[How-To] MicroG in SFOS 3.1
Since sfos 3.1 with signature spoofing support, it is more easy to setup Just install those MicroG apk and fakestore apk, and enable those setting as below, then you are done!
MicroG show everything is good
We have moved to a new Sailfish OS Forum. Please start new discussions there.
Since sfos 3.1 with signature spoofing support, it is more easy to setup Just install those MicroG apk and fakestore apk, and enable those setting as below, then you are done!
MicroG show everything is good
So here's my compilation of all the details I did to get microG working on my XA2.
I hope it helps, I'll also try to add all the informations I can gather elsewere.
As a side note, if you would like to support the development of MicroG, the MicroG team has setup a bountysource.
(And you probably do support software development if you're reading this, given that AlienDalvik is one of the perks you get when using the paid Sailfish X licence ...)
For Android, when I write : "App permissions - Apps using Location, Microphone, Camera", "App permissions" is the big text that appears in big bold on the menu, and "Apps using Location, Microphone, Camera" is the text that appears in light gray underneath.
The really base (most of the people already have) :
If you're installing on a freshly flashed phone, with a fresh installation of "Android support", that's okay you can skip to the procedure itself. If you have fooled around on your device (e.g.: installed Google Play Service, installed microG, etc.) and if you hit the "I don't have the spoofing permisison showing up in the list", make also sure :
/opt/alien/
(the space on that partition is limited, it's barely enough for holding the original file and any system upgrade. Any leftover backup might not leave enough room to proceed)/opt/alien/system.img
(and not your patched stuff)As of 3.1.0.11 Seitsminen (you can check the changelog):
rpm -qf '/opt/alien/system.img'
aliendalvik-8.1.0.53.57-1.17.1.jolla.armv7hl
If you have any doubt about the two above, you can force re-installing AlienDalvik with commands:
devel-su
pkcon refresh
pkcon install --allow-reinstall aliendalvik
Also last but not least, make sure you're currently running some 3.1.0 Seitsminen version of the OS (and not that the upgrade has completely failed and you're kicked back to 3.0.3 Hossa):
ssu re
Device release is currently: 3.1.0.11
The Signature Spoofing permission is enabled in Android and could now be granted.
Download it :
Install it :
Sailfish OS will install F-Droid. Pay attention to the Sailfish pop-up mentioning the install successful.
A new F-Droid icon should show up.
Hint: to avoid having to manual type the data information, you can install the CodeReader app from the Jolla store and scan the QR-Codes on web pages such as the MicroG download page and copy-paste them into the relevant fields
Fingerprint : 9BD06727E62796C0130EB6DAB39B73157451582CBD138E86C468ACC395D14165
( ^- that's very long. It's much easier to copy-paster from the QR-code scan in CodeReader)
back to the main screen
(hit the "<|" Android back button, than hit again "Latest" down, left in the blue bar on the F-Droid window)
microG will make a microG settings appear in Launcher. If installed, the optional Aurora or Yalp makes an icon too.
Other optional application to search for and install, that are useful in my opinion "Android Permissions", "Stanley - An application explorer for developers".
(after the apps) "App permissions - Apps using Location, Microphone, Camera"
( ^- warning it's not in the same place as on other ROMs, it's not among the Advanced permissions)
If you don't find "enable system package replacement" in the permissions list, you might be still unknowingly running an old version of aliendalvik ('s system image). Check again the pre-requisits (remove left-over junk from /opt/alien, force re-install, etc.)
So the permission granting takes effect:
After this last restart, Signature Spoofing should work for the software you granted it to.
This is where you can configure the location services.
Note: Keep in mind that, as of 3.1.0 Seitseminen, Android app can see and query the WLAN (Wifi connection), but currently as demonstrated by several questions filed by other community members, the 3G/4G connection isn't always seen by Android Apps.
Thus you need to only rely on Wifi Network-based connection e.g.: rely on Apple's back-end, or configure Mozilla's to only use Wifi network, but NOT to use 3G/4G cell towers. If you do not do that you'll get the following problems :
That because the back-ends that rely on 3G/4G cell hang.
Some apps rely on a Google Chorme web browser to be present.
You can add Bormite to F-Droid, it's an opensource derivative of Chromium, but has more privacy and Ad-blocking (unlike Mozilla where it works everywhere, on Chrome only the desktop version has uBlock plugins).
I've written another HOWTO about auto-starting apps. You might check how to enable/disable apps getting automatic alerts from the Cloud, and optionally getting auto-started to process it (e.g.: WhatsApp automatically getting messages instead of you needing to fetch them).
Apps that rely on Google Cloud Messaging and were already on the phone before you setup microG need to be installed again.
This howto is done for using opensource app store for fetch APK from the Google Play Store (such as Aurora and/or Yalp) and the empty FakeStore package to trick any application that checks the presence of "com.android.vending".
For people wanting to use the genuine Google Play Store client app (in order to buy stuff directly from the app), it is possible to do thanks to NanoDroid, and carmeloferso has written a guide
Root detection relies on two things.
something must provide 'com.google.android.gms' (aka.: GmsCore)
you must install microG Services Core and grant it signature spoofing
something must provide 'com.android.vending' (aka.: Phonesky)
you must install either install microG's FakeStore or Nanodroid's patched Google Play Store and grant it signature spoofing
This keeps most of the applications happy.
Google has a kind of backdoor anti-feature that allows them to remotely analyze Android smartphones.
microG uses a reimplementation of SafetyNet and a sandboxed version of google's proprietary DroidGurad ...
BUT Google has changed SafetyNet yet again and it doesn't work anymore (as of microG 0.2.8.17785 and DroidGuard Helper 0.1.0). Maybe in a future version ?
This causes a couple of banking app to still complain.
This Howto covers the modern Mapsv2 API as implemented by Google Play Services and UnifiedNLP.
Some apps, like the Greencopper ones used for lots of festivals, still rely on the old Mapsv1.
microG has an implementation : it is a Java framework in a JAR that needs to by written into system.img
.
Here is a script to add the mapsv1 jar into system.img:
#!/bin/bash
echo -e "\e[34;1m=================================\e[37;1m"
echo "[**] 0. Check environment"
echo -e "\e[34;1m=================================\e[0m"
if [ -e /opt/alien/system.img ]; then
HAS_ALIEN_DALVIK=1
ALIEN_VERSION="$(rpm -qf '/opt/alien/system.img' --qf '%{version}')"
echo "AlienDalvik image version ${ALIEN_VERSION} found"
fi
set -e
SE_LOST=0
echo -e "\n\e[34;1m=================================\e[37;1m"
echo "[**] 1. Get system.img"
echo -e "\e[34;1m=================================\e[0m"
SYSIMG_ORIG="system.img.orig${ALIEN_VERSION+.${ALIEN_VERSION}}"
if [ -f "${SYSIMG_ORIG}" ]; then
echo -e "\e[33;1mWARNING: reusing existing ${SYSIMG_ORIG}\e[0m"
elif [ -e /opt/alien/system.img ]; then
rsync -avPL --inplace '/opt/alien/system.img' "${SYSIMG_ORIG}"
chown --reference=. "${SYSIMG_ORIG}"
else
echo -e "\e[31;1mERROR: can't find ${SYSIMG_ORIG}, please fetch it /opt/alien/system.img from your Sailfish smartphone"
exit 1
fi
echo -e "\n\e[34;1m=================================\e[37;1m"
echo "[**] 1.1 Get MicroG Mapsv1"
echo -e "\e[34;1m=================================\e[0m"
if [ -f 'mapsv1.flashable.zip' ]; then
echo -e "\e[33;1mWARNING: reusing existing mapsv1.flashable.zip\e[0m"
else
curl -LO 'https://github.com/microg/android_frameworks_mapsv1/releases/download/v0.1.0/mapsv1.flashable.zip'
chown --reference=. mapsv1.flashable.zip
fi
unzip -l mapsv1.flashable.zip
echo -e "\n\e[34;1m=================================\e[37;1m"
echo "[**] 2. Black belt mount-fu"
echo -e "\e[34;1m=================================\e[0m"
TMP_DIR="$(mktemp -d sysimg.XXXXXX)"
touch "${TMP_DIR}/.noindex"
MNT_DIR="${TMP_DIR}/squashfs_root"
mkdir -p "${MNT_DIR}"
mount -o ro,loop "${SYSIMG_ORIG}" "${MNT_DIR}"
# Check the sercurity extended attributes
if [[ "$(find ${MNT_DIR}/system/bin/ -print0 | xargs -0 getfattr -m - -d)" =~ security\.capability= ]]; then
echo -e "\e[36;1mCheck: Security extended attributes are readable\e[0m"
else
echo -e "\e[33;1mWARNING: Security extended attributes are missing !\e[0m"
echo "Please re-install stock AlienDalvik RPM, otherwise logd, run-as and webzygote are going to be borken !"
