Was Huawei allowing an unknown app to invade into our phones?

7

October

2019

5/5 (2)

As many of you probably know already, the Trump administration banned US companies from doing business with Huawei a few months ago. As a consequence, the Mate 30 Pro, Huawei’s latest flagship phone was launched without Google apps due to the import ban. The phone came with a basic, open-source Android instead of the advanced Google Mobile Service (e.g. Google Play Store, Gmail and Google Maps) we are accustomed to.

However, a few months ago an anonymous Chinese company called Lzplay came with a workaround. Through their website, you can easily download their app to gain access to Google services. Google apps should not be able to work on Mate 30 due to the lack of system-level permissions. However, Lzplay’s method managed to do so. Nonetheless, not without a price. According to John Wu, an Android security researcher, Lzplay used undocumented Huawei APIs inside the operating system that is used for device security to trick Google servers. What does this mean for your phone? After the installation of Lzplay, your Mate 30 Pro’s security is at risk since the application has administrator rights. That means that Lzplay can easily brick your phone or install ransomware without you noticing.

According to Huawei’s documentation for security authorization SDK, third party developers are required to sign legal agreements and let Huawei review it in order to gain access to the software development kit (SDK). Therefore, the developer of Lzplay was somehow aware of these undocumented APIs, signed the legal agreements, went through the reviews and eventually have the app signed by Huawei. It should also be noted that Lzplay was launched 3 days before the public launch of the Mate 30 Pro which means that Lzplay knew well about all of this before the launch and had the time to build an app, went through the review process, and launch a website. Wu suggested that Huawei is aware of the secret tools Lzplay used and explicitly allowed its existence since this will allow people to get Google Play onto the devices that would have been blocked otherwise.

Last week, Wu revealed the information regarding Lzplay and shortly after, the website of Lzplay was taken offline and the signature was remotely revoked by Huawei. Does this mean that Huawei played a part in this? It’s hard to say. According to a Huawei spokesperson, the multinational technology company has no involvement with Lzplay. It could be that Huawei created Lzplay to alleviate Google app anxiety for potential Mate 30’s customers. If this was the case, then it sure did backfire Huawei. Albeit, the backdoor may be shut for now but could be opened again through another method. Probably, a more solid one than the one Lzplay offered.

References:

Amadeo, R. (2019). ‘The Internet’s horrifying new method for installing Google apps on Huawei phones’. Accessed on 7 October 2019 on https://arstechnica.com/gadgets/2019/10/the-internets-horrifying-new-method-for-installing-google-apps-on-huawei-phones/2/

Cooper, D. (2019). ‘Huawei’s Mate 30 loses workaround for installing Google apps’. Accessed on 7 October 2019 on https://www.engadget.com/2019/10/02/huawei-mate-30-workaround-lzplay-shut-down/?guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAF-jsfJEpD19GyD_nXAQn-U0-gpP1qukCY-g7MT-c7nx7eTOV_o2k3bTYi6CoLTeBDOS1_K3xhhys9OsnNdzjmrZrp7qcUacIYBP-q26AJX2LK8XiuegqjcUF0iudVPLpmCsC2Al37FZae8eKAlFkXE0UJEBUWYTcHe4npVX0gmw&guccounter=2

Huawei (n.d.) ‘安全类授权开放开发指南’. Accessed on 7 October 2019 on https://developer.huawei.com/consumer/cn/devservice/doc/30702

Phelan, D. (2019). ‘Huawei Shock: Mate 30 Pro’s Back Door To Google Apps Slams Shut’. Accessed on 7 October 2019 on https://www.forbes.com/sites/davidphelan/2019/10/01/huawei-mate-30-pro-has-the-back-door-to-loading-google-apps-just-slammed-shut/#c69d7dc76a82

Wu, J. (2019). ‘Huawei’s Undocumented APIs – A Backdoor to Reinstall Google Services’. Accessed on 7 October 2019 on https://medium.com/@topjohnwu/huaweis-undocumented-apis-a-backdoor-to-reinstall-google-services-c3a5dd71a7cd

 

Please rate this

From smartphones to Phoneblocks.

29

September

2013

No ratings yet.

The other day I was browsing around Facebook, checking on some old friends what they have been up to and I came across this video that was shared by one of them through 9gag called “Forget Samsung and Apple. This is the future…” My first reaction when I read the title was something like “Chyeah, sure… Like you know what you are talking about!” I honestly thought it was another attempt of Nokia, or any other long forgotten phone manufacturer for that matter, to get to the spotlight of the phone industry by making a viral video. Despite my initial skepticism, I decided to watch the video and see what they had to offer.

So after watching this I was astonished. A customizable phone which will not only be all you want but will also attempt to save the world? Amazing, finally, right? But, honestly, this was not really the main point that caught my attention. To my academically trained brain (that´s how I like to call it when I find the terms to be more interesting than the content) the focus point of this video was the amazing combination of crowdsourcing, crowdspeaking and usage of social media in the attempt to launch a new mobile phone.

I have to say, in a sense it reminded me of the Threadless case. Phoneblocks seems to be the same concept built on the community, offering a platform to be creative and to gain a great product from it. However, with a slight variation of the industry, from apparel to electronics. Phoneblocks, if successful, will give lot of opportunities to creative and handy people around the world who are interested in technology and have the interest in building their own blocks. Crowdsourcing 101. We all gain. We could have great blocks we could use on our phones and the creators (as I assume) would gain a slight profit from this.

But for all this to be possible to happen, the whole idea would have to be realized. How, you ask me? As they said in the video, they were using crowdspeaking to raise the buzz and interest in potential investors, companies, designers, people. All this by using social media and people from all over the world who would share their content all at the same time. What is the idea behind this? Well people sharing the same content at the same time would flood the internet with Phoneblocks and nobody would be able to run away from it. People would get suddenly interested and would want to find more about it. Eventually, it would reach the companies and people who can make a difference not only by sponsoring but also by offering ideas and technological knowledge to make this idea happen. But for all this, a huge effort from the broad public would be needed. A crowd, community that desired to change the phone industry and make it what they want. I think it is a brilliant idea with the use of social media to start strong with this project.

Only future will show how this project will evolve and if, in real, the social media boom will be successful start of the journey of Phoneblock. But, after seeing the success of their viral video (more than 15 million views in 2 weeks) I am fairly positive about the outcome and can´t wait to see how this will evolve.

 

For more info go to: www.phoneblocks.com

Please rate this