OpenGapps sideload failed on Copperhead OS 7.0

[acabrol]

Dear Copperhead,
I installed latest update: angler-ota_update-2016.10.21.23.10.25.zip on my Nexus 6P.

after update i recovery mode with twrp-3.0.2-2-angler.img .

I tried to sideload following opengapps versions with listed results:

• open_gapps-arm64-7.0-pico-20160912.zip, copperhead boot but no playstore in the apps list
• open_gapps-arm64-7.0-micro-20161024.zip, copperhead boot but no playstore in the apps list
• open_gapps-arm64-7.0-mini-20161024.zip, copperhead boot but no playstore in the apps list
• open_gapps-arm64-7.0-stock-20161024.zip, boot stuck on Google logo (maybe just too long for me)

I send to you my logs for open_gapps-arm64-7.0-mini-20161024.zip which seems to work for some people on reddit.

Could you help me to find the issue?
What i can do to get the PlayStore anyway?

[thestinger]

Using an alternate recovery isn't something that's supported, especially if it's being used to make changes to the other operating system partitions. It's inherently insecure and broken.

Use the Amazon Appstore if you really need a wider selection of apps than F-Droid provides. There's no supported or sane way to use the Play Store / Play Services on CopperheadOS. You can do whatever you want, but we won't provide instructions or attempt to avoid incompatibilities with it.

[thestinger]

Using an alternate recovery isn't something that's supported, especially if it's being used to make changes to the other operating system partitions. It's inherently insecure and broken.

Use the Amazon Appstore if you really need a wider selection of apps than F-Droid provides. There's no supported or sane way to use the Play Store / Play Services on CopperheadOS. You can do whatever you want, but we won't provide instructions or attempt to avoid incompatibilities with it.

[acabrol]

Amazon Appstore use self-signed certificate for the apps. It means that we have to enable installation from unknown source which allow any apk to install on Android dedicated apk for malicious activities.

Regardings threat exposure Google PlayStore, even if it open permissions issue is more secure than Amazon Appstore.

Do i missed something about Google PlayStore security issue which could expose to install any untrusted apk on my Android smartphone?

[acabrol]

Amazon Appstore use self-signed certificate for the apps. It means that we have to enable installation from unknown source which allow any apk to install on Android dedicated apk for malicious activities.

Regardings threat exposure Google PlayStore, even if it open permissions issue is more secure than Amazon Appstore.

Do i missed something about Google PlayStore security issue which could expose to install any untrusted apk on my Android smartphone?

[stellirin]

The problem isn't GApps and the play store directly - many people want higher security and are also happy to trust Google to be part of their security - but rather dm-verity. The system image is signed and verified by the boot image. Any change to the system partition, even simply remounting it as rw will break the signature.

Any kind of recovery environment that allows arbitrary installations is inherently insecure, which is why Copperhead OS is the exception to most aftermarket builds of Android in that it keeps all of the nice Android security features enabled.

If you want GApps then you need to build Copperhead OS yourself, with GApps as part of the build, and then handle all updates yourself too.

[stellirin]

The problem isn't GApps and the play store directly - many people want higher security and are also happy to trust Google to be part of their security - but rather dm-verity. The system image is signed and verified by the boot image. Any change to the system partition, even simply remounting it as rw will break the signature.

Any kind of recovery environment that allows arbitrary installations is inherently insecure, which is why Copperhead OS is the exception to most aftermarket builds of Android in that it keeps all of the nice Android security features enabled.

If you want GApps then you need to build Copperhead OS yourself, with GApps as part of the build, and then handle all updates yourself too.

[thestinger]

@acabrol As far as CopperheadOS is concerned, the Play Store is an unknown source too... Amazon doesn't count as an unknown source because of something they're doing wrong. It counts as an unknown source because CopperheadOS doesn't pre-install it and mark it as a privileged app.

[thestinger]

@acabrol As far as CopperheadOS is concerned, the Play Store is an unknown source too... Amazon doesn't count as an unknown source because of something they're doing wrong. It counts as an unknown source because CopperheadOS doesn't pre-install it and mark it as a privileged app.

[thestinger]

The unknown sources feature is only able to protect you from yourself and has nothing to do with signatures. It only enables/disables installing apps from non-privileged apps, which still always has to be confirmed... so it's not there for experienced users.

[thestinger]

The unknown sources feature is only able to protect you from yourself and has nothing to do with signatures. It only enables/disables installing apps from non-privileged apps, which still always has to be confirmed... so it's not there for experienced users.

[acabrol]

Thank you for your answers.

I will not install Google Playstore neither Amazon appstore.

[acabrol]

Thank you for your answers.

I will not install Google Playstore neither Amazon appstore.

[BadPractice]

This is a fine example how too strict security leads to no security at all. I would love to run Copperhead. Unfortunately there are Apps only available in the Play store i need (like Bike Citizen).

Because of the strict security im forced to install another OS => all security gone...

[BadPractice]

This is a fine example how too strict security leads to no security at all. I would love to run Copperhead. Unfortunately there are Apps only available in the Play store i need (like Bike Citizen).

Because of the strict security im forced to install another OS => all security gone...

[thestinger]

No, it's not an example of that. If we were permitted, we could make an alternate set of builds with Google Play properly integrated. However, it's not legal, and doing it by extracting apps from another build especially without properly integrating it is broken and insecure.

[thestinger]

No, it's not an example of that. If we were permitted, we could make an alternate set of builds with Google Play properly integrated. However, it's not legal, and doing it by extracting apps from another build especially without properly integrating it is broken and insecure.