echo "(but the rest of Android otherwise works)"
SE_LOST=1
fi
# MntPoints indexed array lists ALL subdirectories that we need to be writable for our patching needs
declare -a MntPoints
MntPoints=( 'system/framework' 'system/etc/permissions' )
for (( k = 0; k < "${#MntPoints[@]}"; k++)); do
# check if any of the subdirectory carries extended attributes (e.g.: we want to patch /system/bin )
if [[ "$(find ${MNT_DIR}/${MntPoints[$k]}/ -print0 | xargs -0 getfattr -m - -d)" =~ security\.capability= ]]; then
echo -e "\e[33;1mWARNING: ${MntPoints[$k]} has security extended attributes !\e[0m"
HAS_SECURITY=1
else
HAS_SECURITY=0
fi
mkdir -p "${TMP_DIR}/${k}"
rsync -avPSHAX "${MNT_DIR}/${MntPoints[$k]}/" "${TMP_DIR}/${k}/"
mount --bind "${TMP_DIR}/${k}" "${MNT_DIR}/${MntPoints[$k]}"
# check if subdirectories got their extended attributes carried over
if (( HAS_SECURITY )); then
if [[ "$(find ${MNT_DIR}/${MntPoints[$k]} -print0 | xargs -0 getfattr -m - -d)" =~ security\.capability= ]]; then
echo -e "\e[36;1mCheck: ${MntPoints[$k]} security extended attributes saved\e[0m"
else
echo -e "\e[33;1mWARNING: cannot save security extened attributs in ${MntPoints[$k]}, loss of functionnality is possible\[0m"
echo "Try on a Linux laptop that doesn't run SELinux"
SE_LOST=1
fi
fi
done
echo -e "\n\e[34;1m=================================\e[37;1m"
echo "[**] 3. Patch"
echo -e "\e[34;1m=================================\e[0m"
unzip -d "${MNT_DIR}" mapsv1.flashable.zip 'system/'{framework,etc}'/*'
echo -e "\n\e[34;1m=================================\e[37;1m"
echo "[**] 4. rebuild squashfs"
echo -e "\e[34;1m=================================\e[0m"
# check compression
if [[ "$(mksquashfs --help 2>&1 )" =~ lz4 ]]; then
COMP="-comp lz4 -Xhc"
else
echo -e "\e[33;1mWARNING: fast LZ4 compression not available, falling back to slower GZip compression\[0m"
echo "AlienDalvik should work, just not as fast"
fi
mksquashfs "${MNT_DIR}" system.img.mapsv1 $COMP -noappend -no-exports -no-duplicates -no-fragments
chown --reference=. system.img.mapsv1
echo -e "\n\e[34;1m=================================\e[37;1m"
echo "[**] 4.1 mount clean-up"
echo -e "\e[34;1m=================================\e[0m"
for (( k = 0; k < "${#MntPoints[@]}"; k++)); do
umount "${MNT_DIR}/${MntPoints[$k]}"
[ -d "${TMP_DIR}/${k}/" ] && rm -rf "${TMP_DIR}/${k}/"
done
umount "${MNT_DIR}/"
echo -e "\n\e[34;1m=================================\e[37;1m"
echo "[**] 4.2 check image"
echo -e "\e[34;1m=================================\e[0m"
mount -o ro,loop system.img.mapsv1 "${MNT_DIR}"
if [[ "$(find ${MNT_DIR}/system/bin/ -print0 | xargs -0 getfattr -m - -d)" =~ security\.capability= ]]; then
echo -e "\e[36;1mCheck: Security extended attributes are still readable\e[0m"
else
echo -e "\e[33;1mWARNING: Security extended attributes are missing !\e[0m"
SE_LOST=1
fi
umount "${MNT_DIR}/"
rmdir "${MNT_DIR}/"
rm "${TMP_DIR}/.noindex"
rmdir "${TMP_DIR}/"
if (( SE_LOST )); then
echo -e "\e[33;1mWARNING: Security extended attributes are missing!\e[0m"
echo "Please re-install stock AlienDalvik RPM, otherwise logd, run-as and webzygote are going to be borken !"
echo "(but the rest of Android otherwise works)"
fi
(Inspired by yeoldegroove haystack-ing docker, my mods thereof to add mapsv1 and various scripts used to add Google Play Services directly from the device while not breaking logd. But I went for a slightly different approach a bit more space-saving (only loop-mounts the squashfs system.img, and uses bind-mounts for the directories that needs overwriting) )
It can be executed on the device, provided that you install attr and squashfs-tools package (note that the official Jolla one doesn't support LZ4, so the generated image will GZIP instead with is a bit smaller, but also a bit slower). Special care has been put to make sure that the Security Extended Attribute aren't lost and Android's logcat continues to work as it should.
