Correct way of installing microG as system-app

[meinintelligenterfreund]

Hello everyone,

I know that there are modules for Magisk that do the installation for you and I also know about LineageOS for microG. I tried those an they work great. I only got into problems when trying to update to a newer microG version. But I think I screwed this up.

But my question is not about the above its about how to correctly install microG on Android 15 from scratch. I installed it out of F-Droid but because it installs microG as an user app the phone won’t wake up when a push message comes in. At least that’s what I read. The installation instructions describe the process with the footnote to use adb push but without any further explanation.

Is this the correct procedure?

• Naked phone without any microG installation but Magisk installed (LineageOS 22.1)
• Enable adb debugging in developer settings
• Enable adb root in developer settings
• Connect phone
• adb root
• adb remount (makes /system/ write-able)
• adb push com.google.android.gms-244735012.apk /system/app/
• adb shell chmod 644 /system/app/com.google.android.gms-244735012.apk
• adb push com.google.android.gsf-8.apk /system/app/
• adb shell chmod 644 /system/app/com.google.android.gsf-8.apk
• adb push com.android.vending-84022612.apk /system/app/ (optional)
• adb shell chmod 644 /system/app com.android.vending-84022612.apk (optional)
• adb reboot

I would like to understand the correct way and would appreciate any help. Thanks in advance.

[ale5000-git]

Premise: it is almost impossible to install microG manually in the system partition and set everything correctly.

microG Services need privileged permissions so it must be in /system/priv-app (not app) and you should create the xml files in /system/etc/permissions to grant them. Then you must also extract the libraries (the correct one for your phone CPU) and also place them in the system partition (otherwise you will see microG crash randomly). Then you should also create the xml in sysconfig to grant various things to microG. All the xml are not provided by this repo and you must create them.

If you want you can also use my installer (https://github.com/micro5k/microg-unofficial-installer). Unlike others, it directly modifies the system partition (it is not a Magisk module).

[meinintelligenterfreund]

Thank you for your fast reply.

Wow, that sounds complicated (until you’ve done it once or twice). I thought that would be much easier. Thank you for the hint with the /priv-app/ folder. So, the install instructions are based on an older Android system then, I guess.

Thank you for the link to your installer, too. I’ll give it a shot. I used this one so far (Magisk module) until I tried to update. link or newer releases link

I also read something about setting up a xml-file. I think when the xml-file is correctly configured it is not even necessary to move micorG into the /system/priv-app/ folder. Do you know if that is true and if that might be an easier way?

Installing microG as user app using F-Droid, setting up a xml-file with privileged permission, reboot and done?

[ale5000-git]

I also read something about setting up a xml-file. I think when the xml-file is correctly configured it is not even necessary to move micorG into the /system/priv-app/ folder. Do you know if that is true and if that might be an easier way?

I don't know where you read it but it is wrong.

• apk in /system/app (privileged permissions are NOT granted but other things still works)
• apk in /system/priv-app withOUT xml files (Android no longer boot correctly, it isn't just a problem with microG)
• apk in /system/priv-app with xml files (all is working)
• xml files alone do nothing, a user app will never become a privileged app

All installers should work more or less unfortunately most installers include an old version of microG, and to replace the apk with the new one you also need a different xml (my installer already included the latest microG).

[ale5000-git]

So, the install instructions are based on an older Android system then, I guess.

Probably.

[hmmistic]

you don't need adb remount, adb remount / or adb remount /system (which is correct in your case) is enough. You don't need to remount every partition as rw

[hmmistic]

Also you don't need to move all of 3 apps to /system/app, only moving GmsCore.apk to /system/priv-app and xmls are enough

[ale5000-git]

Also you don't need to move all of 3 apps to /system/app, only moving GmsCore.apk to /system/priv-app and xmls are enough

In the next version it may be required also for microG Companion (maybe not on all Android versions).

[ale5000-git]

@meinintelligenterfreund Reading again the first post you say that com.android.vending is optional, this is wrong. If com.android.vending is not installed, all apps will ignore microG and behave like it isn't installed.

[hmmistic]

Also you don't need to move all of 3 apps to /system/app, only moving GmsCore.apk to /system/priv-app and xmls are enough

In the next version it may be required also for microG Companion (maybe not on all Android versions).

can I ask why it may be required in the next version? What will be changed?

