19:09 GMT02 June 2020
Listen Live
    Tech
    Get short URL
    136
    Subscribe

    After the Trump administration banned US companies from doing business with Huawei several months ago, owners of the Chinese company’s latest Mate 30 Pro are trying to reinstall Google services – but not exactly in the safest way.

    The lack of Google apps is a serious black mark on the company’s most advanced device, as it is now shipping without the Android app ecosystem and without apps like the PlayStore, Gmail, Google Maps, YouTube, Chrome, the Google Assistant, and more. The company had to react after the US government blacklisted Huawei in May over claims that it has connections with the Chinese secret service. Beijing denied the allegations, but Washington still banned US businesses from making deals with the corporation without first procuring special licenses. Google warned about the security risks of the ban, but later stopped updating its products on Huawei devices.

    Usually installing them on devices that have no pre-installed Google ecosystem, like Amazon Kindle Fire devices, custom ROMs based on the open source Android code (like LineageOS), and on imported devices meant for the Google-free Chinese market, is no problem. The gray market distribution of Google apps is something the Android modding scene has down to a science.

    However, it appears that none of these methods works on the Mate 30 Pro as they rely on either an unlocked bootloader, which allows users to flash Google apps to the normally read-only system partition, or they rely on "stub apps" left in the system partition by the device manufacturer specifically for the Google apps, so sideloaded versions can get the system-level permissions they need to work. The Mate 30 doesn't allow for either method.

    The only approach that has worked so far is through a website called Lzplay.net. It seemingly installs six system apps in the blink of an eye with almost no user interaction, but there is a little problem: it plugs into Android's Mobile Device Management (MDM) API, which is meant for enterprise services like Android for Work, or your company's IT department. In other words, it is a remote management API that is meant to give your IT department full control over a company-issued device, allowing them to silently install and uninstall apps, change the lock screen password, remote-wipe the device, and so on. 

    While granting such permissions is fine if you give it to an entity you 100-percent trust: apps like Google's Android for Work, an app from your company's MDM provider for your company-issued phone, or maybe you have an Android-powered kiosk or IoT device that you personally want to manage remotely, Lzplay.net doesn’t seem to be a trustworthy website. A whois lookup shows the site is hosted in mainland China and was created just three months ago, and aside from this, there is zero information available on who owns it or who designed it. Uninstalling the device administrator app is not as easy as uninstalling a normal app, either—you can't remove the app unless you first dig through the settings and remove it as the administrator first.

    Although nothing malicious has reportedly happened to those who installed Lzplay on their phones yet, the potential risk is huge. Using the device administrator privileges, it could easily fill your phone with bitcoin miners, remotely install ransomware, or brick your phone. Yet it remains the only way for Huawei Mate 30 Pro users to enjoy Google services so far.

    Related:

    US Blacklist Backfires as Huawei Starts Building 5G Base Stations Without American-Made Parts
    Huawei CEO Says Company Started 6G Research ‘A Long Time Ago’, Brushing Off Blacklisting Fears
    Huawei Mate 30 Remakes Supply Chain, Finds Domestic Suppliers Amid US Ban
    Huawei Set to Launch Video Service in Russia Amid Efforts to Replace US-Made Software
    Tags:
    services, Google, Huawei, Huawei
    Community standardsDiscussion
    Comment via SputnikComment via Facebook