self package targeting for side by side install revanced coregms

[zappybiby]

Several call sites were still using GMS_PACKAGE_NAME even when they were really trying to target the currently installed GmsCore APK. This change switches those sites to runtime self-package resolution, while keeping the remaining explicit package cases unchanged.

Goals of the patch:

If a call site means "this installed GmsCore APK", use the runtime self package.
If a call site means the canonical Google package identity for protocol, network, spoofing, or compatibility, keep Constants.GMS_PACKAGE_NAME.
Do not use USER_MICROG_PACKAGE_NAME as a generic stand-in for "self".
Do not derive remote Maps / Dynamite resource contexts from a caller or embedding-app Context.

As part of the changes, the identified issue affecting patched YT Music app and Android Auto (DynamiteContextFactory) is fixed. DynamiteContextFactory no longer resolves the GmsCore package context through GMS_PACKAGE_NAME, and now uses BuildConfig.APPLICATION_ID instead. That keeps the YT Music on Android Auto Dynamite path working for renamed/repackaged installs.

Closes ReVanced/revanced-patches#6602

[oSumAtrIX]

If a call site means "this installed GmsCore APK", use the runtime self package

This can be optimized with a compile time constant, sparing resolving the package name dynamically. Check if this reduces the amount of code changes needed. (BuildConfig.APPLICATION_ID like you already used works well)

[oSumAtrIX]

I am wondering why upstream decided to use the constant here instead of context.packageName?

[zappybiby]

I assume upstream used the constant simply because, at the time, canonical com.google.android.gms was assumed to be the app’s own package, so there was no practical difference from context.packageName.

I tested revanced coregms + stock gms with Constants.GMS_PACKAGE_NAME:

• actual serving APK: app.revanced.android.gms
• activity component in intent: app.revanced.android.gms/...UserConsentPromptActivity
• package field in intent: com.google.android.gms
• result: still launches ReVanced activity because the intent was already explicit before setPackage(...) was called. but package field points at the wrong app.

So effectively,

• Intent(context, UserConsentPromptActivity::class.java) set the component to
  app.revanced.android.gms/...UserConsentPromptActivity
• setPackage(Constants.GMS_PACKAGE_NAME) then added package=com.google.android.gms

So the change to context.packageName does not change what app receives the SMS Retriever result. It only fixes which GmsCore package this internal consent activity launch is addressed to. In the ReVanced GmsCore + stock GMS setup, that internal activity belongs to ReVanced GmsCore, not to com.google.android.gms, so context.packageName is the correct self-target here.

[oSumAtrIX]

context.packageName is the correct self-target here.

Would it be possible to use BuildConfig.APPLICATION_ID? Using a constant would match the original code more because upstream also used a constant.

[zappybiby]

It's a library module so we can't directly use application id here (you could pipe it in, but that would be messy and not ideal for one use)

The most direct replacement currently is the user_microg_package_name constant. But I assume we want to do something with that, whether we deprecate it or rename it.

[oSumAtrIX]

Was this supposed to be closed?

[zappybiby]

context.packageName can't be used (that can be the client app’s package in this path) and app BuildConfig isn't directly accessible

Do you just want to use Constants.USER_MICROG_PACKAGE_NAME? a new constant? Relates to MultiArchLoader

[oSumAtrIX]

Do you just want to use Constants.USER_MICROG_PACKAGE_NAME? a new constant? Relates to MultiArchLoader

I see. Well, here's the deal with our fork of GmsCore. GmsCore upstream has a new flavor for user installs of GMS. ReVanced GmsCore, technically matches this flavor. In other words, we should build and serve the user flavor of GmsCore to everyone. However, using Constants.USER_MICROG_PACKAGE_NAME would be wrong because if we compile the regular flavor, the package name would be incorrect. We require a constant, that matches the current package name. The hack below works. However, what is the reason BuildConfig isn't directly accessible? Maybe it just requries toggling a flag in the Gradle build file? If so, then we can simply use BuildConfig, like it is possible everywhere else.

