Hello XDA!
Im sorry for this thread, but Im little out of loop, wanted to know few things. Because my phone now is 2years old and there is no more warranty, I wanna add custom rom and root. Regarding this, I got question.
After installing new rom, I still want to use my corporate e-mail. As far as Im informed, that e-mail app will not start, if it detects, that a phone is rooted. Is there a way to hide root status, so that app can start? (I think endomondo or spotify also had that ****ty "protection" against root).
There's an xposed module that can do that
The name of the module is RootCloak
You can add apps to a list and root will be completely hidden for these apps
Does xposed work on android 6.xxx ? If I remember correctly, there were problems with android 5 at begginging of it.
I have a samsung Galaxy s5 neo with android 6.0.1 and it works for me. Not all modules are supported but a lot of modules work
Hi guys,
with reference to this interesting thread:
Strategic Alliance: bundle F-Droid, add LineageOS repository, add microG
I think that LineageOS may effectively be the reference Android ROM for people looking for privacy and timely updates (which implies more security).
In this view, it would be extremely convenient to have a working instance of microG on LineageOS, as it would add the convenience of gapps without the need to sell you soul to Google.
The only practical option to have a working instance of microG in CM/LineageOS is using an Xposed module which spoof the signature of microG. The alternative is recompiling CM/LineageOS from scratch by patching it "by hand" before. While viable, these two solutions are far from convenient, as the former depends on Xposed (which is not available for Nougat at the moment, and nobody can really tell if it will ever be) and the second... Well, in my understanding it requires a fair share of knowledge and also computing power and it is probably impractical from the point of view of view of the end user.
My question here is:
given that LineageOS will ship a separate ZIP to allow root to be enabled for apps, would it be technically possible for LineageOS developers to create (and ship ) also a separate zip to enable signature spoofing for people knowing what they are doing?
In my "vision" this could only add a permission that would have still to be manually enabled only for selected apps (microg, specifically).
In the end, only people really interested in microg would manually install the "spoofing" zip. And in this cases it would not pose any additional security risk (if you consider that enabling root may be already dangerous enough).
Let me emphatize that I don't know if this is technically feasible, nor if the developers would ever accept to do that. But in my opinion this should at least be discussed.
Thanks for reading and have a nice day!
E.
enban said:
Hi guys,
with reference to this interesting thread:
Strategic Alliance: bundle F-Droid, add LineageOS repository, add microG
I think that LineageOS may effectively be the reference Android ROM for people looking for privacy and timely updates (which implies more security).
Click to expand...
Click to collapse
I really really like this idea! It is important to give users an easy way to get rid of the intrusiveness of google, if they want to. It's a matter of freedom of choice.
More and more people are scared about (or simply don't like) mass collection of personal data, it would be nice if Lineage OS could give to these people an alternative!
enban said:
My question here is:
given that LineageOS will ship a separate ZIP to allow root to be enabled for apps, would it be technically possible for LineageOS developers to create (and ship ) also a separate zip to enable signature spoofing for people knowing what they are doing?
Click to expand...
Click to collapse
Or maybe a .zip that directly installs microG? (I don't know if it is possible...)
lamp1 said:
Or maybe a .zip that directly installs microG? (I don't know if it is possible...)
Click to expand...
Click to collapse
Installing microG is not a problem. Another user, @wdevil12 , already create an AROMA zip to install microG.
The problem is that microG NEEDS the signature spoofing to be available (it needs that so apps "think" that it is the "real" Google Play Services).
CM/LineageOS never wanted to build this option in the ROM, so one has to rely on Xposed or make one's own build by patching the sources.
Having a flashable zip enabling spoofing signature directly from LineageOS developers would be a huge leap forward and could impulse the use of microG (which, in my opinion, is the best thing happened to Android in years).
My 2 cents.
enban said:
Installing microG is not a problem. Another user, @wdevil12 , already create an AROMA zip to install microG.
The problem is that microG NEEDS the signature spoofing to be available (it needs that so apps "think" that it is the "real" Google Play Services).
Click to expand...
Click to collapse
Thank you for the explanation.
enban said:
Having a flashable zip enabling spoofing signature directly from LineageOS developers would be a huge leap forward and could impulse the use of microG (which, in my opinion, is the best thing happened to Android in years).
Click to expand...
Click to collapse
I agree with you!
+1
Is the lineage browser chromium based?
Is there a purge and replace google from android os tutorial somewhere?
micrograms without xposed
Hi,
I just wanted to share a link with you:
gabsoftware.com/tips/how-to-use-microg-on-lineageos-or-cyanogenmod-without-xposed
I haven't followed these steps yet, but am going to in a few days
enban said:
given that LineageOS will ship a separate ZIP to allow root to be enabled for apps, would it be technically possible for LineageOS developers to create (and ship ) also a separate zip to enable signature spoofing for people knowing what they are doing?
Click to expand...
Click to collapse
I share your enthusiasm and also your frustration.
