|
|
Subscribe / Log in / New account

Android without the mothership

Android without the mothership

Posted Jun 18, 2014 19:27 UTC (Wed) by cworth (subscriber, #27653)
In reply to: Android without the mothership by josh
Parent article: Android without the mothership

I've been running a CyanogenMod Android device without a Google account for some time. For the occasional application that's available only through Google's Play store, here's what I do:

1. Make a backup copy of /data/system/accounts.db

2. Run the Play Store application, (which will prompt to create a Google account).

3. Install the application of interest

4. Restore /data/system/accounts.db from the backup made in step 1

5. Delete the Google account at http://accounts.google.com

The dance with accounts.db is due to the fact that the Android software balks at removing a Google account, (suggesting that a Google account can't be removed without a factory reset). If one already has a Google account in accounts.db it can be fairly easily removed by transferring the file to another computer, running sqlite3 on the file to manually tweak the database content, then transferring the modified file back to the Android device.

This doesn't let you install an application without using the Play store application as desired in the post above, but perhaps this process would be useful for some.

And obviously, for anyone going through this effort, it would be preferable to never create the Google account in the first place. So it's advantageous to use applications from F-Droid whenever possible. It's also a great idea to encourage the authors of applications of interest to distribute them through F-Droid, (or, at the very least, make them available for direct download from their own web pages).

-Carl

to post comments

Android without the mothership

Posted Jun 18, 2014 20:30 UTC (Wed) by josh (subscriber, #17465) [Link] (1 responses)

Good to know, thanks; the inability to remove a Google account is part of why I've never added one. (The other main reason: anyone with access to that Google account effectively has remote access to the device, and I don't want to reduce the security of my phone to that of my Google account.)

Android without the mothership

Posted Jun 18, 2014 23:44 UTC (Wed) by mathstuf (subscriber, #69389) [Link]

> I don't want to reduce the security of my phone to that of my Google account.

Use two-factor authentication?

Android without the mothership

Posted Jun 19, 2014 0:18 UTC (Thu) by pseelig (guest, #6796) [Link] (1 responses)

For the occasional app download from the play store, an android emulator (e.g. genymotion) was tremendously helpful in the past. Nowadays, relying on f-droid is all i'd ever need. Especially since discovering that a smartphone is much too cumbersome and restricted to be really useful in the long run.

And then again, how could one ever trust a device that makes it so difficult to be managed by its own users, and which is designed to be remote controlled by third party entities?

In the end i'm back to preferring a laptop just for the comfort of a real keyboard and a true flexible Linux system.

Android without the mothership

Posted Jun 21, 2014 14:30 UTC (Sat) by clump (subscriber, #27801) [Link]

In the end i'm back to preferring a laptop just for the comfort of a real keyboard and a true flexible Linux system.
I agree completely. I do pretty much as our editor has done in this article, though I'm sure we all agree we're in the minority.

I've found a Haswell-based Chromebook running Fedora to be extremely useful and portable. While not nearly as convenient as a phone, it allows me to easily plug in other devices, has a good keyboard, and provides great battery life.

Android without the mothership

Posted Jun 19, 2014 5:05 UTC (Thu) by kpc (guest, #46024) [Link] (4 responses)

Couple other options for downloading Play Store apps without installing any Google packages on your device:

APK Downloader service: http://apps.evozi.com/apk-downloader/

APK Downloader Chrome extension: https://chrome.google.com/webstore/detail/apk-downloader/...

BlankStore (NOGAPPS project): http://forum.xda-developers.com/showthread.php?t=1715375

The latter is deprecated, but it still works. Initial setup requires a bit of elbow grease.

> Interestingly, the CyanogenMod 11.0 M7 installation included the Play Store app

This is very surprising. I just flashed cm-11-20140618-NIGHTLY-hammerhead.zip (Nexus 5) today and it has no Google packages.

Android without the mothership

Posted Jun 19, 2014 9:50 UTC (Thu) by Seegras (guest, #20463) [Link]

> BlankStore (NOGAPPS project): http://forum.xda-developers.com/showthread.php?t=1715375

That was enlightening. Not particularly because of BlankStore, but because of the maps API and the NetworkLocation.apk.

With these, I got a load of applications running (namely, the time tables for ZVV and for the german railways).

Android without the mothership

Posted Jun 19, 2014 11:02 UTC (Thu) by job (guest, #670) [Link] (2 responses)

Please be careful with the evozi link. There are claims on Reddit that it serves malware if you visit with an Android device.

Get the Chrome extension from XDA-Developers instead. It's easy to find with Google.

Android without the mothership

Posted Jun 19, 2014 19:34 UTC (Thu) by kpc (guest, #46024) [Link] (1 responses)

FWIW, this site claims that the evozi-hosted Chrome extension (for your PC) is an unauthorized fork that contains spyware:

https://lekensteyn.nl/apk-downloader/

Note that if a third party modifies an APK, they will not be able to generate a new signature that can be validated with the original author's certificate. This means:

- If you already have an official release of the app installed, and evozi serves up a malware-infested update, it will not install due to a certificate mismatch

- If you install a malware-infested version (fresh) and then later try to update to an official version, you will see a certificate mismatch at that time

- For the same reason, you cannot easily switch between official author-signed APKs and F-Droid builds of the same package, because F-Droid always signs the binaries with their own key. FAQ entry: https://f-droid.org/wiki/page/FAQ_-_App_Developers#What_a...

Older Android releases have signature validation bugs that may allow these protections to be bypassed:

http://www.saurik.com/id/19

Android without the mothership

Posted Aug 3, 2014 17:41 UTC (Sun) by Tuxicoman (guest, #98170) [Link]

You can also use GooglePlayDownloader.

It's fully open source and in Python. So you can ensure you get the APK straight from Google servers without malwares a third party could inject in.

I coded the graphical interface and packaging of this software.

Android without the mothership

Posted Jun 19, 2014 5:32 UTC (Thu) by amit (subscriber, #1274) [Link]

I use a phone with CyanogenMod without any google apps. I have a tablet running cyanogenmod with google apps. On the rare occasion I need to look outside of fdroid for an app, I use the tablet to download the app from the play store and transfer it to the phone.

I also use the AFWall firewall on both the devices so only a subset of apps have access to the Internet.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds