-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement Play Integrity #2077
Implement Play Integrity #2077
Conversation
@js6pak |
Both SafetyNet and Play Integrity pass with official PlayStore. |
I have got it working with direct system partition modifications (without Magisk), so I don't know if it can work with Magisk. I will try in the future but I can't try it now. PS: This is a PR, so it isn't the correct place to get help. |
How do you install the official play store + microG gms |
Options for this issue is either the fakeStore2PlayStore module that added a shell Play Store SDK 28. But the requirement for passing play integrity is Google Apps, most importantly its Google Play Store and the Google Play Services. We have the shells but not the logic. |
Hi, as of today, what is the best solution to get play integrity to work with MicroG ? I found this : https://github.com/daboynb/PlayIntegrityNEXT that can apparently get device fingerprints automatically. I tried it but still get no valid play integrity. I guess I need something like fakeStore or similar. What is the best solution as of today ? I would like to avoid installing a true play store that could track me. Thanks in advance for any answer and have a nice day |
@LeVraiRoiDHyrule |
You can probably spoof everything but you need to find the sources of the kernel, change it, compile it and flash it on the device. |
This cat and mouse game isnt profitable, sure some apps dont need to abuse PI but for Google Wallet there should be alternatives. Streaming can be beat with 🏴☠️. |
Actually since there are infinite valid kernel strings they can't whitelist but only blacklist so it isn't hard to fix. New ROMs will probably be already ok since once the developer know it will fix it, the only problem is with not maintained ROMs. |
I see, thanks for the information. Is there a modified minimal play store that would work to avoid the fully featured play store ? Is installing real play store a problem for privacy ? |
Can I get fingerprints and all the official strings from stock OxygenOS and then add it in some files before building LineageOS? I assume fingerprints are unique and that getting it from OOS and not sharing it means it'll be good theoretically forever? I saw some people mentioning fingerprints getting banned and needing changed every so often, but I guess that's just because of multiple devices using a public key? Or are keys regardless of how unique banned based on not passing certain checks? I'm curious about avoiding obvious Google blacklist checks and it seems as easy as changing some device-specific text before building; can you provide more details? |
To all: Please stop all unrelated discussions. This is a PR so only the ones that want to help or post constructive messages related to the subject should post. |
any progress on this? |
Would it be feasible to add an option to microG settings to disable fakestore or install the real playstore (or a stripped down version) so that users have a choice between maximum privacy (at the cost of apps that require the Integrity API not working) or functioning apps? (ideally without rooting) |
I think it's a better idea to try to send a PI response from fakestore, like what @js6pak tried to do in 45a3732 , but I don't have experience with microg code. |
Afaik the play store must be installed to priv-apps, so I doubt this would be possible. If the device is rooted, sure, but not every device will be. Also, some installation methods already provide the ability to do this, so I'm not sure it's necessary. microg_installer_revived will install any apk you want, be it real or patched. I think nanodroid also allows you the option to install the patched play store. |
There isn't any option needed. Just install only microG Service and don't install microG Companion, and then install modified Google Play (modification to make purchase feature work). It's unnecessary to install both microG Service and microG Companion. |
So as of now you can validate PI with MGIR + PS, or not? |
This is a PR, anything not related to code should not belong here. |
We have a working implementation now via #2599 |
It doesn't work yet, I'm suspecting microg's droidguard implementation, but it also doesn't make sense as there are recent reports of play integrity working through patched play store (I wasn't able to test it myself).
The same error (
Error retrieving information from server. DF-DFERH-01
) is returned for basically all potential problems, but at this point I'm pretty sure the issue is with the droidguard token, either with the data I pass into it or with the implementation being unable to handle the play integrity flow.As a side note I tried updating the droidguard version in microg, but it caused even the safetynet check to fail.
TODO
play-services-integrity
Closes #2050