[ale5000-git]

Also you don't need to move all of 3 apps to /system/app, only moving GmsCore.apk to /system/priv-app and xmls are enough

In the next version it may be required also for microG Companion (maybe not on all Android versions).

can I ask why it may be required in the next version? What will be changed?

In this PR microG Companion may install apps: #2553 To be able to do it without enabling the option to install apps from unknown sources it need privileged permisssions (not on all Android versions, but on some it is needed). Also as features got implemented additional things may be needed in the future.

[hmmistic]

Also you don't need to move all of 3 apps to /system/app, only moving GmsCore.apk to /system/priv-app and xmls are enough

In the next version it may be required also for microG Companion (maybe not on all Android versions).

can I ask why it may be required in the next version? What will be changed?

In this PR microG Companion may install apps: #2553 To be able to do it without enabling the option to install apps from unknown sources it need privileged permisssions (not on all Android versions, but on some it is needed). Also as features got implemented additional things may be needed in the future.

This makes sense, thank you.

[CinnDebianBestDebian]

Premise: it is almost impossible to install microG manually in the system partition and set everything correctly.

microG Services need privileged permissions so it must be in /system/priv-app (not app) and you should create the xml files in /system/etc/permissions to grant them. Then you must also extract the libraries (the correct one for your phone CPU) and also place them in the system partition (otherwise you will see microG crash randomly). Then you should also create the xml in sysconfig to grant various things to microG. All the xml are not provided by this repo and you must create them.

If you want you can also use my installer (https://github.com/micro5k/microg-unofficial-installer). Unlike others, it directly modifies the system partition (it is not a Magisk module).

I kinda wish it was a Magisk module as I loathe dirty flashing.

[ale5000-git]

I kinda wish it was a Magisk module as I loathe dirty flashing.

It is planned to support the installation as Magisk module in the future. But with a Magisk module it is almost always "dirty flashing" since you install it with an already booted ROM (unless you flash the module from the recovery but it is more rare).

[Rexadev]

@ale5000-git installed https://github.com/micro5k/microg-unofficial-installer on magisk and it failed

[CinnDebianBestDebian]

@ale5000-git installed https://github.com/micro5k/microg-unofficial-installer on magisk and it failed

Of course it did. It's not a Magisk module now. It's a TWRP module. You need to flash it in recovery mode. He said he would make it a Magisk module in the future, not now.

[ale5000-git]

My zip can work both with and withOUT recovery. Using zip-install.sh you can flash it also on a booted ROM (but it is still a flashable zip that modify the system partition so be sure to disable verity).

[sebaFlame]

I made it run as system-app with almost all permissions using just adb (root). I've used some XML files from the micro5k repo. I could write a guide if anyone's interested and @ale5000-git doesn't mind.

[ale5000-git]

Don't forget that you also have to extract the native libraries, otherwise you will see microG crash randomly.

[sebaFlame]

Is that so? I used the latest version (com.google.android.gms-250932020) and have yet to see a crash. Haven't seen the previous version (com.google.android.gms-250932018) crash either. But I'll keep an eye on it.

[sebaFlame]

I'll start off by first giving some info about my device. It's a Samsung S10+ recently updated to lineageos-23.0 (android 16). The following guide worked on my device, I cannot guarantee it will run on yours. As I'm on android 16, I'll be using the latest API. This ROM has little spare space on the /system partition, so I installed on the /product partition which has some more spare room. Figure it out for your own device, the only thing that changes is the prefix. First you'll need to download some files. Obviously MicroG Services & MicroG Companion. I'll use the latest which is on https://github.com/microg/GmsCore/releases/tag/v0.3.10.250932 . Download the correct com.google.android.gms-250932020.apk and com.android.vending-84022620.apk for your device. Rename these to GmsCore.apk and Phonesky.apk respectively. It does not matter if you already have MicroG installed on your device. The following steps come from studying the scripts in https://github.com/micro5k/microg-unofficial-installer .