It can be also executed on a Linux laptop (or a Raspberry Pi), provided that you transfer the file /opt/alien/system.img
in (to be named system.img.orig
).
The script produces a file named system.img.mapsv1
that now contains the necessary microG parts to make older apps work, too.
I'm not using any DRM.
But if somebody has a good source for .so that actually work on Sailfish OS and XA2, please let me now, the above script could also be modified to add those too.
@Nautilus Do you mean Aptoide? Didn't see F-Droid in the Jolla store.
sunburnedpenguin ( 2019-07-22 16:25:59 +0200 )edit@sunburnedpenguin I've got Intex Aqua Fish, and I can see F-Droid in Jolla Store.
Nautilus ( 2019-07-22 21:47:28 +0200 )editMay be I'm stupid too , but I can't get to see "enable system package replacement". I have followed the instructions by starting from scratch several times to no avail. Xperia XA2 plus dual sim. Anybody can help please!
Thanks ,
G
I'm also in the same boat, didn't have luck to enable that permission
carmeloferso ( 2019-07-24 18:45:34 +0200 )edit@glalli Upon my XA2 Dual SIM, in Aliendalvik Control (Coderus)> Settings > Apps & notifications > Advanced > App permissions > scroll down to "enable system package replacement" just below "Telephone" and just off-screen for me.
aspergerguy ( 2019-07-24 19:58:16 +0200 )editI don't know if language of SFOS for people that have the permission working is only english, or is working also having in other languages?
carmeloferso ( 2019-07-24 20:21:49 +0200 )editI have Finnish SFOS and Finnish Android Support Layer, and it's there in the correct place (with untranslated English label). I had to switch my Android to English to actually manage to find it by the instructions, but it's there independent of language.
Do note that @DrYak uses the full text of the titles of the relevant sections in his instructions, which may be a bit confusing as usually your brain doesn't even register such notes under the actual headline.
Headline "App permissions - Apps using Location, Microphone, Camera" really means "App permissions", behind which link you will find it at the very bottom.
teemu ( 2019-07-24 22:20:40 +0200 )editHi there, thanks a lot for the installation guide. Everything worked well except for installing the Google Play Store App from Nanodroid (need it for paid apps). I followed your steps, but when I launch the Google Play Store App, I get "Error retrieving information from server. DF-DFERH-01". I rebooted, I tried ForceQuit, Deleting Cache and Data for the Play Store App. I gave phone, location, contacts, unrestricted data permission to Play Store App. I removed and reentered my google account. I tried Deleting Cache and Data for all MicroG apps - plus setting things up again. All to no avail. I can login to my google account via browser, but when I click on the install link and select open with Google Play Store, I get the DFERH error again. Any ideas or help? Best, RS
Same here ... but I also haven't found a way to fix this.
birefringence ( 2020-04-09 21:35:34 +0200 )editI had a liitle problem, first time when I installed Google Play and add all data to log in app work but it ask for login once again O_O so I tried go to microG and add account but it give anserw that this account exist on this device. Someone know how to solve this issue?
It is already added, you can verify in Android settings
carmeloferso ( 2019-10-08 15:31:25 +0200 )edit@carmeloferso yes, but why Google Play Store (from nandroid repo) ask for sign in?
Stanislav1988 ( 2019-10-08 15:59:08 +0200 )editAs far as I know Google Play is incompatible to MicroG. Try Aurora Store instead.
wosrediinanatour ( 2019-10-08 18:51:13 +0200 )editOkay, so it seems I am too stupid to use MicroG so please explain me. I had it working on my XA2. Now I did some kind of a mess and had to factory reset. I reinstalled 3.1, resized partitions, installed F-Droid and then MicroG Services Core and fakestore. I get that my system does not have spoofing signature support (earlier it had). Please send some suggestions, before I throw the damn machine out of the window and order a Nokia 8.1.
I also installed Signature Spoofing Checker and it says it's disabled.
