The official microG OS project (https://lineage.microg.org/) leaked their private keys for logging into their servers and signing releases:
https://github.com/lineageos4microg/l4m-wiki/wiki/December-2025-security-issues
We make our official builds on local machines. Our signing machine’s keys aren’t ever on any storage unencrypted.
Our roadmap for improving security of verifying updates is based on taking advantage of the reproducible builds. We plan to have multiple official build locations and a configurable signoff verification system in the update clients also usable with third party signoff providers.
We don’t have faith in any available commercial HSM products being more secure than keeping keys encrypted at rest on the primary local build machine. Instead, we’re planning to develop software for using the secure element on GrapheneOS phones as an HSM for signing our releases.
Why are they talking about MicroG at all?
Due to it being a project that pur users privacy/safety at risk by leaking the private keys.
Okay but they don’t use MicroG? There are dozens of CVEs posted every day and they never talk about any of those?
Our response was, as it is in most cases to help educate people who use it and the OS ecommended by microG themselves since they have deeper microG integration than what’s available in official LineageOS. It’s an official part of the microG project and it reveals a lot about their overall approach to privacy and security in the project.
We are often asked why we don’t implement it instead of sandboxed Play Services and this just goes to further reinforce that position.
