The blockade of the United States to Huawei still kicks in the mobile market, since the Chinese manufacturer has not been able to certify the recent Huawei Mate 30 and Mate 30 Pro to use Google services. That is, you cannot have Google Mobile Services and, therefore, YouTube, Google Pay, Gmail and many other apps do not work Google owners no matter how free Android is. Because Android is free, but not 100%.

However, it seems that there is a "trick" to be able to have Google services in the last Mate 30. A trick that has worked in the past for other phones of the Chinese march and that would have to do with a back door in the Huawei system. A back door that should not exist for security reasons but that is there, and that maybe it exists voluntarily. And using that door, and LZPlay, you can have Google services.

No Google Mobile Services, no party, does it?


The main problem with the recent Huawei is the one we have commented previously. Google does not allow you to install Google Mobile Services and we don't have any of its services, including the Google Play app store. Huawei has solved it with its own app store but in it there are not all the main Android apps at the moment, something that they intend to solve at the stroke of a booklet with the express adoption of their new Huawei Mobile Services by the developers.

And while this happens, Huawei would have a backdoor in its system to allow the installation of applications that require privileged permissions. An API, specifically, for which there is no documentation but that is there, and LZPlay uses it to install Google Mobile Services in the system. In short: to convert the Mate 30 phones "certified by Google" without really being. A trick, and a security problem.

LZPlay permissions

According to John Wu, the creator of Magisk, the most common in Chinese phones without Google certification is to have a pre-installer inside the phone. A system that is known as stub and that carries out all the processes to install apps in principle not allowed by Google on your phones. This process has to be executed by the users themselves, so that the manufacturer technically does nothing wrong, although in these behaviors there are always gaps and grays.

However, in the operating system of Huawei phones there are no such stubs, but Google Mobile Services are installed thanks to LZPlay, and this is where John Wu has started his research. The developer has found two permissions inside LZPlay and granted by the system. These permissions make use of one or several APIs for the management of devices that are not listed (yes the APIs but not these permissions) in the official Huawei documentation. However, Huawei has signed LZPlay to operate with its phones. So that Huawei would know that LZPlay exists and LZPlay would know that there is an undocumented API.

LZPlay does not use tricks but uses Huawei's own methods

Huawei Mobile Services

This API is included in what is known as MDM or Mobile Device Management, a series of APIs that are usually used to install apps to control the devices of company employees, such as prohibiting the installation of apps and others. But unlike other MDMs, Huawei has not documented these processes of its APIs used by LZPlay, and its use is somewhat advanced. Wu says that "for some reason, Huawei has partially undocumented MDM APIs that allow apps to install other system apps and install apps that cannot be uninstalled."

We are not talking about a system to flash ROMs or certain apps, or unlock the bootloader, as LZPlay does its "magic" without touching a single bit of the Huawei bootloader, which arrives factory locked and that the company does not want to unlock or allow others to do so. Thus, there is no other than to consider these MDM APIs as a backdoor to the Huawei system that LZPlay knows, and that Huawei knows that LZPlay knows.

Backdoor or not, LZPlay uses methods developed by Huawei itself and have not been publicly communicated

In fact, Wu concludes that "Huawei is aware of LZPlay and explicitly knows its existence," while "the developer of this app somehow knew these undocumented APIs, signed legal documents, passed various stages of reviews and eventually got Huawei to sign its app. " So that, Huawei would have explicitly allowed Google Mobile Services to be installed in your operating system despite knowing that you should not allow it.

On the table is the fact that Huawei would know what LZPlay is doing and that its developer is accessing APIs "protected by a rigorous verification process" on the side of the Chinese firm. An interesting case study on whether there has been communication between both parties, and what implications this has in the case of Huawei against the United States. From Webedia we have contacted Huawei to know its version of the events but we await your response.

Via | John wu