Huawei Mate 30 Pro is a beast, power-packed performer with full of energy but unfortunately no Google. Indeed, Huawei once again proved its prowess in pushing mobile photography to the next level. As every good things come with a bummer or so, the lack of GMS is a terrible nightmare for the Huawei fanatics looking forward for the device. Nonetheless, as a godsend application the recently discovered LZPlay made GMS possible on Huawei Mate 30 Pro despite Google licence – “well not anymore”.
In a quite interesting turn of event, the LZPlay app has been pulled down after a series of research found alarming security issue with the app. Thanks to our very own Magisk developer cum Security researcher, John Wu, the LZPlay app acquired permissions which are found nowhere in Android System. What made this unusual permission access possible, as per the reasearcher, is an undocumented API’s which are seen only on Huawei devices.
Simply, the reasearcher came into a conclusion that the LZPlay exploited a “backdoor” which gave it freedom or capability to install third party apps into system partition sans root access or bootloader unlock. This is a very concerning security issue to say the least considering every Huawei devices out their features this backdoor which in future can be missused by the attackers.
Here is an excerpt from the security journal published by John Wu addrssing the backdoor;
Huawei has undocumented MDM APIs that allow apps to install system apps and install undetachable apps. It is a well-known trick among Android enthusiasts to “flash an app into system” to unleash system privileges for some specific app; however, in this case it is certainly not the same thing because a. the bootloader is locked and Android Verified Boot is enforced; b. Huawei format their system/vendor/product partitions as EROFS, a read-only, compressed filesystem. This means the system framework in Huawei’s OS has a “backdoor” that allows permitted apps to flag some user apps as system apps despite the fact that it does not actually exist on any read-only partitions.
Immediately after the security breach has been brought into the daylight, the LZPlay app is not to be found in its original source – the Chinese website, www.lzplay.net. Interestingly the folks who already did install the app before the security findings, found the app to be no longer functioning how it did earlier. Literally, it means the unofficial way to access GMS on Hauwei Mate 30 Pro is shut, at least for now if not forever.
What you guys think of the LZPlay app? Is Huawei playing with their loyal users trust and privacy? Do let us know your take down in the comments. Also, for detailed information regarding the LZPlay and Huawei’s undocumented API, do check the source link posted below.