[zappybiby]

Because BuildConfig.APPLICATION_ID inside MapContext would refer to the mapbox library BuildConfig, not the app’s.

this is the BuildConfig you get: org.microg.gms.maps.mapbox.BuildConfig

But APPLICATION_ID exists on the app generated class: com.google.android.gms.BuildConfig

So:

• the library can access its own BuildConfig
• its own BuildConfig does not contain APPLICATION_ID

The library cannot import the app’s BuildConfig because the app is built on top of the library, not the other way around.

So BuildConfig.APPLICATION_ID does not work directly because it means “this module’s BuildConfig,” and in that module, that field is not there.

I wired it into the gradle build.

[zappybiby]

The alternative to this would be using Constants.USER_MICROG_PACKAGE_NAME - just trying to figure out what we want to handle USER_MICROG_PACKAGE_NAME going forward.

[oSumAtrIX]

https://github.com/ReVanced/GmsCore/pull/308/changes#r2942926963

[jenno-verdonck]

Should the issues related to this PR be added to it so that they get automatically closed and so that people can more easily find it?

[Ushie]

In the opening message of this PR you can add

"Closes #number" as many times as you want

[oSumAtrIX]

Does this PR also solve notifications, apparently people don't receive them currently

[jenno-verdonck]

In the opening message of this PR you can add

"Closes #number" as many times as you want

I know but I did not create the PR so I can't edit the opening message.

[zappybiby]

I don't want to pivot too far off the main focus of the PR, but I did see the patched YTM app did send me this notification, which I believe is remote? You can see in my screenshot that both the stock app and the patched app sent it (YT Music Revanced is the 9:34 notification)

I'm not sure what exactly notification-wise wasn't working for users, I don't normally have notifications on.

Remote notification diagnostic excerpt

(Note: some aspects of my debugger tool aren't working properly, like the live downstream event watcher, so that's why none is shown)
label=firebase-transport-get-token-result | detail=tokenLength=142 | tokenPrefix=egj7IuKgTnGAH9S...
2026-03-14 21:34:27 | category=app-side | package=app.revanced.android.apps.youtube.music | label=firebase-receive-instanceid-receiver | detail=appState=service | replay=false | payloadProfile=<empty> | messageId=<empty> | focus=class=sdv | payload=class=sdv | repr=sdv@bfe55a
2026-03-14 21:34:27 | category=app-side | package=app.revanced.android.apps.youtube.music | label=firebase-receive-app-handler | detail=appState=service | replay=false | payloadProfile=<empty> | messageId=<empty> | focus=class=bcyd | payload=class=bcyd | repr=bcyd@8116881
2026-03-14 21:34:27 | category=app-side | package=app.revanced.android.apps.youtube.music | label=firebase-receive-app-handler-return | detail=completed

2026-03-14 21:34:28 | package=app.revanced.android.apps.youtube.music | title=New release for you | text=77yolan • lul_0 | channel=5 | id=99
2026-03-14 21:36:21 | package=com.google.android.apps.youtube.music | title=New release for you | text=77yolan • lul_0 | channel=5 | id=99

app.revanced.android.apps.youtube.music
---------------------------------------
Installed -> installed | version=8.10.52 | targetSdk=35
GmsCore DB app row -> known=true | allowRegister=true | wakeForDelivery=true | lastError=<empty> | lastMessage=2026-03-14 21:34:27 | totalMessages=1 | totalBytes=2692
GmsCore registrations -> 1 row(s): signature=1d8d63eb8... | timestamp=2026-03-14 18:42:40 | regId=egj7IuKgTnGAH9SEb...
App-side diagnostics -> 56 event(s) | last=2026-03-14 22:52:01 | firebase-transport-get-token-result | tokenLength=142 | tokenPrefix=egj7IuKgTnGAH9S...
Register provider probe -> none
Token request probe -> none
Firebase transport probe -> 52 event(s) | last=2026-03-14 22:52:01 | firebase-transport-get-token-result | tokenLength=142 | tokenPrefix=egj7IuKgTnGAH9S...
Registration handshakes -> none
Registration persistence -> none
Live downstream delivery -> none
Downstream receiver path -> receiverPermission=none | receivers=1 match(es): app.revanced.android.apps.youtube.music/com.google.firebase.iid.FirebaseInstanceIdReceiver
Firebase messaging service -> 2 match(es): app.revanced.android.apps.youtube.music/com.google.android.apps.youtube.music.notifications.FcmMessageListenerService, app.revanced.android.apps.youtube.music/com.google.firebase.messaging.FirebaseMessagingService
Firebase receive handlers -> 4 event(s) | last=2026-03-14 21:34:27 | firebase-receive-app-handler-return | completed
Downstream replay probe -> 2 event(s) | last=2026-03-14 10:28:31 | probe-result | messageId=diag-1773498511542 | payloadProfile=data_only_generic | matched=0 | dispatched=0 | permission=non... | payloadProfile=<empty> | postProbeAppState=service | postProbeHandlers=4 event(s): firebase-receive-new-token, firebase-receive-instanceid-receiver, firebase-receive-app-handler, firebase-receive-app-handler-return | postProbeReplayUi=24 event(s) | last=2026-03-14 21:34:28 | title=New release for you | text=77yolan • lul_0 | channel=5 | postProbeLocalUi=none

