Skip to content

Tutorial #29: A De-Googled and De-Samsunged Android tablet

Droid with Google and Samsung
Droid with Google and Samsung

An attempt was made to make a mid-range Samsung tablet a little less bloaty. However, the universe is governed by laws that are insusceptible to change. Thus, there comes a time to rewrite the laws themselves.

In the case of an Android tablet by Samsung, it comes down to showing Google and Samsung the door. At a certain point in time, that would have been unthinkable, but now it lies in the realm of reality.

Be aware that such a setup might not be entirely practical on a device that you rely on for your life, but is nonetheless a viable option should you choose to disconnect from Google’s data collection machine a bit more.

There are a couple of ways to go about it and I will list both, having tried both and found each to have its own pros and cons.

A. Install a custom OS with microG support built in

microG, as the site states, is a free-as-in-freedom re-implementation of Google’s proprietary Android user space apps and libraries. Android as an open-source platform is an illusion as the OS being open-source has little to do with the apps that need Google’s infrastructure to function in the first place.

microG contains replacement for a lot of the proprietary Google components which allows the apps to still function despite the Google dependency and thus fills this gap created by a lack of Google’s apps & services on Android admirably. It also has a positive impact on the performance and battery life as it cuts off a lot of the communication to Google’s infrastructure that occurs on a nearly continuous basis.

Most manufacturers make it difficult to replace the OS the device comes with, even though they have little intention of supporting it in any useful manner. This is where the option to load another OS on the device is really useful. However, this requires the bootloader of the device to be unlocked, which voids the warranty and also creates some security issues if you are not careful. I will not reinvent the wheel here, but point to the Magisk website which lists the instructions for unlocking the bootloader. It also enables root, which may not be necessary, but is one of the perks of having a higher level of control over the device.

The unlocked bootloader is the gateway to loading another OS on the device. However, not every OS supports microG and this has something to do with signature spoofing. Signature spoofing can be risky as it enables one app to impersonate another app, and this is essentially how all the microG apps are able to impersonate the official Google apps. However, it also opens the door for malicious apps to impersonate another apps and thereby create havoc, but then the fault lies with the user for allowing it to happen.

Having spoofing support built into the OS is a better option as it is simpler and also restricts the spoofing support to only microG. This is also the reason that I use crDroid at present since it is already on Android 12L as against LineageOS with microG which is at Android 11. The links to both are mentioned in the above page about signature spoofing on the microG website.

B. Enable microG in any custom OS

While the above option is preferable, what if your device does not support a custom ROM with microG baked into it? In that case, you can use enable the support using the LSPosed framework.

LSPosed framework hooks into the Android system at runtime and injects code to make things happen that the system or app does not normally exhibit upfront. This is what allows signature spoofing to be enabled in real-time for the microG apps, even though the OS may not support it upfront.

It needs to be made clear that LSPosed needs Magisk to operate and thus it implies that the system will have to be rooted, whereas in option A, it is possible to operate the system without root. The root or superuser access allows access to every part of the OS and thus has the potential to be destructive if the user is not aware of its potential. But then, if you have come this far, then you ought to know what you are doing.

LSPosed is installed as a Magisk module and can be downloaded from their Github page. Note that the Zygisk option is the way forward. Zygisk is about running Magisk in the Zygote Process of Android which is the first process that the OS starts when it boots up. As it is the first process to start after the system boots up, it can hide root without sending data to apps, thereby making the presence of root invisible to all other apps.

For signature spoofing, you will also need FakeGApps which is a module for LSPosed. A bit on inception here with a module within a module, but that is how it works. This is the main element that applies the signature spoofing and the apps for which signature spoofing is enabled can be controlled over here, thereby minimizing the threat of signature spoofing. The fork linked above for v3.2 at the time of writing works well with Android 12.1 whereas the older versions might not.

C. Passing the SafetyNet

Google SafetyNet, as microG describes it, is a device certification system ensuring that the device is properly secured and compatible with Android CTS. CTS is “Compatibility Test Suite” which are automated tests that devices shipping with Google’s apps need to pass. The SafetyNet Attestation API checks whether or not the device passes the CTS, failing which certain apps may fail to work. This is an opt-in for app developers and thus its impact is mostly limited nowadays since the Attestation API is not called by many apps, but the ones that do, like some banking apps, will fail to work.

Getting it to work is a good-to-have and luckily the SafetyNet can be passed with the aid of two Magisk

MagiskHide Props Config

SafetyNet Fix

MagiskHide Props Config requires some additional effort in setting up a fingerprint (that makes the device appear like an official certified device) but those instructions are detailed on the respective websites.

Passing the SafetyNet along with Google Apps (GAPPS) will enable the use of apps like Google Pay that are strict about passing the SafetyNet. However, note that apps like Google Pay will still not work with microG because of some of the deeper intergration with Google Play Services that don’t have a replacement yet in microG. Overall though, it steps up the app compatibility a notch.

D. A systemless installation

Magisk allows for systemless root. By systemless, it implies that it doesn’t modify the system partition in any manner and thus the sanctity of the operating system itself is retained. Thus, there are a lot of modifications that can be made temporarily using Magisk modules, which disappear as soon as those Magisk modules are uninstalled. The modules mentioned previously relating to SafetyNet work in that manner.

However, it also implies that you can set up both Google Apps and microG in a systemless manner, such that you can switch between the two if the need be. Google Apps will allow you to validate your purchases on the Google Play Store and once that is done, you can switch to microG. This essentially enables the use of apps purchased from the Google Play Store without any Google services.

For systemless Google Apps, I recommend BiTGApps. Systemless installation requires modifying a config file, which can be found here. The installation itself has to be done through a custom recovery (eg. TWRP), the details of which are already mentioned on the Magisk page. The systemless GApps will allow you to use apps like Google Pay that rely on specific payment APIs that are not part of microG, but apart from that microG will work perfectly with nearly all non-Google apps.

For systemless microG, I recommend MinMicroG as it comes integrated with all the components needed to make the most of microG, including Aurora Store which allows access to all Google Play Store apps without needing any Google services. However, if you miss the Google Play Store, then look below.

E. Google Play Store with microG!

The Aurora Store works well for accessing your Google Play library. However, it cannot validate in-app purchases or apps that require a separate unlocker. If you are not looking to use Google apps solely reliant on Google Play Services like Google Pay, then the Play Store with microG scratches every itch, though you should remember that this requires communication with your Google account like Aurora Store. This approach though does bring the benefit of not having an always-on tracker like Google Play Services phoning home and draining the battery.

For this part, I would recommend microG Installer Revived. That page recommends the use of the patched Play Store but I always use the latest Play Store from APK Mirror and placing the same in /data/adb/ does the job.

With this, you have a fully functional Android custom ROM running the Play Store and passing the Safety Net, without Google Play Services.

F. Conclusion

The bottom line for this article, as the top line, is that it is possible to use an Android device from Samsung in its full capacity without any Google or Samsung services. Doing so means getting rid of bloatware that slow the device, increase the battery consumption and collect data like the existence of the companies depend on it.

What remains is a device that is more under your control. While we move away from ownership to subscription models for everything, it is good to know that there are still some things that you can own, control, tinker as you please. Just may be, the future will take a turn for the better when most exert their willingness to own a device, rather than licence it from a company.

Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.