FORUMS
Remove All Ads from XDA

[APPS][No-Gapps][microG] RUNNING WITHOUT Google Services

90 posts
Thanks Meter: 90
 
By xXxGeek, Member on 23rd January 2018, 02:56 AM
Post Reply Email Thread
IS PLAY STORE NEEDED?

As it turns out, giving up Google is possible, and the experience isn't nearly as bad as you might think, plus my battery life is amazing now. If you care about privacy, better battery life, or want a smoother running phone, take the plunge and find a Rom that doesn't have Gapps installed.

Below are a few applications that I have tested without Gapps installed. I have also listed a few alternative store applications with there links. I exclusively use FLOSS, Free/Libre and Open Source Software, and because of this, I chose to install F-Droid.

What is "FLOSS and FOSS"
The two political camps in the free software community are the free software movement and open source. The free software movement is a campaign for computer users' freedom; we say that a nonfree program is an injustice to its users. The open source camp declines to see the issue as a matter of justice to the users, and bases its arguments on practical benefits only.

To emphasize that “free software” refers to freedom and not to price, we sometimes write or say “free (libre) software,” adding the French or Spanish word that means free in the sense of freedom. In some contexts, it works to use just “libre software.”

A researcher studying practices and methods used by developers in the free software community decided that these questions were independent of the developers' political views, so he used the term “FLOSS,” meaning “Free/Libre and Open Source Software,” to explicitly avoid a preference between the two political camps. If you wish to be neutral, this is a good way to do it, since this makes the names of the two camps equally prominent.

Others use the term “FOSS,” which stands for “Free and Open Source Software.” This is meant to mean the same thing as “FLOSS,” but it is less clear, since it fails to explain that “free” refers to freedom. It also makes “free software” less visible than “open source,” since it presents “open source” prominently but splits “free software” apart.

“Free and Open Source Software” is misleading in another way: it suggests that “free and open source” names a single point of view, rather than mentioning two different ones. This conceptualization of the field is an obstacle to understanding the fact that free software and open source are different political positions that disagree fundamentally.

Thus, if you want to be neutral between free software and open source, and clear about them, the way to achieve that is to say “FLOSS,” not “FOSS.”

We in the free software movement don't use either of these terms, because we don't want to be neutral on the political question. We stand for freedom, and we show it every time—by saying “free” and “libre”— or “free (libre)”. by Richard Stallman


If your running a Rom without Gapps, some applications like "Last Pass and Vimeo" will show a pop-up when you first start them that says, won't be able to run without Google Services, they might be able to run and some wont, unless you install microG, then you wont have this issue.

What is MicroG?
Actually, the microG is a free software clone of Google's proprietary center libraries and applications. To be more specific, it's a FLOSS (Free/Libre Open Source Software) frame to permit applications designed for Google Play Services to operate on programs, in which Play Services is not available. It provides all the needed APIs provided from the Google Play services so that the programs dependent on it may operate normally.

Telegram Links for microG Group HelpUpdate: I installed microG on my OnePlus 5T running Phoenix Rom. This Rom has signature spoofing already baked into it, so the installation is simpler, runs very smooth, better battery life and security. For detailed installation instruction, see post #5 below.

What is microG Signature Spoofing

To use all the neat features from the microG project, which allows you to use all features of your Android smartphone without proprietary battery-consuming Google blobs, your system is required to support signature spoofing. Currently only very few custom ROMs have built-in support for this feature, luckily you can use Xposed or a patching tool to add the feature to the systems that don’t have it.

But: What is all this about? Is signature spoofing a problem when not using microG? Will it influence my security?

About signature spoofing

On Android, all applications are signed (usually using SHA1 with RSA). The certificate/key-combinations used to sign apps are self-signed. This means there is no PKI / certificate authority to verify a key to be owned by a person/company/entity. Thus everyone can come up with a key that has a equally valid Google certificate as keys used by Google to publish their apps.

However, on Android signatures are not designed to serve the purpose of verifying ownership/source of a package. Signatures are used to verify integrity and to ensure same package author when updating apps. The second one is important, to verify that only one the author has access to the private storage of an app. A different author is not able to sign an app using the same key, because he does not have access to it, and thus can not provide an update to an application that will be granted access to the app private storage. For example, the Signal app provided by OpenWhisperSystems is signed by a key not available to third-parties and thus Signal can store chat history in the private app storage and don’t need to fear that a rogue update can access this data. This means that signatures are important to ensure the secrecy of the private app storage and thus is an essential part of the Android package managements security system.

Signature spoofing allows applications to behave like being signed by a third party. This means that whenever one application asks the operating system for the certificate used to sign an installed package and that package uses signature spoofing, instead of the certificate attached to the app, a spoofed certificate is returned. This certificate has to be announced in the AndroidManifest.xml and the app is required to request the android.permission.FAKE_SIGNATURE permission. This means that it is not only easy to detect that an application uses signature spoofing, the user also has to give its consent – before Android 6, this was done during installation time, since then the consent is even more explicit in a dedicated pop-up, and the user can decide not to grant the permission.

Of course only very few developers ever ask for the certificate used to sign an application. There are numerous reasons for that:
  • In most cases you only want to verify, that an app is signed with the same key as yours (e.g. the apps are from the same author). For this case, the package manager has a method checkSignatures which compares the certificates of two packages. Thus the app author is not required to mess with byte arrays returned when requesting the certificate – and verifying the author name of a certificate is completely useless as described above.
  • If you want to use any kind of security model, you are much more likely to introduce a custom permission. On Android every app can declare a new permission and decide which apps will be granted this permission. One option here is to restrict by signature, or you can also require explicit user consent. This again is a lot easier than working with certificates, even more flexible and can be used to allow third-parties to integrate with your app (on users decision). Nice!
  • Directly working with certificates is not considered a security feature and is not listed on the security tips article in the documentation, whereas the proper use of permissions is.
  • When using the package managers GET_SIGNATURES feature to directly access the certificate, the android lint tool (which is usually used during the compilation process) will print a high priority warning, as improper use of this feature can be a security risk and the proper use is rather complicated. So complicated, that Google themselves did it wrong once, resulting in a major Android security vulnerability (sometimes referred to as the Fake ID vulnerability).

So why does microG require signature spoofing?

Now that we know, that only very few use direct access to certificate, you might wonder why microG needs it for certain features. Well the fact is that although most developers don’t even now about it, their apps actually do direct certificate access. This is due to how Google Play Services works:

Play Service System

Applications that use Google Play Services use the Play Services client library. This library is directly embedded into the application, is delivered as part of it and finally runs in the security context of that app. And this library actually uses direct certificate access to ensure that the Play Services app installed on the device is singed by a specific private key. It also verifies that the Play Store is installed (and signed using the same key), although it is not required for Play Services to run. This is the reason for the development of the microG FakeStore app.

There is one other popular use case I’d like to stress: DRM. Some developers use direct certificate access to verify that the application itself is signed by them. The reason for this is simple: If you modify an application you need to sign it (the previous signature is broken, if your system is not vulnerable to the “Android Master Key” vulnerability). As you don’t have the private key of the original developer you will not be able to create a valid signature that has the same certificate. This means you can’t modify the application without the original developer knowing about it. (Well, you could modify the checking code itself, …). With signature spoofing you can easily bypass these restrictions – as long as the app does not contain code to detect signature spoofing. by ~larma/blog