Is there an existing issue for notifications to discuss that part more?
I am still looking into the best way to test and diagnose remote notifications, to see if there's any change or if package renaming is related to the issue.

And @oSumAtrIX do you have thoughts on the microg package constant I mentioned in my comments? The PR functionally is essentially complete for the scope I wanted to cover, I verified the call sites resolve to correct package.

[oSumAtrIX]

What is the reason for this change here? Why was remoteContext changed to detectorContext?

Whats the reason GooglePlayServicesUtil.getRemoteContext cant be used here? Is it internally using the original GMS package name?

[oSumAtrIX]

https://github.com/ReVanced/GmsCore/pull/308/changes#r2942933804

[oSumAtrIX]

https://github.com/ReVanced/GmsCore/pull/308/changes#r2942933804

[oSumAtrIX]

https://github.com/ReVanced/GmsCore/pull/308/changes#r2942933804

[oSumAtrIX]

Apart from the review, rest lgtm. I would like to understand a last question apart from those:

How did you determine the completeness of the changes in this PR? If you just did it by skimming the code, there is possibilty that we missed changing something. Is there maybe a systematic approach to verify, that the fix is applied correctly everywhere where applicable?

[oSumAtrIX]

Is there an existing issue for notifications to discuss that part more?

Users dont receive notifications, i am not sure if this PR solves it, but since you receive notifications (with this PR) I assume it'll fix it too.

[zappybiby]

Apart from the review, rest lgtm. I would like to understand a last question apart from those:

How did you determine the completeness of the changes in this PR? If you just did it by skimming the code, there is possibilty that we missed changing something. Is there maybe a systematic approach to verify, that the fix is applied correctly everywhere where applicable?

Using androguard,
inventory-package-rename-sinks.py
I looked at common package rename sinks:

Common package rename sinks reviewed

Intent.setPackage(...)

Intent.setClassName(...)

Intent.setComponent(...)

ComponentName(...)

Context.createPackageContext(...)

PackageManager.getPackageInfo(...)

PackageManager.queryIntentServices(...)

PackageManager.resolveContentProvider(...)

ContentResolver.query(...), insert(...), update(...), etc.

Strings reviewed

I looked at strings containing:

exact:

com.google.android.gms

com.google.android.gsf

app.revanced.android.gms

org.microg.gms

contains:

.permission.C2D_MESSAGE

.c2dm.permission.

.gtalkservice.permission.

content://

com.google.android.gms.iid

com.google.android.c2dm

phenotype

subscribedfeeds

com.google.settings

google.messenger

prefix:

com.google.android.gms.

app.revanced.android.gms.

org.microg.gms.

Code paths reviewed for possible package renaming

I looked at code that could possibly relate to package renaming

Class.forName(...)

Class.getMethod(...)

Method.invoke(...)

Constructor.newInstance(...)

ClassLoader.loadClass(...)

System.loadLibrary(...)

Runtime.loadLibrary(...)

There were only two exercised runtime buckets that did not immediately collapse to a simple “app targeted ReVanced GmsCore and Android resolved ReVanced GmsCore” result.

After investigating them, they do not currently look like missed rename call sites where ReVanced functionality already exists, and I don't see further changes that need to be made.

