So here's my compilation of all the details I did to get microG working on my XA2.

I hope it helps, I'll also try to add all the informations I can gather elsewere.

---

Donations

As a side note, if you would like to support the development of MicroG, the MicroG team has setup a bountysource.

(And you probably do support software development if you're reading this, given that AlienDalvik is one of the perks you get when using the paid Sailfish X licence ...)

---

Notes

For Android, when I write : "App permissions - Apps using Location, Microphone, Camera", "App permissions" is the big text that appears in big bold on the menu, and "Apps using Location, Microphone, Camera" is the text that appears in light gray underneath.

Pre-requisits

The really base (most of the people already have) :

• You need obviously to have a smartphone on which you have flashed Sailfish OS
• You need to have paid the license for Sailfish X (this includes the paying bits like AlienDalvik)
• You need to have your Jolla account set up on the smartphone.
• You need to install "Android support" from the Jolla store (will not show up until you have an account with a paid licence for the type of device you're running)
• Installing "Android support" doesn't pop up any new icon in Launcher, that's normal
• It's not obligatory, but it helps a bit : you can turn developer mode on.

If you're installing on a freshly flashed phone, with a fresh installation of "Android support", that's okay you can skip to the procedure itself. If you have fooled around on your device (e.g.: installed Google Play Service, installed microG, etc.) and if you hit the "I don't have the spoofing permisison showing up in the list", make also sure :

• there's no extra stuff left over in /opt/alien/ (the space on that partition is limited, it's barely enough for holding the original file and any system upgrade. Any leftover backup might not leave enough room to proceed)
• that you have the original pristine file in /opt/alien/system.img (and not your patched stuff)
• that currently you do have the latest version of AlienDalvik installed.

As of 3.1.0.11 Seitsminen (you can check the changelog):

rpm -qf '/opt/alien/system.img'
aliendalvik-8.1.0.53.57-1.17.1.jolla.armv7hl

If you have any doubt about the two above, you can force re-installing AlienDalvik with commands:

devel-su
pkcon refresh
pkcon install --allow-reinstall aliendalvik

Also last but not least, make sure you're currently running some 3.1.0 Seitsminen version of the OS (and not that the upgrade has completely failed and you're kicked back to 3.0.3 Hossa):

ssu re
Device release is currently: 3.1.0.11

Enable Signature Spoofing

• Settings app
• section Info, tool Android™ support
• you get to the first screen shot above
• check the checkbox Disable Android™ system package verification
• push the Stop button
• wait until AlienDalvik has completely shutdown (Start button become available)
• push the Start button
• wait until AlienDalvik has completely re-started (Stop button become available)

The Signature Spoofing permission is enabled in Android and could now be granted.

Install software

F-Droid

Download it :

• in Sailfish OS's native browser, go to https://f-droid.org/
• click on the Download F-Droid button
• (or you can scan the QR-code on the page from your desktop, it you don't trust your typing skills)
  • download Starts

Install it :

• Settings app
• section Info, tool Transfers
• wait for FDroid.apk to finish loading...
• tap on FDroid.apk

Sailfish OS will install F-Droid. Pay attention to the Sailfish pop-up mentioning the install successful.

A new F-Droid icon should show up.

microG repository

Hint: to avoid having to manual type the data information, you can install the CodeReader app from the Jolla store and scan the QR-Codes on web pages such as the MicroG download page and copy-paste them into the relevant fields

• Open and check the info from the the MicroG download page on your computer.
• open the "F-Droid" app store
• Settings icon (down, right in the blue bar on the F-Droid window)
• section My Apps, tap on Repositories - Add additional sources of apps
• hit the "+" icon on the top, right in the blue bar.
• Repository address: https://microg.org/fdroid/repo

• Fingerprint : 9BD06727E62796C0130EB6DAB39B73157451582CBD138E86C468ACC395D14165

  ( ^- that's very long. It's much easier to copy-paster from the QR-code scan in CodeReader)

• make sure the "microG F-Droid repo is checked active (green)

• back to the main screen

  (hit the "<|" Android back button, than hit again "Latest" down, left in the blue bar on the F-Droid window)

