GmsCore icon indicating copy to clipboard operation
GmsCore copied to clipboard
verified publisher icon microg

Google Play Integrity and SafetyNet Headaches

Open mostafa3bdou opened this issue 3 months ago • 6 comments

Do I need to install the applications that solve Google Play Integrity issues for MicroG like TrickyStore, PIF, Zygisk Next, Integrity Box... etc or it should work normally out-of-the-box without these workarounds?

mostafa3bdou avatar Aug 26 '25 13:08 mostafa3bdou

It does not work out of the box , when the proprietary google play services detect root on devices with unlocked bootloader , It will be even easier for apps to detect microG

cleanerspam avatar Sep 02 '25 10:09 cleanerspam

Answer lacks clarity. Like, on MicroG wiki, which step is to follow or avoid if we seek integrity?

bphd avatar Sep 03 '25 00:09 bphd

Unrooted MicroG can get basic Play Integrity on generic Android hardware with a signed ROM — or at least that's what I got. The SN servers were shut down some time ago, so that fails whether it's supported or not. If you're rooted, you might get lucky with root hiding techniques (eg. spoofing an unbroken TEE, spoofing the fingerprint…), but the newer verdicts probably won't make it easier.

CyberKite avatar Sep 07 '25 17:09 CyberKite

As @CyberKite mentioned, generally speaking a device running microG should be able to achieve a "BASIC" PlayIntegrity (PI) verdict without much hassle if the device is not rooted and the ROM is signed.

As for getting a higher-level PI verdict, that's a different kettle of fish.

The problem is, PI's PRIMARY function is to block the usage of software obtained from Play Store from running on devices that have been modded in ANY way from "stock". That basically means ALL custom ROMs, any device with an unlocked bootloader and/or rooted and so on. (This requires each S/W developer to opt-in to this PI service)

So while various workarounds have been devised (most of which entail rooting the device and installing various root modules), do not expect these things to work forever because Google is constantly looking to patch any weakness in PI that allows them to work. You will have to follow developments to see if new patches arrive to address the latest Google changes.

Eventually the microG project MAY add some additional functionality to try to accomplish those things within microG itself. If and when that might happen is unknown but it has been discussed briefly here.

Sapiosenses avatar Sep 11 '25 20:09 Sapiosenses

I have no clue what's wrong with my device. Any root detector and keybox checker reports that everything is OK, but I still can't pass DEVICE/STRONG verification with microG and FakeStore/Companion. Maybe some APIs aren't supported and I just can't reach a higher evaluation level without the original Play Store? I already tried installing it as a system app using yet another "root module," but now the whole pairip check is gone and I don't know why. Maybe it's part of the FakeStore in microG, but it's not the case with GApps, idk and I'm very lazy to check the code.

000exploit avatar Nov 15 '25 21:11 000exploit

I have no clue what's wrong with my device. Any root detector and keybox checker reports that everything is OK, but I still can't pass DEVICE/STRONG verification with microG and FakeStore/Companion. Maybe some APIs aren't supported and I just can't reach a higher evaluation level without the original Play Store? I already tried installing it as a system app using yet another "root module," but now the whole pairip check is gone and I don't know why. Maybe it's part of the FakeStore in microG, but it's not the case with GApps, idk and I'm very lazy to check the code.

It very much IS an issue with Gapps, if you are not running a STOCK ROM.

Google has become very aggressive lately with it, because they seem to think that the way they will circumvent the recent legal mandates that have been imposed against them to allow users to obtain software outside of Google Play, is to ramp up a sort of hysteria about the so-called "insecurity" of 3rd-party app stores, and use such tools to block any "modded" device from accessing software on Gplay. In part by pushing for developers to enable such "security features" in their apps by exaggerating the "risks" of users obtaining their S/W outside of Gplay due to supposed rampant piracy and malware coming from those places.

Which is pretty funny given all the well-known debacles with malware getting through Google's porous Gplay "security" and ending up infecting millions of devices before they discovered that. 😏

Sapiosenses avatar Nov 22 '25 19:11 Sapiosenses