If your Rom does not support Signature Spoofing, take a look at this link.
ALTERNATIVE STORE APPS:
F-Droid
XDA Labs
Yalp Store
PC: Raccoon
SECURITY APPS:
Firewalls:
NetGuard
AFWall+
Fing - Network Tools
Bluetooth Firewall
Add Bocker:
AdAway
DNS66
MinMinGuard
Data Protection:
XPrivacyLua
Monitoring:
Haven: Keep Watch (BETA)
App Lock:
Lockdown Pro
vpn:
Orbot
VPN Services
Virus Scan:
Checkey
Password:
Bitwarden Password Manager
KeePass DX
KeePassDroid
LastPass Beta
SnooperStopper
Network:
Android IMSI-Catcher Detector
Smarter Wi-Fi Manager
Wi-Fi Privacy Police
Browser:
Firefox Klar
Orweb
BATTERY APPS:
Naptime - Super Doze
MTweaks-KernelAdiutorMOD
AccuBattery
Battery Notifier BT
SHOPPING APPS:
Purchase: Amazon Shopping, eBay - Buy, Sell & Save, Newegg Mobile
Tracking: TrackChecker Mobile
TOOLS APPS:
File Manager: Amaze
Doc Viewer: MuPDF mini
Keep Screen On
AIDA64
Swiftnotes
Minimal TODO lists
PERSONALIZATION:
Ivy (Sidebar, Widgets, RSS)
K-Klock: Customize your statusbar clock with Substratum
AnySoftKeyboard
BeHe Keyboard
MultiLing Keyboard
LAUNCHERS:
ADW.Launcher
Hayai Launcher
MEDIA APPS:
Audio Effects: Viper4Android FX for Magisk
Music Player: Timber Material Design Music Player
Recorder: Android Call Recorder
YouTube Alternative: NewPipe, Vimeo
Browser: Firefox Klar, Orweb
Search: Wikipedia
Camera: CameraV & Open Camera
Scanner: Open Note Scanner
NAVIGATION:
OsmAnd~
AddressToGPS
LocationPrivacy
EMAIL APPS:
p≡p pretty Easy privacy
K-9 Mail
ProtonMail
MESSAGING APPS:
Phone:
True Phone
SMS:
Silence
Telegram
QKSMS Messaging
Signal Private Messenger
Voice Mail:
YouMail Voicemail & Call Blocker
Facebook client:
Face Slim
Twitter client
Twidere
PODCASTS APPS:
AntennaPod
BACKUP APPS:
oandbackup
ML Manager: APK Extractor
Titanium Backup
List My Apps
The Following 21 Users Say Thank You to xXxGeek For This Useful Post: [ View ] Gift xXxGeek Ad-Free
26th January 2018, 11:42 PM |#2  
xXxGeek's Avatar
OP Member
Flag Beer Capital
Thanks Meter: 90
 
Donate to Me
More
No Gapps Setup Guides
Helpful links to setting up no Gapps

Signature Spoofing

[INDEX] How to get the signature spoofing patch

microG unofficial installer simplify the installation of microG

MicroG, gapps in only 11mb

NanoDroid By Setialpha, XDA Ad-Free Senior Member

microG By MaR-V-iN, XDA Senior Member

[MOD][FLASHABLE] microG unofficial installer

microG/Android Packages apps GmsCore

{FIRE Gapps-Go™+Tweaks™ for OREO}*{*Micro-G™*}*{FIRE Audio™ For LP-Oreo}

If you are using microG as a replacement for the Google Play Services, the ROM that you install needs to have support for signature spoofing. In short, this allows microG to pretend to be the official Google Play Services, otherwise the system and other apps won’t listen to it. If you have the Xposed Framework installed, the following module will enable signature spoofing: FakeGApps by thermatk. You can find more on the microG wiki

Telegram Links for microG Group Help
The Following 12 Users Say Thank You to xXxGeek For This Useful Post: [ View ] Gift xXxGeek Ad-Free
28th January 2018, 01:00 AM |#3  
xXxGeek's Avatar
OP Member
Flag Beer Capital
Thanks Meter: 90
 
Donate to Me
More
A Few Rom's That Supports Signature Spoofing
I have listed several microG Rom's that are pre-built or compatible with microG. if you have tested either one of these or used any other microG builds, please let us know I'm currently running Phoenix Rom on my OnePlus 5T without Gapps installed. All these Rom's grants signature spoofing permissions, this is needed for any Rom to be able to run microG.
The Following 8 Users Say Thank You to xXxGeek For This Useful Post: [ View ] Gift xXxGeek Ad-Free
1st February 2018, 05:22 AM |#5  
xXxGeek's Avatar
OP Member
Flag Beer Capital
Thanks Meter: 90
 
Donate to Me
More
INSTALLATION OF microG
This post will show you how to install microG.

First you must have a Rom that doesn't have Gapps installed, next if your Rom supports signature spoofing, go to the first step, If your Rom doesn't support signature spoofing, go to this link to patch your Rom (How to get the signature spoofing patch) then come back for installation of microG.

If your not sure if your Rom supports microG, just go threw the first step below, open microG Settings app, then "Self-Check" it should look like attached picture at bottom of this page, if not, you need to patch your Rom.

