Account addition fails when "Authenticate with device registration" is enabled — is this expected?

[mkolegan]

Describe the bug
Account addition always fails when "Authenticate with device registration" is enabled

To Reproduce
Steps to reproduce the behavior:

1. Go to 'Google Accounts'
2. Keep "Authenticate with device registration" enabled (by default)
3. Click Add Google Account and follow instructions to add it
4. See error "Sorry.. There was a problem communicaing with Google servers. Try later"

Expected behavior
If the "Authenticate with device registration" setting is enabled, microG should either:
- Successfully register the device and add the account, or
- Clearly indicate that this option is incompatible with the current environment (e.g., due to missing DroidGuard) and prevent its use or warn the user. Also turn off it by default

Screenshots
If applicable, add screenshots to help explain your problem.

System
Android Version: 12
Custom ROM: custom aosp fork
MicroG version: v0.3.9.250932

Additional context
Log analysis reveals the key difference:

✅ When the setting is OFF:
The authentication request includes androidId=null.
→ Server responds with valid tokens (Auth, SID, LSID, Email, accountId).
→ AccountManagerService broadcasts LOGIN_ACCOUNTS_CHANGED — account is added. 

❌ When the setting is ON:
The request includes a real androidId (e.g., androidId=36100077e0388ed2).
→ Server responds with Error=ServerError.
→ Account is not added. 

In both cases I see in logs that, DroidGuard is unavailable (as expected in microG) and fallback is not implemented:

W GmsGuardHandleImpl: java.lang.IllegalAccessException: DroidGuard should not be available locally
W DGFallback: kotlin.NotImplementedError: An operation is not implemented: Not yet implemented

This indicates that Google’s auth backend rejects requests with a non-null androidId when DroidGuard is not present

Question:
Is this behavior intentional? Should the "Authenticate with device registration" setting be considered incompatible with account addition in current microG builds? If so, consider disabling it by default or adding a warning.

[ale5000-git]

When "Authenticate with device registration" is enabled => the ROM should provide (or fake) info of an officially Google certified phone otherwise adding account will fail.
You can either ask your ROM maintainer to fix their info or just select a device profile in microG settings.

When "Authenticate with device registration" is disabled => adding a Google account always works but this is just a workaround that Google can easily block in the future and it may also cause problems with some apps.

PS: DroidGuard is not related.

[mkolegan]

Hi @ale5000-git Thank you very much for your quick reply!

I tried following steps on my tablet:

1. go to Google device registration->Select profile->Google Nexus 5x
2. turn off, turn on Register -> got Status: Last registration 30 seconds ago
3. Go to Google Accounts, have "Authenticate with device registration" enabled
4. Add google account

And I still have same issue "There was a problem with communicating"
What I missed?

Also I tried this on Huawei stock device and see same behavior:
a) Fails to add account with "Authenticate with device registration" enabled
b) using profile "Google Nexus 5x" doesn't resolve the issue

Can you please give me more information what changes should be made by ROM maintainer?

[ale5000-git]

The bad info may be somewhat cached on the server on the first registration.

I suggest to:

• Disable internet/wireless
• Reset data (not just cache) of microG Services (this will change android id and everything)
• Select the profile
• Then enable internet/wireless

[mkolegan]

Hi @ale5000-git,

Great news — we’ve successfully added a Google account using microG by following these steps:

1. Flash a clean build (not just clearing cache)  
2. Do not connect to Wi-Fi yet  
3. In microG settings, select Google Nexus 5X as the device profile  
4. Connect to Wi-Fi  
5. Add Google account → Success!

As the maintainer of a custom ROM with microG pre-installed, we’d like to enable seamless, out-of-the-box Google account setup for our users — without requiring them to manually select a device profile or disable "Authenticate with device registration".

Could you please clarify what build-time or runtime configurations a ROM maintainer should provide so that microG uses it to create suitable device profile?
Our goal is to ensure that "Authenticate with device registration" works by default, providing the best possible compatibility with Google services while staying within microG’s design.

Thank you for your amazing work on microG!
Best Regards,
Maria

[Sapiosenses]

As the maintainer of a custom ROM with microG pre-installed

I would love to know which ROM that is, if you are willing to share. ;-)

[ale5000-git]

Hi @ale5000-git,

Great news — we’ve successfully added a Google account using microG by following these steps:

1. Flash a clean build (not just clearing cache)  
2. Do not connect to Wi-Fi yet  
3. In microG settings, select Google Nexus 5X as the device profile  
4. Connect to Wi-Fi  
5. Add Google account → Success!

As the maintainer of a custom ROM with microG pre-installed, we’d like to enable seamless, out-of-the-box Google account setup for our users — without requiring them to manually select a device profile or disable "Authenticate with device registration".

Could you please clarify what build-time or runtime configurations a ROM maintainer should provide so that microG uses it to create suitable device profile? Our goal is to ensure that "Authenticate with device registration" works by default, providing the best possible compatibility with Google services while staying within microG’s design.

Thank you for your amazing work on microG! Best Regards, Maria

The simple way is this:

1. Flash back the stock ROM to your device (if your device is certified by Google)
2. Create a device profile for the stock ROM with Android device profile generator: https://github.com/micro5k/microg-unofficial-installer/blob/HEAD/utils/profile-generator.sh
3. Flash your custom ROM again
4. Create a device profile for the custom ROM with Android device profile generator

Now compare the 2 device profiles and try to eliminate the differences in the sources of your custom ROM.

[mkolegan]

Hi @ale5000-git,

Thanks again for your help! Our device isn’t Google-certified, so we can’t use stock firmware to generate a valid profile.

Instead, we tried using a system profile by placing a Nexus 5X profile in /system/etc/microg_device_profile.xml. MicroG correctly detects it as a system profile, but account registration still fails. At the same time, loading the exact same file as a "User profile" works perfectly.

Looking at getProfileData() in ProfileManager.kt

GmsCore/play-services-base/core/src/main/kotlin/org/microg/gms/profile/ProfileManager.kt

Line 107 in 56e633e

if (profile != PROFILE_USER && getProfileResId(context, profile) == 0) return realData

It seems that for PROFILE_SYSTEM, the code falls back to realData. Only PROFILE_USER and built-in resource-based profiles bypass this check and actually load the XML content.

In my opinion, system profiles should override real device data just like user profiles do.

Would it make sense to update the condition to also exclude PROFILE_SYSTEM from the realData fallback? For example:
kotlin

if (profile !in listOf(PROFILE_USER, PROFILE_SYSTEM) && getProfileResId(context, profile) == 0) {
    return realData
}

There was a fix some time ago 10e72fa
We would like to extend it for system profile as well

Let me know what you think
Thank you,
Maria

[mkolegan]

Hi @ale5000-git,

There’s a small fix I’d like to propose to address the issue described above:
#3085

Could you please review it when you have a moment? If everything looks good, I’d appreciate it being merged.

Thank you!

[mkolegan]

As the maintainer of a custom ROM with microG pre-installed

I would love to know which ROM that is, if you are willing to share. ;-)

Hi! This is for custom device.

[Sapiosenses]

Hi! This is for custom device.

Aha, thanks.