Giacomo Di Giacomo ( 2019-07-21 02:58:32 +0200 )editWhat I did was I first disabled Android package verification, and then installed F-Droid, added the repo and installed microG and FakeStore. Then I went to Android Settings and enabled the system package replacement permission, and started microG settings. Then start microG settings and give it all the permissions it asks.
Doing that I have all other packages installed except GSF. However, none of my apps (most of which I had to reinstall) don't complain about missing Google Play Services anymore, and I think ParkMan works again (won't know for sure until I actually park with it, though).
Edit: I was still missing microG Services Framwork Proxy, I installed in F-Droid. Now I have the same boxes checked as in the screenshot.
Direc ( 2019-07-21 10:46:33 +0200 )editIt's officially confirmed I am too stupid then, and my phone knows it.. It's exactly what I believed I was doing, but when I did it on my own the system package replacement permission option did not appear, and when I followed step by step what you said it was there. Oh well. Thank you for helping an old idiot.
Giacomo Di Giacomo ( 2019-07-21 11:16:52 +0200 )editAny ideas on how to make banking app work? There is some kind of security check in the app that is preventing it from starting.
Thanks, G
according to recent issues on microG's GitHub, Google have recently changed yet again how SafetyNet works, and thus the current DroidGuardHelper doesn't work. If SafetyNet is mandatory for your banking app to work, you're out of luck (Well, short of pestering your bank's developpers until they release a SafetyNet-free version of the app).
Otherwise, lots of app require the presence of some kind of Google Play Services (microG does fill that role, it provides the same API com.google.android.gms) and also the presence of Google Play Store (FakeStore does this. It's empty, it does nothing. But it pretends that com.android.vending is there). There are lots of apps that will be happy if these two conditions are met.
DrYak ( 2019-07-29 21:08:37 +0200 )editI cannot log in with my google account on Feedly.Any ideas? Microg and everything related are working fine
Maybe enabling:
like the steps that carmeloferso uses to make Nanodroid Google Play Store work
DrYak ( 2019-08-08 17:27:40 +0200 )editproblem is in the screeshot, the 3G / wifi etc. thing. probably, but the link below the picture has intersting discussion about coarse and fine location services. I was aboutvto test commands but , adb. pm.?
https://github.com/microg/android_packages_apps_GmsCore/issues/366#issuecomment-427252345
https://github.com/microg/android_packages_apps_GmsCore/issues/366#issuecomment-427252345
This thread is public, all members of Together.Jolla.Com can read this page.
Asked: 2019-07-18 21:13:08 +0200
Seen: 22,107 times
Last updated: May 03 '20
Can I import my contacts from N9? [answered]
User wants to see certain part of picture as a Lock Screen background [answered]
We want to create our own TOH [answered]
How user can take backups out of device [released]
What is the best maps/navigation application to use on Jolla? [answered]
How to change Ambiences really fast [answered]
Markdown basics [not relevant]
How to remove all contacts in one go? [answered]
you have to add this repository in fdroid, to install microg and fakestore:
https://microg.org/fdroid/repo?
with fingerprint: 9BD06727E62796C0130EB6DAB39B73157451582CBD138E86C468ACC395D14165
mettska ( 2019-07-18 21:42:16 +0200 )editfuck yeah!
<o\ \o="" o=""></o\>
(does the.happy dance)
DrYak ( 2019-07-18 21:58:51 +0200 )editExciting news, cheers. Do we still need to reinstall all existing Android apps after installing microG?
jollajo ( 2019-07-18 22:13:26 +0200 )editIs this only on the XA2s (with their AOSP8-based AlienDalvik) or also on earlier models (rsp. versions of AlienDalvik) after upgrading to SFOS 3.1.0?
olf ( 2019-07-18 22:40:41 +0200 )edit@jollajo :
From experience, if you already have an older MicroG install (e.g.: using the docker by yeoldegroove in the howtos), no, you don't need to re-install, just to re-enable Signature Spoofing.
According to MicroG's FAQ, if you do not have an older install, but did just freshly install MicroG, you need to re-install every single app that relies uppn Google Cloud Mrssage to force them to re-register the cloud service (well at least the apps that you want to register... e.g.: not necessarily for notorious spies. See ny howto about autostart). In my personal experience, no need to fully un-install and re-install, just installing this week's update is enough (tested with my WhatsApp instance)
DrYak ( 2019-07-18 22:53:48 +0200 )edit