FIRST STEP:
1. Must unlock boot-loader and have TWRP installed. Download bellow app to PC and follow instructions, if your phone is unlocked and TWRP installed, skip this step.If you already have your device unlocked and TWRP installed, do a recovery backup in TWRP, then copy it to your pc, I normally just copy all my files from my phone to my pc or external device.

You must do a fresh install in order to have microG working properly, I use "ALL IN ONE TOOL", this is my steps from the ALL IN ONE TOOL app, "Reboot Bootloader" and select "Erase All Data / Decrypt Internal Storage", next click on "Recovery Flasher" and choose, "Select recovery", TWRP 3.2.1 Universal (Your Device), then select "Only boot it" and "FLASH"

2. From PC, download firmware (if needed), Rom and microG, this is for the Phoenix Rom. If you are using a different Rom, your installation might be different, just flash microG after flashing your Rom.

3. From recovery, move downloads onto phone. Install Rom then microG, reboot system.

SECOND STEP:
1. Downloads to PC.
  • Magisk & Magisk Manager If you want Root. For the Phoenix Rom, install Magisk v14.0 first, then upgrade to v15.3 after first reboot, known to boot loop otherwise.
  • F-Droid
2. Move all download to phone, boot into recovery, install Magisk and No GApps Package, reboot.
3. Open your Files app, navigate to folder you put apk's, Install Magisk Manager.apk and F-Droid.apk/unless you flashed No GApps Packages.

THIRD STEP:
  1. In phone, navigate to System Setting, Location, Mode and change it to High accuracy.
  2. Go to UnifiedNip Settings and enable Network based Geo-location and Address lookup.
  3. Open F-Droid Store and swipe down on screen to update repositories, now install Mozilla Stumbler from F-Droid Store and start.
  4. Open microG Settings app, go to UnifiedNip Settings, make sure every thing is checked for Address lookup and Network based Geolocation.
  5. Now go to main page of microG Settings, then Self-Check, check box, System grants signature spoofing permission, grant access, Allow.

Access your paid applications from play store

1. Install a PlayStore APK
  • If you have BlankStore installed, continue with the next step.
  • If you want to be able to access the Play Store, install BlankStore from the XDA thread. It is not a requirement that you set it up correctly and this is not covered by this instructions. If you need help, ask in the BlankStore original thread.
  • If you don't care about Play Store access, Install FakeStore.zip.
2. Open the microG Settings
which are available in the launcher now. If you want to use any Google services (Log-In, Cloud Messaging), tick both checkboxes for background services. This is the only supported setup, but you are free to disable them if you like playing with fire. You can also open the UnifiedNlp settings to enable the location backends of your choice. If you don't have any yet, check out F-Droid. For further questions and concerns regarding UnifiedNlp, use its corresponding GitHub repo or XDA thread.
3. Reboot your device
If you skip this step, everything unwanted is possible.
4. Disable Battery Optimization
if you use Android 6 (Marshmallow) or above. Ensure that it is disabled for microG Services Core in System Settings > Battery > Menu > Battery optimization. Note that this is the case for the original Play Services, as it is required to keep a stable background connection.
Note: On Android 7 (or later) an additional patch is needed to make location work, or alternatively, you can install GmsCore.apk in the /system/priv-app folder. This can be done by using adb push.

Testing
  • You can test Google Cloud Messaging using this test application*. Push notifications do not require account registration.
  • You can add an account through the system settings. Some applications might ask you to do so, if you don't.
  • Apps that use Cloud Messaging must be installed after GmsCore, or else they will not work. Some applications that can run with microG GmsCore is installed in the correct order: TextSecure/Signal, Play Music, YouTube
  • If you are using AdAway, make sure to put mtalk.google.com on your whitelist, or else problems are likely to occur when using Google Cloud Messaging. Thanks @benstyle1 on XDA for the hint.


