Here’s a discussion on the change:

The patch that has been merged implements signature spoofing in a safer way compared to the ones proposed in the past (MicroG apks exclusively are allowed to spoof only and solely the Google signature they want to spoof).

Many of the microG services have to spoof themselves as Google Mobile Services in order to replace some of their functionality with a more privacy-respecting, resource-conserving alternative.

To facilitate that, the OS has to allow the microG apps to pretend to be the regular Google GMS/Gplay framework apps without actually having the same signing signature. The feature is referred-to as "application signature spoofing".

LOS was bitterly opposed to including that in their ROM for years because of it "breaking the android security model".

Which is understandable on some level but if it's properly implemented (eg in this case locking down this functionality so it can only be used by known trustworthy code and not malware) then it shouldn't be an issue.

And given how Google has been doubling-down on their sneaky data-collection efforts year after year, and moving all sorts of essential services out of the open-source AOSP code into various proprietary closed-source Google apps and frameworks instead (increasingly forcing full FOSS ROMs to be severely crippled from a core functionality standpoint), I think it's overdue to start mainstreaming some countermeasures against that.

Google with android has been cloaking themselves in the FOSS mantle to gain credibility in some circles from the beginning, but then they turn around and year after year, increasingly cripple actual FOSS android implementations.


https://libreddit.miaoute.net/r/LineageOS/comments/1b11zex/los_has_added_internal_microg_support/

https://www.reddit.com/r/LineageOS/comments/1b11zex/los_has_added_internal_microg_support/

MicroG Installers:

Just installing the microg components as user apps will partially function but you will not get full functionality without the main components installed as system apps, like the location components.

There are a few 3rd-party installers that handle that and set all the required permissions etc.
These are the ones generally recommended
*Note: currently all installers use the official microg version, so you can update it from its F-Droid repository.

♦️microG Installer Revived by nift4
README: https://github.com/nift4/microg_installer_revived#readme
Download: https://github.com/nift4/microg_installer_revived/releases

♦️MinMicroG by Shane the Awesome
You need to clean flash a rom that has signature spoofing support and flash this zip in recovery, choose the standard zip if unsure
README: https://github.com/FriendlyNeighborhoodShane/MinMicroG/blob/master/README.md
Get the latest release from here:
https://github.com/FriendlyNeighborhoodShane/MinMicroG-abuse-CI/releases
Or stable release from here (it may be outdated):
https://github.com/FriendlyNeighborhoodShane/MinMicroG_releases/releases

♦️FakeGApps Microg Installer by TheHitman
https://fakegapps.github.io
Features https://fakegapps.github.io/feature.html
FAQ: https://fakegapps.github.io/faq.html
Announcements Channel @FakeGApps
Discussion group @FakeGAppsChat

♦️LineageOS for microG (Rom):
https://lineage.microg.org

♦️MicroG Official links:
https://microg.org
https://github.com/microg
https://forum.xda-developers.com/android/apps-games/app-microg-gmscore-floss-play-services-t3217616
📲 MicroG official F-Droid repository
(Recommended to add if you use MicroG and enable unstable updates in fdroid)
https://microg.org/fdroid.html
Link to add:
https://microg.org/fdroid/repo?fingerprint=9BD06727E62796C0130EB6DAB39B73157451582CBD138E86C468ACC395D14165

♦️Micro5k microg fork by ale5000
https://github.com/micro5k/GmsCoreMod


📡 @NoGoolag
#microg #install #installers #pack #links

FakeGApps

#microG #Installer

✅ Latest release can be found at https://fakegapps.github.io

Announcements Channel @FakeGApps
Discussion group @FakeGAppsChat

https://fakegapps.github.io/feature.html

FAQ: https://fakegapps.github.io/faq.html

Altair

A Companion App for FakeGApps MicroG installer

It can create configuration file with selected option and rebuild FakeGApps Package with that configuration. It's a one click process and you don't have to deal with configuration file manually.

✅ Module Installation toggle is for enabling Systemless installation. Click on Advance Features & Options card at website to learn more about it.

In short, You can install FakeGApps Package as Module.

🔗 Please read the FAQ before using this features.

Rebuilded FakeGApps can be found at Downloads/Altair folder. The file itself contain REPACK text.

📥 Download Altair APK

https://sourceforge.net/projects/fakegapps/files/FakeGApps/

https://fakegapps.github.io/app

@FakeGApps
@FakeGAppsChat

Universal Android Debloater Next Generation

Cross-platform GUI written in Rust using ADB to debloat non-rooted #Android devices. Improve your privacy, the security and battery life of your device.

https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation

This is a detached fork of the UAD project, which aims to improve privacy and battery performance by removing unnecessary and obscure system apps. This can also contribute to improving security by reducing the attack surface.

Wiki
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/wiki

Download
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/releases

#debloater #uadng

Fire Toolbox

Collection of useful ADB (Android Debug Bridge) tweaks that can be applied to #Amazon's Fire #Tablets. The Toolbox project aims to help users fully customize and unlock the full potential of their tablets by putting all the power into their hands.

The Toolbox doesn't touch the system partition meaning all changes made can be reversed either through the tools/subtools themselves or through a factory reset. This means the Toolbox does NOT void your warranty.

https://xdaforums.com/t/windows-linux-tool-fire-toolbox-v33-1.3889604/

#debloater

KernelSU

A kernel-based #root solution for #Android

https://kernelsu.org/guide/installation.html

https://github.com/tiann/KernelSU

@KernelSU
@KernelSU_group

n0rthl1ght/ahwt: Another Hardening Windows Tool – GitHub

GPL-3.0 license
AHWT - another hardening tool for Windows operating systems.

Denoscription (on RUS)
Program is a noscript generator with collection of parameters and recommendations from CIS Benchmarks and DoD STIGs with some adjusments.

All parameters placed in databases with the names of the operating systems that are used to.

Parameters were checked and tested according to official MS documentation and researchers opinion.
Scripts generates in 2 modes - auto and manual.

All databases have profiles for each operating system min/med/full which corresponds with Minimum (only level 3 parameters (CIS lvl 2/STIG lvl 3)), Medium (level 2 & 3 parameters (CIS lvl 1 & 2/STIG lvl 2)) and Full (lvl 1-3 parameters).

#Windows #Hardening #Security

#microg Release v0.3.1.240913

https://github.com/microg/GmsCore/releases/tag/v0.3.1.240913

Full changelog
https://github.com/microg/GmsCore/compare/v0.3.0.233515...v0.3.1.240913

#Bluetooth #vulnerability allows unauthorized user to record & play audio on Bluetooth speaker via #BlueSpy

Prevention section explains how you can check if your Bluetooth LE speakers/headsets are vulnerable to this attack using nRF Connect app
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/

#BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
▪️automatically scans for devices
▪️store MAC addresses of devices that are no longer visible but have enabled Bluetooth
▪️uses Rubber Ducky payloads
https://www.mobile-hacker.com/2024/03/26/blueducky-automates-exploitation-of-bluetooth-pairing-vulnerability-that-leads-to-0-click-code-execution/

Demonstration of using BlueDucky to exploit 0-click Bluetooth vulnerability of unpatched Android smartphone (CVE-2023-45866)
Exploit was triggered by Raspberry Pi 4 and then by Android running NetHunter
https://youtu.be/GOGW7U1f2RA

@androidMalware

OpenRGB

Open source #RGB #lightning control

If you have RGB devices from many different manufacturers, you will likely have many different programs installed to control all of your devices. These programs do not sync with each other, and they all compete for your system resources. OpenRGB aims to replace every single piece of proprietary RGB software with one lightweight app.

https://openrgb.org