I haven’t looked into it (because Android repos are confusing), but I assume it allows just one specific signature to spoof one other specific signature. If so then I do not see such a security issue, because it wouldn’t suddenly open this mechanism up to everyone.
Even if it would require spoofing of multiple signatures, if there is a limited list of signatures to spoof as and a whitelist of signatures for the apps that are allowed to spoof them, then it would also be limited enough, IMO.
So after more research linage OS and calyx only allow Micro G apps to spoof and the verify via the app signature key the are signed with to verify this is the only way LinageOS would agree to adding micro G support so it is secure but still makes me feel unsafe at least to me just my opinion but yes it can be done securely I would use Linage OS with Micro G if the supported relocking the bootloader I know pixels support this but requires you to build your own version from source of linage and the sign your device with your own key that you also sign your build with as well I think I’ll stick with GrapheneOS.
I haven’t looked into it (because Android repos are confusing), but I assume it allows just one specific signature to spoof one other specific signature. If so then I do not see such a security issue, because it wouldn’t suddenly open this mechanism up to everyone.
Even if it would require spoofing of multiple signatures, if there is a limited list of signatures to spoof as and a whitelist of signatures for the apps that are allowed to spoof them, then it would also be limited enough, IMO.
IIUC, you don’t need to patch LineageOS anymore for MicroG: https://github.com/lineageos4microg/android_vendor_partner_gms/blob/master/README.md#microg-mobile-services
So after more research linage OS and calyx only allow Micro G apps to spoof and the verify via the app signature key the are signed with to verify this is the only way LinageOS would agree to adding micro G support so it is secure but still makes me feel unsafe at least to me just my opinion but yes it can be done securely I would use Linage OS with Micro G if the supported relocking the bootloader I know pixels support this but requires you to build your own version from source of linage and the sign your device with your own key that you also sign your build with as well I think I’ll stick with GrapheneOS.