[BOUNTY] Support Play Integrity over remote DroidGuard + Server/Guide [$100]

[kaduvert]

Play Integrity should be supported over 'remote DroidGuard' and there should be documentation how to set up a device as a server for it.

Why? While existing solutions allow getting a sufficiently passing Play Integrity token for a non-integrity-compliant device, there is the following problems that come with it:

• it generally requires a rooted phone,
• a locked bootloader,
• running purposefully obfuscated code on your phone,
• running strange bypassing software with root permissions, like the closed-source TrickyStore, and
• it has to permanently be kept up-to-date in line with unpredictable updates to Play Integrity that void future attestations

No one wants most of the above.

If Play Integrity would work over another device, like one you have at home, you could completely avoid all this for your device.

It would also open the oppurtunity for commercial integrity-attestation offerings, where you would like pay monthly and they then allow to use their devices/servers which serve valid integrity tokens to your device.

How to implement?

• [ ] Fix this:

remote droidguard currently does not work for play integrity due to play integrity using a multi step droidguard process and the implementation only supports single step (which is used by most other things that use droidguard). (https://github.com/microg/GmsCore/issues/2851#issuecomment-3435884995)

• [ ] Create or fit the "remote DroidGuard server" software to handle the requests
• [ ] Create a guide/docs on how to set it up
• [ ] Either
  • make it run on stock phones or
  • create software that manages all the integrity-bypassing software on the 'server device' so that it's always integrity-compliant. as far as i know to make a custom phone pass you need:
    • microG / GApps
    • Magisk or KernelSU
    • PlayIntegrityFix
    • TrickyStore

This issue was originally created as a Dott/Firebase sms verification error report. It has since been tracked from Firebase issue to Play Integrity issue. See

original issue (deprecated)

Affected app Name: Dott Package id: com.ridedott.rider

Describe the bug Signing in or signing up fails, seemingly because of a firebase error

To Reproduce Steps to reproduce the behavior:

1. get Dott
2. Click on sign up
3. enter phone number
4. click sign up

Expected behavior sends sms verification or proceeds in general

Screenshots

sign up error page

dott vehicle coverage

System Android Version: 15 Custom ROM: LineageOS+microg 22.1

microG microG Core version: 0.3.6.244735 microG Self-Check results: All ticked

Additional context full logcat of an app start and signup attempt, filtering out all logs, except those coming from com.ridedott.rider with personal or identifying information replaced by [...]:

dott 06_04-09-30-30_733.log

Likely critical lines from the log:

1743924520.834 10285 20276 23037 W LocalRequestInterceptor: Error getting App Check token; using placeholder token instead. Error: com.google.firebase.FirebaseException: Error returned from API. code: 403 body: App attestation failed.
1743924521.066 10285 20276 23037 E FirebaseAuth: [SmsRetrieverHelper] SMS verification code request failed: unknown status code: 17499 Firebase App Check token is invalid.
1743924521.067 10285 20276 20276 D FirebaseAuth: Invoking original failure callbacks after phone verification failure for (my phone number), error - An internal error has occurred. [ Firebase App Check token is invalid. ]

microg Google device registration is enabled, as is cloud messaging and "SafetyNet". my device meets basic integrity and device integrity, uses sdk level 35

Possibly related: https://github.com/microg/GmsCore/issues/1967, https://github.com/microg/GmsCore/issues/1281

[gibello]

Same issue here, on a new Murena (/e/OS, degooglized Android from e.Foundation) Fairphone 4. Previously used the app on Android, same phone number. AFAIK, the phone uses LineageOS, and does not appear as rooted. Also same issue in developer mode, or not. MicroG services version: 0.3.6.244735-dirty /e/OS version: 2.9-a14-20250321478214-official-FP4 Note that Dott has been reported multiple times as not working with MicroG, like for example in Plexus app database, or in /e/OS list of app compatibility, with recurring login issues.

[Scrumplex]

Weirdly enough the predecessor of Dott (Tier) works just fine :/

[D3SOX]

I have used TIER extensively without any problems why do they have to introduce this stupid new app. This is annoying me so much I would be willing to pay a small sum for this issue to be resolved. About 25-30€

Sadly TIER is no longer operational so it is not possible to rent any scooters. Lime and Voi are working alternatives but they are not available exactly in the cities where I would use Dott.

[kaduvert]

yes. i believe this is among the most important issues in microG right now.

we're talking about european microG-phone-only users unable to access real world infrastructure relevant nearly anytime they go anywhere.

please direct efforts to this @mar-v-in, this is critical. you can even earn a bit in the process.

[ale5000-git]

yes. i believe this is among the most important issues in microG right now.

The priority is opinable, for example in my city I have never heard of Dott (and I'm still in Europe). There is Lime and Bird everywhere here.

Have you tried with microG v0.3.9?

[D3SOX]

I want to mention again that this issue likely affects a lot of other apps that use the same mechanism. See the related issues linked above. So keep that in mind for prioritizing.