Next we'll borrow some XML files from https://github.com/micro5k/microg-unofficial-installer.

https://raw.githubusercontent.com/micro5k/microg-unofficial-installer/38a0339d00ad5d2634a54634b22ddb474b5d3ab8/zip-content/origin/etc/default-permissions/default-permissions-FakeStore.xml
https://raw.githubusercontent.com/micro5k/microg-unofficial-installer/38a0339d00ad5d2634a54634b22ddb474b5d3ab8/zip-content/origin/etc/default-permissions/default-permissions-GmsCore.xml
https://raw.githubusercontent.com/micro5k/microg-unofficial-installer/38a0339d00ad5d2634a54634b22ddb474b5d3ab8/zip-content/origin/etc/permissions/privapp-permissions-FakeStore.xml
https://raw.githubusercontent.com/micro5k/microg-unofficial-installer/38a0339d00ad5d2634a54634b22ddb474b5d3ab8/zip-content/origin/etc/permissions/privapp-permissions-GmsCore.xml
https://raw.githubusercontent.com/micro5k/microg-unofficial-installer/38a0339d00ad5d2634a54634b22ddb474b5d3ab8/zip-content/origin/etc/sysconfig/google.xml

Every file needs a few changes. The renaming of files is just for clarity.

default-permissions-FakeStore.xml

• rename the file to default-permissions-Phonesky.xml
• remove sha256-cert-digest
• replace <!-- %POST_NOTIFICATIONS% --> with <permission name="android.permission.POST_NOTIFICATIONS" fixed="false" /> if your device supports it (adb shell pm list permissions -g could give an indication).
• add 1 line below it if it's needed for your device. To check if you need it, extract AndroidManifest.xml from /system/framework/framework-res.apk using any zip program. Look for the text android.permission.FAKE_PACKAGE_SIGNATURE in that file (https://github.com/micro5k/microg-unofficial-installer/blob/7711e2759c2b44bb6138f64f08e53d7deda4eff8/zip-content/inc/common-functions.sh#L1635-L1642). On LineageOS it's not necessary.

<permission name="android.permission.FAKE_PACKAGE_SIGNATURE" fixed="false" />

default-permissions-GmsCore.xml

• remove sha256-cert-digest
• check the name of the place holder like above and replace accordingly (if your device supports it)

<permission name="android.permission.ACCESS_BACKGROUND_LOCATION" fixed="false" whitelisted="true" />
<permission name="android.permission.BLUETOOTH_ADVERTISE" fixed="false" />
<permission name="android.permission.BLUETOOTH_CONNECT" fixed="false" />
<permission name="android.permission.BLUETOOTH_SCAN" fixed="false" />
<permission name="android.permission.POST_NOTIFICATIONS" fixed="false" />
<permission name="android.permission.FAKE_PACKAGE_SIGNATURE" fixed="false" />

privapp-permissions-FakeStore.xml

• rename the file to privapp-permissions-Phonesky.xml
• remove sha256-cert-digest
• replace <!-- %FAKE_PACKAGE_SIGNATURE% --> with <permission name="android.permission.FAKE_PACKAGE_SIGNATURE" /> if it's needed for your device

privapp-permissions-GmsCore.xml

• remove sha256-cert-digest
• replace <!-- %FAKE_PACKAGE_SIGNATURE% --> with <permission name="android.permission.FAKE_PACKAGE_SIGNATURE" /> if it's needed for your device

google.xml

• remove all tags but those containing com.google.android.gms or com.android.vending between the config tags
• remove all system-user-whitelisted-app tags
• add these lines after <!-- %CUSTOM_APP_LINKS-START% -->

<app-link package="com.google.android.gms" />
<app-link package="com.android.vending" />

Next create a file named 51-microg.sh. Update the script paths if you decided to install to /system! Also consider the arm64 directory (see further).

#!/sbin/sh
#
# ADDOND_VERSION=3
#
# /system/addon.d/51-microg.sh
# During a system upgrade, this script backs up microG
#

. /tmp/backuptool.functions

list_files() {
cat <<EOF
/product/priv-app/GmsCore/GmsCore.apk
/product/priv-app/Phonesky/Phonesky.apk
/product/etc/default-permissions/default-permissions-GmsCore.xml
/product/etc/default-permissions/default-permissions-Phonesky.xml
/product/etc/permissions/privapp-permissions-GmsCore.xml
/product/etc/permissions/privapp-permissions-Phonesky.xml
/product/etc/sysconfig/google.xml
/product/priv-app/GmsCore/lib/arm64/libc++_shared.so
/product/priv-app/GmsCore/lib/arm64/libconscrypt_gmscore_jni.so
/product/priv-app/GmsCore/lib/arm64/libcronet.102.0.5005.125.so
/product/priv-app/GmsCore/lib/arm64/libimage_processing_util_jni.so
/product/priv-app/GmsCore/lib/arm64/libmapbox-gl.so
/product/priv-app/GmsCore/lib/arm64/libopencv_java4.so
EOF
}

case "$1" in
  backup)
    list_files | while read FILE; do
      backup_file "$FILE"
    done
  ;;
  restore)
    list_files | while read FILE; do
      [ -f "$C/$FILE" ] && restore_file "$FILE"
    done
  ;;
  pre-backup)
    # Stub
  ;;
  post-backup)
    # Stub
  ;;
  pre-restore)
    # Stub
  ;;
  post-restore)
    # Stub
  ;;
esac

Now we'll prepare the device. Make sure you have the android platform tools on your computer. Enable USB debugging and root debugging under developer options on your device. Connect the device to the computer and execute:

adb root
adb remount

We'll transfer the files from the computer to the correct directories on the device. Change the paths if you decided to install to /system.

adb push default-permissions-Phonesky.xml /product/etc/default-permissions/
adb push default-permissions-GmsCore.xml /product/etc/default-permissions/
adb push privapp-permissions-Phonesky.xml /product/etc/permissions/
adb push privapp-permissions-GmsCore.xml /product/etc/permissions/
adb push google.xml /product/etc/sysconfig/

The next command must be executed on the /system partition. This file ensures MicroG survives updates. This does not entail major version upgrades, eg 22 to 23 (atleast on LineageOs).

adb push 51-microg.sh /system/addon.d/
adb shell chmod 755 /system/addon.d/51-microg.sh

The binaries also need to be transferred:

adb shell mkdir /product/priv-app/GmsCore /product/priv-app/Phonesky
adb push GmsCore.apk /product/priv-app/GmsCore/
adb push Phonesky.apk /product/priv-app/Phonesky/

It's necessary to copy over the native libraries from the apk to the device to prevent crashes. First check what ABI you use with adb shell getprop ro.system.product.cpu.abilist. This returns a list most likely containing arm64-v8a for which you'll need the arm64 directory. If it doesn't you'll need to use armeabi-v7a and the arm directory. Open GmsCore.apk using any zip program. Extract the directory arm64-v8a (or armeabi-v7a) from the lib directory in GmsCore.apk. Push these files to the correct directory.

adb shell mkdir -p /product/priv-app/GmsCore/lib/arm64
cd arm64-v8a
adb push . /product/priv-app/GmsCore/lib/arm64/

Verify all files transferred correctly and have the 644 permissions. Also check if all created directories have the 755 permissions. To finish up, reboot the device:

adb reboot

You could verify correct permissions after reboot using:

adb shell dumpsys package com.google.android.gms | grep -i permission
adb shell dumpsys package com.android.vending | grep -i permission

After these steps I have a fully functional Whatsapp (messages instantaneous with wakeup), basic Play Integrity and Google Prompt 2FA. All of this with MicroG out of the way on the /product partition, without rooting my device and with some more free space left.

[ale5000-git]

@sebaFlame Look at the installer more carefully, you have to replace <!-- %POST_NOTIFICATIONS% --> with <permission name="android.permission.POST_NOTIFICATIONS" fixed="false" /> ONLY if the ROM support it (in fact in the installer there is a check for the Android version) otherwise it will bootloop.

The same for <!-- %FAKE_PACKAGE_SIGNATURE% -->, the ROM may support signature spoofing with the permission but also it can support signature spoofing withOUT the permission. If the permission is NOT supported by the ROM but you include it in the xml it may bootloop.

Also there is really an advantage of doing it manually with the high risk of bootloop?

[sebaFlame]

The advantages are no root (Magisk) needed, full control (no sideloading), no obscure scripts to worry about, learning things :) @ale5000-git can I check what permissions are supported by using pm list permissions?

[ale5000-git]

Is that so? I used the latest version (com.google.android.gms-250932020) and have yet to see a crash. Haven't seen the previous version (com.google.android.gms-250932018) crash either. But I'll keep an eye on it.

There is no dubt, it can't do magic. The apk contains libraries with .so extension that are used when other apps request for example a map or conscrypt (or other things) and if those libraries aren't extracted there will be problems.

Note that when you install an apk from inside Android these libraries are automatically extracted but if you place in the system partitions you have to do it manually.

[ale5000-git]

@ale5000-git can I check what permissions are supported by using pm list permissions?

No, because in some ROMs it doesn't list all permissions there (you may be lucky to have a ROM that list all but it is better to be safe).

[ale5000-git]

The advantages are no root (Magisk) needed, full control (no sideloading), no obscure scripts to worry about, learning things :)

My installer never needed Magisk or persistent root and it is completely customizable and open-source.

[sebaFlame]

Is that so? I used the latest version (com.google.android.gms-250932020) and have yet to see a crash. Haven't seen the previous version (com.google.android.gms-250932018) crash either. But I'll keep an eye on it.

There is no dubt, it can't do magic. The apk contains libraries with .so extension that are used when other apps request for example a map or conscrypt (or other things) and if those libraries aren't extracted there will be problems.

Note that when you install an apk from inside Android these libraries are automatically extracted but if you place in the system partitions you have to do it manually.

After alot of googling I discovered android probably loads libraries straight from the apk now. Source: https://cs.android.com/android/platform/superproject/main/+/main:bionic/linker/linker.cpp;l=923-992;drc=cc3cb357612b3ba59ea91075f2d5d1dfdf967c21

[ale5000-git]

There is no dubt, it can't do magic. The apk contains libraries with .so extension that are used when other apps request for example a map or conscrypt (or other things) and if those libraries aren't extracted there will be problems. Note that when you install an apk from inside Android these libraries are automatically extracted but if you place in the system partitions you have to do it manually.

After alot of googling I discovered android probably loads libraries straight from the apk now. Source: cs.android.com/android/platform/superproject/main/+/main:bionic/linker/linker.cpp;l=923-992;drc=cc3cb357612b3ba59ea91075f2d5d1dfdf967c21

I already know about this but that code is working only if libraries are stored uncompressed and zip aligned in the apk. In microG they are compressed to save space, so they don't work from the apk.

See:

  // Check if it is properly stored
  if (entry.method != kCompressStored || (entry.offset % page_size()) != 0) {
    close(fd);
    return -1;
  }

[sebaFlame]

@ale5000-git I've updated the guide following your advice. I'd appreciate it if you'd take another look at it.

[pram04]

Great job @sebaFlame. Inspired from you, i'd love to try this out on my device while ack that the steps cannot guarantee a safe install & may result in bootloop. With that out of the way, i have a few questions in the interest of learning, hope you will find time to help with them

1. I'm thinking about about making GmsCore.apk as a system app & installing FakeStore.apk as a user app. I didnt find anything that makes such a setup unviable. The adv, is simpler update to future versions and possibly simpler ota backup & restore

2. I have a device that runs on microg4lineage and the xml files are named differently. Do you have any thoughts on them default-permissions-com.google.android.gms.xml privapp-permissions-com.google.android.gms.xml sysconfig-com.google.android.gms.xml

3. What does the below intent to achive (google.xml in your case & sysconfig-com.google.android.gms.xml in mine) app-link package="com.google.android.gms" app-link package="com.android.vending"

4. microg4lineageos has --only-- GmsCore.apk in the /product/priv-app/GmsCore folder & no libraries

P.S. The reason to move away from microg4lineage is that, they have introduced a new PI vs NO-PI build which indicate whether a build has a Play Integrity patch or not. The builds are alternated every month which changes my update period from 1 to 2 month. Also, i have no idea how the patch changes the behaviour and as of now, neither do they

[ale5000-git]

I have a device that runs on microg4lineage and the xml files are named differently

The filename of xml files doesn't matter, just the content.

3. app-link package="com.google.android.gms"

It associate links to the app; for example microG handle these links: https://play.app.goo.gl/...