This is a requirement of the Android "Compatibility Definition" (needed to license Play).https://twitter.com/CopperheadOS/status/905972357570887681 …
Yes, I agree the signature check bypass should be hard-coded in the core OS and limited to it, not the way microg wants it done.
-
-
It should be limited to only faking the Play Services signature, and only for the system app providing the Play Services stubs.
-
No generic permission, and that app shouldn't end up being allowed to fake any signature checks, only the Play Services signature check.
-
Early on, integrating microG seemed like a good idea, but we have too many fundamental differences in how we need this to be approached.
-
We can't just ship an open-source client for an API inherently accessing a Google service because A) users don't want that B) not permitted.
-
And we need things to be a lot simpler / more security-focused. If we provide supplementary location service it should be a local service.
-
Find concept of sending off location-identifying information (cell towers, WiFi, etc.) to a server to get location data from it horrifying.
-
Doesn't matter if we hosted the server rather than Apple / Mozilla. Still horrifying. Can and should be local without losing much at all.
-
microG has a bunch of backends for that, some local, but it's a mess. Code is too complicated, UX is too complicated, not maintained enough.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.