[INDEX] How to get Signature Spoofing support

Search This thread

lee.wp14

Senior Member
Sep 15, 2015
527
411
Penang

5c2cf64616b6d.jpg

Beware, you are about to enter a dangerous zone!

I N T R O D U C T I O N
Signature Spoofing is a feature that allow apps to impersonate themselves as other apps. It works by faking the package signature of an app as the one that the app is trying to spoof.
This feature is common among microG users, as it is required for microG's custom implementation of Google Play Services to work fine.
If you do not understand what microG is, you should consider leave this page. You are probably trying to do something dangerous. If you know exactly what you are doing, you may however proceed at your own risk :)
Thanks to @Primokorn for starting this thread and maintaining the list previously!

I M P L E M E N T A T I O N
You have 3 options. Read carefully to determine which option suits you the best.
O P T I O N 1 : Xposed Module
If you are a Xposed user, and you need a hassle-free implementation method, go ahead and get the FakeGApps module designed for microG!​
O P T I O N 2 : System Patch
If you want a more persistent, perfect approach, you may patch your system to have Signature Spoofing feature supported.​
There are quite a number of Signature Spoofing patch out there, mainly Haystack, Needle/Tingle, and NanoDroid patcher. It is advisable to use this approach on deodexed systems only.​
Haystack and Tingle requires a PC and some basic knowledge on running scripts, while NanoDroid patcher is actually a flashable ZIP - it patches your system on-the-fly.​
Additionally, Haystack provides a patch for Settings app that allows you to turn Signature Spoofing on and off in Developer Options.​
Haystack - GitHub
Tingle - GitHub
NanoDroid Patcher - Direct | GitLab | XDA Forum
O P T I O N 3 : Use supported ROM
There are quite a number of ROMs which comes with Signature Spoofing support. Some is enabled globally, some requires you to enable it in Developer Options, while some requires you to grant Signature Spoofing explicitly (managed by AppOps). However, do take note that there are still a few Android distributions which rejects merging of Signature Spoofing implementation commit, commented that implementing Signature Spoofing is to introduce a big security hole.​
Below is a list of Custom ROMs that supports Signature Spoofing officially:​
  • AospExtended (AEX)
  • Android Ice Cold Project (AICP)
  • AIMROM
  • Android Open Source Illusion Project (AOSIP)
  • ArrowOS
  • CarbonROM
  • Corvus ROM
  • crDroid
  • dotOS
  • Ground Zero ROMs (GZOSP)
  • Havoc-OS
  • LineageOS for MicroG
  • MSM-Xtended
  • OmniROM
Inactive Custom ROMs with official Signature Spoofing support :​
  • Android Open Source G-OS Project (AOSGP)
  • Atomic-OS
  • Cardinal-AOSP
  • CitrusCAF
  • HalogenOS
  • Hexa-Project
  • MarshRom
  • nAOSProm
  • Nitrogen OS
  • Tugapower
  • Validus
  • ViperOS
  • XOSP
N O T A N O P T I O N : For Developers
MicroG personally provides Signature Spoofing patches on GitHub, however those patches do not include a switch for toggling Signature Spoofing.​
Developers can refer to commits on Omni's gerrit, which includes a switch for Signature Spoofing in Developer Options (commit 1, commit 2). You can however and also highly recommended, refer to more latest commits from other ROMs.​
For Android 4.4, I personally have adapted the commit from Omni's to make it works for Android 4.4.4 (commit 1, commit 2, commit 3).​

OLD

microg.png

Introduction
microG GmsCore is a FLOSS (Free/Libre Open Source Software) framework to allow applications designed for Google Play Services to run on systems, where Play Services is not available. If you use your phone without GAPPS this might become a useful tool for you.
microG GmsCore is one of the two core components of the microG project.

XDA Thread | Wiki


IF YOU WANT A XPOSED MODULED
You can simply use this Xposed module: FakeGapps (tested on Oreo 8.1 by @kurtn)



IF YOU DO NOT USE XPOSED
You can use Tingle but you have to run it each time you install a new ROM or a dirty flash. The ROM has to be deodexed. Thanks @ale5000
Haystack is also a solution.
Do you know NanoDroid? It's a microG installer with a large selection of useful apps. Additionally there is a flashable zip to patch your ROM. It automatically re-patches after a dirty flash (e.g. OTA update). No adb/PC required! (thanks @Setialpha)

Your last option is to use a custom ROM that includes the signature spoofing patch. Here is the list:
The signature spoofing option is normally available at the bottom of the dev options or in Settings > Apps > Advanced (gear icon) > Additional permissions. Or simply ask the permission from microG's self-check screen.