• hit on the green magnifying glass search icon down right on the main pane.
• search for microG
• Download ( blue icon down arrow ) then install the following software (the first time, Android will ask you to grant to F-Droid the permission to install software) (each time a box pops-up asking you to confirm the installation).
  • microG Services Core - Re-Implementation of Playservice (That's microG proper, it also includes UnifiedNlp)
  • MozillaNlpBackend - UnifiedNlp location provider (Mozilla) (The usual recommendation mentioned in most HOWTOs - That's for finding location by asking Mozilla's cloud based on visible Wifi and Cell towers)
  • Apple UnifiedNlp Backed . Unified location provider (Apple Wifi) (Alternative option)
  • Signature Spoofing Checker - Test the signature spoofing capabilities (optional)
  • NominatimNlpBacked - UnifiedNlp geocoding provider (That's for finding street addresses)
  • microG DroidGuard Helper installation (optional - that's tools to help make use of the Security Net feature of Google Services)
  • FakeStore - microG Store (FakeStore release) (it's empty, but pretends that "Google Play Store" is installed, because some apps look for that)
  • microG Services Framework Proxy - Legacy support proxy library (for making Google Cloud Messaging work).
• other applications to search for, then install:
  • Aurora Store - A Google Playstore Client (optional - a modern-looking Google Play Store replacement)
  • Yalp Store - Download apks from Google Play Store (optional - a good Google Play Store replacement)
  • SAI - SAI lets you install split APKs (optional - some apps come actually split across a collection of separate files. Yalp can download them but can't install them. SAI fills this void)

microG will make a microG settings appear in Launcher. If installed, the optional Aurora or Yalp makes an icon too.

Other optional application to search for and install, that are useful in my opinion "Android Permissions", "Stanley - An application explorer for developers".

Grant Signature Spoofing Permissions

• You need to go to the Android settings. Two methods:
  1. Using stock Sailfish OS
     1. For versions of Sailfish 3.3 Rokua and newer
        • Settings app
        • >=3.3 speficic section Info, tool Android™ support
        • >=3.3 speficic push the Stop button if the support is still running
        • >=3.3 speficic wait until AlienDalvik has completely shutdown (Start button become available)
        • >=3.3 speficic swipe back to the main screen of Settings app
        • scroll down and tap on Apps >
        • select microG Settings
        • push the Open Android™ settings button
        • (Sailfish say: "* /!\ Starting Android™ App Support to launch com.android.settings*")
        • (you're now on the main screen of the Android Settings)
     2. For versions of Sailfish 3.2 Seitseminen and older
        • Settings app
        • scroll down and tap on Apps >
        • select microG Settings
        • push the Open Android™ settings button
        • <=3.2 specific (you're in the sub-screen of android settings about the microG GmsCore settings)
        • <=3.2 specific push the "<|" Android back arrow
        • (you're now on the main screen of the Android Settings)
  2. Install Coderus' Aliendalvik control
     • Settings app
     • section Look and feel, tool Aliendalvik Control
     • push the Settings button
• from the main screen of Android settings app:
• Apps & notifications - Permissions, default apps

• (after the apps) "App permissions - Apps using Location, Microphone, Camera"

  ( ^- warning it's not in the same place as on other ROMs, it's not among the Advanced permissions)

• (You arrive roughly at the screen that carmeloferso has shown here )
• scroll down to the list of permission (the end should read "SMS", "Storage", "Telephone", and...)
• pick the last permission "enable system package replacement"
• (You arrive at the second screen above )
• Here you can grant the "enable system package replacement" permission, a.k.a "Signature Spoofing":
  • FakeStore (make so the empty package seem to contain "com.android.vending" coming from the genuine Google's Play Store, so that apps checking for that are kept happy)
  • microG Service Core (make so "com.google.android.gms" seems to be coming from the genuine Google Play Service)
  • Signature Spoofing Checker (if you installed this option. It makes the checker apps' screen go green if the spoofing works)

If you don't find "enable system package replacement" in the permissions list, you might be still unknowingly running an old version of aliendalvik ('s system image). Check again the pre-requisits (remove left-over junk from /opt/alien, force re-install, etc.)

Restart alien-dalvik

So the permission granting takes effect:

• Settings app
• section Info, tool Android™ support
• you get again to the first screen shot above
• push the Stop button
• wait until AlienDalvik has completely shutdown (Start button become available)
• push the Start button
• wait until AlienDalvik has completely re-started (Stop button become available)

Checks

After this last restart, Signature Spoofing should work for the software you granted it to.

