Practical guide on how to build a sans-google phone
This guide aims to build a Gapps-free software setup on a LineageOS-compatible phone, with a wide compatibility over Android applications.
Steps to perform to increase compatibility
1. Install LineageOS without installing GApps
- This is the starting point, you have a web browser and stock applications
2. Install f-droid
- Access to a large collection of open-source applications such as k-9 mail
3. From f-droid install DAVdroid and add a calDAV and a cardDAV server
- Calendar and contacts synchronization
4. Add your gplayweb private repo to f-droid
Access to all GooglePlay-only applications which do not use Google Play Services
- Whatsapp (with large delays in notification due to missing gsf)
- Telegram (working perfectly)
5. Patch your rom to enable signature spoofing with tingle
6. Install the latest complete version of microg
Selected applications can now use GoogleServicesFramework
- Whatsapp will now work perfectly
- Assisted GPS location using third-party services such as Mozilla Location
- Opt-in into google services for using almost every Android application
- Use applications which use maps API such as Citymapper
7. Install mapsv1
- Use applications such as My Vodafone Italia which rely on legacy maps apis
8. Install magisk and enable suhide for selected applications
- Super Mario Run, Google Pay, Home Banking applications will now work
- All the applications which check root privileges without safetynet can be used
9. Install droidguard helper and achieve safetynet certification
Play PokemonGo and other applications which perform a safetynet check
Suggestions on deploying multiple services
To deploy multiple web services on a single domain you can use a reverse proxy, there are several alternatives to build such a setup:
Caddy is a modern web server, very easy to setup, with built-in letsencrypt support, follow this guide to use it as a reverse proxy
Nginx-proxy and its letsencrypt companion, are a good alternative, providing automatic letsencrypt certificates request for every new container that requires it
Always try to achieve full HTTPS support, it is an important security measure because it guarantees:
- The authenticity of the software that we are going to execute on our phones (APKs and custom ROMs)
- The confidentiality of data we exchange with our server, for example HTTP basic authentication passwords will not be disclosed.
Detailed instructions to perform single tasks
Private fdroid repo with play store apps
to authenticate succesfully follow this procedure and register an android id corresponding to your device with DummyDroid.
- Calendar and Contacts synchronization
- Install DAVdroid with fdroid.
status: Radicale docker works flawlessy, follow this guide to setup with DAVdroid
remember to put calendar as https://<radicaleurl>/user (user mode) not as system https://<radicaleurl>/ (system mode) otherwise your calendars will be visible to every other user of the radicale server.
- radicale has no default authentication, consider to add an http simple authentication via your reverse proxy. Otherwise your data will be publicly accessible by everyone on the Internet.
- microG Unified Network Location Provider
On Lineage 7.1.1 follow these instructions note, you have to install unifiednlp as system app, otherwise it won’t register as system location service provider.
As location backend you can use Mozilla (needs internet, reliable) as backup service and LocalGsmNlpBackend (offline) as primary services. The latter uses gsm cells to aid geolocation, or if you use low-power mode gsm cells are used without gps to provide location.
It is suggested to build the cells database on a laptop, to do this download this script and edit the config file with your country code and OpenCellId account.
The script will take some time, after that put the generated db file in <code>/<androidhome>/Android/Data/org.fitchfamily.android.gsmlocation/files/lacells.db</code>.
CityMapper and ATMapp support
- These apps use google maps services instead of google location services, so they need microG gmscore.
To install microG gmscore, signature spoofing is required, just clone this repo, connect your phone via adb and run main.py
This is an interesting article on the security implications of signature spoofing. Apparently if used carefully it does not lower the security level of the device. For enabling signature spoofing without recompiling the CustomROM this works flawlessly.
- [TODO] LineageOS build server
[TODO] Enabling signature spoofing for microG GmsCore (Google push notifications) at ROM compile time
This patch must be included in LineageOS build image.
- [TODO] OTA updates