Telegram Links for microG Group Help
Attached Thumbnails
Click image for larger version

Name:	Screenshot_microG Services.png
Views:	1564
Size:	245.2 KB
ID:	4416073  
The Following 6 Users Say Thank You to xXxGeek For This Useful Post: [ View ] Gift xXxGeek Ad-Free
7th February 2018, 02:46 AM |#6  
mi3x's Avatar
Senior Member
Flag Bucharest
Thanks Meter: 32
 
More
Awesome thread, thank you very much for your efforts. I followed the nogapps tutorial to the letter, still having problem with Signal app.
It wouldn't register my phone number. Can you maybe check it also? https://www.signal.org/android/apk/
LE: NVM, solved it by enabling GCM in MicroG settings and register Signal in MicroG GCM settings.
Another question, how much time should I keep Mozilla Stumbler from F-Droid Store scanning, and is it required?
Thanks again.
The Following User Says Thank You to mi3x For This Useful Post: [ View ] Gift mi3x Ad-Free
7th February 2018, 06:51 AM |#7  
xXxGeek's Avatar
OP Member
Flag Beer Capital
Thanks Meter: 90
 
Donate to Me
More
Quote:
Originally Posted by mi3x

Awesome thread, thank you very much for your efforts. I followed the nogapps tutorial to the letter, still having problem with Signal app.
It wouldn't register my phone number. Can you maybe check it also? https://www.signal.org/android/apk/
LE: NVM, solved it by enabling GCM in MicroG settings and register Signal in MicroG GCM settings.
Another question, how much time should I keep Mozilla Stumbler from F-Droid Store scanning, and is it required?
Thanks again.

Thanks for the post, this has been a learning experience for me, I just wanted to share my procedure with any one interested in installing microG. I use Signal as well, glad you figured it out, and as for Mozilla Stumbler, there is no need for it to be scanning after you have accessed the Play Store. I'm assuming that your using the OP5T phone with the Liquid Remix Rom, if so, I have updated the installation process, now there is no need to use Xposed framework.
The Following User Says Thank You to xXxGeek For This Useful Post: [ View ] Gift xXxGeek Ad-Free
7th February 2018, 10:17 AM |#8  
mi3x's Avatar
Senior Member
Flag Bucharest
Thanks Meter: 32
 
More
I really appreciate it, you saved me from a lot of work, nicely gathering them all into this special thread. Fortunately enough, I use a different rom, Unofficial LineageOS 14.1 with custom kernel and it works perfectly as well.
I followed your steps in post 5, everything went smoothly.
Many thanks once again, for me this is a gem, just migrated from iOS and slowly moving away from google and trying to replace most of my apps, just setup my davDroid with my nextcloud server, it'll take some time but I'll get there eventually.

Now a question about playstore, did I misunderstand, or why would I access it anyway? The other non FOSS apps which I need at the moment, I install from yalp. Please adivse a bit on this angle.

Have a good one.
The Following User Says Thank You to mi3x For This Useful Post: [ View ] Gift mi3x Ad-Free
7th February 2018, 11:30 AM |#9  
vagkoun83's Avatar
Senior Member
Flag Athens
Thanks Meter: 60
 
More
Excellent thread. I use microg 2 years, with lg g2 and now with op5t about 1,5 month at stock ROM. I am also try to de-google my self as much as i can.
Fdroid has excellent apps and you can find everything. I prefer lightweight apps with less permissions and ram/mb ie New pipe is an excellent YouTube replacement. I Subscribe to this thread. Keep it GOOGLESS

Sent from my ONEPLUS 5T
The Following User Says Thank You to vagkoun83 For This Useful Post: [ View ] Gift vagkoun83 Ad-Free
7th February 2018, 04:15 PM |#10  
Senior Member
Thanks Meter: 19
 
More
Quote:
Originally Posted by vagkoun83

Excellent thread. I use microg 2 years, with lg g2 and now with op5t about 1,5 month at stock ROM. I am also try to de-google my self as much as i can.
Fdroid has excellent apps and you can find everything. I prefer lightweight apps with less permissions and ram/mb ie New pipe is an excellent YouTube replacement. I Subscribe to this thread. Keep it GOOGLESS

Sent from my ONEPLUS 5T

Pro can you tell me how you debloat Google apks without problem

Sent from my ONEPLUS A5010 using Tapatalk
7th February 2018, 04:42 PM |#11  
vagkoun83's Avatar
Senior Member
Flag Athens
Thanks Meter: 60
 
More
[APPS][No-Gapps][microG] RUNNING WITHOUT Google Services
Microg unofficial installer delete conflict apps.
The rest apps uninstall with apps like titanium
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes