Huawei launched its flagship Mate 30 series last month, without Google Mobile Services (GMS) on board. The flagship is also on its way to the customers in Pakistan but it seems to be crossing sea of fire to reach global markets. Right within a couple of days, a solution to easily install Google Apps on Mate 30 devices appeared and was taken hand to hand on the internet.
The solution came with a third-party app, called “LZ Play” that the users would download in install without doing any hectic things like rooting or unlocking the bootloader, etc. The device, with the solution, applied successfully, also had passed Google’s SafetyNet and continued to be used for payments with Google Pay.
Well, to the user’s point of view, this indeed could be a stunning thing. But for the well-known Android developer, John Wu, it wasn’t. At this point, you can also call him “the buster” of this solution. Because the solution could only stay alive until John discovered and published the working of this third-party app and the possible link between the unknown app creator and Huawei itself.
It was quite a simple solution with four or five steps, but the website (http://www.lzplay.net/) that offered the app download, was taken down sooner after John Wu’s article on Medium got the eyes of publishers.
So if you were still thinking to try that easy solution on a Mate 30 or Mate 30 Pro, then it won’t be easy anymore. Older and more technical solutions still exist but they all require an unlocked bootloader which is not currently possible with Mate 30 series.
John Wu, being a strong Android developer, decided to examine the app’s core wondering how the hell this simple third-party app could even do what it’s been doing for over a week. If you are familiar with installing Google Apps on a non-licensed Android version, you would know that it requires some extra tasks such as sideloading, unlike this one as installing a simple APK.
That’s because Google Apps require some of the GMS packages to be installed as system apps. In the licensed Android, Google Play Store does that pretty well behind the scenes, whenever you update system apps via the store. This process then requires signature verification of the app with a same key as the original version in the system.
In the core, there lies the GMS “stubs” in the system which allows Google apps and services to be activated on the device. Those stubs are usually placed by the OEMs in the licensed Android which are signed by Google.
<uses-permission android:name="com.huawei.permission.sec.MDM_INSTALL_SYS_APP"/> <uses-permission android:name="com.huawei.permission.sec.MDM_INSTALL_UNDETACHABLE_APP"/>
Considering all this, Wu found that the LZPlay app was using some special permissions to acquire system-level elevation. The special permissions, he discovered, were undocumented in Huawei’s Mobile Device Management API, which is often used in enterprises to manage employee devices. He noted that these special permissions were not just any regular permissions. Instead, it requires Huawei for evaluation and examining the app before authorizing a developer/company to use them.
This was the fact that made a twist in the story and hinted about a possible involvement of Huawei with the developers of LZPlay app. If you think carefully, this twist can actually make the guys behind the app take the source down before.
Wu also mentioned that the undocumented API is not the “OMG Huawei is spying on us OMG” kind of backdoor. It’s protected behind a long legal procedure to get hold of these APIs. Still then, the app requires user permissions before performing any administrative level tasks.
Sooner after the news went on to higher levels, Alex Dobie of Android Central discovered that his Mate 30 Pro, which previously had passed the SafteyNet test, failed this time. He noted that his unit passed the test just a week ago.
SafetyNet is a module within Google Play services that examines and measures the health and safety of the Android devices. This also ensures that how secure the device is and if it’s rooted or not.
Only one and half an hour later, Damien Wilde of 9to5Google, found that his Mate 30 Pro stopped working with Google Pay. He told that he was using it for payments till two days ago.
When Android Central reached out to Huawei on its possible involvement with LZPlay, the company issued the following statement:
Huawei’s latest Mate 30 series is not pre-installed with GMS, and Huawei has had no involvement with www.lzplay.net
When the LZPlay app had taken enough rounds of different Mate 30 devices around the globe, which also included the ones available to tech publishers for review and also those who were imported from China.
Those may continue running Google Apps but now when the LZPlay app is not available from the original source, it may also continue to spread on the internet — fake or malicious or anything which can not be trusted.
So if you don’t have that original LZPlay APK with you, you probably better stay away from any new sources of the app. There is bigger chance of it being fake and malware.
Just wait for any new solution, but do not expect as easy solution as it was. Best of luck with your Huawei Mate 30 devices.
Pakistan’s smartphone scene just got more exciting. The buzz around the much-talked-about tech company Nothing…
In an exciting development for Pakistan’s tech landscape, SpaceX’s revolutionary satellite internet service, Starlink, could…
In an exciting development for digital payment enthusiasts, Google has announced the expansion of its…
Beme, a pioneering tech brand, is thrilled to introduce its latest innovation, the Beme Nomad…
Apple is gearing up for the highly anticipated launch of the iPhone 16 lineup later…
OPPO, known for its innovation in smart devices, has announced the launch of its high-end…