Signal-android: Please make Signal work with microG out of the box

Created on 19 Dec 2016 · 16Comments · Source: signalapp/Signal-Android

I have an android smartphone without Google Play services. The reason for that is that I don't trust Google to not add NSA backdoors if asked or possibly snoop around my data in other intrusive ways, and while I'm aware Android also has a rather spotty security track record and might contain backdoors directly, at least it provides a reasonable possibility for external code reviews to discover such issues.

This tweet made me look into the open-source microG to run Signal: https://twitter.com/whispersystems/status/783817903120318465 (as per the rationale given above, I'm somewhat ok with additional open-source components on my phone and not very happy about more closed-source components)

However, even with microG installed, I'm getting the popup "Google Play Services - Signal relies on google Play Services, which is not supported by your device. Contact the manufacturer for assistance". I would assume this is because I don't have spoofing enabled, which allows microG to seamlessly replace the google services transparently for any installed apps. https://github.com/microg/android_packages_apps_GmsCore/wiki/Signature-Spoofing makes it very clear that 99% of custom ROM builds can be expected to not have this spoofing enabled, and therefore I would need to either custom build my Android (which is way beyond my capabilities) or install the Xposed Framework, which seems to be a very intrusive component that is also not, at least not in any way obvious to me, offered open-source, which is a very dangerous combination. Since spoofing is rarely patched in, this situation will be similar for most other people without Google Play services.

Therefore, is it technically possible to maybe add support for microG as an alternative directly into Signal without the need to do this intrusive and technically non-trivial to add signature spoofing? As I'm understanding the API should be exactly the same, just the name is different. It would be very helpful to anyone trying to use Signal with microG on phones free of closed-source Google components.

Source

etc0de

👍8

Most helpful comment

Personally I think the focus should be on implementing proper Websocket support instead of adding further GCM support. But that's just me though.
https://github.com/WhisperSystems/Signal-Android/pull/5962

Dyras on 19 Dec 2016

👍3

All 16 comments

Dyras on 19 Dec 2016

👍3

I am bringing this up because websocket support doesn't really seem to be advancing that much, and this seems like a potential quickfix that might be both easy to do and not generate much additional code cruft to be maintained until websockets are done.

Of course if it's too much work for a temporary fix, then you might as well not do it.

etc0de on 19 Dec 2016

👍1

See https://github.com/WhisperSystems/Signal-Android/pull/5962

piratenpanda on 21 Dec 2016

@JonasT

Something is wrong with your setup. Signal is working together with microG just fine. Using this combination since half a year (without any pop-ups etc).

Make sure:

a) you installed the three needed apks (fake store, play-services-core and services-framework-proxy; maybe they have to be installed in a special order, I do not remember that)
b) you gave the permissions to spoof signature.

Works without any problems and to make it clear regarding your question: Signal is working with microG out of the box.

motatuc on 21 Dec 2016

@motatuc I don't think you've fully read the bug report. The problem is that signature spoofing is unavailable on most devices / most custom ROMs unless you use an intrusive possibly non-free addon (Xposed) or recompile the kernel (which most users will be unable to do easily, including me).

Edit: just to clarify this even more: specifically, this bug report requests that Signal recognizes an unspoofed microG install and uses that one instead of Google Services.

etc0de on 21 Dec 2016

👎1 👍1

Xposed framework and the required addon FakeGApps are both free, OSS projects that are available and visible on github. I believe most modules that work with the xposed framework are free OSS, or at least have visible source code.

Xposed: https://github.com/rovo89/XposedInstaller
FakeGApps: https://github.com/thermatk/FakeGApps

I'm confident you can get it to work with some finagling and maybe a different module.

Jarwain on 21 Dec 2016

👍1

https://github.com/ale5000-git/tingle makes it quite easy to enable signature spoofing in cyanogenmod and other distributions. Properly becoming independent from google would be nicer.

merge on 6 Jan 2017

👍1

Is this issue updated as recently Signal does NOT depend on GPlay anymore?

breznak on 23 Feb 2017

👍1

Yes, according to this news article (in German): https://www.golem.de/news/kryptomessenger-signal-ab-sofort-ohne-play-services-nutzbar-1702-126293.html

Lesik on 24 Feb 2017

See Commit: 1669731329bcc32c84e33035a67a2fc22444c24b

Jarwain on 24 Feb 2017

with a more recent MicroG implementation, i don't get a warning at all, but then Signal fails to register with GCM and silently fails to operate in any meaningful way. My contacts get a "Number is not registered" error when trying to reach me. See https://whispersystems.discoursehosting.net/t/how-to-get-signal-apks-outside-of-the-google-play-store/808/30?u=anarcat

This seems to be a regression that happened somewhere after 3.30.4 (aka 244), which i was using under the disguise of "LibreSignal" from the eutopia repository.

Back to libresignal and tingle for me for now, unfortunately.. :/

anarcat on 29 Mar 2017

... and libresignal didn't fare any better, actually. It seems there was something wrong in my setup: I ended up reinstalling all the microg stuff, redoing the spoofing and installing the official APK from scratch, and was able to register.

but i still need microg - uninstalling it and everything doesn't work.

anarcat on 30 Mar 2017

👍1

Just uninstalling microG won't work. If you don't have any google apps flashed in the first place, Signal will work just fine though. I use it only that way.

merge on 30 Mar 2017

so what works once you have microg installed? why can't you just uninstall it?

i don't have any google apps installed, and still had tons of trouble...

anarcat on 30 Mar 2017

👍1

I think it is better to move this into the community board. The developers get email notification everytime we reply here.