The culebrn between Google applications and the Huawei Mate 30 It seems far from cesar. The developer John Wu published an extensive analysis in which he revealed that the operating system present in the Huawei phone includes certain mechanisms to install applications in the system folder without the need to unlock the bootloader or make another modification equivalent to the equipment.
This kind of backdoor not present in other Android phones allows, therefore, install Google applications from an external source without altering the factory state of the equipment, just as the LZPlay utility offers. However, hours after this report was published, the tool disappeared from the network and, almost simultaneously, the Huawei Mate 30 stopped passing the SafetyNet verification controls, a software designed by Google that verifies the integrity and security of the equipment before proceeding with the installation of certain applications.
Soooo uhh this is new.
Since today's developments, Mate 30 Pro now fails SafetyNet. Last week it passed.
What the what pic.twitter.com/fPeaWUHD2v
Alex Dobie (@alexdobie) October 1, 2019
Alex Dobie, executive editor of the publication Android Central, he said in a tweet that, before John Wu's investigation was published, Huawei s phone passed the SafetyNet tests, which is an indispensable requirement to install Google applications and ensure the proper functioning of its services once installed. Behind this block, in principle, will be Google, who maintains control of the SafetyNet system.
This situation also It affects people who installed Google applications before blocking. Failure to pass SafetyNet checks, Google services are disabled and applications such as Google Pay or Gmail stop working properly on the device.
So as per @alexdobie original tweet. Failed CTS check = no more Google Pay working. So I tested.
But considering this was working less than 2 days ago, this is not good. pic.twitter.com/0E8pGNtY97
Damien Wilde (@iamdamienwilde) October 1, 2019
Huawei, in a statement sent to Android Centralassures have no relationship with the LZPlay utility, which makes use of APIs present in the phones but not documented by the manufacturer. "The recent Mate 30 range from Huawei does not have the GMS (Google Mobile Services) preinstalled, and Huawei has not been involved with www.lzplay.net," says the company.
The existence of these APIs in the Mate 30 operating system suggests that Huawei is working on alternative methods to facilitate the installation of Google services on their phones. In fact, developer John Wu says the manufacturer was aware of the existence of LZPlay and allowed its operation:
It is quite obvious that Huawei is aware of this "LZPLay" application and has explicitly allowed its existence. The developer of this application has obtained the information of these undocumented APIs in some way, has signed the legal agreements, has managed to pass the different stages of review and, eventually, got Huawei to sign the application.
To make use of these APIs, as John Wu explains, any developer must pass a verification process by Huawei, which certifies or not the application based on a series of parameters. However, this constitutes a relatively weak link in the chain, as an error in the manufacturer's certification process could facilitate the installation of malicious applications in the Mate 30.
In any case, the withdrawal of LZPlay and the discovery of these high-access APIs constitutes a new chapter in the particular battle played by Huawei, which seeks to alleviate damage to the sanctions imposed by the United States Government and that affects, especially, its European division.