Xposed module to spoof package signatures.
- Supports Android >= 1.5 (Cupcake)
- Compatible with the standardized spoofing mechanic (microG)
- Allow any package to spoof their signature through manifest properties
- Allow bypassing GMS checks
- Spoofing gated behind a permission
- Use Magisk to root your device
- Enable Zygisk
- Install LSPosed or the updated LSPosed fork
- Install XSpoofSignatures from here
- Enable it in LSPosed
- Verify that signature spoofing works via Signature Spoofing Checker
- You can now use apps that require signature spoofing (like microG)
XSpoofSignatures supports two methods of spoofing:
- Sole signer [DEFAULT]: spoof to be the only signer on a package
- First signer: spoof to be the first signer on a package (multi signers)
- Note: this does not work for all signer checks such as GMS
Each package must declare and request (at runtime) the android.permission.FAKE_PACKAGE_SIGNATURE permission.
If the permission is not granted then no spoofing will occur.
This module will check for two <meta-data> tags for each package that wants
to spoof it's own signature:
fake-signature-> The certificate fingerprint in hexfake-signature-only(optional, defaulttrue) -> Refer to "Sole signer" above
To see an example usage of signature spoofing, see sigspoof-checker.