GApps on uncertified devices

[lukechadwick]

https://www.xda-developers.com/google-blocks-gapps-uncertified-devices-custom-rom-whitelist/

Is this new google certification block going to affect us microg users?

[mar-v-in]

Maybe, but if it does, there will be a way to workaround ;)

[mar-v-in]

Maybe, but if it does, there will be a way to workaround ;)

[Nanolx]

@mar-v-in seems to be required now. As of today microG does no longer pass SafetyNet, even on unrooted ROM and with the spoofed GSF device ID registered (of course DroidGuardHelper is installed). Both with and without Magisk.

On the same setup (One Plus 3T with latest OmniROM) with MindTheGApps and Magisk it passes just fine.

Of course it may also be that "only" an update to DroidGuardHelper is required?

Edit: I just tested MindTheGApps without Magisk and it passes, too, so it definitively is related to something microG. I should note that I can't pass BasicIntegrity aswell, not just CTS.

Edit 2: tested on Nexus 6 with Validus ROM: same result.

[Nanolx]

@mar-v-in seems to be required now. As of today microG does no longer pass SafetyNet, even on unrooted ROM and with the spoofed GSF device ID registered (of course DroidGuardHelper is installed). Both with and without Magisk.

On the same setup (One Plus 3T with latest OmniROM) with MindTheGApps and Magisk it passes just fine.

Of course it may also be that "only" an update to DroidGuardHelper is required?

Edit: I just tested MindTheGApps without Magisk and it passes, too, so it definitively is related to something microG. I should note that I can't pass BasicIntegrity aswell, not just CTS.

Edit 2: tested on Nexus 6 with Validus ROM: same result.

[ArchangeGabriel]

@Nanolx We are also tracking this in #482.

Apparently Google started to enforce device certification y-day, and pushed an update to DroidGuard at the same time. Now, in order to use PlayServices, you either have to pass SafetyNet (which μG does not currently), or register your device as modified (which none of us want to do I suppose).

I suspect that SafetyNet will thus become mandatory to use μG, and that μG will have to be modified to account for PlayServices requiring this SafetyNet check. But @mar-v-in will now better for sure, however in the mean time we are in the dark.

[ArchangeGabriel]

@Nanolx We are also tracking this in #482.

Apparently Google started to enforce device certification y-day, and pushed an update to DroidGuard at the same time. Now, in order to use PlayServices, you either have to pass SafetyNet (which μG does not currently), or register your device as modified (which none of us want to do I suppose).

I suspect that SafetyNet will thus become mandatory to use μG, and that μG will have to be modified to account for PlayServices requiring this SafetyNet check. But @mar-v-in will now better for sure, however in the mean time we are in the dark.

[lukechadwick]

Perhaps we can spoof the build date if this is still relevant/true:

"This change apparently went into effect March 16th and affects any software builds made after this date (Google Play Services checks ro.build.fingerprint for the build date apparently)."

[lukechadwick]

Perhaps we can spoof the build date if this is still relevant/true:

"This change apparently went into effect March 16th and affects any software builds made after this date (Google Play Services checks ro.build.fingerprint for the build date apparently)."

[Benutzer1234]

My firmware and all system relevant files are from 2016 and I didn't update them. MicroG on this phone stopped working yesterday. An old date won't help us, even if it is real.

[Benutzer1234]

My firmware and all system relevant files are from 2016 and I didn't update them. MicroG on this phone stopped working yesterday. An old date won't help us, even if it is real.

[ArchangeGabriel]

@lukechadwick I think this was true until y-day, but they changed something in their policy at that point.

[ArchangeGabriel]

@lukechadwick I think this was true until y-day, but they changed something in their policy at that point.

[drrossum]

I have used my phone without google play store for a year now and am quite happy with it. I download an individual apk here and there in case I really want to update an app. Not having the temptation to constantly update all the apps gives a peace of mind!

Not saying that it would not be nice to try to fix this, of course!

[drrossum]

I have used my phone without google play store for a year now and am quite happy with it. I download an individual apk here and there in case I really want to update an app. Not having the temptation to constantly update all the apps gives a peace of mind!

Not saying that it would not be nice to try to fix this, of course!

[Nanolx]

Yes, it does no longer check the build date, my Nexus 6 has a ROM older than 16.03.2018, aswell.

Also registering the GSF-ID does not solve the issue (since microG randomly spoofs one which gets lost upon factory reset, there's no harm testing it), as it would when using GApps.

While you can of course still use Yalp Store (or manual downloads from APK mirror), despite CTS status, many other things won't work, because microG no longer even attests BasicIntegrity successfully since yesterday, many apps no longer work with microG.

This is very much a show-stopper, since SafetyNet gets used by more and more apps (banking, games, multimedia), way more than just Google-Stuff or Play Store (despite often being uselessley implemented in first place: why does Nintendo implement SafetyNet check in Super Mario Run? It's a paid game!?).

[Nanolx]

Yes, it does no longer check the build date, my Nexus 6 has a ROM older than 16.03.2018, aswell.

Also registering the GSF-ID does not solve the issue (since microG randomly spoofs one which gets lost upon factory reset, there's no harm testing it), as it would when using GApps.

While you can of course still use Yalp Store (or manual downloads from APK mirror), despite CTS status, many other things won't work, because microG no longer even attests BasicIntegrity successfully since yesterday, many apps no longer work with microG.

This is very much a show-stopper, since SafetyNet gets used by more and more apps (banking, games, multimedia), way more than just Google-Stuff or Play Store (despite often being uselessley implemented in first place: why does Nintendo implement SafetyNet check in Super Mario Run? It's a paid game!?).

[Benutzer1234]

@ArchangeGabriel
I doubt that G. started to enforce device certification yesterday.
For me it looks more like they just updated DroidGuard.
See the first edit at #510 (comment)

[Benutzer1234]

@ArchangeGabriel
I doubt that G. started to enforce device certification yesterday.
For me it looks more like they just updated DroidGuard.
See the first edit at #510 (comment)

[ArchangeGabriel]

@Benutzer1234 So what? Yes, it works with real GApps as long as you pass SafetyNet.

But were you might be right is that I apparently misread somewhere that other components of μG (like GCM) started to fail y-day, but apparently that is not the case? Then indeed we are just facing an upgrade of DroidGuard without direct link with Certification (outside the fact SafetyNet is used to check Certification and that they probably did this DroidGuard update to go along with this change).

[ArchangeGabriel]

@Benutzer1234 So what? Yes, it works with real GApps as long as you pass SafetyNet.

But were you might be right is that I apparently misread somewhere that other components of μG (like GCM) started to fail y-day, but apparently that is not the case? Then indeed we are just facing an upgrade of DroidGuard without direct link with Certification (outside the fact SafetyNet is used to check Certification and that they probably did this DroidGuard update to go along with this change).