microG Signature Spoofing and its Security Implications

To use all the neat features from the microG project, which allows you to use all features of your Android smartphone without those shitty, proprietary battery-consuming Google blobs, your system is required to support signature spoofing. Currently only very few custom ROMs have built-in support for this feature, luckily you can use Xposed or a patching tool to add the feature to the systems that don’t have it.

But: What is all this about? Is signature spoofing a problem when not using microG? Will it influence my security?

Continue reading