Here's the thing. Enabling signature spoofing is a patch, so you apply it before building the image. This means a zip would have to provide a drop-in replacement for the files affected by the patch, in this case I believe it's only 1 file: framework.jar. I have no idea how often framework.jar changes, but it would be useful to know – the more often it changes, the more often the zip will have to be updated and distributed again, and the less probable it is that someone will want to do that job.
So here is an approach I was thinking of:
1. Extend the microG patch to not blindly disable signature spoofing, but instead disable it conditionally when a certain flag is enabled in the settings (disabled by default, obviously). Don't provide any UI, just that test in the code.
2. Include that patch in mainstream LineageOS (and other ROMs). By default it's a no-op, so that's completely harmless. This is the key point.
3. Provide a zip (OP's idea) that surfaces the modification of that flag through a "Disable signature spoofing" option in the Developer Settings.
Ideally, 3 would also be baked into mainstream LineageOS, since Developer Settings are already fairly opt-in. However, in light of what happened recently to root access, I'm assuming 3 would have to follow the same approach and live as an external zip too, which is fair enough and would still represent a huge step forward, as OP pointed out.
Thoughts?
Official answer:
We will not be enabling signature spoofing. It's a huge security hole, and breaking android's security model (for any reason) is never acceptable.
Feel free to build it yourself (it is open source) if this is a feature you want, or use one of the plethora of other roms people have generated. Our main goal is to continue passing CTS and have a production-shippable OS available for anyone who wants to use it.
@elirada
I like the idea and, frankly, I'm less concerned about the method to achieve it than on actually having signature spoofing.
Unluckily, as you can see, the official response is "No, never". Now, while I'm grateful to LineageOS developers for their hard work, I feel that their position on this point is plainly wrong. Allowing root is a bigger security issue than allowing on-demand signature spoofing for *one single* app, which would offer much more privacy to LineageOS users.
enban said:
@elirada
I like the idea and, frankly, I'm less concerned about the method to achieve it than on actually having signature spoofing.
Unluckily, as you can see, the official response is "No, never". Now, while I'm grateful to LineageOS developers for their hard work, I feel that their position on this point is plainly wrong. Allowing root is a bigger security issue than allowing on-demand signature spoofing for *one single* app, which would offer much more privacy to LineageOS users.
Click to expand...
Click to collapse
As zifnab said, we most certainly will not open up security holes like this. It would be an incredible disservice to our users.
Opening attack vectors such as this on millions of devices is "plainly wrong" as you put it.
But hey, its OSS, so fork and do it yourself! :good:
invisiblek said:
As zifnab said, we most certainly will not open up security holes like this. It would be an incredible disservice to our users.
Opening attack vectors such as this on millions of devices is "plainly wrong" as you put it.
But hey, its OSS, so fork and do it yourself! :good:
Click to expand...
Click to collapse
What disservice? You clearly didn't read the OP. One should voluntarily flash a zip and then explicitly enable the feature. It's not something that would happen by chance and would be an explicit choice of each user. And frankly, while I certainly may learn how to get the source and compile it, I (and most people willing to use microG) have not the hardware resources and the time to compile each build. To call this solution impractical would be an euphemism.
enban said:
What disservice? You clearly didn't read the OP. One should voluntarily flash a zip and then explicitly enable the feature. It's not something that would happen by chance and would be an explicit choice of each user. And frankly, while I certainly may learn how to get the source and compile it, I (and most people willing to use microG) have not the hardware resources and the time to compile each build. To call this solution impractical would be an euphemism.
Click to expand...
Click to collapse
Even if its something we'd remotely consider, its not as simple as providing a zip with a su binary in it like the root addon. This stuff is in framework which makes it a lot more difficult to supply a "bolt on" zip to do this.
Here's the patch when it was put on gerrit. You can read the comments to see the stance and reasoning on it.
It's something that will not ever be accepted in this project.
hey guys, thanks for this discussion.
i easily patched the first lineageos-build (kenzo device) with tingle. this was possible because "pre-optimization" wasnt yet enabled when built. patching took only 1 minute.
would it be possible to make any second build (or once a month) without this "pre optimization"-flag?
This way security isnt touched and everyone who wants could easily patch it himself!
We will not shipped compromised builds. It doesn't matter about how much you think it convenient...we are trusted to keep users safe.
The moment you have to use the words "spoof", "make the system think it's something else" or anything if that nature, you are lying to the system about an app, which will compromise thebuser's trust in the system.
If you think for one second that "experienced people who know what they are doing" would be the only ones to flash whatever the heck is available, you have not been on this forum or working with Android for very long.
If you "are experienced and know what you are doing", build it yourself. That's the safest bet against users not harming themselves with our stamp (release-keys) on it.
tl;dr: Nope. Not even once.
zifnab06 said:
Official answer:
We will not be enabling signature spoofing. It's a huge security hole, and breaking android's security model (for any reason) is never acceptable.
Feel free to build it yourself (it is open source) if this is a feature you want, or use one of the plethora of other roms people have generated. Our main goal is to continue passing CTS and have a production-shippable OS available for anyone who wants to use it.
Click to expand...
Click to collapse
Fair enough. Signature verification is clearly an important component of Android's security model.
I think one should never have to choose between security and convenience. Give users the choice for long enough and they'll end up falling for the latter. The minute someone provides a poorly crafted yet job-doing image, everybody will start using it. The "I won't solve your problem" answer, rather than help people, will end up pushing them into randomness.
As someone mentioned, maybe there would be a way to allow the overriding of signature checking only for a given app, in favor of another given app? This is very from just disabling the whole thing, yet would let microG work.
That idea is just an arbitrary suggestion. Generally my point is that people are expressing a use case to solve and if nobody cares they will end up doing something silly,
eli
Hi, I've finally manage to enable signature spoofing using tingle. The procedure is straightforward and very easy to follow (download script, make sure you have all needed programs, connect to rooted phone, execute the script, boom - done).
After that I was able to install microg and with Mozilla location backend it's working very well. So currently I'm running lineageos without gapps on oneplus 3t and can install apps from play store.
If any of you want I can write short instruction but all needed information can be found easily.
@alkesander
Is the patch only for LineageOS? Need patch for OxygenOS 4.0.3.
About the security implications of signature spoofing
zifnab06 said:
Official answer:
We will not be enabling signature spoofing. It's a huge security hole, and breaking android's security model (for any reason) is never acceptable.
Click to expand...
Click to collapse
I'm wondering why no one pointed to microG Signature Spoofing and its Security Implications before.
Interesting, glad I found this thread, that link, and the responses from CM/Lineage devs. Seems pretty clear that user privacy is not a priority, probably been the case since that Microsoft money started flowing in 2015..
Time to start looking elsewhere I guess
Hi guys,
Sadly i got injured and i cant get out of the house. I'm playing Pokemon Go, but i live in a rural area...
Downgrading my brand new S8+ is not an option, but a friend gave me his old S4.
really want to install that game, with a FlyGPS app so i Wont miss the event
If i'm not mistaken, FlyGps works best with 6.1 Roms.
I believe its a GT-I9500, but not sure
the game isnt even working on that S4 - guess its because of the CM rom on it. tried to Unroot - doesnt help.
Hope im not breaking any rule...
If you have any other method, I would SO appreciate your help!
Here are some screenshots of what he has on it:
Thanks in advance, Mark
Pokémon Go uses Google's Safetynet. In your case, you have to use a custom ROM with Magisk in order to hide root so Safetynet doesn't trigger. You'll have to check the I9500 development forums to see if there is a current ROM that will work for you, and that ROM will either have to have SuperSU for root - the Magisk installer script can replace SuperSU - or no root at all. Stock-based ROMs won't work for you, and it's doubtful there are any Android 6.x ROMs to fit your needs, so you're likely looking for an Android 7.x ROM instead.
As to breaking any rules? If Niantic catches you using a location spoofing app you will be permanently banned from the game. You need to decide whether this event is worth the risk of being permanently banned.
Hello everyone i have N9005 and i can't record calls with any of the free play store apps i have tried about 10 apps almost every method in the app and i can't hear both sides on all methods except mic where i can only hear myself .
anyone had this problem and how did you solve it ?
some of the names i remember is ACR, automatic call recorder 2020 , call recorder automatic , cube acr ...... and more nothing is working idk why i even tried Bluetooth head set.
---------------------------------------------------------------------------------------NVM W/E is under this line-----------------------------------------------------------------------------------------
Hello everyone i have N9005 i wanted to record calls but couldn't with every program i have.
after googling i found that i can't without xposed so after a few hours of reading i found out there is root xposed and custom rooms so if anyone out there willing to help
Explain the difference between xposed and root
Easiest way to record calls on note 3 both sides
Are custom roms safe , i have had this phone since release never had an issue with original rom and now i use it for work mainly which is the reason i need to record calls (work orders are by phone)
If custom roms are safe could someone rank them based on their merits and drawbacks
My note is the international version i think KSA CSC 4G
Sorry for the long thread and thanks in advance for the help.
GOOGLE answers
Rooting is the process of allowing users of smartphones, tablets and other devices running the Android mobile operating system to attain privileged control (known as root access) over various Android subsystems. As Android uses the Linux kernel, rooting an Android device gives similar access to administrative (superuser) permissions as on Linux or any other Unix-like operating system such as FreeBSD or macOS.
Xposed is a framework that allows users to easily apply add-ons (called Modules) to the ROM. Rather than flashing a new ROM to get a specific feature, you can use Xposed to add individual features to whatever ROM you’re using, or even just the stock ROM.
Xposed doesn’t work perfectly on every device and all versions of Android. The release of Android Nougat presented some problems for Xposed, but those have since been mostly ironed out. Xposed Modules work best on stock Android and can sometimes not work as intended on Samsung devices. With all that in mind, let’s learn a little more.
<If custom roms are safe could someone rank them based on their merits and drawbacks >
No as many roms on here are no longer under development almost end of life development apart from Android OS roms .
Thanks for the info fo you know of a way i can record calls on note 3
Some rom do consist of built-in auto / manual call recording feature. I have tested that on crDroid (pie) and the result is good. You don't even need any exposed module.