• application microG Settings
• section Setup, tool Self-Check - Checks if the system is correctly set up to use microG.
• (you arrive at the 3rd screen above)
• control that each test has passed (has a green check-mark)
  • specially Play Services (GmsCore) and PlayStore (Phonesky) should both be installed and have correct signatures.

More checks

• if you have installed "Signature Spoof Checker" and has granted it permission, it should show a green screen
• if you have installed "Stanley", when you check the application "microG Services Core - com.google.android.gms" and "FakeStore - com.android.vending", you'll notice that the signature pretends to be from Google (and not from "nogapps.de" unlike the other microG components)

Configure

• application microG Settings
• section Configuration, tool UnifiedNlp Settings

This is where you can configure the location services.

• Tap Configure location backends or Configure address lookup backends to configure either
  • You get a pop-up list with the list of back-ends.
  • You can check the checkbox at the right of a back-end to enable it.
  • Some back-ends (e.g.: Mozilla, Nominatim) have a small gear icon, tap it to configure the back-end (see below for Mozilla)

Note: Keep in mind that, as of 3.1.0 Seitseminen, Android app can see and query the WLAN (Wifi connection), but currently as demonstrated by several questions filed by other community members, the 3G/4G connection isn't always seen by Android Apps.

Thus you need to only rely on Wifi Network-based connection e.g.: rely on Apple's back-end, or configure Mozilla's to only use Wifi network, but NOT to use 3G/4G cell towers. If you do not do that you'll get the following problems :

• "UnifiedNLP has no last known location. This will cause some apps to fail." (if no other back-end present)
• "UnifiedNLP do not have Location to test Geocoder - Please verify your location Backend" (if no other back-end present)
• "No UnifiedNlp location was provided by the system within 10 seconds". (always fails)

That because the back-ends that rely on 3G/4G cell hang.

---

Advanced tips

Chrome

Some apps rely on a Google Chorme web browser to be present.

You can add Bormite to F-Droid, it's an opensource derivative of Chromium, but has more privacy and Ad-blocking (unlike Mozilla where it works everywhere, on Chrome only the desktop version has uBlock plugins).

Google Cloud Messaging

I've written another HOWTO about auto-starting apps. You might check how to enable/disable apps getting automatic alerts from the Cloud, and optionally getting auto-started to process it (e.g.: WhatsApp automatically getting messages instead of you needing to fetch them).

Apps that rely on Google Cloud Messaging and were already on the phone before you setup microG need to be installed again.

Google Play Store

This howto is done for using opensource app store for fetch APK from the Google Play Store (such as Aurora and/or Yalp) and the empty FakeStore package to trick any application that checks the presence of "com.android.vending".

For people wanting to use the genuine Google Play Store client app (in order to buy stuff directly from the app), it is possible to do thanks to NanoDroid, and carmeloferso has written a guide

• add nanodroid repository to F-Droid
• install Google Play Store from nanodroid
• grant it signature spoofing using the "enable system package replacement" permission
• in the Android Settings, in section "Users & accounts - Current user: Owner"
  • add Google account (if not already set-up in microG).
  • "Sign-in & security"
    • Turn on "Trust Google for app permissions - When disabled, the user is asked before an app authorization {...}"
    • Turn on "Allow apps to find accounts - When enabled, all applications on this devices will be able to see your Google Accounts"
• Start Google Play Store and let it sync.

"Root detected" and banking apps

Root detection relies on two things.

presence of Google Api

• something must provide 'com.google.android.gms' (aka.: GmsCore)

  you must install microG Services Core and grant it signature spoofing

• something must provide 'com.android.vending' (aka.: Phonesky)

  you must install either install microG's FakeStore or Nanodroid's patched Google Play Store and grant it signature spoofing

This keeps most of the applications happy.

SafetyNet

Google has a kind of backdoor anti-feature that allows them to remotely analyze Android smartphones.

microG uses a reimplementation of SafetyNet and a sandboxed version of google's proprietary DroidGurad ...

BUT Google has changed SafetyNet yet again and it doesn't work anymore (as of microG 0.2.8.17785 and DroidGuard Helper 0.1.0). Maybe in a future version ?

This causes a couple of banking app to still complain.

---

Extremely advanced stuff

Mapsv1

This Howto covers the modern Mapsv2 API as implemented by Google Play Services and UnifiedNLP.

Some apps, like the Greencopper ones used for lots of festivals, still rely on the old Mapsv1. microG has an implementation : it is a Java framework in a JAR that needs to by written into system.img.

Here is a script to add the mapsv1 jar into system.img:

#!/bin/bash

echo -e "\e[34;1m=================================\e[37;1m"
echo "[**] 0. Check environment"
echo -e "\e[34;1m=================================\e[0m"

if [ -e /opt/alien/system.img ]; then
    HAS_ALIEN_DALVIK=1
    ALIEN_VERSION="$(rpm -qf '/opt/alien/system.img' --qf '%{version}')"
    echo "AlienDalvik image version ${ALIEN_VERSION} found"
fi

set -e
SE_LOST=0


echo -e "\n\e[34;1m=================================\e[37;1m"
echo "[**] 1. Get system.img"
echo -e "\e[34;1m=================================\e[0m"

SYSIMG_ORIG="system.img.orig${ALIEN_VERSION+.${ALIEN_VERSION}}"

if [ -f "${SYSIMG_ORIG}" ]; then
    echo -e "\e[33;1mWARNING: reusing existing ${SYSIMG_ORIG}\e[0m"
elif [ -e /opt/alien/system.img ]; then
    rsync -avPL --inplace '/opt/alien/system.img' "${SYSIMG_ORIG}"
    chown --reference=. "${SYSIMG_ORIG}"
else
    echo -e "\e[31;1mERROR: can't find ${SYSIMG_ORIG}, please fetch it /opt/alien/system.img from your Sailfish smartphone"
    exit 1
fi

echo -e "\n\e[34;1m=================================\e[37;1m"
echo "[**] 1.1 Get MicroG Mapsv1"
echo -e "\e[34;1m=================================\e[0m"

if [ -f 'mapsv1.flashable.zip' ]; then
    echo -e "\e[33;1mWARNING: reusing existing mapsv1.flashable.zip\e[0m"
else
    curl -LO 'https://github.com/microg/android_frameworks_mapsv1/releases/download/v0.1.0/mapsv1.flashable.zip'
    chown --reference=. mapsv1.flashable.zip
fi
unzip -l mapsv1.flashable.zip


echo -e "\n\e[34;1m=================================\e[37;1m"
echo "[**] 2. Black belt mount-fu"
echo -e "\e[34;1m=================================\e[0m"

TMP_DIR="$(mktemp -d sysimg.XXXXXX)"

touch "${TMP_DIR}/.noindex"

MNT_DIR="${TMP_DIR}/squashfs_root"
mkdir -p "${MNT_DIR}"
mount -o ro,loop "${SYSIMG_ORIG}" "${MNT_DIR}"

# Check the sercurity extended attributes
if [[ "$(find ${MNT_DIR}/system/bin/ -print0 | xargs -0 getfattr -m - -d)" =~ security\.capability= ]]; then
    echo -e "\e[36;1mCheck: Security extended attributes are readable\e[0m"
else
    echo -e "\e[33;1mWARNING: Security extended attributes are missing !\e[0m"
    echo "Please re-install stock AlienDalvik RPM, otherwise logd, run-as and webzygote are going to be borken !"
    echo "(but the rest of Android otherwise works)"
    SE_LOST=1
fi


# MntPoints indexed array lists ALL subdirectories that we need to be writable for our patching needs
declare -a MntPoints
MntPoints=( 'system/framework' 'system/etc/permissions' )

for (( k = 0; k < "${#MntPoints[@]}"; k++)); do
    # check if any of the subdirectory carries extended attributes (e.g.: we want to patch /system/bin )
    if [[ "$(find ${MNT_DIR}/${MntPoints[$k]}/ -print0 | xargs -0 getfattr -m - -d)" =~ security\.capability= ]]; then
        echo -e "\e[33;1mWARNING: ${MntPoints[$k]} has security extended attributes !\e[0m"
        HAS_SECURITY=1
    else
        HAS_SECURITY=0
    fi

    mkdir -p "${TMP_DIR}/${k}"
    rsync -avPSHAX "${MNT_DIR}/${MntPoints[$k]}/" "${TMP_DIR}/${k}/"
    mount --bind "${TMP_DIR}/${k}" "${MNT_DIR}/${MntPoints[$k]}"

