Security researcher John Wu published a blog post that explained how users of Huawei's Mate 30 Pro could manually download and install Google apps, despite a US blacklisting that prohibits the Chinese company from using American components and software.
But in the wake of his revelations, the Mate 30 devices, made to work on new 5G mobile networks, lost their clearance to manually install Android apps.
The Mate 30 is Huawei’s first major flagship smartphone launched last month, since US President Donald Trump’s administration effectively blacklisted the company in mid-May, alleging it is involved in activities that compromise US national security, a charge the company denies.
Wu wrote in the post a widespread method to install Google Services on newly released Huawei devices relies on undocumented Huawei specific mobile device management application programming interface, or MDM APIs.
“Although this 'backdoor' requires user interaction to be enabled, the installer app, which is signed with a special certificate from Huawei, was granted privileges nowhere to be found on standard Android systems. The system framework in Huawei’s operating system has a 'backdoor' that allows permitted apps to flag some user apps as system apps despite the fact that it does not actually exist on any read-only partitions”, Wu said.
This process let the Mate 30 phones run popular apps like Google Maps and Gmail that otherwise would not be permitted.
An easy-to-use app enabling the installation of Google apps and services on the Mate 30 Pro, called LZPlay, had emerged alongside the device’s release, however it has disappeared after Wu’s posting. Only Google is able to make that change through its SafetyNet anti-abuse check, the report said.