The LZPlay installation on Huawei Mate 30 shows that there are backdoors inside this device, which can bring security risks to users.
While Huawei’s Mate 30 can install the Google app thanks to some tips that are giving hope to many people, developer John Wu – famously known as the creator of Magisk, the universal Android rooting tool. variable – there was a post on Medium explaining why Google apps installed on Mate 30.
As explained by John Wu, although it is a very interesting solution, installing Google applications through LZPlay is risky in terms of security. Shortly after posting this explanation, the website containing the LZPlay installation APK file was removed and inaccessible.
Alternatives to Google Play Store
For those who are concerned about security, it is very worrying that an application like LZPlay can deceive the system to obtain licensing rights at a high level. A third-party application, closed source and unknown as it has access to block or allow the silent installation of the application is what will be a high-risk warning in the field. security area.
Unfortunately, LZPlay’s evasive solution is essentially the only way for people who are interested in installing Google Play Store to the Mate 30, when Huawei is still facing a ban from the U.S. government and Refuse to unlock the bootloader on this device. Without an official solution, LZPlay is a popular choice today, even though it causes many security concerns.
Unofficial API functions – the reason for installing Play Store on Mate 30
For security-minded people like developer John Wu, what’s even more interesting than installing the Google app on Huawei Mate 30 is why this device can do so. Since these are all Android system applications, without Google permission, they will not be able to install.
Unlisted API functions are the gateway to install system apps on Huawei Mate 30 – a backdoor on the device without the user’s knowledge.
The “trick” here is that LZPlay uses a set of secret, unlisted APIs, right inside the Mate 30 software, to install these system apps. This is the same as Huawei has put some backdoors into its software so that non-system applications are granted access with higher priority.
In fact, it would not be dangerous if anyone could access these secret APIs – in other words, Huawei unlocked the device’s bootloader. But according to John Wu, without the Huawei-authorized authentication key, external applications cannot access these APIs unless developers send their applications to Huawei and wait for their approval. .
Also because not everyone can use these APIs, the most worrying thing for this LZPlay installation solution is that it breaks the traditional Android security model, when Huawei and its developers are they agree to be able to install an external backdoor into the device with the highest level of licensing rights.
This means that technically, like any other backdoor, Huawei can use it to do anything else, like granting access to certain suspicious applications or entities, or doing leaks and breaches to future security certificates.
Up to now, the lzplay.net website has been removed.
John Wu’s clear explanation got a lot of attention, when it was not long before the website containing the LZPlay app was removed. However, it is unclear whether the site was removed due to the developer of that application (someone named QiHoo Jiagu) or web hosting provider, Alibaba.
It is likely that Huawei itself removed it, after the negative information related to the security and technical risks of the application appeared in the media – anyway, if there is no With Huawei approval, apps like LZPlay will not work.
Whatever the reason, the lzplay.net website has been removed and the exit for installing the Google Play Store on Mate 30 disappears with it. However, those who are still interested in installing the Google app on this device can count on someone to upload the LZPlay installer to use. However, at that time, the security risk could be higher one more level when no one knows whether or not there will be malicious codes.
Refer to Android Central