~~I will soon migrate from CalyxOS to LOS4microG and then I can report back with the latest version. I'll also try catching some additional logs~~ Latest version doesn't help. A fix that requires deeper understanding of microG is required.

[ale5000-git]

I want to mention again that this issue likely affects a lot of other apps that use the same mechanism. See the related issues linked above. So keep that in mind for prioritizing.

I wasn't saying that this is not important but there are a lot of other issues equally important. This is just one of over 1000 issues.

[D3SOX]

I understand. How is stuff actually prioritized? I think it would make sense to tackle the issues most of the people have first if possible. Thoughts? Can a bounty for this be set up?

[ale5000-git]

I understand. How is stuff actually prioritized? I think it would make sense to tackle the issues most of the people have first if possible. Thoughts?

I don't know but note that there is only one official developer (@mar-v-in), others are external contributors and they will likely do what they want.

Can a bounty for this be set up?

Anyone can add a new bounty here: https://www.bountyhub.dev/en/bounty/new

[fm-knopfler]

I understand. How is stuff actually prioritized? I think it would make sense to tackle the issues most of the people have first if possible. Thoughts?

I don't know but note that there is only one official developer (@mar-v-in), others are external contributors and they will likely do what they want.

Can a bounty for this be set up?

Anyone can add a new bounty here: https://www.bountyhub.dev/en/bounty/new

Can someone create the bounty? I will contribute a few dollars.

[bountyhub-bot]

🚀 Bounty Alert!

💰 A bounty of $35.00 has been created by D3SOX on BountyHub for this issue.

🔗 Claim this bounty by submitting a pull request that solves this issue!

You can also increase the amount of the bounty if you think the issue is worth more.

Good luck, and happy coding! 💻

[D3SOX]

There you go @fm-knopfler

[bountyhub-bot]

🚀 Bounty Update!

💰 A contribution of $65.00 has been made by fm-knopfler on BountyHub for this issue. The total amount of the bounty is now $100

🔗 Claim this bounty by submitting a pull request that solves this issue!

Good luck, and happy coding! 💻

[kishansinghifs1]

Can I work on it .

[ale5000-git]

Can I work on it .

If you create a pull request that really fix the problem (not just asking the AI to create it automatically) and it get merged then you can claim the bounty.

[kallal79]

Hi @kaduvert, I'd like to work on #2851 ..

[kaduvert]

Can I work on it .

Hi @kaduvert, I'd like to work on #2851 ..

Just do it.

The hard part is not getting approval to do it, it's actually doing it.

As far as i see no real efforts have actually taken place yet — Go ahead! If you fix it the bounty is all yours.

[mar-v-in]

FWIW, I think the underlying issue is that Firebase AppCheck requires a Play Integrity token at level DEVICE or STRONG, which most systems running microG won't reach. On one of my devices that has DEVICE level integrity with microG, sign in to Dott works as expected. So this is strictly speaking not even a microG issue, with the correct OS modification it should be possible to reach that level in current microG and make Dott work.

Or in other terms, to 100% solve this issue, one needs to make microG pass DEVICE integrity level of Play Integrity on all devices.

[kaduvert]

okay, so what now?

I guess this can be closed then, but since there is people here that want to spend money, can you perhaps recommend an alternative solution instead of them having to install a bunch of strange software?

me for example, i don't like play integrity because it runs purposefully obfuscated code on my phone and you have to permanently do a bunch of software installing and research to stay Integrity compliant which i'd rather outsource entirely to someone else. I can't be bothered to do all this fiddling every time an app wants a integrity token

if i understand correctly you can forward integrity requests to a remote server (an integrity compliant phone) that handles integrity for you by using the remote DroidGuard runtime setting in microG.

@mar-v-in can you perhaps recommend any such services/servers? Maybe even private ones where you have to pay for using them? i think there is a market for this and depending on how expensive it is i'd even become a customer myself

[omarsoufiane]

@D3SOX @fm-knopfler can you retract the bounty from bountyhub to mark it as closed and connect stripe so that I can refund you ?

[mar-v-in]

@kaduvert remote droidguard currently does not work for play integrity due to play integrity using a multi step droidguard process and the implementation only supports single step (which is used by most other things that use droidguard). I agree though that improving on the implementation of this could be interesting.

When it comes to running this as a service, note that the number of requests a physical device can pass for play integrity is limited, so this really scales badly. What could be done though is to have a setup guide and tooling to turn an old phone (that you deposit with network connectivity and power supply at home) into such a server, so everyone can just host it themselves. Many old phones can be made to pass at least the DEVICE integrity level (the one I have that does is a Nexus 5X, so ~10 years old).

[kaduvert]

Perfect, then this is not closed and we have our next objective.

Although @D3SOX and @fm-knopfler can go ahead and retract their bountys if they don't wish to support this new cause.