I believe the reason Lineage doesn't do this (along with things like SafetyNet spoofing/passing) is to stay on the right side of Google et al. This way there's never a threat of a legal shutdown à la Vanced. If Lineage was backed by big foundations/folks with deep pockets that could change.

I have no idea why GrapheneOS takes this risk, but am grateful to them nevertheless for the code.

I'd like to edit this comment but unfortunately it's probably too late to edit - it appears I was at least partially mistaken. LOS declined to integrate MicroG because of security concerns from spoofing signatures, as per the Wikipedia article of MicroG (https://en.wikipedia.org/wiki/MicroG)

Yes, but if it was with a toggle switch (and a default value on "off"), then the user could decide and take the risk (and/or only activate it when needed), which would alleviate the risk.

The spoofing can be locked down to only include microg, this is the approach calyxos has taken.

I think GrapheneOS does things completely differently, with actual Google Play Services in a sandbox, and doesn't need signature spoofing.

Perhaps I'm not understanding the issue - what legal standing does Google have to object? "Terms of service violation"?

Partly that, but also a lot of/all of Google Services Framework is proprietary Google code. Other implementations reverse-engineer and modify it afaik. Google probably doesn't go after them because they're small, but LOS is the largest such organization and would be an easy target if Google were to sue.

And also, even if it's technically legal, it's such lawsuits/slappsuits can entirely bring down an organization as legal fees can be very expensive. They probably want to err on the side of caution so that Google can't, and wouldn't care to, sue them.

microg replicates the API but contains no actual google code, right? Isn't that exactly what google argued was completely legal when they were sued by oracle over replicating the java API?

Yes MicroG is open source, but they probably had to reverse engineer something. However I don't know if that's the main reason, my initial comment was likely (partially?) wrong, here's an update: https://news.ycombinator.com/item?id=31171788

I responded to the other comment too, but:

> Yes MicroG is open source, but they probably had to reverse engineer something.

MicroG being open source is irrelevant. The relevant point is that google play services is not, so MicroG devs could not have copied source from it. Besides the fact that the API used by other programs to interact with play services is public and that the team had no access to the play services source code US law also has a specific carve out for "interoperability" which might (I'm guessing) apply here. Google has already spent many years and many millions in court arguing that an API is not copyrightable.

IANAL but it seems hard to argue that this would be an easy legal case.

Is this your speculation or is that their stated reasoning?

Nobody is talking about stated reasons, the question is what grounds Google would have to object on if they chose to. That means it's speculation.

Edit: I'm no longer trusting my memory lol. Apparently security was why LOS didn't integrate it (see https://news.ycombinator.com/item?id=31171788). I'm still leaving my original reply below.

The SafetyNet part is something I read from somewhere else, though unfortunately I don't remember if that was LOS or some random developer on reddit/XDA. You can treat most of this as (oft-repeated) speculation by users.

Having the sandboxed Google Play services would be wonderful. I'm currently using LineageOS with microG and Aurora store, but quite a lot of apps do not properly run with microG. Having some kind of fallback alternative in a second user or even better a work profile would be great.

What apps dont run for you? Everything is working fine for me. Are you also using Magisk with the DenyList enabled?

Uber maps are totally inaccurate when you try to zoom in/out with microG (even with Mapbox), unfortunately had to reinstall GApps because of this.

Because of this I'd love to see GrapheneOS' sandboxed Google Play Services shims I'd love to see integrated into LineageOS.

Not sure if this is acceptable to you, but Uber has a web app at <https://m.uber.com>. I seem to recall that you have to "request" access in order to use it, but it was an automated rubber-stamp thing. The only downside (besides what you'd expect for a web app vs a native app) is that you can't do fancy things like multiple destinations in one trip, or changing your destination on the fly.

The Lyft equivalent is <https://ride.lyft.com>.

Unfortunately the Uber web app is disabled for my country (UK).

There's a payment app that detects the installation source is not google play store, and I haven't found a way to use it

FYI, GrapheneOS supports sandboxed Google Play services.

I'm getting bi-weekly updates on LineageOS for MicroG (Xiaomi Poco F3), which I consider more than enough.

I have a Oneplus 5T (dumpling) and get much less frequent updates (which puzzles me : I though they would have an automated build system i.e. that all supported devices would have exactly the same updates at the same time...)

I have yet to jump to lineage with the 5T, does it run well? I've had so many phones have glitches like random reboots etc. before, I'm hesitant.

I have been running lineage for more than a year in my OP5, I don't face any issues with it. I don't use microg. I have also rooted it with magisk, so that banking apps will work.

Probably something is broken/fragile in the build for that particular image and the maintainer doesn't have a lot of time to fix it.

You can install apps from Play Store through Aurora store without GSF.

But I agree with your sentiment.

You can’t install paid apps and your google account can be terminated at any point for using Aurora store. So it’s out of the question for a lot of people

Other than paid apps you can use an anonymous or burner account for Aurora - no need to put your Google account at risk.

You can also migrate off google and not worry about it.

you don't need to provide any Google account, they provide dummy accounts within app

I'm not sure about paid apps unable to install, never tried, I thought that's the whole point of signing in with your own account

I'm on GrapheneOS for this reason. Sandboxed GSF isn't perfect, but it's good enough for use as a daily driver.

Can you share what's broken on this config?

Sandboxes GSF literally IS perfect though. I'd be interested to know what doesn't work for you.

I'd also love to see them forking CalyxOS' Datura firewall: https://calyxos.org/docs/tech/datura-details/ It's so much handier when you don't have to navigate through each app's settings.

Install a custom rom such as MokeeOS which is derived from Lineage sans microg