Cronet HTTP-flags probe

The first is the Cronet HTTP-flags probe, which is a stock-only external probe:

{"package":"app.revanced.android.youtube","label":"rename-sink-pm-resolve-service","payload":{"intent":{"action":"android.net.http.FLAGS_FILE_PROVIDER"},"match":{"package":"com.google.android.gms","name":"com.google.android.gms.chimera.GmsApiService"},"callSite":"bgrj#run:78"}}

Media-route discovery

The second is media-route discovery. It was worth mentioning because the discovery query returns both stock and ReVanced matches, which is exactly the kind of output that could hide a missed rename if the app later chose the wrong target. In the exercised path here, that is not what happened: discovery is dual at query time, but the later bind is still ReVanced GmsCore:

{"package":"app.revanced.android.youtube","label":"rename-sink-pm-query-intent-services","payload":{"intent":{"action":"android.media.MediaRouteProviderService"},"matches":[{"package":"com.google.android.gms","name":"com.google.android.gms.cast.media.CastMediaRoute2ProviderService_Persistent"},{"package":"app.revanced.android.gms","name":"com.google.android.gms.cast.media.CastMediaRouteProviderService"}],"callSite":"dfy#b:93"}}
{"package":"app.revanced.android.youtube","label":"rename-sink-intent-set-component","payload":{"requestedComponent":"app.revanced.android.gms/com.google.android.gms.cast.media.CastMediaRouteProviderService","emittedIntent":{"action":"android.media.MediaRouteProviderService","component":"app.revanced.android.gms/com.google.android.gms.cast.media.CastMediaRouteProviderService"},"callSite":"dfw#f:14"}}

Missing-endpoint cases

Separately from those two live runtime exceptions, there are also a few missing-endpoint cases ReVanced GmsCore does not currently expose the corresponding endpoint/module.

• wallet checkout: YouTube yea / YT Music aevk go through wallet builders qbp / qbw, which package com.google.android.gms.wallet.ACTION_CHECKOUT to app.revanced.android.gms; ReVanced GmsCore does not expose a checkout activity, while stock resolves com.google.android.gms/.wallet.ow.ChooseAccountShimActivity
• family create/invite: YouTube phi / YT Music suw construct rewritten ComponentNames for com.google.android.gms.family.v2.create.FamilyCreationActivity and com.google.android.gms.family.v2.invites.SendInvitationsActivity; those activities are absent in ReVanced GmsCore and present in stock
• cast settings: YouTube aets->onClick(...) and YT Music amxp->onClick(...) target app.revanced.android.gms/com.google.android.gms.cast.settings.CastSettingsActivity; that activity is absent in ReVanced GmsCore and present in stock
• vision fallback: YouTube qbi / YT Music ukf fall back to an explicit broadcast to app.revanced.android.gms/com.google.android.gms.vision.DependencyBroadcastReceiverProxy with action com.google.android.gms.vision.DEPENDENCY; that receiver is absent in ReVanced GmsCore and present in stock

Notifications

Lastly, for notifications:

• TOKEN_REQUEST / REGISTER look covered.
• In the latest raw runtime capture, both apps package those flows to app.revanced.android.gms, not com.google.android.gms.
• Receiver resolution landing on ReVanced GmsCore’s org.microg.gms.gcm.PushRegisterReceiver.

YouTube:

aoxi#b:35 TOKEN_REQUEST -> app.revanced.android.gms
aoxi#b:38 resolves PushRegisterReceiver in ReVanced GmsCore
oyl#e:56 com.google.android.c2dm.intent.REGISTER -> app.revanced.android.gms

YT Music:

bcuq#b:35 TOKEN_REQUEST -> app.revanced.android.gms
bcuq#b:38 resolves PushRegisterReceiver in ReVanced GmsCore
sel#e:56 REGISTER -> app.revanced.android.gms

The only currently stock pointing notification related call site is ACTION_SCHEDULE. ACTION_SCHEDULE is for GcmNetworkManager, which is an old background job scheduler API.

new Intent(ACTION_SCHEDULE).setPackage(GMS_PACKAGE_NAME).

My Analysis found no broadcast receiver in app.revanced.android.gms that can handle com.google.android.gms.gcm.ACTION_SCHEDULE.

I do not see any references to ACTION_SCHEDULE in YouTube or YouTube Music apk, so I do not think this finding has any relevance.

Summary: With the few stock-only call sites known, I don't see further missed renamed sites that aren't part of the few niche call sites that don't have a matching Revanced component we could switch them to.

[zappybiby]

To make BuildConfig.APPLICATION_ID resolve to the correct package for default vs user, we need to add the target flavors to play-services-vision/core itself. That changes the module from a flavorless published library into a flavored published library. Because play-services-vision/core also uses this shared publish script, it necessitates a small adjustment. Without that adjustment, it still assumes a single plain release variant and fails when building.

[oSumAtrIX]

I am not sure why this this has been changed. Is this not an issue with upstream gmscore?

[zappybiby]

It only had to be changed because you specified you wanted compile time resolution instead of at runtime.

To do this, we need play-services-vision/core/build.gradle to generate a compile-time BuildConfig.APPLICATION_ID.

A library module only gets its own BuildConfig. If that library stays flavorless, it can only generate one package constant. In this repo, the app still has two app package values app.revanced.android.gms and com.google.android.gms

Once we switch that module to compile-time BuildConfig.APPLICATION_ID, the module itself has to know which target package it was built for. That means adding the target flavors to play-services-vision/core. And because play services-vision/core is also published through the shared Android publish script, that new flavored module shape is what forces the small publish-android.gradle adjustment.

This change is required if you want compile-time BuildConfig.APPLICATION_ID. It is not required if you are okay with runtime package resolution, something like what was in the previous commit.

This isn't an issue with upstream coregms, it doesn't need play-services-vision/core to be flavored because It just uses one runtime helper that always resolves the canonical package.

[oSumAtrIX]

This isn't an issue with upstream coregms, it doesn't need play-services-vision/core to be flavored because It just uses one runtime helper that always resolves the canonical package.

What does "canonical package" mean here? Does it refer to the actual package name of the app? So if we change the package name, is it reflected in the canonical package too? If upstream used a runtime helper here, then we have no requirement to change that. You said:

You wanted compile time resolution

But this was relating to lines from upstream that were already compile time. If a line used Constants.GMS_PACKAGE_NAME then we also want to use a compile time constant, such as BuildConfig.APPLICATION_ID. But play-services-vision/core used

val remoteContext = GooglePlayServicesUtil.getRemoteContext(context) ?: throw RuntimeException("remoteContext is null")

If we check the implementation (here)[https://github.com/ReVanced/GmsCore/blob/main/play-services-base/src/main/java/com/google/android/gms/common/GooglePlayServicesUtil.java#L138] you will see it uses Constants.GMS_PACKAGE_NAME again. So why are we not simply replacing Constants.GMS_PACKAGE_NAME with BuildConfig.APPLICATION_ID?

[oSumAtrIX]

Every usage of getRemoteContext in this PR effectively is replaced with

context.createPackageContext(BuildConfig.APPLICATION_ID, Context.CONTEXT_INCLUDE_CODE or Context.CONTEXT_IGNORE_SECURITY)

So why not change the implementation of getRemoteContext so that instead of Constants.GMS_PACKAGE_NAME it uses BuildConfig.APPLICATION_ID.

[oSumAtrIX]

Summary: With the few stock-only call sites known, I don't see further missed renamed sites that aren't part of the few niche call sites that don't have a matching Revanced component we could switch them to.

Just to understand, you believe this is complete, but you can't verify it is? It's fine though, i think this second review you did should give enough confidence for completeness.

[zappybiby]

Summary: With the few stock-only call sites known, I don't see further missed renamed sites that aren't part of the few niche call sites that don't have a matching Revanced component we could switch them to.

Just to understand, you believe this is complete, but you can't verify it is? It's fine though, i think this second review you did should give enough confidence for completeness.

What I did was the static analysis with androguard as I described. I also attached runtime probes to GmsCore and a diagnostic patch for Revanced YT/YTMusic to ensure call sites are being correctly resolved.

I feel quite confident that all potential call sites have been addressed. Im not worried about the small things I saw that only have a stock gms functionality as I don't think they have any significant impact. I already verified that one notification finding is essentially an older API that isnt used in either YT or YTMusic.

I am not familiar with tools like Frida so that kind of dynamic analysis is not something I could do.