Hej @Andy, this is about something very different than your microG /e/ trauma.
I’m also tired of you hijacking other topics for “your th/e/ma” here in the /e/ forum and distorting them with repeating endless phrases. I only skim your postings and don’t read them completely anymore. What you are doing here I do not like at all.
I’m happy about the success of @harvey186 posting #26 and the idea of @marcdw posting #20.
To add to what @Anonyme mentioned earlier, the LineageOS for microG FAQ mentions the following…
The signature spoofing could be an unsafe feature only if the user blindly gives any permission to any app, as this permission can’t be obtained automatically by the apps.
Moreover, to further strengthen the security of our ROM, we modified the signature spoofing permission so that only system privileged apps can obtain it, and no security threat is posed to our users.
I always assumed that /e/ was based on LOS_microG. If it is (or not) I also assume its signature spoofing is secured in the same way. Negative result from Signature Spoofing Checker leads me to believe it is. Good.
Now I have to question the others. I run (multi boot) a bunch of ROMs, mostly with sigspoofing and microG. The Checker will let me know if they’re as locked down as /e/ or more open. Normally, one still has to explicitly grant permission to apps to use the spoofing. Over time I have found a few user apps that have had permissions explicitly granted that were outside the normal App Permissions toggles (for things not related to this topic).
It wouldn’t be farfetched to think that couldn’t happen with a less-than-secure signature spoofing implementation.
I have never read of any issues/problems/exploits regarding this stuff. So far so good.
I’m completely overwhelmed with the subject.
I always thought that signature spoofing is there to check if the apk is ‘untouched’. So it wasn’t veined by a stranger.
If this is is, then it’s OK if the user apps have this access to spoofing. Why is it ‘unsafe’ then?
Do I get the whole signature spoofing thing wrong ?
@Andy1, oh, sorry about that. The LOS_microG was me being too lazy to type out LineageOS for microG.
I now see how that may appear to be something else.
To add more noise to the topic. Decided to see what Signature Spoofing Checker reports on various setups.
Let’s say, for the sake of argument, there are four levels of signature spoofing support.
Level 1: Built in, used by system(?) privileged apps only. /e/OS and LineageOS for microG. Checker will return DISABLED since it is not privileged and cannot access.
Level 2: Built in, permissions based. Apps need to be granted permission first. Checker will prompt. If denied it will show DISABLED.
Level 3: User patched. Resurrection Remix Nougat patched with NanoDroid-patcher. Checker returns ENABLED. No prompts, no added security.
Level 4: Xposed FakeGApps. Old Samsung Galaxy Light with CM12 and microG. Checker shows DISABLED. Not sure if that means FakeGApps only works with selected apps or if the checker doesn’t know to consult the module.
If one had to worry, level 3 would be the one. For the worry warts.
I second the motion of @archje. From the standpoint of maximizing your privacy, /e/ without MicroG is better than /e/ with MicroG.
I see some variation here, which also has appeal to me. How about /e/ without MicroG and the signature spoofing present but default disabled? Then, if someone really wants it, he (or I) has to tap somewhere 7 times? Create a hurdle towards lowering the privacy safety? Personally I have disabled MicroG, but when I in the future would assist someone else (‘mom and dad’?) in the use of his/her /e/ phone, I would like to have some certainty that with non-technical users the device stays safe maximally.
Basicly, what you are suggesting is something I think is already available. You can install LineageOS without any Google componant (don’t install GApps, OpenGApps, BitGApps or MicroG). It doesn’t have the /e/ suite of apps, but it has a host of other apps that are open source and has no Google reference.
Isn’t this what you want? Hoping I can be helpful with this. Have a great day.
Thank you, @pmoody, for the suggestion. There are many strategies. What you outline would, with some investment in time, deliver what I want for ´mom and dad’. But it would lack the /e/ eco system (email, online storage, backups, safe search). I prefer to stay on the /e/ track and reap the benefits, now and even more in the future.
Your suggestion makes me think again. Lets presume ‘mom & dad’ (or other non-technical relatives or friends) agree to start using an /e/ phone. If I disable MicroG on their phone, I can be pretty sure it will stay that way. Might still be good to check this out from time to time.
LineageOS can be set up without the Google core services, and it has a suite of apps that are independent and almost all the apps installed are open source (I think there are a couple non open-source, and many of the apps are made by Lineage developers). So while the email app isn’t forked from K9, it is forked from something else, as are all the other apps.
I am on /e/, my wife is on LineageOS sans Google.
Whatever works for you, eh? It sounds like your solution would work for your family/friends, and since you are on /e/, you could better support them. Win-win.
Oh, it was a hard way to get it running and as you can read in the post above, no one really knows if enabling spoofing is good or not. On my devices it has changed nothing.
With this script and patch you can get it working (I hope nothing changed in sources)