Unable to 'finish activation' in LineageOS+MicroG

[kotelnik]

Hi, first of all, thanks for all your work in eRouška development!

I've installed LineageOS+MicroG on my phone (Sony Xperia XA2). It is basically open-source Android (yes, with some driver blobs) + open-source Google Play Services including FOSS implementation of Exposure Notifications API.

Steps to reproduce the bad behaviour:

• get your hands on phone with LineageOS 17.1 + MicroG 0.2.12.203315
• install eRouška (my current version is 2.1.604)
• start eRouška, tap "continue to activation"
• then tap "enable"
  • it asks for bluetooth activation (if it wasn't already activated), enable it
  • then it asks for enabling Exposure Notification API (if it wasn't already activated), enable it
• tap "finish activation"

Now screen shows animating loader, forever.

If both bluetooth and Exposure Notifications were already activated, taping "enable" does nothing and one cannot even get to see "finish activation" button.

So something is still missing for eRouška but the app doesn't show what it is.

I've checked, that Exposure Notifications API is serving IDs and I can even see (in phone settings) it captured some of my wife's ones. So this part should work as expected.

I'll gladly provide more info on demand so we can resolve this issue. Because such open-source app that is designed to value citizens' privacy shouldn't work just with proprietary protocol implementations.

Again, thank you! :)

[davidvavra]

Hi, impressive that you were able to enable Exposure Notifications, we have reports from other users that it's not possible when you sideload Google Play services.

"Finish activation" is actually not related to EN API at all - it's calling Firebase Function (our server) and activates the device. Your setup probably is somehow blocking Firebase services - Firebase Functions & Firebase Authentication in this case.

[kotelnik]

OK, understood. Thanks for fast reply and explanation!

So it looks like MicroG does not implement all the firebase interfaces eRouška uses. Or not so recent versions of it. Or maybe it even blocks some of the calls like you said.

What can I do now? If I understand this problem correctly, the app is relying on proprietary firebase services. It is registering user on (or through) third party firebase servers and calls other functions through it. And there is no way around that in this app.

I believe this defeats the purpose of the whole idea behind open-source app using EM API while preserving user's privacy. Please correct me if I'm wrong but it is perfectly possible to create this app without firebase. One would need to:

• set up dedicated server for eRouška (with DB, providing REST interface) - you have probably done that by the sneak-peak to the code
• generate unique ID for each user (this ID would be saved in eRouška installation on the phone - when registered)
• this ID would be used to identify user when:
  • sending exposure keys from COVID-19 positive user
  • sending notification to exposed user
• these unique user IDs could also serve for statistics purposes (count number of users that registered in eRouška)

Firebase is in the end used just for push notifications and that can be optional. Am I missing something? Maybe I'm simplifying it too much and seeing it jako Hurvínek válku :)

[davidvavra]

Push notifications are optional. But our backend is not. We chose Google Cloud Platform as hosting, because the reference implementation was ready-made for GCP and it was easiest to integrate. Migrating somewhere else would be a major effort. The service from Firebase we are using for activation are these:

• https://firebase.google.com/docs/functions
• https://firebase.google.com/docs/auth

[kotelnik]

Again, thanks for fast replying!

Here are my thoughts on privacy/security - I may be wrong.

I think it is OK to use GCP and ready-made reference impl. as long as there is no way for third party (Google in this case) to connect particular user (e.g. with phone number / google account) with his exposure keys. And also the app (largely advised by government for wide usage) should not force people to use platforms not respecting their privacy.

FirebaseFunctions are open source, FirebaseAuth sadly not. Therefore even when calling signInWithCustomToken we cannot be sure that closed-source implementation is not connecting user Google account with your custom generated registration token. What is this token used for, anyway? Just for getting covidStats and for pushNotifications? Maybe I'm missing something.

FirebaseAuth is btw. probably the only thing (not sure though) which does not work on open-source Andorid systems including mine. If the only benefits are covidStats and notifications, its use could be optional in my opinion - what do you think? Here is full error log after taping 'finish activation':