• AEX AospExtended
• AICP
• AimRom
• AOSGP
• Android Open Source Illusion Project (AOSIP)
• AtomicOS
• CarbonROM
• Cardinal-AOSP
• CitrusCAF
• crDroid
• dotOS
• Ground Zero Roms aka GZR: Tipsy
• HalogenOS
• Havoc-OS
• Hexa-Project
LineageOS (unofficial builds for several devices) thanks to @Simon94 // Official website: https://lineage.microg.org/
• MarshRom
• nAOSProm
• NitrogenOS
• OmniROM
• Tugapower
• Validus (Oreo at least)
• ViperOS
• XOSP


Signature spoofing is also supporting on these specific custom ROMS:
Click here

Thanks to all these developers!!!



PENDING REQUESTS TO INCLUDE SIGNATURE SPOOFING IN THE FOLLOWING CUSTOM ROMS


CLOSED REQUESTS
• LineageOS → Rejected / Thread on XDA
• Dirty Unicorns → Rejected
• Resurrection Remix → Probably rejected since no answer from 2 maintainers despite my reminders...
• Phoenix AospExtended (OP3/3T) → Accepted


Notes:
1. I won't check every ROM thread on XDA so feel free to tag me or post a comment below
2. You will probably have to enable the signature spoofing in the dev options. Then check microG settings app > Self-Check.
3. Have a look at the development section of your device specific forum. You may find one of these custom ROMS!
 
Last edited:

Bludwurst

Senior Member
Mar 26, 2016
539
476
Moto G
Redmi 9A
You need an account to see the rejection notice (to call it something) for Dirty Unicorns. Since I'm curious, why did they reject it? "Security concerns"?

A shame, either way; DU is my favorite ROM :v

Hopefully RR accepts.

Sent from my Motorola Moto G using XDA Labs
 

Primokorn

Senior Member
Nov 17, 2012
11,493
7,725
You need an account to see the rejection notice (to call it something) for Dirty Unicorns. Since I'm curious, why did they reject it? "Security concerns"?

A shame, either way; DU is my favorite ROM :v

Hopefully RR accepts.

Sent from my Motorola Moto G using XDA Labs
Actually I didn't get a clear answer... They are not interested. That's it.
 

Attachments

  • Capture.PNG
    Capture.PNG
    43.4 KB · Views: 3,453
  • Like
Reactions: Bludwurst

Primokorn

Senior Member
Nov 17, 2012
11,493
7,725
Maybe they'll wait until microG grows and matures with time. The DU crew is kinda like that; they want everything very professional and finished.
microG will always be a bit behind compared to Google services so don't hold your breath. BTW I don't consider Play Services very stable or finished.

Or maybe they just don't caaaaaare.
This ^^^^ They say that they promote indie developments (outside of XDA) but they don't want to add one single commit (an option that can be disabled!)... I'm disappointed even if I didn't have a lot of hope.
I agree DU is an awesome ROM, though.
 
  • Like
Reactions: #Henkate

Bludwurst

Senior Member
Mar 26, 2016
539
476
Moto G
Redmi 9A
Are you certain AOSiP has sig. spoofing? I tried a build for my phone and I couldn't find any option to enable it, nor did the permission appear after installing microG and the FakeStore.
But maybe I missed it :silly:
I'm on halogenOS anyway.

I had the idea to request AOKP to add signature spoofing, but I couldn't find out how to do so (their site isn't very helpful; they make no reference to how or where to submit requests).
Am I suppused to drop by the G+ community and ask them there...? Or use the bug tracker...? :confused:
I'll look into this.

And I guess the RR people haven't replied back?

Sent from my ECS TR10RS1 using XDA Labs
 

Primokorn

Senior Member
Nov 17, 2012
11,493
7,725
Are you certain AOSiP has sig. spoofing? I tried a build for my phone and I couldn't find any option to enable it, nor did the permission appear after installing microG and the FakeStore.
But maybe I missed it :silly:
I'm on halogenOS anyway.
Maybe @quantesh can answer you. He may used an unofficial build: https://forum.xda-developers.com/showpost.php?p=71036625&postcount=2827

I had the idea to request AOKP to add signature spoofing, but I couldn't find out how to do so (their site isn't very helpful; they make no reference to how or where to submit requests).
Am I suppused to drop by the G+ community and ask them there...? Or use the bug tracker...? :confused:
I'll look into this.
I didn't use AOKP for a while... Any contact form should do the job. Website, G+... If you find a "feature request" link, choose this one :)

And I guess the RR people haven't replied back?
No news for now.
@apascual89 did you have some time to discuss with your team?

BTW Phoenix AospExtended ROM should include the patch in the next build (OP3T at least).
 
  • Like
Reactions: Bludwurst

Primokorn

Senior Member
Nov 17, 2012
11,493
7,725
UPDATE:
• add a section for specific ROMS
• Phoenix AospExtended has accepted my request for OP3/3T
 

Bludwurst

Senior Member
Mar 26, 2016
539
476
Moto G
Redmi 9A
If I want to suggest full microG support (a la Omni where MicroG can be a location provider w/o being a system app) should I link to both signature spoofing and location patches?

Sent from my Motorola Moto G using XDA Labs
 

barturblits

Senior Member
Jul 4, 2014
332
79
If I want to suggest full microG support (a la Omni where MicroG can be a location provider w/o being a system app) should I link to both signature spoofing and location patches?
Since when does omni support location provider tasks w/o being a system app? Did not see that commit come by. Would be very nice if they accepted that patch.
 

Bludwurst

Senior Member
Mar 26, 2016
539
476
Moto G
Redmi 9A
Since when does omni support location provider tasks w/o being a system app? Did not see that commit come by. Would be very nice if they accepted that patch.

Well, I have MicroG Core installed as an user app on OmniROM (Nougat) and all the UnifiedNLP checkboxes are, well, checked. This didn't happen in other ROMs I've tried for my device (a Moto G1, or falcon) that natively support Sig. Spoofing.

Sent from my Motorola Moto G using XDA Labs
 

Top Liked Posts

  • There are no posts matching your filters.
  • 51

    5c2cf64616b6d.jpg

    Beware, you are about to enter a dangerous zone!

    I N T R O D U C T I O N
    Signature Spoofing is a feature that allow apps to impersonate themselves as other apps. It works by faking the package signature of an app as the one that the app is trying to spoof.
    This feature is common among microG users, as it is required for microG's custom implementation of Google Play Services to work fine.
    If you do not understand what microG is, you should consider leave this page. You are probably trying to do something dangerous. If you know exactly what you are doing, you may however proceed at your own risk :)
    Thanks to @Primokorn for starting this thread and maintaining the list previously!

    I M P L E M E N T A T I O N
    You have 3 options. Read carefully to determine which option suits you the best.
    O P T I O N 1 : Xposed Module
    If you are a Xposed user, and you need a hassle-free implementation method, go ahead and get the FakeGApps module designed for microG!​
    O P T I O N 2 : System Patch
    If you want a more persistent, perfect approach, you may patch your system to have Signature Spoofing feature supported.​
    There are quite a number of Signature Spoofing patch out there, mainly Haystack, Needle/Tingle, and NanoDroid patcher. It is advisable to use this approach on deodexed systems only.​
    Haystack and Tingle requires a PC and some basic knowledge on running scripts, while NanoDroid patcher is actually a flashable ZIP - it patches your system on-the-fly.​
    Additionally, Haystack provides a patch for Settings app that allows you to turn Signature Spoofing on and off in Developer Options.​
    Haystack - GitHub
    Tingle - GitHub
    NanoDroid Patcher - Direct | GitLab | XDA Forum
    O P T I O N 3 : Use supported ROM
    There are quite a number of ROMs which comes with Signature Spoofing support. Some is enabled globally, some requires you to enable it in Developer Options, while some requires you to grant Signature Spoofing explicitly (managed by AppOps). However, do take note that there are still a few Android distributions which rejects merging of Signature Spoofing implementation commit, commented that implementing Signature Spoofing is to introduce a big security hole.​
    Below is a list of Custom ROMs that supports Signature Spoofing officially:​
    • AospExtended (AEX)
    • Android Ice Cold Project (AICP)
    • AIMROM
    • Android Open Source Illusion Project (AOSIP)
    • ArrowOS
    • CarbonROM
    • Corvus ROM
    • crDroid
    • dotOS
    • Ground Zero ROMs (GZOSP)
    • Havoc-OS
    • LineageOS for MicroG
    • MSM-Xtended
    • OmniROM
    Inactive Custom ROMs with official Signature Spoofing support :​
    • Android Open Source G-OS Project (AOSGP)
    • Atomic-OS
    • Cardinal-AOSP
    • CitrusCAF
    • HalogenOS
    • Hexa-Project
    • MarshRom
    • nAOSProm
    • Nitrogen OS
    • Tugapower
    • Validus
    • ViperOS
    • XOSP
    N O T A N O P T I O N : For Developers
    MicroG personally provides Signature Spoofing patches on GitHub, however those patches do not include a switch for toggling Signature Spoofing.​
    Developers can refer to commits on Omni's gerrit, which includes a switch for Signature Spoofing in Developer Options (commit 1, commit 2). You can however and also highly recommended, refer to more latest commits from other ROMs.​
    For Android 4.4, I personally have adapted the commit from Omni's to make it works for Android 4.4.4 (commit 1, commit 2, commit 3).​

    OLD

    microg.png

    Introduction
    microG GmsCore is a FLOSS (Free/Libre Open Source Software) framework to allow applications designed for Google Play Services to run on systems, where Play Services is not available. If you use your phone without GAPPS this might become a useful tool for you.
    microG GmsCore is one of the two core components of the microG project.

    XDA Thread | Wiki


    IF YOU WANT A XPOSED MODULED
    You can simply use this Xposed module: FakeGapps (tested on Oreo 8.1 by @kurtn)



    IF YOU DO NOT USE XPOSED
    You can use Tingle but you have to run it each time you install a new ROM or a dirty flash. The ROM has to be deodexed. Thanks @ale5000
    Haystack is also a solution.
    Do you know NanoDroid? It's a microG installer with a large selection of useful apps. Additionally there is a flashable zip to patch your ROM. It automatically re-patches after a dirty flash (e.g. OTA update). No adb/PC required! (thanks @Setialpha)

    Your last option is to use a custom ROM that includes the signature spoofing patch. Here is the list:
    The signature spoofing option is normally available at the bottom of the dev options or in Settings > Apps > Advanced (gear icon) > Additional permissions. Or simply ask the permission from microG's self-check screen.

    • AEX AospExtended
    • AICP
    • AimRom
    • AOSGP
    • Android Open Source Illusion Project (AOSIP)
    • AtomicOS
    • CarbonROM
    • Cardinal-AOSP
    • CitrusCAF
    • crDroid
    • dotOS
    • Ground Zero Roms aka GZR: Tipsy
    • HalogenOS
    • Havoc-OS
    • Hexa-Project
    LineageOS (unofficial builds for several devices) thanks to @Simon94 // Official website: https://lineage.microg.org/
    • MarshRom
    • nAOSProm
    • NitrogenOS
    • OmniROM
    • Tugapower
    • Validus (Oreo at least)
    • ViperOS
    • XOSP


    Signature spoofing is also supporting on these specific custom ROMS:
    Click here

    Thanks to all these developers!!!



    PENDING REQUESTS TO INCLUDE SIGNATURE SPOOFING IN THE FOLLOWING CUSTOM ROMS


    CLOSED REQUESTS
    • LineageOS → Rejected / Thread on XDA
    • Dirty Unicorns → Rejected
    • Resurrection Remix → Probably rejected since no answer from 2 maintainers despite my reminders...
    • Phoenix AospExtended (OP3/3T) → Accepted


    Notes:
    1. I won't check every ROM thread on XDA so feel free to tag me or post a comment below
    2. You will probably have to enable the signature spoofing in the dev options. Then check microG settings app > Self-Check.
    3. Have a look at the development section of your device specific forum. You may find one of these custom ROMS!
    5
    Anyone having success with fakegapps and lsposed on LOS18.1? I whitelisted nearly everything and it says system is able to spoof signature but gmscore and fakestore still show as unspoofed.
    There are several procedures available like
    Or
    Signature Spoofing for Android 11
    Guide by bluede-v Will

    First of all Flash your ROM and Magisk (you need to download the latest version to get Magisk working on Android 11)

    Click on Build number (7x) to enable Developer Options

    After that enable ADB-Debugging and Root-ADB-Debugging in your ROM in case of LineageOS go to Setting -> System -> Developer Options

    So Lets go this is the more complicated part. but also really easy if you done it once.

    I'm using Debian Linux but it should be possible on every OS. In Windows use the Linux Subsystem.

    You need to have ADB installed on your System tho.

