Hacker News new | ask | show | jobs
by 0xdeadb00f 1749 days ago
IIRC It requires allowing apps to mimic other app's signatures and pretend to be them, "signature spoofing". MicroG mimics the Google play services signature.

But that is really crippling, because apps can now spoof other apps signatures, essentially apps can pretend to be other apps. That opens a lot of opportunities for an attacker.
1 comments
bnr 1749 days ago
With the set of patches used eg in lineageos4microg, spoofing is restricted to the microG core app.
link
0xdeadb00f 1749 days ago
You're still taking a risk. its a risk that I won't take but you're welcome to for the sake of convenience.
link