10-20 20:38:05.832 27325 27398 W System.err: org.json.JSONException: No value for manufacturer
10-20 20:38:05.832 27325 27398 W System.err:    at org.json.JSONObject.get(JSONObject.java:399)
10-20 20:38:05.833 27325 27398 W System.err:    at org.json.JSONObject.getString(JSONObject.java:560)
10-20 20:38:05.833 27325 27398 W System.err:    at com.jaredrummler.android.device.DeviceName$DeviceInfo.<init>(DeviceName.java:374)
10-20 20:38:05.833 27325 27398 W System.err:    at com.jaredrummler.android.device.DeviceName$DeviceInfo.<init>(DeviceName.java:347)
10-20 20:38:05.833 27325 27398 W System.err:    at com.jaredrummler.android.device.DeviceName.getDeviceInfo(DeviceName.java:186)
10-20 20:38:05.833 27325 27398 W System.err:    at com.jaredrummler.android.device.DeviceName.getDeviceInfo(DeviceName.java:152)
10-20 20:38:05.833 27325 27398 W System.err:    at cz.covid19cz.erouska.utils.DeviceInfo.getDeviceName(DeviceInfo.kt:23)
10-20 20:38:05.833 27325 27398 W System.err:    at cz.covid19cz.erouska.net.FirebaseFunctionsRepository.register(FirebaseFunctionsRepository.kt:32)
10-20 20:38:05.833 27325 27398 W System.err:    at cz.covid19cz.erouska.ui.activation.ActivationVM$activate$1.invokeSuspend(ActivationVM.kt:37)
10-20 20:38:05.833 27325 27398 W System.err:    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
10-20 20:38:05.833 27325 27398 W System.err:    at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:56)
10-20 20:38:05.833 27325 27398 W System.err:    at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571)
10-20 20:38:05.833 27325 27398 W System.err:    at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:738)
10-20 20:38:05.833 27325 27398 W System.err:    at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678)
10-20 20:38:05.833 27325 27398 W System.err:    at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665)
10-20 20:38:06.033 27325 27401 W DynamiteModule: Local module descriptor class for com.google.android.gms.providerinstaller not found.
10-20 20:38:06.033 27325 27401 W DynamiteModule: IDynamite loader version < 2, falling back to getModuleVersion2
10-20 20:38:06.033 27325 27401 D GmsDynamiteLoaderImpl: unimplemented Method: getModuleVersion for com.google.android.gms.providerinstaller
10-20 20:38:06.033 27325 27401 I DynamiteModule: Considering local module com.google.android.gms.providerinstaller:0 and remote module com.google.android.gms.providerinstaller:0
10-20 20:38:06.034 27325 27401 W ProviderInstaller: Failed to load providerinstaller module: No acceptable module found. Local version is 0 and remote version is 0.
10-20 20:38:06.045 27325 27401 D GmsProviderInstaller: Provider installer invoked for cz.covid19cz.erouska
10-20 20:38:06.052 27325 27401 V NativeCrypto: Registering org/conscrypt/NativeCrypto's 284 native methods...
10-20 20:38:06.069 27325 27401 D GmsProviderInstaller: SSL provider installed
10-20 20:38:06.119   722 27404 E ResolverController: No valid NAT64 prefix (116, <unspecified>/0)
10-20 20:38:06.705 27325 27398 I BiChannelGoogleApi: [FirebaseAuth: ] getGoogleApiForMethod() returned Gms: com.google.firebase.auth.api.internal.zzao@2f39a44
10-20 20:38:11.477  1765  1792 E LightsService: Light requested not available on this device. 2
10-20 20:38:11.497 22104 22104 D GmsGcmRegisterSvc: onBind: Intent { act=com.google.android.c2dm.intent.REGISTER pkg=com.google.android.gms }
10-20 20:38:11.507 22104 22104 D GmsGcmRegisterHdl: handleMessage: package=cz.covid19cz.erouska what=1 id=2
10-20 20:38:11.528 27325 27355 W FirebaseInstanceId: Token retrieval failed: SERVICE_NOT_AVAILABLE. Will retry token retrieval

I think the last log line is the real problem here.

And one more note. I hope that hygiene workers don't use Google products to generate and send special SMS to users. If I understand the flow right, some 8-digit code from SMS is being sent to verifyCode, then result goes to verifyCertificate and finally generated certificate along with exposure keys in plaintext is sent to reportExposure being all google provided services.

Thanks for being patient with me :)

[davidvavra]

The last line (instance id) is related to push notifications, not auth. They are indeed optional. Auth is needed for calling other Firebase Functions. It guarantees, that the function was called with the same account that called RegisterEhrid function during app activation. Currently we use it for two functions:

• RegisterNotification - it increases a counter for every notification received on a device. We need it statistics how is eRouška effective. We publish this data on socal media. Without this security, it will be easy to call this endpoint outside the app and distort this data.
• GetCovidStats - we want only the app to call this endpoint, not anybody else, only for reason of pricing (if some news service was consuming the API, we will be paying for it)

We are also thinking about new functions and Auth is important piece of security of those functions.

[vanous]

@kotelnik i had the same (un)success when i tried back then. FYI, the German CoronaWarn app does run with uG on LOS.