    # check if subdirectories got their extended attributes carried over
    if (( HAS_SECURITY )); then
        if [[ "$(find ${MNT_DIR}/${MntPoints[$k]} -print0 | xargs -0 getfattr -m - -d)" =~ security\.capability= ]]; then
            echo -e "\e[36;1mCheck: ${MntPoints[$k]} security extended attributes saved\e[0m"
        else
            echo -e "\e[33;1mWARNING: cannot save security extened attributs in ${MntPoints[$k]}, loss of functionnality is possible\[0m"
            echo "Try on a Linux laptop that doesn't run SELinux"
            SE_LOST=1
        fi
    fi
done



echo -e "\n\e[34;1m=================================\e[37;1m"
echo "[**] 3. Patch"
echo -e "\e[34;1m=================================\e[0m"

unzip -d "${MNT_DIR}" mapsv1.flashable.zip 'system/'{framework,etc}'/*'



echo -e "\n\e[34;1m=================================\e[37;1m"
echo "[**] 4. rebuild squashfs"
echo -e "\e[34;1m=================================\e[0m"

# check compression
if [[ "$(mksquashfs --help 2>&1 )" =~ lz4 ]]; then
    COMP="-comp lz4 -Xhc"
else
    echo -e "\e[33;1mWARNING: fast LZ4 compression not available, falling back to slower GZip compression\[0m"
    echo "AlienDalvik should work, just not as fast"
fi

mksquashfs "${MNT_DIR}" system.img.mapsv1 $COMP -noappend -no-exports -no-duplicates -no-fragments
chown --reference=. system.img.mapsv1

echo -e "\n\e[34;1m=================================\e[37;1m"
echo "[**] 4.1 mount clean-up"
echo -e "\e[34;1m=================================\e[0m"

for (( k = 0; k < "${#MntPoints[@]}"; k++)); do
    umount "${MNT_DIR}/${MntPoints[$k]}"
    [ -d "${TMP_DIR}/${k}/" ] && rm -rf "${TMP_DIR}/${k}/"
done
umount "${MNT_DIR}/"

echo -e "\n\e[34;1m=================================\e[37;1m"
echo "[**] 4.2 check image"
echo -e "\e[34;1m=================================\e[0m"

mount -o ro,loop system.img.mapsv1 "${MNT_DIR}"
if [[ "$(find ${MNT_DIR}/system/bin/ -print0 | xargs -0 getfattr -m - -d)" =~ security\.capability= ]]; then
    echo -e "\e[36;1mCheck: Security extended attributes are still readable\e[0m"
else
    echo -e "\e[33;1mWARNING: Security extended attributes are missing !\e[0m"
    SE_LOST=1
fi
umount "${MNT_DIR}/"
rmdir "${MNT_DIR}/"
rm "${TMP_DIR}/.noindex"
rmdir "${TMP_DIR}/"

if (( SE_LOST )); then
    echo -e "\e[33;1mWARNING: Security extended attributes are missing!\e[0m"
    echo "Please re-install stock AlienDalvik RPM, otherwise logd, run-as and webzygote are going to be borken !"
    echo "(but the rest of Android otherwise works)"
fi

(Inspired by yeoldegroove haystack-ing docker, my mods thereof to add mapsv1 and various scripts used to add Google Play Services directly from the device while not breaking logd. But I went for a slightly different approach a bit more space-saving (only loop-mounts the squashfs system.img, and uses bind-mounts for the directories that needs overwriting) )

It can be executed on the device, provided that you install attr and squashfs-tools package (note that the official Jolla one doesn't support LZ4, so the generated image will GZIP instead with is a bit smaller, but also a bit slower). Special care has been put to make sure that the Security Extended Attribute aren't lost and Android's logcat continues to work as it should.

It can be also executed on a Linux laptop (or a Raspberry Pi), provided that you transfer the file /opt/alien/system.img in (to be named system.img.orig).

The script produces a file named system.img.mapsv1 that now contains the necessary microG parts to make older apps work, too.

Widevine

I'm not using any DRM.

But if somebody has a good source for .so that actually work on Sailfish OS and XA2, please let me now, the above script could also be modified to add those too.