    ADB link: https://adbdownload.com

    First of all you need to download this 2 Files:


    Rename "spoof\_AVDapi30.zip.ONLY'MAGISK&ANDROID-STUDIO" to "spoof\_AVDapi30.zip"

    Next Download this zip: https://gitlab.com/oF2pks/haystack/-/archive/11-attempt/haystack-11-attempt.zip

    Also download this jar file: https://github.com/DexPatcher/dexpa...nload/v1.8.0-beta1/dexpatcher-1.8.0-beta1.jar

    So now unzip the haystack-11-attempt.zip and put the dexpatcher.jar file into to Folder.

    This part I use Bash shell in Linux.
    Bash:
    adb pull /system/framework/services.jar

    java -jar dexpatcher-1.8.0-beta1.jar -a 11 -M -v -d -o ./ services.jar 11-hook-services.jar.dex 11core-services.jar.dex
    (After that Command you should have 4 files all named classes*.dex)
    Bash:
    mkdir repack

    zip -j repack/services.jar classes*.dex
    After that you should have a new services.jar in your repack Folder.

    Now You need to open the spoof\_AVDapi30.zip go in /system/framework/ and delete the old services.jar and put your own file in. that's in your repack Folder.

    Don't ruin the zip-format of the file tho because otherwise Magisk will cry while install.

    After that put your spoof-AVDapi30.zip and your microG\_AVDx86api30\_magiskMaRViN.zip on your Phone and Flash via Magisk.

    Reboot and you hopefully have Signature spoofig working. If you run in any Problems check out the GitHub Links here. there will be comments that maybe will help.

    3
    Installation guide for supported ROM

    This is how I installed microG without using NanoDroid.

    I use Lineage MicroG as reference, which has the following files:
    Code:
    /system/priv-app/GmsCore.apk
    /system/priv-app/FakeStore.apk
    /system/etc/permissions/privapp-permissions-GmsCore.xml
    /system/etc/permissions/privapp-permissions-FakeStore.xml

    Instructions:
    1. Enable signature spoofing in the ROM setting (when relevant, some ROMs enable by default).
      havos-signature-spoofing.png
    2. Flash microg.zip using TWRP.
    3. Grant microG the necessary permissions through its settings.
      1. If that doesn't work, try using adb shell
        Code:
        pm grant com.google.android.gms android.permission.FAKE_PACKAGE_SIGNATURE
        pm grant com.android.vending android.permission.FAKE_PACKAGE_SIGNATURE
    4. (Recommended) Install Aurora Droid to easily update microG. Aurora Droid is a more user-friendly alternative of the official F-Droid client.
      1. Enable microG repo in Aurora Droid.
      2. (Optional) Flash aurora-services.zip. This enables auto update in Aurora Droid; after flash, in Aurora Services app, whitelist Aurora Droid and grant necessary permissions. Then in Aurora Droid settings, choose Aurora Services as installation method.
    5. Install UnifiedNlp, MozillaNlpBackend (Apple Nlp is better, but proprietary), and NomatimNlpBackend. All available in Aurora Droid.
    6. (Optional) Install the GsfProxy (from Aurora Droid).
    7. Grant spoofing permission (via adb shell):

    adb shell doesn't need root/su since the permission xml is already in the /system.

    Optional: Use Aurora Store to install play store apps.

    SHA256SUMS:
    Code:
    89860079b63ec895991637dde9a052592afe49c4eed2f8d1e0df9722418ae1ad  aurora-services-1.0.6.zip
    d53996741a12570612ffa48e90277a97092b01723de2fd4afba6b2ea6b8c054f microG-0.2.16.204713.zip

    Edit (01/01/2021):
    • Aurora Services 1.0.6
    • microG 0.2.16.204713
    • Removed discontinued Yalp Store
    • Removed Aurora Store & GsfProxy; installable via Aurora Droid.
    • Removed F-Droid, replaced by Aurora Droid+Services

    Edit (27/01/2020):
    • Aurora Store 3.1.8
    • F-Droid 1.7.1
    • GsfProxy 0.1.0 (official-signed, was NanoDroid-signed)
    • microG 0.2.10.19420 (includes official APK
    • Removed discontinued NanoDroid's microG and GsfProxy
    2
    Hi,

    I regularly build updates (hosted on AFH) containing the microG patch for following devices (I've included the links to the most current builds):


    However, I do not 'own' dedicated threads for them, I post my updates in respective device/ROM threads.
    Regards, M.
    2
    Hey there, the patch was merged some days ago by me to XOSP, @Primokorn could you add XOSP to the list?
    check the commit here