Hi @marcdw pl can you raise it as a request on Gitlab. Will label it a feature request. This would be a nice feature to have on the /e/OS
This is a fine variation and would also be a unique selling point for /e/
Alrighty, Iâll raise a request.
Had to do some checking so I could at least provide something for the devs to look at.
Just guessing here, the microG folks provide signature spoofing patches for the various Android versions. Will assume those are whatâs used by LOS_microG and /e/ (before any hardening or whatnot).
There are those already working on extending the patches to add the features I mentioned. Iâll look around for others but at least I have a couple to use in the request.
I have tried the apply the patch from here, but build fails:
frameworks/base/core/res/AndroidManifest.xml:2362: error: resource string/permdesc_fakePackageSignature (aka android:string/permdesc_fakePackageSignature) not found.
frameworks/base/core/res/AndroidManifest.xml:2362: error: resource string/permlab_fakePackageSignature (aka android:string/permlab_fakePackageSignature) not found.
frameworks/base/core/res/AndroidManifest.xml:2369: error: resource string/permdesc_fakePackageSignature (aka android:string/permdesc_fakePackageSignature) not found.
frameworks/base/core/res/AndroidManifest.xml:2369: error: resource string/permlab_fakePackageSignature (aka android:string/permlab_fakePackageSignature) not found.
Donât know and nothing found about this âfakePackageSignatureâ
âThatâs because the signature spoofing is set to restricted, meaning itâs only available for system privileged apps, and not user apps.â
Good to know. I was wondering why the app shows âSignature Spoofing: DISABLEDâ. In that case itâs generally like that on e. If someone wants to know what it is all about, here are some details:
https://blogs.fsfe.org/larma/2016/microg-signature-spoofing-security/
Geht doch! Gut gemacht.
Geht nich, gibtâs nich
The signature spoofing is not available for user apps, only system apps. So donât worry about signature spoofing.
And again, if you donât want MicroG, disable it. Itâs easy.
this signature spoofing enabled screenshot I only get with my modifications. On ânormalâ eOS it allways showing the red screen with spoofing disabled.
Iâm nit sure how this signature spoofing is working and do we really need it. But a lot of people asking for it
Hej @Andy, this is about something very different than your microG /e/ trauma.
Iâm also tired of you hijacking other topics for âyour th/e/maâ here in the /e/ forum and distorting them with repeating endless phrases. I only skim your postings and donât read them completely anymore. What you are doing here I do not like at all.
Iâm happy about the success of @harvey186 posting #26 and the idea of @marcdw posting #20.
Feel free to use the âIgnoredâ feature of the forum.
You ask him not to talk about that here, but you reply to him here instead of âinternal or external mailâ. Try to show the example.
Letâs go back to the topic
To add to what @Anonyme mentioned earlier, the LineageOS for microG FAQ mentions the followingâŚ
The signature spoofing could be an unsafe feature only if the user blindly gives any permission to any app, as this permission canât be obtained automatically by the apps.
Moreover, to further strengthen the security of our ROM, we modified the signature spoofing permission so that only system privileged apps can obtain it, and no security threat is posed to our users.
I always assumed that /e/ was based on LOS_microG. If it is (or not) I also assume its signature spoofing is secured in the same way. Negative result from Signature Spoofing Checker leads me to believe it is. Good.
Now I have to question the others. I run (multi boot) a bunch of ROMs, mostly with sigspoofing and microG. The Checker will let me know if theyâre as locked down as /e/ or more open. Normally, one still has to explicitly grant permission to apps to use the spoofing. Over time I have found a few user apps that have had permissions explicitly granted that were outside the normal App Permissions toggles (for things not related to this topic).
It wouldnât be farfetched to think that couldnât happen with a less-than-secure signature spoofing implementation.
I have never read of any issues/problems/exploits regarding this stuff. So far so good.
Iâm completely overwhelmed with the subject.
I always thought that signature spoofing is there to check if the apk is âuntouchedâ. So it wasnât veined by a stranger.
If this is is, then itâs OK if the user apps have this access to spoofing. Why is it âunsafeâ then?
Do I get the whole signature spoofing thing wrong ?
Iâll admit I donât know a lot about the subject. This article from several years back explains things pretty well I think.
microG Signature Spoofing and its Security Implications
EDIT: Includes info on why Cyanogenmod/Lineage wonât use it.
@Andy1, oh, sorry about that. The LOS_microG was me being too lazy to type out LineageOS for microG.
I now see how that may appear to be something else.
To add more noise to the topic. Decided to see what Signature Spoofing Checker reports on various setups.
Letâs say, for the sake of argument, there are four levels of signature spoofing support.
Level 1: Built in, used by system(?) privileged apps only. /e/OS and LineageOS for microG. Checker will return DISABLED since it is not privileged and cannot access.
Level 2: Built in, permissions based. Apps need to be granted permission first. Checker will prompt. If denied it will show DISABLED.
Level 3: User patched. Resurrection Remix Nougat patched with NanoDroid-patcher. Checker returns ENABLED. No prompts, no added security.
Level 4: Xposed FakeGApps. Old Samsung Galaxy Light with CM12 and microG. Checker shows DISABLED. Not sure if that means FakeGApps only works with selected apps or if the checker doesnât know to consult the module.
If one had to worry, level 3 would be the one. For the worry warts.
Level 2 is what Iâ, also getting on my eOS.
And Iâm still not sure what is the best. Would be fine if a dev could tell us more
I second the motion of @archje. From the standpoint of maximizing your privacy, /e/ without MicroG is better than /e/ with MicroG.
I see some variation here, which also has appeal to me. How about /e/ without MicroG and the signature spoofing present but default disabled? Then, if someone really wants it, he (or I) has to tap somewhere 7 times? Create a hurdle towards lowering the privacy safety? Personally I have disabled MicroG, but when I in the future would assist someone else (âmom and dadâ?) in the use of his/her /e/ phone, I would like to have some certainty that with non-technical users the device stays safe maximally.
Basicly, what you are suggesting is something I think is already available. You can install LineageOS without any Google componant (donât install GApps, OpenGApps, BitGApps or MicroG). It doesnât have the /e/ suite of apps, but it has a host of other apps that are open source and has no Google reference.
Isnât this what you want? Hoping I can be helpful with this. Have a great day.