[passerby1]

> stay as far away from MicroG as possible, it seriouly cripples the security of GrapheneOS by a lot.

Do you mind sharing some details on this? I did not hear strong statements like this one before.

[0xdeadb00f]

IIRC It requires allowing apps to mimic other app's signatures and pretend to be them, "signature spoofing". MicroG mimics the Google play services signature.

But that is really crippling, because apps can now spoof other apps signatures, essentially apps can pretend to be other apps. That opens a lot of opportunities for an attacker.

[bnr]

With the set of patches used eg in lineageos4microg, spoofing is restricted to the microG core app.

[0xdeadb00f]

You're still taking a risk. its a risk that I won't take but you're welcome to for the sake of convenience.