Ever since news broke out Huawei’s latest flagship smartphone M30 that it would not be allowed to ship with Google services after Huawei lost the licence to access Android, When Mate 30 Pro was revealed, it came with basic, open-source Android and not the more advanced Google Mobile Services that includes Google Play Store, Gmail, Google Maps etc. But sticking to its usual Chinese dubious nature, Huawei most certainly deployed a workaround in its new flagship phone M30 which lets users download the google apps.
Security researcher John Wu published an extremely detailed post on Tuesday on Medium Cybersecurity that explained how users of Huawei’s Mate 30 Pro were able to manually download and install the US-based Google apps, despite the blacklisting that prohibits Huawei from using American components and software.
The process allowed the Mate 30 Pro (along with the basic Mate 30) to run popular apps like Google Maps and Gmail that otherwise would not be permitted. An easy-to-use app enabling the installation of Google apps and services on the Mate 30 Pro, called LZPlay, had emerged alongside the device’s release, however, the unofficial workaround to the Trump administration ban on using Google apps and services has disappeared after Wu’s posting. The researcher said in his findings that “it is pretty obvious that Huawei is well aware of this ‘LZPlay’ app, and explicitly allows its existence.
The amount of Huawei apologists on Reddit is hilarious. Is the backdoor super dangerous? No, but it can be abused by other attacks. Should we trust a company deliberately creating a backdoor to obtain unlicensed software, while being funded by a autocracy government?
NO.
— John Wu (@topjohnwu) October 1, 2019
Until now, the installation was made possible thanks to an app, called LZPlay, available from a Chinese website, but LZPlay has now been taken offline and those who have downloaded it find it behaving differently all if a sydden Even if LZPlay was legal, this backdoor should never exist in the first place from a security standpoint. There is a reason why system apps are allowed to have additional privileges: they exist on a cryptographically verified read-only partition. Despite the fact that the certificate to escalate a user app to system app is gate-kept by a trusted party, Huawei, as long as things are stored on a writable partition (userdata), it is susceptible to malicious tampering, and should not be treated the same.
The fortunes of Huawei have taken a downward spiral in the last one year. The issue of security breach has been very harmful to the Chinese tech major and many markets other than the USA like United Kingdom, France, Germany, Japan, and Australia have banned Huawei over security concerns. US blacklisted Huawei over the charges of espionage and doing business with Iran. Huawei also gave unauthorized access to private data of users around the world to the People’s Liberation Army. The company has been hit hard due to the ban as it is no longer being able to do business with American companies which are an integral part of its manufacturing ecosystem.
Indian government should also impose a ‘complete ban’ on Huawei in the country, as it is now a pressing matter of National Security. India has not yet taken an official call on Huawei as of now. Telecommunications Minister, Ravi Shankar Prasad had stated that a call would be taken on Huawei soon after assuming office. However, a decision has been delayed on this issue amidst the ongoing US-China trade war. The Indian telecom companies are already planning to leave the Chinese company out of the core 5G network. “Given how there are global security concerns regarding Huawei’s equipment, nobody wants to get caught in the crossfire. It’s better to be safe and deploy Huawei in the non-core part of the 5G network,” said a senior telecom executive. China and Huawei must understand that these backdoor apps that they have intentionally left in their headsets would be quickly found out and therefore they should try to be as honest as possible. Already reeling under the bans imposed by different countries, Huawei is now playing with its own reputation and tarnishing it further.
