiki explaining what to manually delete

(OpenGapps pico version if installed by the instructions),

If you have installed by the instructions you will have a file called system.img.orig in the directory were you've run the script. This is your original untouched image, you can start a new using this one.

NOTE: usually upgrading Sailfish OS overwrites the image with the latest version. So if you happen to have installed openGapps before, and then upgraded to 3.1.0.11 Seitseminen afterward, your image is latest clean.

How do you get a clean /opt/alien/system.img in case you lost your original one

General "howto" discover which package a files comes from:

$ rpm -qf /opt/alien/system.img 
aliendalvik-8.1.0.53.57-1.17.1.jolla.armv7hl

Thus you need to force re-installation of the file. So if you use zypper:

zypper install -f aliendalvik

(Sorry I'm not very fluent in pkcon, but perhaps something like: pkcon install --allow-reinstall aliendalvik ?)

DrYak ( 2019-07-19 14:21:56 +0300 )edit

The MicroG FAQ talks mostly of the "apps" that in this case were squashfsed into the system.img. They are taken care of by just going back to using the original system.img.

But the Play Store app and the Play Services hidden "app" are installed to somewhere else in the file system in the Opengapps setup process, and those apps and their other installed data needs to be purged. Maybe the apps can be removed from Aptoide, but...

And you probably need to remove your Google Account from the Android Settings in order to "log out" from Google within the Android layer.

And when doing a full reinstallation of Android Support, you quite likely need to remove all the Android app icons and whatelse in specific Sailfish folders. I wrecked my whole OS by doing it wrong (=only halfway through) a couple of months back.

teemu ( 2019-07-19 21:03:16 +0300 )edit
1

for where the additional stuff outside of /system is stored, it's mostly in the android_storage and /home/.android.

See the twohowtos written by kostas12ldb (except you don't want to copy them, but purge them instead).

Specifically for the upgrades to Google Services, you can also uninstall them with some Adb commands (see microG wikis).

To get an Android shell, you need to type on Sailfish as toot (do devel-su):

lxc-attach -n aliendalvik /system/bin/sh

Alternatively, whatever package manager you used to install the upgrade (Google Play Store? Aptoid Store?) can remove the upgrades with an easy GUI : it's the same process like uninstalling applications, except the button says "downgrade" instead of "remove" for APKs that are also present in system.

DrYak ( 2019-07-20 19:42:27 +0300 )edit

That's the damnest thing really: I can find all my other Android apps in /home/.android/data/app/ folder, but com.android.vending (=Play Store) isn't there. Even madder, the .desktop file in /usr/share/applications/ that handles the launcher icon points to that exact folder.

After you first time execute the Opengapps script on your system.img and then restart Android Support after that, you will automatically go through the initialization that installs Play Store. Apparently the apk is installed to some weird Android place, but non-devel-sued File Browser isn't authorized to look into all folders.

teemu ( 2019-07-21 10:07:52 +0300 )edit

So... is the com.android.vending apk actually inside the patched system.img, and in the "Android/data/app/" folder there, and it's the only Opengapps App showing on your launcher because it's the only one of those apps that get a launcher icon installed (in the initialization phase I guess)?

So in other words, there are two Android/data/ folders in the system: one in the /home/ folder and another squashfsed inside the system.img, and the Android Support layer sees and deals with both of them simultaneously (?).

So when reverting to the vanilla system.img I probably also have to purge manually /home/.android/data/data/com.android.vending/ which is the /home side folder for the downloads and init files and stuff that obviously can't be in the read only system.img.

teemu ( 2019-07-21 10:29:46 +0300 )edit
Login/Signup to Answer

Question tools

Follow
9 followers

Stats

Asked: 2019-07-17 15:23:47 +0300

Seen: 1,284 times

Last updated: Jul 19