Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GApps on uncertified devices #510

Closed
lukechadwick opened this issue Mar 26, 2018 · 11 comments
Closed

GApps on uncertified devices #510

lukechadwick opened this issue Mar 26, 2018 · 11 comments

Comments

@lukechadwick
Copy link

https://www.xda-developers.com/google-blocks-gapps-uncertified-devices-custom-rom-whitelist/

Is this new google certification block going to affect us microg users?

@mar-v-in
Copy link
Member

Maybe, but if it does, there will be a way to workaround ;)

@Nanolx
Copy link
Contributor

Nanolx commented Apr 9, 2018

@mar-v-in seems to be required now. As of today microG does no longer pass SafetyNet, even on unrooted ROM and with the spoofed GSF device ID registered (of course DroidGuardHelper is installed). Both with and without Magisk.

On the same setup (One Plus 3T with latest OmniROM) with MindTheGApps and Magisk it passes just fine.

Of course it may also be that "only" an update to DroidGuardHelper is required?

Edit: I just tested MindTheGApps without Magisk and it passes, too, so it definitively is related to something microG. I should note that I can't pass BasicIntegrity aswell, not just CTS.

Edit 2: tested on Nexus 6 with Validus ROM: same result.

@ArchangeGabriel
Copy link
Contributor

@Nanolx We are also tracking this in #482.

Apparently Google started to enforce device certification y-day, and pushed an update to DroidGuard at the same time. Now, in order to use PlayServices, you either have to pass SafetyNet (which μG does not currently), or register your device as modified (which none of us want to do I suppose).

I suspect that SafetyNet will thus become mandatory to use μG, and that μG will have to be modified to account for PlayServices requiring this SafetyNet check. But @mar-v-in will now better for sure, however in the mean time we are in the dark.

@lukechadwick
Copy link
Author

Perhaps we can spoof the build date if this is still relevant/true:

"This change apparently went into effect March 16th and affects any software builds made after this date (Google Play Services checks ro.build.fingerprint for the build date apparently)."

@Benutzer1234
Copy link

My firmware and all system relevant files are from 2016 and I didn't update them. MicroG on this phone stopped working yesterday. An old date won't help us, even if it is real.

@ArchangeGabriel
Copy link
Contributor

@lukechadwick I think this was true until y-day, but they changed something in their policy at that point.

@drrossum
Copy link

I have used my phone without google play store for a year now and am quite happy with it. I download an individual apk here and there in case I really want to update an app. Not having the temptation to constantly update all the apps gives a peace of mind!

Not saying that it would not be nice to try to fix this, of course!

@Nanolx
Copy link
Contributor

Nanolx commented Apr 10, 2018

Yes, it does no longer check the build date, my Nexus 6 has a ROM older than 16.03.2018, aswell.

Also registering the GSF-ID does not solve the issue (since microG randomly spoofs one which gets lost upon factory reset, there's no harm testing it), as it would when using GApps.

While you can of course still use Yalp Store (or manual downloads from APK mirror), despite CTS status, many other things won't work, because microG no longer even attests BasicIntegrity successfully since yesterday, many apps no longer work with microG.

This is very much a show-stopper, since SafetyNet gets used by more and more apps (banking, games, multimedia), way more than just Google-Stuff or Play Store (despite often being uselessley implemented in first place: why does Nintendo implement SafetyNet check in Super Mario Run? It's a paid game!?).

@Benutzer1234
Copy link

@ArchangeGabriel
I doubt that G. started to enforce device certification yesterday.
For me it looks more like they just updated DroidGuard.
See the first edit at #510 (comment)

@ArchangeGabriel
Copy link
Contributor

@Benutzer1234 So what? Yes, it works with real GApps as long as you pass SafetyNet.

But were you might be right is that I apparently misread somewhere that other components of μG (like GCM) started to fail y-day, but apparently that is not the case? Then indeed we are just facing an upgrade of DroidGuard without direct link with Certification (outside the fact SafetyNet is used to check Certification and that they probably did this DroidGuard update to go along with this change).

@ale5000-git
Copy link
Member

microG now pass SafetyNet and it also has "Device profiles" to allow you to spoof a certified device.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants